#!/bin/sh
# Attach the signature to the signed file with the "nest" flag in order to
# attach the new signature instead of replacing the first one.

. $(dirname $0)/../test_library
script_path=$(pwd)
test_nr=34

for file in ${script_path}/../logs/notsigned/*.*
  do
    name="${file##*/}"
    ext="${file##*.}"
    desc=""
    case $ext in
      "cat") continue;; # Warning: CAT files do not support nesting
      "msi") filetype=MSI; format_nr=2 ;;
      "ex_") filetype=CAB; format_nr=3 ;;
      "exe") filetype=PE; format_nr=4 ;;
      "ps1") continue;; # Warning: TXT files do not support nesting
    esac

    number="$test_nr$format_nr"
    test_name="Attach the PEM signature to the signed $filetype$desc file with the nest flag"
    printf "\n%03d. %s\n" "$number" "$test_name"

    ../../osslsigncode sign -h sha256 \
      -st "1556668800" \
      -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \
      -in "notsigned/$name" -out "signed_$number.$ext"
    ../../osslsigncode attach-signature \
      -sigin "sign_$format_nr.pem" \
      -nest \
      -CAfile "${script_path}/../certs/CACert.pem" \
      -CRLfile "${script_path}/../certs/CACertCRL.pem" \
      -TSA-CAfile "${script_path}/../certs/ca-bundle.crt" \
      -in "signed_$number.$ext" -out "test_$number.$ext"
    result=$?

    verify_signature "$result" "$number" "$ext" "success" "@2019-09-01 12:00:00" \
      "UNUSED_PATTERN" "SHA512" "UNUSED_PATTERN"
    test_result "$?" "$number" "$test_name"
  done

exit 0
