#!/bin/sh
# Sign a MSI file with the add-msi-dse option.
# MsiDigitalSignatureEx (msi-dse) is an enhanced signature type that can be used
# when signing MSI files. In addition to file content, it also hashes some file metadata,
# specifically file names, file sizes, creation times and modification times.
# https://www.unboundtech.com/docs/UKC/UKC_Code_Signing_IG/HTML/Content/Products/UKC-EKM/UKC_Code_Signing_IG/Sign_Windows_PE_and_msi_Files.htm

. $(dirname $0)/../test_library
script_path=$(pwd)

# PE file
# Warning: -add-msi-dse option is only valid for MSI files

# CAB file
# Warning: -add-msi-dse option is only valid for MSI files

# MSI file
test_name="411. Sign a MSI file with the add-msi-dse option"
printf "\n%s\n" "$test_name"
if test -s "sample.msi"
  then
    ../../osslsigncode sign -h sha256 \
        -st "1556668800" \
        -add-msi-dse \
        -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/keyp.pem" \
        -pass passme \
        -in "sample.msi" -out "test_411.msi"
    verify_signature "$?" "411" "msi" "success" "@2019-09-01 12:00:00" \
	"UNUSED_PATTERN" "HEX" "MsiDigitalSignatureEx" "UNUSED_PATTERN"
    test_result "$?" "$test_name"
  else
    printf "Test skipped\n"
  fi

exit 0
