ADD_SUBDIRECTORY(vcore)
ADD_SUBDIRECTORY(etc)
IF (DEFINED CERTSVC_TEST_BUILD)
+ADD_DEFINITIONS("-DTESTAPP_RES_DIR=\"${TZ_SYS_RO_APP}/widget/tests/\"")
ADD_SUBDIRECTORY(tests)
ENDIF (DEFINED CERTSVC_TEST_BUILD)
# @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
# @author Pawel Sikorski (p.sikorski@samsung.com)
# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Kyungwook Tak (k.tak@samsung.com)
# @version 1.0
# @brief
#
+SET(CERT_SVC_VCORE_TESTS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
SET(VCORE_TESTS_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/vcore/vcore_tests.cpp
- ${PROJECT_SOURCE_DIR}/tests/vcore/TestCases.cpp
- ${PROJECT_SOURCE_DIR}/tests/vcore/TestEnv.cpp
+ ${CERT_SVC_VCORE_TESTS_DIR}/main.cpp
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-common.cpp
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-signature-validator.cpp
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-ocsp-check.cpp
)
INCLUDE_DIRECTORIES(
${PROJECT_SOURCE_DIR}/vcore/src
- ${PROJECT_SOURCE_DIR}/tests/vcore
+ ${CERT_SVC_VCORE_TESTS_DIR}
)
-ADD_EXECUTABLE(${TARGET_VCORE_TEST} ${VCORE_TESTS_SOURCES} ${DPL_TEST_SOURCES})
+ADD_EXECUTABLE(${TARGET_VCORE_TEST}
+ ${VCORE_TESTS_SOURCES}
+ ${DPL_TEST_SOURCES})
+
TARGET_LINK_LIBRARIES(${TARGET_VCORE_TEST}
${TARGET_VCORE_LIB}
${TEST_DEP_LIBRARIES}
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/author-signature.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature1.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature22.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/config.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/index.html
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/author-signature.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/signature1.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/signature22.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/config.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/index.html
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/author-signature.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature1.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature22.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/config.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/index.html
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/author-signature.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/signature1.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/signature22.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/config.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/index.html
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_hash
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/author-signature.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature1.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature22.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/config.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/index.html
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/author-signature.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/signature1.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/signature22.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/config.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/index.html
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_signature
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/signature1.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/config.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/index.html
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/author-signature.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/signature1.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/config.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/index.html
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_certificate
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/author-signature.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/signature1.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/config.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/index.html
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/author-signature.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/signature1.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/config.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/index.html
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/author-signature.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/signature1.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/config.xml
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/index.html
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/author-signature.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/signature1.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/config.xml
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/index.html
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner_operator
)
INSTALL(FILES
- "${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/reference/encoding test.empty"
+ "${CERT_SVC_VCORE_TESTS_DIR}/test-cases/reference/encoding test.empty"
DESTINATION
${TZ_SYS_RO_APP}/widget/tests/reference
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/root_cacert0.pem
+ ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/root_cacert0.pem
DESTINATION
${TZ_SYS_SHARE}/ca-certificates/tizen
)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include "TestEnv.h"
-
-#define SIGNATURE_ERRORDESCRIBE(name) case ValidationCore::SignatureValidator::name: return #name
-const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error)
-{
- switch (error) {
- SIGNATURE_ERRORDESCRIBE(SIGNATURE_VALID);
- SIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID);
- SIGNATURE_ERRORDESCRIBE(SIGNATURE_VERIFIED);
- SIGNATURE_ERRORDESCRIBE(SIGNATURE_DISREGARD);
- SIGNATURE_ERRORDESCRIBE(SIGNATURE_REVOKED);
- default:
- return "Invalid error code.";
- }
-}
-#undef SIGNATURE_ERRORDESCRIBE
-
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "test-common.h"
+
+#define SIGNATURE_ERRORDESCRIBE(name) case ValidationCore::SignatureValidator::name: return #name
+const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error)
+{
+ switch (error) {
+ SIGNATURE_ERRORDESCRIBE(SIGNATURE_VALID);
+ SIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID);
+ SIGNATURE_ERRORDESCRIBE(SIGNATURE_VERIFIED);
+ SIGNATURE_ERRORDESCRIBE(SIGNATURE_DISREGARD);
+ SIGNATURE_ERRORDESCRIBE(SIGNATURE_REVOKED);
+ default:
+ return "Invalid error code.";
+ }
+}
+#undef SIGNATURE_ERRORDESCRIBE
+
+const std::string TestData::widget_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed/";
+const std::string TestData::widget_negative_hash_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_negative_hash/";
+const std::string TestData::widget_negative_signature_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_negative_signature/";
+const std::string TestData::widget_negative_certificate_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_negative_certificate/";
+const std::string TestData::widget_partner_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_partner/";
+const std::string TestData::widget_partner_operator_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_partner_operator/";
+
+const std::string TestData::certEE =
+ "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n"
+ "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n"
+ "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n"
+ "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n"
+ "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n"
+ "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n"
+ "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n"
+ "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n"
+ "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n"
+ "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n"
+ "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n"
+ "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n"
+ "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n"
+ "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n"
+ "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n"
+ "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n"
+ "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
+ "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n"
+ "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n"
+ "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n"
+ "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n"
+ "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n"
+ "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n"
+ "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n"
+ "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n"
+ "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n"
+ "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n"
+ "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n"
+ "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n"
+ "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n"
+ "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n"
+ "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n"
+ "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n"
+ "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk";
+
+const std::string TestData::certIM =
+ "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n"
+ "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n"
+ "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n"
+ "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n"
+ "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n"
+ "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n"
+ "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n"
+ "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n"
+ "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n"
+ "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n"
+ "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n"
+ "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n"
+ "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n"
+ "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n"
+ "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n"
+ "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n"
+ "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n"
+ "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n"
+ "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n"
+ "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n"
+ "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n"
+ "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==";
+
+const std::string TestData::certRoot =
+ "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\n"
+ "biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\n"
+ "U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n"
+ "aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\n"
+ "nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\n"
+ "t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\n"
+ "SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\n"
+ "BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\n"
+ "rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\n"
+ "NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\n"
+ "BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\n"
+ "BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\n"
+ "aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\n"
+ "MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\n"
+ "p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\n"
+ "5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\n"
+ "WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\n"
+ "4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\n"
+ "hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq";
+
+const std::string TestData::googleCA =
+ "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
+ "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
+ "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
+ "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
+ "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
+ "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
+ "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
+ "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
+ "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
+ "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
+ "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
+ "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
+
+const std::string TestData::google2nd =
+ "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
+ "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
+ "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
+ "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
+ "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
+ "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
+ "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
+ "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
+ "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
+ "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
+ "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
+ "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
+ "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
+ "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
+ "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
+ "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
+ "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
+
+const std::string TestData::google3rd =
+ "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
+ "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
+ "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
+ "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
+ "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
+ "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
+ "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
+ "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
+ "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
+ "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
+ "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
+ "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
+ "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
+ "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
+ "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
+ "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
+ "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
+
+const std::string TestData::certVerisign =
+ "MIIG+DCCBeCgAwIBAgIQU9K++SSnJF6DygHkbKokdzANBgkqhkiG9w0BAQUFADCB"
+ "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew"
+ "HhcNMTAwNTI2MDAwMDAwWhcNMTIwNTI1MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3"
+ "PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxGzAZBgNVBA8TElYx"
+ "LjAsIENsYXVzZSA1LihiKTEQMA4GA1UEBRMHMjQ5Nzg4NjELMAkGA1UEBhMCVVMx"
+ "DjAMBgNVBBEUBTk0MDQzMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1N"
+ "b3VudGFpbiBWaWV3MSIwIAYDVQQJFBk0ODcgRWFzdCBNaWRkbGVmaWVsZCBSb2Fk"
+ "MRcwFQYDVQQKFA5WZXJpU2lnbiwgSW5jLjEmMCQGA1UECxQdIFByb2R1Y3Rpb24g"
+ "U2VjdXJpdHkgU2VydmljZXMxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEi"
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+PvvK+fZOXwno0yT/OTy2Zm9"
+ "ehnZjTtO/X2IWBEa3jG30C52uHFQI4NmXiQVNvJHkBaAj0ilVjvGdxXmkyyFsugt"
+ "IWOTZ8pSKdX1tmGFIon6Ko9+lBFkVkudA1ogAUbtTB8IcdeOlpK78T4SjdVMhY18"
+ "150YzSw6hRKlw52wBaDxtGZElvOth41K7TUcaDnQVzz5SBPW5MUhi7AWrdoSk17O"
+ "BozOzmB/jkYDVDnwLcbR89SLHEOle/idSYSDQUmab3y0JS8RyQV1+DB70mnFALnD"
+ "fLiL47nMQQCGxXgp5voQ2YmSXhevKmEJ9vvtC6C7yv2W6yomfS/weUEce9pvAgMB"
+ "AAGjggKCMIICfjCBiwYDVR0RBIGDMIGAghB3d3cudmVyaXNpZ24uY29tggx2ZXJp"
+ "c2lnbi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZl"
+ "cmlzaWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVy"
+ "aXNpZ24uZXUwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8oBwK/WBXCZDWi0dbuDgPyTK"
+ "iJIwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwt"
+ "Y3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkGC2CG"
+ "SAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv"
+ "bS9ycGEwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEw"
+ "HwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8wdgYIKwYBBQUHAQEEajBo"
+ "MCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3AudmVyaXNpZ24uY29tMDkG"
+ "CCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJpc2lnbi5jb20vRVZJbnRs"
+ "MjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw"
+ "HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u"
+ "dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB9VZxB"
+ "wDMRGyhFWYkY5rwUVGuDJiGeas2xRJC0G4+riQ7IN7pz2a2BhktmZ5HbxXL4ZEY4"
+ "yMN68DEVErhtKiuL02ng27alhlngadKQzSL8pLdmQ+3jEwm9nva5C/7pbeqy+qGF"
+ "is4IWNYOc4HKNkABxXm5v0ouys8HPNkTLFLep0gLqRXW3gYN2XbKUWMs7z7hJpkY"
+ "GxP8YQSxi513O2dWVCXB8S6erIz9E/bcfdXoCPyQdn42y3IEoJvPvBS3S55fD4+Q"
+ "Q43GPhumSg9a6S3hnyw8DX5OiUGmqgQrtSeDRsNmWqtWizEQbe+fotZpEn/7zYTa"
+ "tk1ni/k5jDH/QeuG";
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+#include <string>
+
+#include <vcore/SignatureValidator.h>
+
+const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error);
+
+namespace TestData {
+
+extern const std::string widget_path;
+extern const std::string widget_negative_hash_path;
+extern const std::string widget_negative_signature_path;
+extern const std::string widget_negative_certificate_path;
+extern const std::string widget_partner_path;
+extern const std::string widget_partner_operator_path;
+
+extern const std::string certEE; /* MBANK, signed by SYMANTEC, expires 04 Feb 2016 */
+extern const std::string certIM; /* SYMANTEC, signed by VERISIGN, expires 30 Oct 2023 */
+extern const std::string certRoot; /* VERISIGN, signed by self, expires 30 Oct 2023 */
+
+extern const std::string googleCA;
+extern const std::string google2nd;
+extern const std::string google3rd;
+
+extern const std::string certVerisign;
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * This is internal test. ocsp.h isn't included in devel package
+ */
+#include <vcore/Ocsp.h>
+
+#include <vcore/SignatureData.h>
+
+#include <dpl/test/test_runner.h>
+
+#include "test-common.h"
+
+using namespace ValidationCore;
+
+RUNNER_TEST_GROUP_INIT(T0030_OCSP_CHECK)
+
+/*
+ * Precondition
+ * 1) cert chain should be constructed
+ * 2) cert chain should be sorted
+ * 3) cert chain length >= 3
+ */
+RUNNER_TEST(T0031_check_positive)
+{
+ try {
+ SignatureData data;
+ CertificateList certList;
+
+ certList.push_back(CertificatePtr(new Certificate(TestData::certEE, Certificate::FORM_BASE64)));
+ certList.push_back(CertificatePtr(new Certificate(TestData::certIM, Certificate::FORM_BASE64)));
+ certList.push_back(CertificatePtr(new Certificate(TestData::certRoot, Certificate::FORM_BASE64)));
+
+ data.setSortedCertificateList(certList);
+
+ Ocsp::Result result = Ocsp::check(data);
+
+ RUNNER_ASSERT_MSG(
+ result == Ocsp::Result::GOOD,
+ "verisign cert shouldn't be revoked");
+
+ } catch (Ocsp::Exception::Base &e) {
+ RUNNER_ASSERT_MSG(0, "Exception occured in T0031 : " << e.DumpToString());
+ }
+}
/*
*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <dpl/test/test_runner.h>
#include <vcore/SignatureFinder.h>
#include <vcore/SignatureValidator.h>
-#include "TestEnv.h"
-
-namespace {
-
-const std::string widget_path =
- "/usr/apps/widget/tests/vcore_widget_uncompressed/";
-const std::string widget_negative_hash_path =
- "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_hash/";
-const std::string widget_negative_signature_path =
- "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_signature/";
-const std::string widget_negative_certificate_path =
- "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_certificate/";
-const std::string widget_partner_path =
- "/usr/apps/widget/tests/vcore_widget_uncompressed_partner/";
-const std::string widget_partner_operator_path =
- "/usr/apps/widget/tests/vcore_widget_uncompressed_partner_operator/";
-
-const std::string googleCA =
-"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
-"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
-"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
-"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
-"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
-"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
-"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
-"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
-"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
-"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
-"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
-"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
-
-const std::string google2nd =
-"MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
-"UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
-"bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
-"MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
-"d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
-"QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
-"PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
-"5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
-"3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
-"A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
-"BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
-"L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
-"AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
-"BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
-"BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
-"q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
-"bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
-
-const std::string google3rd =
-"MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
-"MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
-"THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
-"MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
-"MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
-"FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
-"AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
-"qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
-"Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
-"DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
-"ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
-"BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
-"cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
-"dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
-"BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
-"wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
-"fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
-
-const std::string certVerisign =
-"MIIG+DCCBeCgAwIBAgIQU9K++SSnJF6DygHkbKokdzANBgkqhkiG9w0BAQUFADCB"
-"vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL"
-"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug"
-"YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv"
-"VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew"
-"HhcNMTAwNTI2MDAwMDAwWhcNMTIwNTI1MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3"
-"PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxGzAZBgNVBA8TElYx"
-"LjAsIENsYXVzZSA1LihiKTEQMA4GA1UEBRMHMjQ5Nzg4NjELMAkGA1UEBhMCVVMx"
-"DjAMBgNVBBEUBTk0MDQzMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1N"
-"b3VudGFpbiBWaWV3MSIwIAYDVQQJFBk0ODcgRWFzdCBNaWRkbGVmaWVsZCBSb2Fk"
-"MRcwFQYDVQQKFA5WZXJpU2lnbiwgSW5jLjEmMCQGA1UECxQdIFByb2R1Y3Rpb24g"
-"U2VjdXJpdHkgU2VydmljZXMxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEi"
-"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+PvvK+fZOXwno0yT/OTy2Zm9"
-"ehnZjTtO/X2IWBEa3jG30C52uHFQI4NmXiQVNvJHkBaAj0ilVjvGdxXmkyyFsugt"
-"IWOTZ8pSKdX1tmGFIon6Ko9+lBFkVkudA1ogAUbtTB8IcdeOlpK78T4SjdVMhY18"
-"150YzSw6hRKlw52wBaDxtGZElvOth41K7TUcaDnQVzz5SBPW5MUhi7AWrdoSk17O"
-"BozOzmB/jkYDVDnwLcbR89SLHEOle/idSYSDQUmab3y0JS8RyQV1+DB70mnFALnD"
-"fLiL47nMQQCGxXgp5voQ2YmSXhevKmEJ9vvtC6C7yv2W6yomfS/weUEce9pvAgMB"
-"AAGjggKCMIICfjCBiwYDVR0RBIGDMIGAghB3d3cudmVyaXNpZ24uY29tggx2ZXJp"
-"c2lnbi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZl"
-"cmlzaWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVy"
-"aXNpZ24uZXUwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8oBwK/WBXCZDWi0dbuDgPyTK"
-"iJIwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwt"
-"Y3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkGC2CG"
-"SAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv"
-"bS9ycGEwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEw"
-"HwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8wdgYIKwYBBQUHAQEEajBo"
-"MCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3AudmVyaXNpZ24uY29tMDkG"
-"CCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJpc2lnbi5jb20vRVZJbnRs"
-"MjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw"
-"HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u"
-"dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB9VZxB"
-"wDMRGyhFWYkY5rwUVGuDJiGeas2xRJC0G4+riQ7IN7pz2a2BhktmZ5HbxXL4ZEY4"
-"yMN68DEVErhtKiuL02ng27alhlngadKQzSL8pLdmQ+3jEwm9nva5C/7pbeqy+qGF"
-"is4IWNYOc4HKNkABxXm5v0ouys8HPNkTLFLep0gLqRXW3gYN2XbKUWMs7z7hJpkY"
-"GxP8YQSxi513O2dWVCXB8S6erIz9E/bcfdXoCPyQdn42y3IEoJvPvBS3S55fD4+Q"
-"Q43GPhumSg9a6S3hnyw8DX5OiUGmqgQrtSeDRsNmWqtWizEQbe+fotZpEn/7zYTa"
-"tk1ni/k5jDH/QeuG";
-
-} // namespace anonymous
+
+#include "test-common.h"
using namespace ValidationCore;
+RUNNER_TEST_GROUP_INIT(T0010_SIGNATURE_VALIDATOR)
+
/*
* test: Class SignatureFinder
* description: SignatureFinder should search directory passed as
* expected: Signature finder should put information about 3
* signture files in SinatureFileInfoSet.
*/
-RUNNER_TEST(test01_signature_finder)
+RUNNER_TEST(T0011_signature_finder)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_path);
+ SignatureFinder signatureFinder(TestData::widget_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
* expected: Verificator should DISREGARD author signature and VERIFY
* distrubutor signature.
*/
-RUNNER_TEST(test03t01_signature_validator)
+RUNNER_TEST(T0012_signature_validator)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_path);
+ SignatureFinder signatureFinder(TestData::widget_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_path,
+ TestData::widget_path,
false,
true,
data);
}
}
-RUNNER_TEST(test03t02_signature_validator_negative_hash_input)
+RUNNER_TEST(T00121_signature_validator_negative_hash_input)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_negative_hash_path);
+ SignatureFinder signatureFinder(TestData::widget_negative_hash_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_negative_hash_path,
+ TestData::widget_negative_hash_path,
false,
true,
data);
}
}
-RUNNER_TEST(test03t03_signature_validator_negative_signature_input)
+RUNNER_TEST(T00122_signature_validator_negative_signature_input)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_negative_signature_path);
+ SignatureFinder signatureFinder(TestData::widget_negative_signature_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_negative_signature_path,
+ TestData::widget_negative_signature_path,
false,
true,
data);
}
}
-RUNNER_TEST(test03t04_signature_validator_partner)
+RUNNER_TEST(T00123_signature_validator_partner)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_partner_path);
+ SignatureFinder signatureFinder(TestData::widget_partner_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_partner_path,
+ TestData::widget_partner_path,
false,
true,
data);
* expected: Verificator should DISREGARD author signature and VERIFY
* distrubutor signature.
*/
-RUNNER_TEST(test04t01_signature_validator)
+RUNNER_TEST(T0013_signature_validator)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_path);
+ SignatureFinder signatureFinder(TestData::widget_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_path,
+ TestData::widget_path,
false,
false,
data);
}
}
-RUNNER_TEST(test04t02_signature_validator_negative_hash_input)
+RUNNER_TEST(T00131_signature_validator_negative_hash_input)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_negative_hash_path);
+ SignatureFinder signatureFinder(TestData::widget_negative_hash_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_negative_hash_path,
+ TestData::widget_negative_hash_path,
false,
false,
data);
}
}
-RUNNER_TEST(test04t03_signature_validator_negative_signature_input)
+RUNNER_TEST(T00132_signature_validator_negative_signature_input)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_negative_signature_path);
+ SignatureFinder signatureFinder(TestData::widget_negative_signature_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_negative_signature_path,
+ TestData::widget_negative_signature_path,
false,
false,
data);
}
}
-RUNNER_TEST(test04t04_signature_validator_partner)
+RUNNER_TEST(T00133_signature_validator_partner)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_partner_path);
+ SignatureFinder signatureFinder(TestData::widget_partner_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_partner_path,
+ TestData::widget_partner_path,
false,
false,
data);
* description: As above but this test also checks reference from signatures.
* expected: All reference checks should return NO_ERROR.
*/
-RUNNER_TEST(test05t01_signature_reference)
+RUNNER_TEST(T0014_signature_reference)
{
SignatureFileInfoSet signatureSet;
- SignatureFinder signatureFinder(widget_path);
+ SignatureFinder signatureFinder(TestData::widget_path);
RUNNER_ASSERT_MSG(
SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
"SignatureFinder failed");
SignatureData data;
SignatureValidator::Result valResult = SignatureValidator::check(
*iter,
- widget_path,
+ TestData::widget_path,
false,
false,
data);
"Validation failed");
/*
- ReferenceValidator val(widget_path);
+ ReferenceValidator val(TestData::widget_path);
int temp = val.checkReferences(data);
RUNNER_ASSERT_MSG(ReferenceValidator::NO_ERROR == temp,
"File[" << iter->getFileName()
* expected: checkReference should return NO_ERROR.
*/
/*
-RUNNER_TEST(test05t02_signature_reference_encoding_dummy)
+RUNNER_TEST(T00141_signature_reference_encoding_dummy)
{
ReferenceSet referenceSet;
SignatureData data;
* expected: checkReference should return ERROR_REFERENCE_NOT_FOUND
*/
/*
-RUNNER_TEST(test05t03_signature_reference_encoding_negative)
+RUNNER_TEST(T00142_signature_reference_encoding_negative)
{
ReferenceSet referenceSet;
SignatureData data;
* expected: checkReference should return NO_ERROR
*/
/*
-RUNNER_TEST(test05t04_signature_reference_encoding_space)
+RUNNER_TEST(T00143_signature_reference_encoding_space)
{
ReferenceSet referenceSet;
SignatureData data;
* expected: checkReference should return ERROR_REFERENCE_NOT_FOUND
*/
/*
-RUNNER_TEST(test05t05_signature_reference_encoding_space_negative)
+RUNNER_TEST(T00144_signature_reference_encoding_space_negative)
{
ReferenceSet referenceSet;
SignatureData data;
* expected: checkReference should return NO_ERROR
*/
/*
-RUNNER_TEST(test05t06_signature_reference_encoding)
+RUNNER_TEST(T00145_signature_reference_encoding)
{
ReferenceSet referenceSet;
SignatureData data;
* expected: checkReference should return ERROR_DECODING_URL
*/
/*
-RUNNER_TEST(test05t07_signature_reference_encoding_negative)
+RUNNER_TEST(T00146_signature_reference_encoding_negative)
{
ReferenceSet referenceSet;
SignatureData data;
}
*/
+
+RUNNER_TEST_GROUP_INIT(T0020_Certificate)
+
/*
* test: class Certificate
* description: Certificate should parse data passed to object constructor.
* expected: Getters should be able to return certificate information.
*/
-RUNNER_TEST(test08t01_Certificate)
+RUNNER_TEST(T0021_Certificate)
{
- Certificate cert(certVerisign, Certificate::FORM_BASE64);
+ Certificate cert(TestData::certVerisign, Certificate::FORM_BASE64);
std::string result;
result = cert.getCommonName(Certificate::FIELD_SUBJECT);
* description: Certificate should parse data passed to object constructor.
* expected: Function fingerprint should return valid fingerprint.
*/
-RUNNER_TEST(test08t02_Certificate)
+RUNNER_TEST(T0022_Certificate)
{
- Certificate cert(certVerisign, Certificate::FORM_BASE64);
+ Certificate cert(TestData::certVerisign, Certificate::FORM_BASE64);
Certificate::Fingerprint fin =
cert.getFingerprint(Certificate::FINGERPRINT_SHA1);
* expected: Function getAlternativeNameDNS should return list of
* alternativeNames hardcoded in certificate.
*/
-RUNNER_TEST(test08t03_Certificate)
+RUNNER_TEST(T0023_Certificate)
{
- Certificate cert(certVerisign, Certificate::FORM_BASE64);
+ Certificate cert(TestData::certVerisign, Certificate::FORM_BASE64);
Certificate::AltNameSet nameSet = cert.getAlternativeNameDNS();
* description: Certificate should parse data passed to object constructor.
* expected: 1st and 2nd certificate should be identified as CA.
*/
-RUNNER_TEST(test08t04_Certificate_isCA)
+RUNNER_TEST(T0024_Certificate_isCA)
{
- Certificate cert1(googleCA, Certificate::FORM_BASE64);
+ Certificate cert1(TestData::googleCA, Certificate::FORM_BASE64);
RUNNER_ASSERT(cert1.isCA() > 0);
- Certificate cert2(google2nd, Certificate::FORM_BASE64);
+ Certificate cert2(TestData::google2nd, Certificate::FORM_BASE64);
RUNNER_ASSERT(cert2.isCA() > 0);
- Certificate cert3(google3rd, Certificate::FORM_BASE64);
+ Certificate cert3(TestData::google3rd, Certificate::FORM_BASE64);
RUNNER_ASSERT(cert3.isCA() == 0);
}
${VCORE_DIR}/vcore/exception.cpp
${VCORE_DIR}/vcore/utils.c
${VCORE_DIR}/vcore/cert-svc-client.c
+ ${VCORE_DIR}/vcore/Ocsp.cpp
+ ${VCORE_DIR}/vcore/CryptoInit.cpp
)
SET(VCORE_INCLUDES
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file CryptoInit.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief Initialize openssl functions by singleton
+ */
+
+#include <openssl/ssl.h>
+
+#include <dpl/singleton_impl.h>
+
+#include <vcore/CryptoInit.h>
+
+IMPLEMENT_SINGLETON(ValidationCore::CryptoInit)
+
+namespace ValidationCore {
+
+CryptoInit::CryptoInit()
+{
+ SSL_load_error_strings();
+ SSL_library_init();
+}
+
+CryptoInit::~CryptoInit()
+{
+}
+
+} // namespace ValidationCore
/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#ifndef _TESTENV_H_
-#define _TESTENV_H_
+/*
+ * @file CryptoInit.h
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief Initialize openssl functions by singleton
+ */
+#pragma once
+
+#include <dpl/noncopyable.h>
+#include <dpl/singleton.h>
+
+namespace ValidationCore {
-#include <vcore/SignatureValidator.h>
+class CryptoInit : public VcoreDPL::Noncopyable
+{
+public:
+ CryptoInit();
+ virtual ~CryptoInit();
+};
-const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error);
+typedef VcoreDPL::Singleton<CryptoInit> CryptoInitSingleton;
-#endif
+} // namespace ValidationCore
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file Ocsp.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief OCSP check for signature validator. It should be used only internally.
+ */
+
+#include <memory>
+#include <functional>
+
+#include <openssl/ssl.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+
+#include <dpl/log/log.h>
+#include <vcore/CryptoInit.h>
+
+#include <vcore/Ocsp.h>
+
+/* Maximum leeway in validity period : 5 minitues as a default */
+#define MAX_VALIDITY_PERIOD (5 * 60)
+
+namespace {
+
+typedef std::unique_ptr<X509_STORE_CTX, std::function<void(X509_STORE_CTX*)>> X509_STORE_CTX_PTR;
+typedef std::unique_ptr<STACK_OF(X509), std::function<void(STACK_OF(X509)*)>> X509_STACK_PTR;
+typedef std::unique_ptr<X509_STORE, std::function<void(X509_STORE*)>> X509_STORE_PTR;
+typedef std::unique_ptr<SSL_CTX, std::function<void(SSL_CTX*)>> SSL_CTX_PTR;
+typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BIO_PTR;
+typedef std::unique_ptr<char, std::function<void(void*)>> RAIIstr;
+typedef std::unique_ptr<OCSP_REQUEST, std::function<void(OCSP_REQUEST*)>> OCSP_REQUEST_PTR;
+typedef std::unique_ptr<OCSP_RESPONSE, std::function<void(OCSP_RESPONSE*)>> OCSP_RESPONSE_PTR;
+typedef std::unique_ptr<OCSP_BASICRESP, std::function<void(OCSP_BASICRESP*)>> OCSP_BASICRESP_PTR;
+
+inline X509_STACK_PTR create_x509_stack()
+{
+ return X509_STACK_PTR(sk_X509_new_null(), [](STACK_OF(X509) *stack) { sk_X509_free(stack); });
+}
+
+inline X509_STORE_CTX_PTR create_x509_store_ctx()
+{
+ return X509_STORE_CTX_PTR(X509_STORE_CTX_new(), X509_STORE_CTX_free);
+}
+
+inline X509_STORE_PTR create_x509_store()
+{
+ return X509_STORE_PTR(X509_STORE_new(), X509_STORE_free);
+}
+
+inline SSL_CTX_PTR create_SSL_CTX()
+{
+ return SSL_CTX_PTR(SSL_CTX_new(SSLv23_client_method()), SSL_CTX_free);
+}
+
+inline RAIIstr create_RAIIstr(char *str)
+{
+ return RAIIstr(str, [](void *ptr) { OPENSSL_free(ptr); });
+}
+
+inline BIO_PTR create_BIO(BIO *bio)
+{
+ return BIO_PTR(bio, BIO_free_all);
+}
+
+inline OCSP_REQUEST_PTR create_OCSP_REQUEST()
+{
+ return OCSP_REQUEST_PTR(OCSP_REQUEST_new(), OCSP_REQUEST_free);
+}
+
+inline OCSP_RESPONSE_PTR create_OCSP_RESPONSE(OCSP_RESPONSE *resp)
+{
+ return OCSP_RESPONSE_PTR(resp, OCSP_RESPONSE_free);
+}
+
+inline OCSP_BASICRESP_PTR create_OCSP_BASICRESP(OCSP_BASICRESP *basicResp)
+{
+ return OCSP_BASICRESP_PTR(basicResp, OCSP_BASICRESP_free);
+}
+
+void BIO_write_and_free(BIO *bio)
+{
+ if (!bio)
+ return;
+
+ std::vector<char> message(1024);
+ int size = BIO_read(bio, message.data(), message.size());
+ if (size > 0) {
+ message.resize(size);
+ LogError("OCSP error description ["
+ << std::string(message.begin(), message.end()) << "]");
+ }
+
+ BIO_free_all(bio);
+}
+
+} // namespace anonymous
+
+namespace ValidationCore {
+
+Ocsp::Ocsp()
+{
+}
+
+Ocsp::~Ocsp()
+{
+}
+
+Ocsp::Result checkInternal(
+ const CertificatePtr &_cert,
+ const CertificatePtr &_issuer,
+ X509_STACK_PTR &trustedCerts)
+{
+ /* initialize openssl library */
+ CryptoInitSingleton::Instance();
+
+ BIO_PTR bioLogger(BIO_new(BIO_s_mem()), BIO_write_and_free);
+
+ X509 *cert = _cert->getX509();
+ X509 *issuer = _issuer->getX509();
+ std::string ocspUrl = _cert->getOCSPURL();
+
+ if (ocspUrl.empty())
+ VcoreThrowMsg(Ocsp::Exception::OcspUnsupported,
+ "Certificate[" << _cert->getOneLine() << "] doesn't provide OCSP extension");
+
+ char *_ocspUrl = new char[ocspUrl.length() + 1];
+ if (_ocspUrl == NULL)
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to alloc memory");
+ strncpy(_ocspUrl, ocspUrl.c_str(), ocspUrl.length() + 1);
+
+ char *_host = NULL;
+ char *_port = NULL;
+ char *_path = NULL;
+ int use_ssl = 0;
+
+ int temp = OCSP_parse_url(_ocspUrl, &_host, &_port, &_path, &use_ssl);
+
+ LogDebug("ocspUrl[" << _ocspUrl
+ << "] host[" << _host
+ << "] port[" << _port
+ << "] path[" << _path
+ << "] use_ssl[" << use_ssl << "]");
+
+ delete []_ocspUrl;
+
+ if (temp == 0) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::InvalidUrl, "ocsp url parsing failed. url : " << ocspUrl);
+ }
+
+ RAIIstr host = create_RAIIstr(_host);
+ RAIIstr port = create_RAIIstr(_port);
+ RAIIstr path = create_RAIIstr(_path);
+
+ BIO_PTR cbio = create_BIO(BIO_new_connect(host.get()));
+ if (cbio.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to create bio connect");
+ }
+
+ if (port)
+ BIO_set_conn_port(cbio.get(), port.get());
+
+ if (use_ssl == 1) {
+ SSL_CTX_PTR ssl_ctx = create_SSL_CTX();
+ if (ssl_ctx.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to SSL_CTX_new");
+ }
+
+ SSL_CTX_set_mode(ssl_ctx.get(), SSL_MODE_AUTO_RETRY);
+
+ BIO_PTR sbio = create_BIO(BIO_new_ssl(ssl_ctx.get(), 1));
+ if (sbio.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to BIO_new_ssl");
+ }
+
+ cbio.reset(BIO_push(sbio.get(), cbio.get()));
+ if (cbio.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to BIO_push");
+ }
+ }
+
+ if (BIO_do_connect(cbio.get()) <= 0) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::NetworkError, "Failed to BIO_do_connect");
+ }
+
+ OCSP_REQUEST_PTR req = create_OCSP_REQUEST();
+ if (req.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to OCSP_REQUEST_new");
+ }
+
+ OCSP_CERTID *certid = OCSP_cert_to_id(NULL, cert, issuer);
+ if (certid == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to OCSP_cert_to_id");
+ }
+
+ if (OCSP_request_add0_id(req.get(), certid) == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to OCSP_request_add0_id");
+ }
+
+ OCSP_RESPONSE_PTR resp =
+ create_OCSP_RESPONSE(OCSP_sendreq_bio(cbio.get(), path.get(), req.get()));
+
+ if (resp.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::NetworkError, "Failed to OCSP_sendreq_bio");
+ }
+
+ if (OCSP_response_status(resp.get()) != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::ServerError, "Failed to OCSP_response_status");
+ }
+
+ OCSP_BASICRESP_PTR basicResp =
+ create_OCSP_BASICRESP(OCSP_response_get1_basic(resp.get()));
+ if (basicResp.get() == NULL) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_response_get1_basic");
+ }
+
+ X509_STORE_PTR trustedStore = create_x509_store();
+ if (trustedCerts.get()) {
+ for (int idx = 0; idx < sk_X509_num(trustedCerts.get()); idx++)
+ X509_STORE_add_cert(trustedStore.get(), sk_X509_value(trustedCerts.get(), idx));
+ X509_STORE_add_cert(trustedStore.get(), issuer);
+ }
+
+ if (OCSP_basic_verify(basicResp.get(), NULL, trustedStore.get(), 0) <= 0) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_basic_verify");
+ }
+
+ if (OCSP_check_nonce(req.get(), basicResp.get()) == 0) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "nonce exists but not equal");
+ }
+
+ int ocspStatus = -1;
+ int reason = 0;
+ ASN1_GENERALIZEDTIME *rev = NULL;
+ ASN1_GENERALIZEDTIME *thisupd = NULL;
+ ASN1_GENERALIZEDTIME *nextupd = NULL;
+ if (OCSP_resp_find_status(
+ basicResp.get(),
+ certid,
+ &ocspStatus,
+ &reason,
+ &rev,
+ &thisupd,
+ &nextupd) == 0) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_resp_find_status");
+ }
+
+ if (OCSP_check_validity(thisupd, nextupd, MAX_VALIDITY_PERIOD, -1) == 0) {
+ ERR_print_errors(bioLogger.get());
+ VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_check_validity");
+ }
+
+ if (ocspStatus != V_OCSP_CERTSTATUS_GOOD && ocspStatus != V_OCSP_CERTSTATUS_REVOKED)
+ VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Unknown ocsp status.");
+
+ return ocspStatus == V_OCSP_CERTSTATUS_GOOD ?
+ Ocsp::Result::GOOD : Ocsp::Result::REVOKED;
+}
+
+Ocsp::Result Ocsp::check(const SignatureData &data)
+{
+ if (!data.isCertListSorted())
+ VcoreThrowMsg(Exception::InvalidParam, "cert list should be sorted");
+
+ const CertificateList &certChain = data.getCertList();
+ if (certChain.size() < 3)
+ VcoreThrowMsg(Exception::InvalidParam, "cert chain is too short");
+
+ X509_STACK_PTR trustedCerts = create_x509_stack();
+
+ auto it = certChain.cbegin();
+ it++;
+ it++;
+ /* don't trust the user cert and the first intermediate CA cert */
+ for (; it != certChain.cend(); it++) {
+ const auto &cert = it->get();
+
+ if (cert->getDER().empty())
+ VcoreThrowMsg(Exception::InvalidParam, "Broken certificate chain.");
+
+ sk_X509_push(trustedCerts.get(), cert->getX509());
+ }
+
+ auto itCert = certChain.cbegin();
+ auto itIssuer = certChain.cbegin();
+ itIssuer++;
+ /* check ocsp except except self-signed root CA cert */
+ for (; itIssuer != certChain.end(); itCert++, itIssuer++) {
+ if (checkInternal(*itCert, *itIssuer, trustedCerts) == Result::REVOKED)
+ return Result::REVOKED;
+
+ LogDebug("ocsp status good for cert : " << (*itCert)->getOneLine());
+ }
+
+ return Result::GOOD;
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file Ocsp.h
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief OCSP check for signature validator. It should be used only internally.
+ */
+#pragma once
+
+#include <vcore/SignatureData.h>
+#include <vcore/exception.h>
+
+namespace ValidationCore {
+
+class Ocsp {
+public:
+ virtual ~Ocsp();
+
+ class Exception {
+ public:
+ VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidParam);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, OcspUnsupported);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidUrl);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidResponse);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, ServerError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, NetworkError);
+ VCORE_DECLARE_EXCEPTION_TYPE(Base, UnknownError);
+ };
+
+ enum Result {
+ GOOD,
+ REVOKED
+ };
+
+ /*
+ * Remarks: input cert chain should be sorted state.
+ */
+ static Result check(const SignatureData &data);
+
+private:
+ explicit Ocsp();
+};
+
+}
m_storeIdSet = storeIdSet;
}
+bool SignatureData::isCertListSorted() const
+{
+ return m_certificateSorted;
+}
+
const CertStoreId::Set& SignatureData::getStorageType() const
{
return m_storeIdSet;
void setReference(const ReferenceSet &referenceSet);
void setSortedCertificateList(const CertificateList &list);
void setStorageType(const CertStoreId::Set &storeIdSet);
+ bool isCertListSorted() const;
const ReferenceSet& getReferenceSet() const;
CertificateList getCertList() const;
* @brief Implementatin of tizen signature validation protocol.
*/
-#include <vcore/SignatureValidator.h>
+#include <dpl/log/log.h>
+
#include <vcore/CertificateCollection.h>
#include <vcore/Certificate.h>
#include <vcore/ReferenceValidator.h>
#include <vcore/XmlsecAdapter.h>
#include <vcore/SignatureReader.h>
#include <vcore/SignatureFinder.h>
+#include <vcore/Ocsp.h>
-#include <dpl/log/log.h>
+#include <vcore/SignatureValidator.h>
namespace {
* Same logic (check, checkList) is functionalized here.
*
* [in] fileInfo : file info of signature to check
- * [in] checkOcsp : If on, check ocsp.
* [out] disregard : distributor signature disregard flag.
* [out] context : xml sec for validating.
* [out] data : signature data for validationg and will be finally returned to client.
*/
static SignatureValidator::Result checkInternal(
const SignatureFileInfo &fileInfo,
- bool checkOcsp,
bool &disregard,
XmlSec::XmlSecContext &context,
SignatureData &data)
{
- // TODO: impl ocsp check
- (void) checkOcsp;
-
if (makeDataBySignature(fileInfo, true, data))
return SignatureValidator::SIGNATURE_INVALID;
try {
XmlSec::XmlSecContext context;
- Result result = checkInternal(fileInfo, checkOcsp, disregard, context, outData);
+ Result result = checkInternal(fileInfo, disregard, context, outData);
if (result != SIGNATURE_VERIFIED)
return result;
}
}
}
+
+ if (checkOcsp && Ocsp::check(outData) == Ocsp::Result::REVOKED)
+ return SIGNATURE_REVOKED;
+
} catch (const CertificateCollection::Exception::Base &e) {
LogError("CertificateCollection exception : " << e.DumpToString());
return SIGNATURE_INVALID;
} catch (const XmlSec::Exception::Base &e) {
LogError("XmlSec exception : " << e.DumpToString());
return SIGNATURE_INVALID;
+ } catch (const Ocsp::Exception::Base &e) {
+ LogError("Ocsp exception : " << e.DumpToString());
+ /*
+ * Don't care ocsp exception here.
+ * just return signature disregard or verified
+ * because exception case will be handled by cert-checker after app installed
+ */
} catch (...) {
LogError("Unknown exception in SignatureValidator::check");
return SIGNATURE_INVALID;
try {
XmlSec::XmlSecContext context;
- Result result = checkInternal(fileInfo, checkOcsp, disregard, context, outData);
+ Result result = checkInternal(fileInfo, disregard, context, outData);
if (result != SIGNATURE_VERIFIED)
return result;
return SIGNATURE_INVALID;
}
}
+
+ if (checkOcsp && Ocsp::check(outData) == Ocsp::Result::REVOKED)
+ return SIGNATURE_REVOKED;
+
} catch (const CertificateCollection::Exception::Base &e) {
LogError("CertificateCollection exception : " << e.DumpToString());
return SIGNATURE_INVALID;
} catch (const XmlSec::Exception::Base &e) {
LogError("XmlSec exception : " << e.DumpToString());
return SIGNATURE_INVALID;
+ } catch (const Ocsp::Exception::Base &e) {
+ LogError("Ocsp exception : " << e.DumpToString());
+ /*
+ * Don't care ocsp exception here.
+ * just return signature disregard or verified
+ * because exception case will be handled by cert-checker after app installed
+ */
} catch (...) {
LogError("Unknown exception in SignatureValidator::checkList");
return SIGNATURE_INVALID;