aboutsummaryrefslogtreecommitdiff
path: root/test.sh
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2020-09-05 22:57:32 +0200
committerPřemysl Eric Janouch <p@janouch.name>2020-09-06 05:16:39 +0200
commit8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7 (patch)
tree48ea6bb9e678add024c8c38c05efcbcd5a1bd6a4 /test.sh
parent524eea9b2fa3e2cff4617f785c62c80a9feec09b (diff)
downloadpdf-simple-sign-8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7.tar.gz
pdf-simple-sign-8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7.tar.xz
pdf-simple-sign-8913f8ba9cf6a8fbc6c0f96cd3cd967b2161f0f7.zip
Add a test script to verify basic function
Diffstat (limited to 'test.sh')
-rwxr-xr-xtest.sh77
1 files changed, 77 insertions, 0 deletions
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..f87d525
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,77 @@
+#!/bin/sh -e
+# Test basic functionality of both versions
+# Usage: ./test.sh builddir/pdf-simple-sign cmd/pdf-simple-sign/pdf-simple-sign
+
+log() { echo "`tput sitm`-- $1`tput sgr0`"; }
+die() { echo "`tput bold`-- $1`tput sgr0`"; exit 1; }
+
+# Get rid of old test files
+rm -rf tmp
+mkdir tmp
+
+# Create documents in various tools
+log "Creating source documents"
+inkscape --pipe --export-filename=tmp/cairo.pdf <<'EOF' 2>/dev/null || :
+<svg xmlns="http://www.w3.org/2000/svg"><text x="5" y="10">Hello</text></svg>
+EOF
+
+date | tee tmp/lowriter.txt | groff -T pdf > tmp/groff.pdf || :
+lowriter --convert-to pdf tmp/lowriter.txt --outdir tmp >/dev/null || :
+convert rose: tmp/imagemagick.pdf || :
+
+# Create a root CA certificate pair
+log "Creating certificates"
+openssl req -newkey rsa:2048 -subj "/CN=Test CA" -nodes \
+ -keyout tmp/ca.key.pem -x509 -out tmp/ca.cert.pem 2>/dev/null
+
+# Create a private NSS database and insert our test CA there
+rm -rf tmp/nssdir
+mkdir tmp/nssdir
+certutil -N --empty-password -d sql:tmp/nssdir
+certutil -d sql:tmp/nssdir -A -n root -t ,C, -a -i tmp/ca.cert.pem
+
+# Create a leaf certificate pair
+cat > tmp/cert.cfg <<'EOF'
+[smime]
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature
+extendedKeyUsage = emailProtection
+nsCertType = email
+EOF
+
+openssl req -newkey rsa:2048 -subj "/CN=Test Leaf" -nodes \
+ -keyout tmp/key.pem -out tmp/cert.csr 2>/dev/null
+openssl x509 -req -in tmp/cert.csr -out tmp/cert.pem \
+ -CA tmp/ca.cert.pem -CAkey tmp/ca.key.pem -set_serial 1 \
+ -extensions smime -extfile tmp/cert.cfg 2>/dev/null
+openssl verify -CAfile tmp/ca.cert.pem tmp/cert.pem >/dev/null
+openssl pkcs12 -inkey tmp/key.pem -in tmp/cert.pem \
+ -export -passout pass: -out tmp/key-pair.p12
+
+for tool in "$@"; do
+ rm -f tmp/*.signed.pdf
+ for source in tmp/*.pdf; do
+ log "Testing $tool with $source"
+ result=${source%.pdf}.signed.pdf
+ $tool "$source" "$result" tmp/key-pair.p12 ""
+ pdfsig -nssdir sql:tmp/nssdir "$result" | grep Validation
+ done
+
+ log "Testing $tool for expected failures"
+ $tool "$result" "$source.fail.pdf" tmp/key-pair.p12 "" \
+ && die "Double signing shouldn't succeed"
+ $tool -r 1 "$source" "$source.fail.pdf" tmp/key-pair.p12 "" \
+ && die "Too low reservations shouldn't succeed"
+
+ # Our generators do not use PDF versions higher than 1.5
+ log "Testing $tool for version detection"
+ grep -q "/Version /1.6" "$result" \
+ || die "Version detection seems to misbehave (no upgrade)"
+
+ sed '1s/%PDF-1../%PDF-1.7/' "$source" > "$source.alt"
+ $tool "$source.alt" "$result.alt" tmp/key-pair.p12 ""
+ grep -q "/Version /1.6" "$result.alt" \
+ && die "Version detection seems to misbehave (downgraded)"
+done
+
+log "OK"