ADD_DEFINITIONS("-DTANCHOR_TEST_DIR=\"${TANCHOR_TEST}\"")
ADD_DEFINITIONS("-DTANCHOR_BUNDLE=\"${TANCHOR_BUNDLE}\"")
ADD_DEFINITIONS("-DTANCHOR_SYSCA=\"${TANCHOR_SYSCA}\"")
+ADD_DEFINITIONS("-DTANCHOR_PKG_CERTS=\"${TANCHOR_PKG_CERTS}\"")
ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS=\"${TZ_SYS_CA_CERTS}\"")
ADD_DEFINITIONS("-DTZ_SYS_CA_BUNDLE=\"${TZ_SYS_CA_BUNDLE}\"")
* @details Package custom certificates would be installed on system.
* This function should be called before trust_anchor_launch().
* @param[in] package_id Package id
- * @param[in] pkg_certs_path Package custom certificates path
* @param[in] uid user id
+ * @param[in] pkg_certs_path Package custom certificates path
* @param[in] with_system_certs Whether system certificates use or not
* @return #TRUST_ANCHOR_ERROR_NONE on success,
* negative on error
* @see trust_anchor_uninstall()
*/
int trust_anchor_install(const char *package_id,
- const char *pkg_certs_path,
uid_t uid,
+ const char *pkg_certs_path,
bool with_system_certs);
* @brief Launch trust anchor.
* @details After lauching trust anchor, package can use custom certificates.
* @param[in] package_id Package id
- * @param[in] pkg_certs_path Package custom certificates path
* @param[in] uid user id
* @return #TRUST_ANCHOR_ERROR_NONE on success,
* negative on error
* @retval #TRUST_ANCHOR_ERROR_INTERNAL Internal error
* @see trust_anchor_install()
*/
-int trust_anchor_launch(const char *package_id,
- const char *pkg_certs_path,
- uid_t uid);
+int trust_anchor_launch(const char *package_id, uid_t uid);
/**
* @brief Uninstall trust anchor.
* @param[in] package_id Package id
- * @param[in] pkg_certs_path Package custom certificates path
* @param[in] uid user id
* @return #TRUST_ANCHOR_ERROR_NONE on success,
* negative on error
* @retval #TRUST_ANCHOR_ERROR_INTERNAL Internal error
* @see trust_anchor_install()
*/
-int trust_anchor_uninstall(const char *package_id,
- const char *pkg_certs_path,
- uid_t uid);
+int trust_anchor_uninstall(const char *package_id, uid_t uid);
#ifdef __cplusplus
class TANCHOR_API TrustAnchor {
public:
- explicit TrustAnchor(const std::string &packageId,
- const std::string &certsDir,
- uid_t uid) noexcept;
+ explicit TrustAnchor(const std::string &packageId, uid_t uid) noexcept;
virtual ~TrustAnchor(void);
TrustAnchor(const TrustAnchor &) = delete;
TrustAnchor &operator=(const TrustAnchor &) = delete;
TrustAnchor &operator=(TrustAnchor &&) = delete;
- int install(bool withSystemCerts) noexcept;
+ int install(const std::string &pkgCertsPath, bool withSystemCerts) noexcept;
int uninstall(void) noexcept;
int launch(void) noexcept;
bool with_sys = false;
uid_t uid = -1;
- int ret = trust_anchor_install("pkgid", "/pkg_certs_path", uid, with_sys);
+ int ret = trust_anchor_install("pkgid", uid, "/pkg_certs_path", with_sys);
if (ret != TRUST_ANCHOR_ERROR_NONE) {
printf("Failed to install operation");
return -1;
/*
* When app uninstalled trust_anchor_uninstall() should be called once.
*/
- ret = trust_anchor_uninstall("pkgid", "/pkg_certs_path", uid);
+ ret = trust_anchor_uninstall("pkgid", uid);
if (ret != TRUST_ANCHOR_ERROR_NONE) {
printf("Failed to uninstall operation");
return -1;
*/
uid_t uid = -1;
- int ret = trust_anchor_launch("pkgid", "/pkg_certs_path", uid);
+ int ret = trust_anchor_launch("pkgid", uid);
if (ret != TRUST_ANCHOR_ERROR_NONE) {
printf("Failed to launch operation");
return -1;
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
-%global lib_name tanchor
-%global user_name security_fw
-%global group_name security_fw
-%global smack_label System
-
-%global tanchor_base %{TZ_SYS_DATA}/%{lib_name}
-%global tanchor_pkg %{tanchor_base}/pkg
-%global tanchor_bundle %{tanchor_base}/ca-bundle.pem
-%global tanchor_sysca %{tanchor_base}/.sysca
-%global tanchor_test %{tanchor_base}/test
-%global tanchor_example %{tanchor_base}/example
+%global lib_name tanchor
+%global user_name security_fw
+%global group_name security_fw
+%global smack_label System
+
+%global tanchor_base %{TZ_SYS_DATA}/%{lib_name}
+%global tanchor_pkg %{tanchor_base}/pkg
+%global tanchor_bundle %{tanchor_base}/ca-bundle.pem
+%global tanchor_sysca %{tanchor_base}/.sysca
+%global tanchor_pkgcerts %{tanchor_base}/.pkgcerts
+%global tanchor_test %{tanchor_base}/test
+%global tanchor_example %{tanchor_base}/example
%description
The package provides trust-anchor which the application can assign
%dir %attr(-, %{user_name}, %{group_name}) %{tanchor_base}
%dir %attr(-, %{user_name}, %{group_name}) %{tanchor_pkg}
%attr(-, %{user_name}, %{group_name}) %{tanchor_bundle}
+%attr(-, %{user_name}, %{group_name}) %{tanchor_pkgcerts}
%attr(444 %{user_name}, %{group_name}) %{tanchor_sysca}
%prep
-DTANCHOR_PKG=%{tanchor_pkg} \
-DTANCHOR_BUNDLE=%{tanchor_bundle} \
-DTANCHOR_SYSCA=%{tanchor_sysca} \
+ -DTANCHOR_PKG_CERTS=%{tanchor_pkgcerts} \
-DTANCHOR_TEST=%{tanchor_test} \
-DTANCHOR_EXAMPLE=%{tanchor_example} \
-DTZ_SYS_CA_CERTS=%{TZ_SYS_CA_CERTS} \
touch %{buildroot}%{tanchor_bundle}
touch %{buildroot}%{tanchor_sysca}
+touch %{buildroot}%{tanchor_pkgcerts}
%post -p /sbin/ldconfig
TANCHOR_API
int trust_anchor_install(const char *package_id,
- const char *pkg_certs_path,
uid_t uid,
+ const char *pkg_certs_path,
bool with_system_certs)
{
- TrustAnchor ta(package_id, pkg_certs_path, uid);
- return ta.install(with_system_certs);
+ TrustAnchor ta(package_id, uid);
+ return ta.install(pkg_certs_path, with_system_certs);
}
TANCHOR_API
-int trust_anchor_launch(const char *package_id,
- const char *pkg_certs_path,
- uid_t uid)
+int trust_anchor_launch(const char *package_id, uid_t uid)
{
- TrustAnchor ta(package_id, pkg_certs_path, uid);
+ TrustAnchor ta(package_id, uid);
return ta.launch();
}
TANCHOR_API
-int trust_anchor_uninstall(const char *package_id,
- const char *pkg_certs_path,
- uid_t uid)
+int trust_anchor_uninstall(const char *package_id, uid_t uid)
{
- TrustAnchor ta(package_id, pkg_certs_path, uid);
+ TrustAnchor ta(package_id, uid);
return ta.uninstall();
}
#include "certificate.hxx"
#include <cstdio>
+#include <memory>
#include <vector>
+
+#include "file-system.hxx"
#include "exception.hxx"
#include <openssl/pem.h>
} // namespace anonymous
-Certificate::Certificate(const std::string &path) :
- m_fp(FilePtr(::fopen(path.c_str(), "rb"), ::fclose))
+Certificate::Certificate(const std::string &path) : m_path(path)
{
- if (this->m_fp == nullptr)
- throw std::invalid_argument("Failed to open [" + path + "].");
}
std::string Certificate::getSubjectNameHash() const
{
- X509Ptr x509(::PEM_read_X509(this->m_fp.get(), NULL, NULL, NULL),
+ FilePtr fp = FilePtr(::fopen(this->m_path.c_str(), "rb"), ::fclose);
+ if (fp == nullptr)
+ throw std::invalid_argument("Failed to open [" + this->m_path + "].");
+
+ X509Ptr x509(::PEM_read_X509(fp.get(), NULL, NULL, NULL),
::X509_free);
if (x509 == nullptr) {
- ::rewind(this->m_fp.get());
- x509 = X509Ptr(::PEM_read_X509_AUX(this->m_fp.get(), NULL, NULL, NULL),
+ ::rewind(fp.get());
+ x509 = X509Ptr(::PEM_read_X509_AUX(fp.get(), NULL, NULL, NULL),
::X509_free);
}
std::string Certificate::getCertificateData() const
{
- std::fseek(this->m_fp.get(), 0L, SEEK_END);
- unsigned int fsize = std::ftell(this->m_fp.get());
- std::rewind(this->m_fp.get());
-
- std::string content(fsize, 0);
- if (fsize != std::fread(static_cast<void*>(&content[0]), 1, fsize,
- this->m_fp.get()))
- throw std::logic_error("Failed to read certificate from fp.");
-
+ std::string content = File::read(this->m_path);
return this->parseData(content);
}
#pragma once
#include <string>
-#include <memory>
-#include <cstdio>
namespace tanchor {
-using FilePtr = std::unique_ptr<FILE, decltype(&::fclose)>;
-
class Certificate {
public:
explicit Certificate(const std::string &path);
private:
std::string parseData(const std::string &data) const;
- FilePtr m_fp;
+ std::string m_path;
};
} // namespace tanchor
const std::string TANCHOR_SYSCA_PATH = TANCHOR_SYSCA;
const std::string TANCHOR_BUNDLE_PATH = TANCHOR_BUNDLE;
+const std::string TANCHOR_PKG_CERTS_PATH = TANCHOR_PKG_CERTS;
const std::string MOUNT_POINT_CERTS(TZ_SYS_CA_CERTS);
const std::string MOUNT_POINT_BUNDLE(TZ_SYS_CA_BUNDLE);
#include <climits>
#include <cerrno>
#include <unistd.h>
+#include <cstdio>
#include <vector>
ThrowErrno(errno, "Failed to link " + src + " -> " + dst);
}
+std::string File::read(const std::string &path)
+{
+ FilePtr fp = FilePtr(::fopen(path.c_str(), "rb"), ::fclose);
+ if (fp == nullptr)
+ throw std::invalid_argument("Failed to open [" + path + "].");
+
+ std::fseek(fp.get(), 0L, SEEK_END);
+ unsigned int fsize = std::ftell(fp.get());
+ std::rewind(fp.get());
+
+ std::string buff(fsize, 0);
+ if (fsize != std::fread(static_cast<void*>(&buff[0]), 1, fsize, fp.get()))
+ throw std::logic_error("Failed to read [" + path + "]");
+ return buff;
+}
+
std::string File::readLink(const std::string &path)
{
std::vector<char> buf(PATH_MAX);
#pragma once
#include <string>
+#include <memory>
namespace tanchor {
+using FilePtr = std::unique_ptr<FILE, decltype(&::fclose)>;
+
class File {
public:
static void linkTo(const std::string &src, const std::string &dst);
static std::string readLink(const std::string &path);
static std::string getName(const std::string &path);
+ static std::string read(const std::string &path);
};
} // namespace tanchor
namespace tanchor {
-Logic::Logic(const std::string &pkgCertsPath, const std::string &basePath) :
- m_pkgCertsPath(pkgCertsPath),
+Logic::Logic(const std::string &basePath) :
m_customBasePath(basePath),
m_customCertsPath(m_customBasePath + "/certs"),
m_customBundlePath(m_customBasePath + "/bundle"),
}
// link pkg certificates to the custom directory as subjectNameHash
- runtime::DirectoryIterator iter(this->m_pkgCertsPath), end;
+ runtime::DirectoryIterator iter(this->getPkgCertsPath()), end;
while (iter != end) {
Certificate cert(iter->getPath());
std::string uName = this->getUniqueCertName(cert.getSubjectNameHash());
if (this->m_customCertsData.empty()) {
DEBUG("System certificates is changed after TrustAnchor installation.");
- runtime::DirectoryIterator iter(this->m_pkgCertsPath), end;
+ runtime::DirectoryIterator iter(this->getPkgCertsPath()), end;
while (iter != end) {
Certificate cert(iter->getPath());
this->m_customCertsData.emplace_back(cert.getCertificateData());
INFO("Success to make pkg custom bundle.");
}
-bool Logic::isPkgCertsValid(void) const
+bool Logic::isPkgCertsValid(const std::string &path) const
{
- runtime::File file(this->m_pkgCertsPath);
+ runtime::File file(path);
if (!file.exists())
ThrowExc(TRUST_ANCHOR_ERROR_NO_SUCH_FILE,
return file.isDirectory();
}
+void Logic::setPkgCertsPath(const std::string &path) const
+{
+ if (!this->isPkgCertsValid(path))
+ throw std::invalid_argument("Pkg certs dir should be directory.");
+
+
+ runtime::File tanchorPkgCerts(path::TANCHOR_PKG_CERTS_PATH);
+ tanchorPkgCerts.copyTo(this->m_customBasePath);
+
+ runtime::File pkgCertsPath(this->m_customBasePath + "/" +
+ File::getName(path::TANCHOR_PKG_CERTS_PATH));
+ pkgCertsPath.open(O_RDWR | O_APPEND);
+ pkgCertsPath.lock();
+ pkgCertsPath.write(path.c_str(), path.length());
+ pkgCertsPath.unlock();
+
+ DEBUG("Success to set package certificates path : " << path);
+}
+
+std::string Logic::getPkgCertsPath(void) const
+{
+ std::string path = File::read(this->m_customBasePath + "/" +
+ File::getName(path::TANCHOR_PKG_CERTS_PATH));
+ DEBUG("Package certificates path : " << path);
+ return path;
+}
+
void Logic::setSystemCertsUsed(void) const
{
runtime::File tanchorSysCA(path::TANCHOR_SYSCA_PATH);
class Logic {
public:
- explicit Logic(const std::string &pkgCertsPath, const std::string &basePath);
+ explicit Logic(const std::string &basePath);
virtual ~Logic(void) = default;
Logic(const Logic &) = delete;
void makeCustomCerts(void);
void makeCustomBundle(void);
- bool isPkgCertsValid(void) const;
+ void setPkgCertsPath(const std::string &path) const;
+ std::string getPkgCertsPath(void) const;
bool isSystemCertsUsed(void) const;
bool isSystemCertsModified(void) const;
private:
std::string getUniqueCertName(const std::string &name) const;
+ bool isPkgCertsValid(const std::string &path) const;
- std::string m_pkgCertsPath;
std::string m_customBasePath;
std::string m_customCertsPath;
std::string m_customBundlePath;
class TrustAnchor::Impl {
public:
- explicit Impl(const std::string &packageId,
- const std::string &certsDir,
- uid_t uid) noexcept;
+ explicit Impl(const std::string &packageId, uid_t uid) noexcept;
virtual ~Impl(void) = default;
- int install(bool withSystemCerts) noexcept;
+ int install(const std::string &pkgCertsPath, bool withSystemCerts) noexcept;
int uninstall(void) const noexcept;
int launch(void) noexcept;
int rollback(void) const noexcept;
Logic m_logic;
};
-TrustAnchor::Impl::Impl(const std::string &packageId,
- const std::string &certsDir,
- uid_t uid) noexcept :
- m_logic(certsDir,
- path::BASE_PKG_PATH + "/" +
+TrustAnchor::Impl::Impl(const std::string &packageId, uid_t uid) noexcept :
+ m_logic(path::BASE_PKG_PATH + "/" +
std::to_string(static_cast<int>(uid)) + "/" +
packageId)
{
void TrustAnchor::Impl::preInstall(void)
{
this->m_logic.init();
-
- if (!this->m_logic.isPkgCertsValid())
- throw std::invalid_argument("Pkg certs dir should be directory.");
DEBUG("Success to pre-install stage.");
}
-int TrustAnchor::Impl::install(bool withSystemCerts) noexcept
+int TrustAnchor::Impl::install(const std::string &pkgCertsPath,
+ bool withSystemCerts) noexcept
{
EXCEPTION_GUARD_START
this->preInstall();
+ this->m_logic.setPkgCertsPath(pkgCertsPath);
if (withSystemCerts)
this->m_logic.setSystemCertsUsed();
DEBUG("This package use system certificates.");
if (this->m_logic.isSystemCertsModified()) {
WARN("System certificates be changed. Do re-install for refresh.");
- this->install(true);
+ this->install(this->m_logic.getPkgCertsPath(), true);
}
DEBUG("Success to pre-launch stage.");
}
EXCEPTION_GUARD_END
}
-TrustAnchor::TrustAnchor(const std::string &packageId,
- const std::string &certsDir,
- uid_t uid) noexcept :
- m_pImpl(new Impl(packageId, certsDir, uid)) {}
+TrustAnchor::TrustAnchor(const std::string &packageId, uid_t uid) noexcept :
+ m_pImpl(new Impl(packageId, uid)) {}
TrustAnchor::~TrustAnchor(void) = default;
-int TrustAnchor::install(bool withSystemCerts) noexcept
+int TrustAnchor::install(const std::string &pkgCertsPath,
+ bool withSystemCerts) noexcept
{
if (this->m_pImpl == nullptr)
return TRUST_ANCHOR_ERROR_OUT_OF_MEMORY;
- int ret = this->m_pImpl->install(withSystemCerts);
+ int ret = this->m_pImpl->install(pkgCertsPath, withSystemCerts);
if (ret != TRUST_ANCHOR_ERROR_NONE) {
ERROR("Failed to intall ACTA. Remove custom directory for rollback.");
SET(INTERNAL_SRCS main.cpp
test-util.cpp
test-certificate.cpp
+ ${TANCHOR_SRC}/exception.cpp
+ ${TANCHOR_SRC}/file-system.cpp
${TANCHOR_SRC}/certificate.cpp)
SET(SSL_SRCS main.cpp
test-curl.cpp
TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_POSITIVE)
{
- int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, false);
+ int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, false);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_WITH_SYS_POSITIVE)
{
- int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, true);
+ int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, true);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_NEGATIVE)
{
- int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID, false);
+ int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, DUMMY_CERTS_DIR, false);
TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_WITH_SYS_NEGATIVE)
{
- int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID, true);
+ int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, DUMMY_CERTS_DIR, true);
TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(CAPI_TRUST_ANCHOR_UNINSTALL_POSITIVE)
{
- int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, false);
+ int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, false);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
- ret = trust_anchor_uninstall(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
+ ret = trust_anchor_uninstall(DUMMY_PKG_ID, DUMMY_UID);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(CAPI_TRUST_ANCHOR_UNINSTALL_NEGATIVE)
{
- int ret = trust_anchor_uninstall(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID);
+ int ret = trust_anchor_uninstall(DUMMY_PKG_ID, DUMMY_UID);
TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE);
}
auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS);
auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE);
- int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, true);
+ int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, true);
// pre-condition
int pid = fork();
if (pid == 0) {
- ret = trust_anchor_launch(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
+ ret = trust_anchor_launch(DUMMY_PKG_ID, DUMMY_UID);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
auto afterLsChild = test::util::ls(TZ_SYS_RO_CA_CERTS);
TESTCASE(TRUST_ANCHOR_LAUNCH)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(false);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, false);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
std::cout << "##########################################" << std::endl;
TESTCASE(TRUST_ANCHOR_LAUNCH_WITH_SYS)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(true);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, true);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
std::cout << "##########################################" << std::endl;
TESTCASE(TRUST_ANCHOR_INSTALL_POSITIVE)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(false);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, false);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(TRUST_ANCHOR_INSTALL_WITH_SYS_POSITIVE)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(true);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, true);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(TRUST_ANCHOR_INSTALL_NEGATIVE)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(false);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(DUMMY_CERTS_DIR, false);
TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(TRUST_ANCHOR_INSTALL_WITH_SYS_NEGATIVE)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(true);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(DUMMY_CERTS_DIR, true);
TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE);
}
TESTCASE(TRUST_ANCHOR_UNINSTALL_POSITIVE)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(false);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, false);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
ret = ta.uninstall();
TESTCASE(TRUST_ANCHOR_UNINSTALL_NEGATIVE)
{
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
int ret = ta.uninstall();
TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE);
}
auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS);
auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE);
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(false);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, false);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
// pre-condition
auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS);
auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE);
- tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID);
- int ret = ta.install(true);
+ tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID);
+ int ret = ta.install(PKG_CERTS_DIR, true);
TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE);
// pre-condition
projects / platform / core / security / trust-anchor.git / commitdiff