SET(VCORE_INCLUDES
./
+ cert-svc/
dpl/core/include
dpl/log/include
)
#include <string>
+#include <cert-svc/ccert.h>
+
namespace ValidationCore {
namespace CertStoreId {
typedef unsigned int Type;
// RootCA certificates for developer mode.
-const Type TIZEN_DEVELOPER = 1;
+const Type TIZEN_DEVELOPER = CERTSVC_VISIBILITY_DEVELOPER;
// RootCA certificates for author signatures.
const Type TIZEN_TEST = 1 << 1;
const Type TIZEN_VERIFY = 1 << 2;
const Type TIZEN_STORE = 1 << 3;
const Type TIZEN_REVOKED = 1 << 4;
// RootCA's visibility level : public
-const Type VIS_PUBLIC = 1 << 6;
+const Type VIS_PUBLIC = CERTSVC_VISIBILITY_PUBLIC;
// RootCA's visibility level : partner
-const Type VIS_PARTNER = 1 << 7;
+const Type VIS_PARTNER = CERTSVC_VISIBILITY_PARTNER;
// RootCA's visibility level : platform
-const Type VIS_PLATFORM = 1 << 10;
+const Type VIS_PLATFORM = CERTSVC_VISIBILITY_PLATFORM;
class Set {
public:
LogDebug("Start to check certificate domain.");
auto certificatePtr = m_data.getCertList().back();
auto storeIdSet = createCertificateIdentifier().find(certificatePtr);
+
// Check root CA certificate has proper domain.
LogDebug("root certificate from " << storeIdSet.typeToString() << " domain");
-
if (m_data.isAuthorSignature()) {
if (!storeIdSet.contains(TIZEN_DEVELOPER)) {
LogError("author-signature.xml's root certificate "
#include "vcore/CertificateCollection.h"
#include "vcore/pkcs12.h"
#include "vcore/Client.h"
+#include "vcore/ValidatorFactories.h"
#include "cert-svc/cinstance.h"
#include "cert-svc/ccert.h"
return CERTSVC_SUCCESS;
}
- // TODO : sangan.kwon, modify method by using CertificateIdentifier
- int getVisibility(CertSvcCertificate certificate, CertSvcVisibility *visibility,
- const char *fingerprintListPath)
+ int getVisibility(CertSvcCertificate certificate, CertSvcVisibility *visibility)
{
- int ret = CERTSVC_FAIL;
- //xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet"; /*unused variable*/
- //xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\""; /*unused variable*/
- xmlChar *xmlPathDomainPlatform = (xmlChar *) "tizen-platform";
- xmlChar *xmlPathDomainPublic = (xmlChar *) "tizen-public";
- xmlChar *xmlPathDomainPartner = (xmlChar *) "tizen-partner";
- xmlChar *xmlPathDomainDeveloper = (xmlChar *) "tizen-developer";
- //xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1"; /*unused variable*/
- auto iter = m_certificateMap.find(certificate.privateHandler);
+ if (visibility == NULL)
+ return CERTSVC_WRONG_ARGUMENT;
+ auto iter = m_certificateMap.find(certificate.privateHandler);
if (iter == m_certificateMap.end()) {
+ LogError("Failed to find certificate.");
return CERTSVC_FAIL;
}
- CertificatePtr certPtr = iter->second;
- std::string fingerprint = Certificate::FingerprintToColonHex(certPtr->getFingerprint(
- Certificate::FINGERPRINT_SHA1));
- /* load file */
- xmlDocPtr doc = xmlParseFile(fingerprintListPath);
-
- if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) {
- LogError("Failed to prase fingerprint_list.xml");
- return CERTSVC_IO_ERROR;
- }
-
- xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc));
-
- if (curPtr == NULL) {
- LogError("Can not find root");
- ret = CERTSVC_IO_ERROR;
- goto out;
- }
-
- while (curPtr != NULL) {
- xmlAttr *attr = curPtr->properties;
-
- if (!attr->children || !attr->children->content) {
- LogError("Failed to get fingerprints from list");
- ret = CERTSVC_FAIL;
- goto out;
- }
-
- xmlChar *strLevel = attr->children->content;
- xmlNodePtr FpPtr = xmlFirstElementChild(curPtr);
-
- if (FpPtr == NULL) {
- LogError("Could not find fingerprint");
- ret = CERTSVC_FAIL;
- goto out;
- }
-
- LogDebug("Retrieve level : " << strLevel);
-
- while (FpPtr) {
- xmlChar *content = xmlNodeGetContent(FpPtr);
-
- if (xmlStrcmp(content, (xmlChar *)fingerprint.c_str()) == 0) {
- LogDebug("fingerprint : " << content << " are " << strLevel);
-
- if (!xmlStrcmp(strLevel, xmlPathDomainPlatform)) {
- *visibility = CERTSVC_VISIBILITY_PLATFORM;
- ret = CERTSVC_SUCCESS;
- goto out;
- } else if (!xmlStrcmp(strLevel, xmlPathDomainPublic)) {
- *visibility = CERTSVC_VISIBILITY_PUBLIC;
- ret = CERTSVC_SUCCESS;
- goto out;
- } else if (!xmlStrcmp(strLevel, xmlPathDomainPartner)) {
- *visibility = CERTSVC_VISIBILITY_PARTNER;
- ret = CERTSVC_SUCCESS;
- goto out;
- } else if (!xmlStrcmp(strLevel, xmlPathDomainDeveloper)) {
- *visibility = CERTSVC_VISIBILITY_DEVELOPER;
- ret = CERTSVC_SUCCESS;
- goto out;
- }
- }
+ auto certPtr = iter->second;
+ auto storeIdSet = createCertificateIdentifier().find(certPtr);
+ if (storeIdSet.contains(CERTSVC_VISIBILITY_PUBLIC))
+ *visibility = CERTSVC_VISIBILITY_PUBLIC;
+ else if (storeIdSet.contains(CERTSVC_VISIBILITY_PLATFORM))
+ *visibility = CERTSVC_VISIBILITY_PLATFORM;
+ else if (storeIdSet.contains(CERTSVC_VISIBILITY_PARTNER))
+ *visibility = CERTSVC_VISIBILITY_PARTNER;
+ else if (storeIdSet.contains(CERTSVC_VISIBILITY_DEVELOPER))
+ *visibility = CERTSVC_VISIBILITY_DEVELOPER;
+ else
+ return CERTSVC_FAIL;
- FpPtr = xmlNextElementSibling(FpPtr);
- }
+ LogInfo("Certificate's finger print : " <<
+ Certificate::FingerprintToColonHex(certPtr->getFingerprint(
+ Certificate::FINGERPRINT_SHA1)) <<
+ ", visibility : " << *visibility);
- curPtr = xmlNextElementSibling(curPtr);
- }
-
- xmlFreeDoc(doc);
- return CERTSVC_FAIL;
-out:
- xmlFreeDoc(doc);
- return ret;
+ return CERTSVC_SUCCESS;
}
inline int pkcsNameIsUniqueInStore(
CertSvcVisibility *visibility)
{
try {
- int result = impl(certificate.privateInstance)->getVisibility(certificate, visibility,
- FINGERPRINT_LIST_PATH);
- if (result != CERTSVC_SUCCESS) {
- LogDebug("Cannot find store id in FINGERPRINT_LIST_PATH. Find it in extention continue.");
- result = impl(certificate.privateInstance)->getVisibility(certificate, visibility,
- FINGERPRINT_LIST_EXT_PATH);
- }
+ return impl(certificate.privateInstance)->getVisibility(certificate, visibility);
- return result;
} catch (...) {
LogError("exception occur");
}
};
std::vector<std::string> TestData::certChainSelfSigned(certChainSelfSignedArr,
certChainSelfSignedArr + 2);
+
+const std::string TestData::certCAAuthor =
+ "MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC"
+ "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
+ "ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD"
+ "QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw"
+ "MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE"
+ "CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB"
+ "MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD"
+ "DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA"
+ "A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI"
+ "rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9"
+ "yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB"
+ "MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af"
+ "KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN"
+ "5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv"
+ "bSaM";
+
+const std::string TestData::certCAPublic =
+ "MIIDOzCCAiOgAwIBAgIJAIghU0nmmUUlMA0GCSqGSIb3DQEBCwUAMFQxGjAYBgNV"
+ "BAoMEVRpemVuIEFzc29jaWF0aW9uMTYwNAYDVQQDDC1UaXplbiBBc3NvY2lhdGlv"
+ "biBERVZFTE9QRVIgUHVibGljIFJvb3QgQ2xhc3MwHhcNMTMxMjMwMTUwNTM5WhcN"
+ "MzMxMjI1MTUwNTM5WjBUMRowGAYDVQQKDBFUaXplbiBBc3NvY2lhdGlvbjE2MDQG"
+ "A1UEAwwtVGl6ZW4gQXNzb2NpYXRpb24gREVWRUxPUEVSIFB1YmxpYyBSb290IENs"
+ "YXNzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Z1tVsO0gVYdAxyz"
+ "+1mHNgHkdiLz8Drer9LXItILHOaJC21kBh3FByWL2fOxIAm7WGp/wCqqjY9GJRpz"
+ "tj/3uYEIJKDLLfwgwQJF1WoV3XzwTtY/ZO/N9lH51PhW/qQy+1qP8E0H1meKgVM3"
+ "m1IUuXLkpjzf1jfhcCM6gEQB9R4DBYd6ua0L/lGvkRQOjNMeAnEcmxCDXptRfu7v"
+ "/fOx3ttIV81Lf18VdQIi3yzRbP68z/MTfPNwhm/QG+C+v+JCv4A/mchEhAuPuuSu"
+ "1Op9QsiKZNY2wvJ0zOr44zM2smD3kbi4JgfYWUljFifDXsW1b6Lbzr42MsT+abpF"
+ "ciJZCQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAi"
+ "nOTRl3o20ww/M6UJCnGaGUU1fx+E/u+JUybz/DZWQtwZDh2dyVCoTaiVXcY71OXq"
+ "e4z+ZwarErdRnd6qfn6tNQBFJPj/quDULTVUHJwU72G/8Eh0zz0fQbCc7yD8vhMu"
+ "y1ceP45exApLzqupc4bFq3N+/lJiDzVNU/fVWjsr1ut5lHsXzXmeYUEGh+iwoFgD"
+ "z4zOJQ/0xwxcatkKBFZRnckUI46YyV9rlbeb9myTDqzRo/BXaor3lNbWJTvlKXrT"
+ "rGGUot1OUwUY0ZqRInUlWE45uOdIO1FE0VvJiBr2nTfS/APbg475t4D4gq3hvOkg"
+ "WdojCrFoNvutFOrtyxBz";
+
+const std::string TestData::certCAPlatform =
+ "MIIDPzCCAiegAwIBAgIJAMHhUV/SBOJTMA0GCSqGSIb3DQEBCwUAMFYxGjAYBgNV"
+ "BAoMEVRpemVuIEFzc29jaWF0aW9uMTgwNgYDVQQDDC9UaXplbiBBc3NvY2lhdGlv"
+ "biBERVZFTE9QRVIgUGxhdGZvcm0gUm9vdCBDbGFzczAeFw0xMzEyMzAxNTA1Mzla"
+ "Fw0zMzEyMjUxNTA1MzlaMFYxGjAYBgNVBAoMEVRpemVuIEFzc29jaWF0aW9uMTgw"
+ "NgYDVQQDDC9UaXplbiBBc3NvY2lhdGlvbiBERVZFTE9QRVIgUGxhdGZvcm0gUm9v"
+ "dCBDbGFzczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSPcakP+RAY"
+ "7zQ5CF/m+GgB6op0Bdn1Z90F72PRXZpBplyUqXhkx3Ug+x1EBAmOjo3BUh1f0u4u"
+ "BXrxkI4H1wtgG3kMoprzMERLdIfCMDp+MCGslIAbApWbTZ7akv8FOcZyL3apQda+"
+ "nLInd67uLOJ2YJ99CkeTZHKeoKy3P62gAZxw6j3UY+IBgdP8c+K3vII/KZj9Tl/G"
+ "afliSibhK48yJ9TEEdYobnaTKG9dtk5aj+dr4I4LW33MVuOaW+l1lZfaUdFRPbq4"
+ "eHw1tB/HOeV46yEoxmHKLNffsLuR2vhsXdyd/240JqnyEG1JoymPdRAM3uFSZYE1"
+ "/jM69Hg/5uECAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC"
+ "AQEADsv3CXY79VtNchvONSTU13OibFwcTZFaq3O3DB6ClZVRFChyad+ZwmhGEY1p"
+ "rOwSFJZpPWOACuFdiSKg08FdJEUQMgQdQklUJY2kKAtSj40+4pIlvAd4MxGxj9JP"
+ "6r0cdnp6/rWfPPVOSpPps6Vx3ML4lxYWcybSwcqdRtdXvQFlA6w7Syjs8KmbIuBf"
+ "GmuFerjGJAawy3Uvlb7fuvtOXiPqLAOpNX/Qanj8yKxHPi4FcYdxD/n0yW+8SzeL"
+ "y8B5VVJlUX0u1VYe07Q3mNwrto+xw/Un5GAd6nupz3MGduWODK1rC65+sz8Q5SwI"
+ "Dbn/OGS3G5OJuLp3YnMLYpDkXA==";
+
+const std::string TestData::certCAPartner =
+ "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
+ "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
+ "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
+ "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
+ "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
+ "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
+ "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
+ "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
+ "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
+ "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
+ "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
+ "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
+ "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
+ "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
+ "gS9G4WEAUg==";
*/
extern std::vector<std::string> certChainSelfSigned;
+extern const std::string certCAAuthor;
+extern const std::string certCAPublic;
+extern const std::string certCAPlatform;
+extern const std::string certCAPartner;
+
}
*/
#include <iostream>
-
#include <string>
#include <cstring>
+#include <map>
+
#include <openssl/x509.h>
+
#include <dpl/test/test_runner.h>
#include <cert-svc/ccert.h>
RUNNER_TEST(T0206_certificate_get_visibility)
{
- /*
- * format : DER_BASE64 FORM
- * which is identical to pem format without header and tail
- */
- const char *tizen_distributor_root_ca_partner_der_base64 =
- "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC\n"
- "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6\n"
- "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq\n"
- "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy\n"
- "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD\n"
- "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg\n"
- "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM\n"
- "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B\n"
- "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp\n"
- "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS\n"
- "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C\n"
- "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n\n"
- "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6\n"
- "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL\n"
- "gS9G4WEAUg==";
- CertSvcInstance instance;
- CertSvcCertificate certificate;
- int retval;
- RUNNER_ASSERT_MSG(
- (retval = certsvc_instance_new(&instance)) == CERTSVC_SUCCESS,
- "Failed to certsvc_instance_new. retval:" << retval);
- RUNNER_ASSERT_MSG(
- (retval = certsvc_certificate_new_from_memory(
- instance,
- (const unsigned char *)tizen_distributor_root_ca_partner_der_base64,
- strlen(tizen_distributor_root_ca_partner_der_base64),
- CERTSVC_FORM_DER_BASE64,
- &certificate) == CERTSVC_SUCCESS),
- "Failed to certsvc_certificate_new_from_memory. retval: " << retval);
- CertSvcVisibility visibility;
- RUNNER_ASSERT_MSG(
- (retval == certsvc_certificate_get_visibility(certificate, &visibility)) == CERTSVC_SUCCESS,
- "Failed to certsvc_certificate_get_visibility. retval: " << retval);
- RUNNER_ASSERT_MSG(
- visibility == CERTSVC_VISIBILITY_PARTNER,
- "returned visibility should be partner(" << CERTSVC_VISIBILITY_PARTNER
- << ") but returned(" << visibility << ")");
- certsvc_instance_free(instance);
+ std::map<CertSvcVisibility, const std::string> caMap;
+ caMap.insert(std::pair<CertSvcVisibility, const std::string>(
+ CERTSVC_VISIBILITY_DEVELOPER,
+ TestData::certCAAuthor));
+ caMap.insert(std::pair<CertSvcVisibility, const std::string>(
+ CERTSVC_VISIBILITY_PUBLIC,
+ TestData::certCAPublic));
+ caMap.insert(std::pair<CertSvcVisibility, const std::string>(
+ CERTSVC_VISIBILITY_PLATFORM,
+ TestData::certCAPlatform));
+ caMap.insert(std::pair<CertSvcVisibility, const std::string>(
+ CERTSVC_VISIBILITY_PARTNER,
+ TestData::certCAPartner));
+
+ for (auto ca : caMap) {
+ CertSvcInstance instance;
+ CertSvcCertificate certificate;
+ int retval;
+ RUNNER_ASSERT_MSG(
+ (retval = certsvc_instance_new(&instance)) == CERTSVC_SUCCESS,
+ "Failed to certsvc_instance_new. retval:" << retval);
+ RUNNER_ASSERT_MSG(
+ (retval = certsvc_certificate_new_from_memory(
+ instance,
+ reinterpret_cast<const unsigned char *>(ca.second.c_str()),
+ ca.second.size(),
+ CERTSVC_FORM_DER_BASE64,
+ &certificate) == CERTSVC_SUCCESS),
+ "Failed to certsvc_certificate_new_from_memory. retval: " << retval);
+ CertSvcVisibility visibility;
+ RUNNER_ASSERT_MSG(
+ (retval == certsvc_certificate_get_visibility(
+ certificate, &visibility)) == CERTSVC_SUCCESS,
+ "Failed to certsvc_certificate_get_visibility. retval: " << retval);
+ RUNNER_ASSERT_MSG(
+ visibility == ca.first,
+ "returned visibility should be (" << ca.first <<
+ ") but returned(" << visibility << ")");
+ certsvc_instance_free(instance);
+ }
}
projects / platform / core / security / cert-svc.git / commitdiff