#!/bin/sh
# Comparing the leaf certificate hash against specified SHA256 message digest for the PE/MSI file

. $(dirname $0)/../test_library
script_path=$(pwd)

# PE file
test_name="401. Comparing the leaf certificate hash against specified SHA256 message digest for the PE file"
printf "\n%s\n" "$test_name"
if [ -s "test.exe" ]
  then
    faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
            -in "test.exe" -out "test_401.exe"'
    ../../osslsigncode verify -in "test_401.exe" \
        -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
    if test_result "$?" "$test_name"
      then
        rm -f "test_401.exe"
      fi
  else
    printf "Test skipped\n"
  fi

# CAB file
# Command is not supported for non-PE/non-MSI files

# MSI file
test_name="402. Comparing the leaf certificate hash against specified SHA256 message digest for the MSI file"
printf "\n%s\n" "$test_name"
if [ -s "sample.msi" ]
  then
    faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
        script_path=$(pwd)
        ../../osslsigncode sign -h sha256 \
            -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \
            -in "test.exe" -out "test_402.exe"'
    ../../osslsigncode verify -in "test_402.exe" \
        -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d' ' -f1)
    if test_result "$?" "$test_name"
      then
        rm -f "test_402.exe"
      fi
  else
    printf "Test skipped\n"
  fi

exit 0
