INSTALL(
DIRECTORY
resource/wgt
+ resource/wgt_dist22
resource/wgt_negative_hash
resource/wgt_negative_signature
resource/wgt_negative_certificate
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fhh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU
+Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5
+NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#AuthorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#AuthorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#AuthorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget">
+ <name shortname="ShortName">Widget Name OK</name>
+ <version>1.2.3.4</version>
+ <description>A short description of widget</description>
+ <author>Author Name</author>
+</widget>
--- /dev/null
+<!doctype html>
+<title>Not tested</title>
+<body style="background-color:#666">
+<h1>None</h1>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA
+MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3
+8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw
+CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT
+A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B
+CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh
+EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o
+O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU
+ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM
+H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y
+t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK
+xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference URI="author-signature.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue>
+ </Reference>
+ <Reference URI="config.xml">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue>
+ </Reference>
+ <Reference URI="index.html">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue>
+ </Reference>
+ <Reference URI="#prop">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV
+BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT
+BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA
+c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL
+MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp
+b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT
+BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr
+BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9
+sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c
+Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3
+FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+
+4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd
+VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110
+L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf
+Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0
+fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA
++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw
+HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD
+gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv
+ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V
+cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="prop">
+ <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
+ <SignatureProperty Id="profile" Target="#DistributorSignature">
+ <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
+ </SignatureProperty>
+ <SignatureProperty Id="role" Target="#DistributorSignature">
+ <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
+ </SignatureProperty>
+ <SignatureProperty Id="identifier" Target="#DistributorSignature">
+ <dsp:Identifier/>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+</Signature>
#include "test-common.h"
const std::string TestData::widget_path = std::string(TESTAPP_RES_DIR) + "apps/wgt";
+const std::string TestData::widget_dist22_path = std::string(TESTAPP_RES_DIR) + "apps/wgt_dist22";
const std::string TestData::widget_negative_hash_path = std::string(TESTAPP_RES_DIR) + "apps/wgt_negative_hash";
const std::string TestData::widget_negative_signature_path = std::string(TESTAPP_RES_DIR) + "apps/wgt_negative_signature";
const std::string TestData::widget_negative_certificate_path = std::string(TESTAPP_RES_DIR) + "apps/wgt_negative_certificate";
namespace TestData {
extern const std::string widget_path;
+extern const std::string widget_dist22_path;
extern const std::string widget_negative_hash_path;
extern const std::string widget_negative_signature_path;
extern const std::string widget_negative_certificate_path;
RUNNER_ASSERT_MSG(signatureSet.size() == 2, "Some signature has not been found");
for (auto &fileInfo : signatureSet)
- RUNNER_ASSERT_MSG(
- ((fileInfo.getFileName().find("author-signature.xml") != std::string::npos && fileInfo.getFileNumber() == -1)
- || (fileInfo.getFileName().find("signature1.xml") != std::string::npos && fileInfo.getFileNumber() == 1)),
+ RUNNER_ASSERT_MSG((
+ (fileInfo.getFileName().find("author-signature.xml") != std::string::npos && fileInfo.getFileNumber() == -1) ||
+ (fileInfo.getFileName().find("signature1.xml") != std::string::npos && fileInfo.getFileNumber() == 1)),
"invalid signature xml found: " << fileInfo.getFileName() << " with number: " << fileInfo.getFileNumber());
}
}
}
+RUNNER_TEST(T00108_distributor_disregard_check)
+{
+ SignatureFileInfoSet signatureSet;
+ SignatureFinder signatureFinder(TestData::widget_dist22_path);
+ RUNNER_ASSERT_MSG(
+ SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet),
+ "SignatureFinder failed");
+
+ for (auto &sig : signatureSet) {
+ SignatureValidator validator(sig);
+ SignatureData data;
+ VCerr result = validator.check(
+ TestData::widget_dist22_path,
+ true,
+ true,
+ data);
+
+ if (data.isAuthorSignature())
+ RUNNER_ASSERT_MSG(result == E_SIG_INVALID_CHAIN,
+ "author sig validation should be fail : "
+ << validator.errorToString(result));
+ else
+ if (data.getSignatureNumber() == 1)
+ RUNNER_ASSERT_MSG(result == E_SIG_INVALID_CHAIN,
+ "dist1 sig validation should be fail: "
+ << validator.errorToString(result));
+ else
+ RUNNER_ASSERT_MSG(result == E_SIG_DISREGARDED,
+ "dist22 sig validation should be disregarded: "
+ << validator.errorToString(result));
+ }
+}
+
RUNNER_TEST(T00151_negative_hash_check_ref)
{
SignatureFileInfoSet signatureSet;
}
if (completeWithSystemCert && !collection.completeCertificateChain()) {
- LogError("Failed to complete cert chain with system cert");
- return E_SIG_INVALID_CHAIN;
+ if (m_data.isAuthorSignature() || m_data.getSignatureNumber() == 1) {
+ LogError("Failed to complete cert chain with system cert");
+ return E_SIG_INVALID_CHAIN;
+ } else {
+ LogError("distributor's signature has got unrecognized root CA certificate.");
+ m_disregarded = true;
+ }
}
m_data.setSortedCertificateList(collection.getChain());
}
if (m_data.getSignatureNumber() == 1 && !storeIdSet.isContainsVis()) {
LogError("signature1.xml has got unrecognized root CA certificate.");
+ return E_SIG_INVALID_CHAIN;
+ } else if (!storeIdSet.isContainsVis()) {
+ LogError("signatureN.xml (not 1) has got unrecognized root CA certificate.");
m_disregarded = true;
}
}
return result;
if (!m_data.isAuthorSignature()) {
+ if (!m_data.getSignatureNumber() != 1)
+ m_context.allowBrokenChain = true;
+
XmlSecSingleton::Instance().validate(m_context);
m_data.setReference(m_context.referenceSet);