diff options
| author | Přemysl Eric Janouch <p@janouch.name> | 2020-09-05 22:57:32 +0200 |
|---|---|---|
| committer | Přemysl Eric Janouch <p@janouch.name> | 2020-09-06 05:16:39 +0200 |
| commit | 8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7 (patch) | |
| tree | 48ea6bb9e678add024c8c38c05efcbcd5a1bd6a4 | |
| parent | 524eea9b2fa3e2cff4617f785c62c80a9feec09b (diff) | |
| download | pdf-simple-sign-8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7.tar.gz pdf-simple-sign-8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7.tar.xz pdf-simple-sign-8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7.zip | |
Add a test script to verify basic function
| -rwxr-xr-x | test.sh | 77 |
1 files changed, 77 insertions, 0 deletions
@@ -0,0 +1,77 @@ +#!/bin/sh -e +# Test basic functionality of both versions +# Usage: ./test.sh builddir/pdf-simple-sign cmd/pdf-simple-sign/pdf-simple-sign + +log() { echo "`tput sitm`-- $1`tput sgr0`"; } +die() { echo "`tput bold`-- $1`tput sgr0`"; exit 1; } + +# Get rid of old test files +rm -rf tmp +mkdir tmp + +# Create documents in various tools +log "Creating source documents" +inkscape --pipe --export-filename=tmp/cairo.pdf <<'EOF' 2>/dev/null || : +<svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg> +EOF + +date | tee tmp/lowriter.txt | groff -T pdf > tmp/groff.pdf || : +lowriter --convert-to pdf tmp/lowriter.txt --outdir tmp >/dev/null || : +convert rose: tmp/imagemagick.pdf || : + +# Create a root CA certificate pair +log "Creating certificates" +openssl req -newkey rsa:2048 -subj "/CN=Test CA" -nodes \ + -keyout tmp/ca.key.pem -x509 -out tmp/ca.cert.pem 2>/dev/null + +# Create a private NSS database and insert our test CA there +rm -rf tmp/nssdir +mkdir tmp/nssdir +certutil -N --empty-password -d sql:tmp/nssdir +certutil -d sql:tmp/nssdir -A -n root -t ,C, -a -i tmp/ca.cert.pem + +# Create a leaf certificate pair +cat > tmp/cert.cfg <<'EOF' +[smime] +basicConstraints = CA:FALSE +keyUsage = digitalSignature +extendedKeyUsage = emailProtection +nsCertType = email +EOF + +openssl req -newkey rsa:2048 -subj "/CN=Test Leaf" -nodes \ + -keyout tmp/key.pem -out tmp/cert.csr 2>/dev/null +openssl x509 -req -in tmp/cert.csr -out tmp/cert.pem \ + -CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \ + -extensions smime -extfile tmp/cert.cfg 2>/dev/null +openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null +openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \ + -export -passout pass: -out tmp/key-pair.p12 + +for tool in "$@"; do + rm -f tmp/*.signed.pdf + for source in tmp/*.pdf; do + log "Testing $tool with $source" + result=${source%.pdf}.signed.pdf + $tool "$source" "$result" tmp/key-pair.p12 "" + pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation + done + + log "Testing $tool for expected failures" + $tool "$result" "$source.fail.pdf" tmp/key-pair.p12 "" \ + && die "Double signing shouldn't succeed" + $tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \ + && die "Too low reservations shouldn't succeed" + + # Our generators do not use PDF versions higher than 1.5 + log "Testing $tool for version detection" + grep -q "/Version /1.6" "$result" \ + || die "Version detection seems to misbehave (no upgrade)" + + sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt" + $tool "$source.alt" "$result.alt" tmp/key-pair.p12 "" + grep -q "/Version /1.6" "$result.alt" \ + && die "Version detection seems to misbehave (downgraded)" +done + +log "OK" |