Requires: ca-certificates
Requires: ca-certificates-tizen
Requires: security-config
+Requires: openssl
%if "%{?profile}" == "mobile"
BuildRequires: pkgconfig(cert-checker)
%endif
-DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
-DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
-DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
+ -DCERT_SVC_CA_BUNDLE=%CERT_SVC_CA_BUNDLE \
-DFINGERPRINT_LIST_RW_PATH=%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME \
-DCERT_SVC_PATH=%CERT_SVC_PATH \
-DCERT_SVC_RO_PATH=%CERT_SVC_RO_PATH \
#
NEW_DB=@CERT_SVC_DB_PATH@/certs-meta.db
+TEST_GNAME1="6410666e.0"
+TEST_GNAME2="790a7190.0"
# set test old database
rm -rf @CERT_SVC_OLD_DB_PATH@/*
cp @UPGRADE_DATA_PATH@/certs-meta-old.db @CERT_SVC_OLD_DB_PATH@/certs-meta.db
before_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l`
+before_upgrade_bundle_line=`cat @TZ_SYS_CA_BUNDLE@ | wc -l`
# run db upgrade
@UPGRADE_SCRIPT_PATH@/cert-svc-db-upgrade.sh
fi
# testcase 2. below gname's enabled column should off
-enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='6410666e.0';"`
+enabled_column1=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='$TEST_GNAME1';"`
if [ "$enabled_column1" != "0" ]
then
echo "[-] Failed to upgrade ssl table."
else
echo "[+] Success to upgrade ssl table."
fi
-enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='790a7190.0';"`
+enabled_column2=`sqlite3 $NEW_DB "SELECT enabled from ssl WHERE gname='$TEST_GNAME2';"`
if [ "$enabled_column2" != "0" ]
then
echo "[-] Failed to upgrade ssl table."
echo "[+] Success to upgrade ssl table."
fi
-# testcase 3. check to exist disabeld certs on rw area
-link_path1="@TZ_SYS_CA_CERTS@/6410666e.0"
+# testcase 3. check to exist disabled certs on rw area
+link_path1="@TZ_SYS_CA_CERTS@/$TEST_GNAME1"
if [ -f $link_path1 ]
then
echo "[-] Failed to unlink disabled certs."
else
echo "[+] Success to unlink disabled certs."
fi
-link_path2="@TZ_SYS_CA_CERTS@/790a7190.0"
+link_path2="@TZ_SYS_CA_CERTS@/$TEST_GNAME2"
if [ -f $link_path1 ]
then
echo "[-] Failed to unlink disabled certs."
# check certificate's count was reduced
after_upgrade_certs_cnt=`ls -l @TZ_SYS_CA_CERTS@ | grep ^l | wc -l`
-diff=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt)
-if [ "$diff" != "2" ]
+diff_cnt=$(expr $before_upgrade_certs_cnt - $after_upgrade_certs_cnt)
+if [ "$diff_cnt" != "2" ]
then
echo "[-] Failed to unlink disabled certs."
echo "[-] Check ca-certificate package's upgrade has done."
else
echo "[+] Success to unlink disabled certs."
fi
+
+# testcase 4. bundle file should update
+after_upgrade_bundle_line=`cat @TZ_SYS_CA_BUNDLE@ | wc -l`
+diff_line1=$(expr $before_upgrade_bundle_line - $after_upgrade_bundle_line)
+if [ "$diff_line1" != "56" ]
+then
+ echo "[-] Failed to update bundle file."
+ echo "[-] Check ca-certificate package's upgrade has done."
+else
+ echo "[+] Success to update bundle file."
+fi
+
+after_symbol_bundle_line=`cat @CERT_SVC_CA_BUNDLE@ | wc -l`
+diff_line2=$(expr $after_upgrade_bundle_line - $after_symbol_bundle_line)
+if [ "$diff_line2" != "0" ]
+then
+ echo "[-] Failed to sync bundle file with CERT_SVC_CA_BUNDLE."
+else
+ echo "[+] Success to sync bundle file with CERT_SVC_CA_BUNDLE."
+fi