public void testTimestampAuthenticode() throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile = new File("target/test-classes/wineyes-timestamped-authenticode.exe");
FileUtils.copyFile(sourceFile, targetFile);
PEFile peFile = new PEFile(targetFile);
PESigner signer = new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD);
signer.withDigestAlgorithm(DigestAlgorithm.SHA1);
signer.withTimestamping(true);
signer.withTimestampingMode(TimestampingMode.AUTHENTICODE);
signer.sign(peFile);
peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertEquals(1, signatures.size());
CMSSignedData signature = signatures.get(0);
assertNotNull(signature);
peFile.printInfo(System.out);
}
public void testSign() throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile = new File("target/test-classes/wineyes-signed.exe");
FileUtils.copyFile(sourceFile, targetFile);
PEFile peFile = new PEFile(targetFile);
PESigner signer =
new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD)
.withTimestamping(false)
.withProgramName("WinEyes")
.withProgramURL("http://www.steelblue.com/WinEyes");
signer.sign(peFile);
peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertEquals(1, signatures.size());
CMSSignedData signature = signatures.get(0);
assertNotNull(signature);
peFile.printInfo(System.out);
}
public void testBrokenTimestampingAutority(TimestampingMode mode) throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile =
new File(
"target/test-classes/wineyes-timestamped-broken-" + mode.name().toLowerCase() + ".exe");
FileUtils.copyFile(sourceFile, targetFile);
PEFile peFile = new PEFile(targetFile);
PESigner signer = new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD);
signer.withDigestAlgorithm(DigestAlgorithm.SHA1);
signer.withTimestamping(true);
signer.withTimestampingMode(mode);
signer.withTimestampingAutority("http://github.com");
try {
signer.sign(peFile);
fail("TimestampingException not thrown");
} catch (TimestampingException e) {
// expected
}
peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertTrue(signatures.isEmpty());
}
/**
* Tests that it is possible to specify a signature algorithm who's name is not simply a
* concatenation of a digest algorithm and the key algorithm.
*
* <p>This test also sets the signature provider as a provider supporting the RSASSA-PSS
* algorithms might not be installed.
*
* @throws Exception
*/
public void testWithSignatureAlgorithmSHA256withRSAandMGF1() throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile = new File("target/test-classes/wineyes-signed.exe");
FileUtils.copyFile(sourceFile, targetFile);
PEFile peFile = null;
try {
peFile = new PEFile(targetFile);
PESigner signer =
new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD)
.withTimestamping(false)
.withDigestAlgorithm(DigestAlgorithm.SHA1)
.withSignatureAlgorithm("SHA256withRSAandMGF1", new BouncyCastleProvider());
signer.sign(peFile);
peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertEquals(1, signatures.size());
CMSSignedData signedData = signatures.get(0);
assertNotNull(signedData);
// Check the signature algorithm
final SignerInformation si =
(SignerInformation) signedData.getSignerInfos().getSigners().iterator().next();
assertEquals(
"Digest algorithm",
NISTObjectIdentifiers.id_sha256,
si.getDigestAlgorithmID().getAlgorithm());
assertEquals(
"Encryption algorithm",
PKCSObjectIdentifiers.id_RSASSA_PSS.getId(),
si.getEncryptionAlgOID());
} finally {
if (peFile != null) {
peFile.close();
}
}
}
/**
* Tests that a custom Timestamper implementation can be provided.
*
* @throws Exception
*/
public void testWithTimestamper() throws Exception {
File sourceFile = new File("target/test-classes/wineyes.exe");
File targetFile = new File("target/test-classes/wineyes-timestamped-authenticode.exe");
FileUtils.copyFile(sourceFile, targetFile);
PEFile peFile = new PEFile(targetFile);
final HashSet<Boolean> called = new HashSet<Boolean>();
PESigner signer = new PESigner(getKeyStore(), ALIAS, PRIVATE_KEY_PASSWORD);
signer.withDigestAlgorithm(DigestAlgorithm.SHA1);
signer.withTimestamping(true);
signer.withTimestamper(
new AuthenticodeTimestamper() {
@Override
protected CMSSignedData timestamp(DigestAlgorithm algo, byte[] encryptedDigest)
throws IOException, TimestampingException {
called.add(true);
return super.timestamp(algo, encryptedDigest);
}
});
signer.sign(peFile);
peFile = new PEFile(targetFile);
List<CMSSignedData> signatures = peFile.getSignatures();
assertNotNull(signatures);
assertEquals(1, signatures.size());
CMSSignedData signature = signatures.get(0);
assertNotNull(signature);
assertTrue("expecting our Timestamper to be used", called.contains(true));
}