#!/bin/sh
# Sign a file with RFC 3161 timestamping
# An RFC3161 timestamp server provides an essential function in protecting
# data records for the long-term. It provides proof that the data existed
# at a particular moment in time and that it has not changed, even by
# a single binary bit, since it was notarized and time-stamped.

. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=8

if ! grep -q "no libcurl available" "results.log"; then
  for file in ${script_path}/../logs/notsigned/*.*
    do
      name="${file##*/}"
      ext="${file##*.}"
      desc=""
      case $ext in
        "cat") filetype=CAT; format_nr=1 ;;
        "msi") filetype=MSI; format_nr=2 ;;
        "ex_") filetype=CAB; format_nr=3 ;;
        "exe") filetype=PE; format_nr=4 ;;
        "ps1")
          filetype=TXT
          if xxd -p -l 2 "notsigned/$name" | grep -q "fffe"; then
            format_nr=5
            desc=" UTF-16LE(BOM)"
          elif xxd -p -l 3 "notsigned/$name" | grep -q "efbbbf"; then
            format_nr=6
            desc=" UTF-8(BOM)"
        else
            format_nr=7
            desc=" UTF-8"
          fi ;;
      esac

      number="$test_nr$format_nr"
      test_name="Sign a $filetype$desc file with RFC 3161 timestamping"
      printf "\n%03d. %s\n" "$number" "$test_name"

      ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
        -ts http://time.certum.pl/ \
        -ts http://timestamp.digicert.com/ \
        -in "notsigned/$name" -out "test_$number.$ext"
      result=$?

      if test "$filetype" = "TXT" && ! cmp -l -n 3 "notsigned/$name" "test_$number.$ext"; then
        printf "%s\n" "Compare file prefix failed"
        test_result "1" "$number" "$test_name"
      else
        verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
          "UNUSED_PATTERN" "osslsigncode" "UNUSED_PATTERN"
        test_result "$?" "$number" "$test_name"
      fi
    done
  else
    format_nr=0
    number="$test_nr$format_nr"
    test_name="Sign a file with RFC 3161 timestamping"
    printf "\n%03d. %s\nTest skipped\n" "$number" "$test_name"
  fi

exit 0
