bhearsum/gist:de850d034a7dd577fe5b5768810a8306

## gistfile1.txt
diff --git a/src/winsign/osslsigncode.py b/src/winsign/osslsigncode.py
index 1cf1ef9..4c466be 100644
--- a/src/winsign/osslsigncode.py
+++ b/src/winsign/osslsigncode.py
@@ -279,9 +279,11 @@ def write_signature(infile, outfile, sig, certs, cafile, timestampfile):
             "-untrusted",
             timestampfile,
             "-in",
             infile,
             "-out",
             outfile,
         ]

+        print(cmd)
+
         osslsigncode(cmd)
diff --git a/src/winsign/sign.py b/src/winsign/sign.py
index 8ed473a..6233d75 100644
--- a/src/winsign/sign.py
+++ b/src/winsign/sign.py
@@ -85,16 +85,18 @@ async def sign_file(
         True on success
         False otherwise

     """
     infile = Path(infile)
     outfile = Path(outfile)

     is_msix = winsign.makemsix.is_msixfile(infile)
+    cafile = "tests/data/cert.pem"
+    timestampfile = "/usr/lib/ssl/certs/ca-certificates.crt"
     if not is_msix and (cafile is None or not Path(cafile).is_file()):
         log.error(
             "CAfile is required while writing signatures for non msix files, expected path to file, found '%s'"
             % cafile
         )
         return False

     try:
diff --git a/src/winsign/timestamp.py b/src/winsign/timestamp.py
index f28bd4c..c71dea8 100644
--- a/src/winsign/timestamp.py
+++ b/src/winsign/timestamp.py
@@ -88,17 +88,17 @@ async def get_rfc3161_timestamp(digest_algo, message, timestamp_url=None):

     """
     asn_digest_algo = ASN_DIGEST_ALGO_MAP[digest_algo]
     req = TimeStampReq()
     req["messageImprint"]["digestAlgorithm"] = asn_digest_algo
     req["messageImprint"]["digest"] = hashlib.new(digest_algo, message).digest()
     encoded_req = der_encode(req)

-    url = timestamp_url or "http://timestamp.digicert.com"
+    url = timestamp_url or "http://time.certum.pl"

     async with aiohttp.request(
         "POST",
         url,
         data=encoded_req,
         headers={"Content-Type": "application/timestamp-query"},
     ) as resp:
         # Uncomment below to capture a real response
@@ -126,17 +126,17 @@ async def get_old_timestamp(signature, timestamp_url=None):
     req = OldTimeStampReq()
     req["type"] = univ.ObjectIdentifier("1.3.6.1.4.1.311.3.2.1")
     req["blob"]["signature"] = signature
     req["blob"]["type"] = univ.ObjectIdentifier("1.2.840.113549.1.7.1")

     encoded_req = der_encode(req)
     b64_req = base64.b64encode(encoded_req)

-    url = timestamp_url or "http://timestamp.digicert.com"
+    url = timestamp_url or "http://timestamp.digicert.com/?alg=sha1"

     async with aiohttp.request(
         "POST", url, data=b64_req, headers={"Content-Type": "application/octet-stream"}
     ) as resp:
         # Uncomment below to capture a real response
         # open('old-ts.dat', 'wb').write(resp.content)
         ci, _ = der_decode(base64.b64decode(await resp.read()), ContentInfo())
         ts, _ = der_decode(ci["content"], SignedData())
	diff --git a/src/winsign/osslsigncode.py b/src/winsign/osslsigncode.py
	index 1cf1ef9..4c466be 100644
	--- a/src/winsign/osslsigncode.py
	+++ b/src/winsign/osslsigncode.py
	@@ -279,9 +279,11 @@ def write_signature(infile, outfile, sig, certs, cafile, timestampfile):
	"-untrusted",
	timestampfile,
	"-in",
	infile,
	"-out",
	outfile,
	]

	+ print(cmd)
	+
	osslsigncode(cmd)
	diff --git a/src/winsign/sign.py b/src/winsign/sign.py
	index 8ed473a..6233d75 100644
	--- a/src/winsign/sign.py
	+++ b/src/winsign/sign.py
	@@ -85,16 +85,18 @@ async def sign_file(
	True on success
	False otherwise

	"""
	infile = Path(infile)
	outfile = Path(outfile)

	is_msix = winsign.makemsix.is_msixfile(infile)
	+ cafile = "tests/data/cert.pem"
	+ timestampfile = "/usr/lib/ssl/certs/ca-certificates.crt"
	if not is_msix and (cafile is None or not Path(cafile).is_file()):
	log.error(
	"CAfile is required while writing signatures for non msix files, expected path to file, found '%s'"
	% cafile
	)
	return False

	try:
	diff --git a/src/winsign/timestamp.py b/src/winsign/timestamp.py
	index f28bd4c..c71dea8 100644
	--- a/src/winsign/timestamp.py
	+++ b/src/winsign/timestamp.py
	@@ -88,17 +88,17 @@ async def get_rfc3161_timestamp(digest_algo, message, timestamp_url=None):

	"""
	asn_digest_algo = ASN_DIGEST_ALGO_MAP[digest_algo]
	req = TimeStampReq()
	req["messageImprint"]["digestAlgorithm"] = asn_digest_algo
	req["messageImprint"]["digest"] = hashlib.new(digest_algo, message).digest()
	encoded_req = der_encode(req)

	- url = timestamp_url or "http://timestamp.digicert.com"
	+ url = timestamp_url or "http://time.certum.pl"

	async with aiohttp.request(
	"POST",
	url,
	data=encoded_req,
	headers={"Content-Type": "application/timestamp-query"},
	) as resp:
	# Uncomment below to capture a real response
	@@ -126,17 +126,17 @@ async def get_old_timestamp(signature, timestamp_url=None):
	req = OldTimeStampReq()
	req["type"] = univ.ObjectIdentifier("1.3.6.1.4.1.311.3.2.1")
	req["blob"]["signature"] = signature
	req["blob"]["type"] = univ.ObjectIdentifier("1.2.840.113549.1.7.1")

	encoded_req = der_encode(req)
	b64_req = base64.b64encode(encoded_req)

	- url = timestamp_url or "http://timestamp.digicert.com"
	+ url = timestamp_url or "http://timestamp.digicert.com/?alg=sha1"

	async with aiohttp.request(
	"POST", url, data=b64_req, headers={"Content-Type": "application/octet-stream"}
	) as resp:
	# Uncomment below to capture a real response
	# open('old-ts.dat', 'wb').write(resp.content)
	ci, _ = der_decode(base64.b64decode(await resp.read()), ContentInfo())
	ts, _ = der_decode(ci["content"], SignedData())