From: Kyungwook Tak Date: Fri, 31 Jul 2015 02:29:47 +0000 (+0900) Subject: Add ocsp check module in signature validator X-Git-Tag: accepted/tizen/mobile/20150824.134548~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=577b04bc31293e037a680b3014ee866b31fcd186;p=platform%2Fcore%2Fsecurity%2Fcert-svc.git Add ocsp check module in signature validator Change-Id: I22c8aea943518caa65b5ff4659e6f05c9cc34741 Signed-off-by: Kyungwook Tak --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 057d99b..099fe42 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -58,5 +58,6 @@ ADD_SUBDIRECTORY(srcs) ADD_SUBDIRECTORY(vcore) ADD_SUBDIRECTORY(etc) IF (DEFINED CERTSVC_TEST_BUILD) +ADD_DEFINITIONS("-DTESTAPP_RES_DIR=\"${TZ_SYS_RO_APP}/widget/tests/\"") ADD_SUBDIRECTORY(tests) ENDIF (DEFINED CERTSVC_TEST_BUILD) diff --git a/tests/vcore/CMakeLists.txt b/tests/vcore/CMakeLists.txt index c88c4fe..77d9f56 100644 --- a/tests/vcore/CMakeLists.txt +++ b/tests/vcore/CMakeLists.txt @@ -16,22 +16,28 @@ # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) # @author Pawel Sikorski (p.sikorski@samsung.com) # @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @author Kyungwook Tak (k.tak@samsung.com) # @version 1.0 # @brief # +SET(CERT_SVC_VCORE_TESTS_DIR ${CMAKE_CURRENT_SOURCE_DIR}) SET(VCORE_TESTS_SOURCES - ${PROJECT_SOURCE_DIR}/tests/vcore/vcore_tests.cpp - ${PROJECT_SOURCE_DIR}/tests/vcore/TestCases.cpp - ${PROJECT_SOURCE_DIR}/tests/vcore/TestEnv.cpp + ${CERT_SVC_VCORE_TESTS_DIR}/main.cpp + ${CERT_SVC_VCORE_TESTS_DIR}/test-common.cpp + ${CERT_SVC_VCORE_TESTS_DIR}/test-signature-validator.cpp + ${CERT_SVC_VCORE_TESTS_DIR}/test-ocsp-check.cpp ) INCLUDE_DIRECTORIES( ${PROJECT_SOURCE_DIR}/vcore/src - ${PROJECT_SOURCE_DIR}/tests/vcore + ${CERT_SVC_VCORE_TESTS_DIR} ) -ADD_EXECUTABLE(${TARGET_VCORE_TEST} ${VCORE_TESTS_SOURCES} ${DPL_TEST_SOURCES}) +ADD_EXECUTABLE(${TARGET_VCORE_TEST} + ${VCORE_TESTS_SOURCES} + ${DPL_TEST_SOURCES}) + TARGET_LINK_LIBRARIES(${TARGET_VCORE_TEST} ${TARGET_VCORE_LIB} ${TEST_DEP_LIBRARIES} @@ -49,70 +55,70 @@ INSTALL(TARGETS ${TARGET_VCORE_TEST} ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/author-signature.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature1.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature22.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/config.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/index.html + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/author-signature.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/signature1.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/signature22.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/config.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget/index.html DESTINATION ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/author-signature.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature1.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature22.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/config.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/index.html + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/author-signature.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/signature1.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/signature22.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/config.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_hash/index.html DESTINATION ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_hash ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/author-signature.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature1.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature22.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/config.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/index.html + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/author-signature.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/signature1.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/signature22.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/config.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_signature/index.html DESTINATION ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_signature ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/signature1.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/config.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/index.html + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/author-signature.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/signature1.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/config.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_negative_certificate/index.html DESTINATION ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_certificate ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/author-signature.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/signature1.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/config.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/index.html + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/author-signature.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/signature1.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/config.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner/index.html DESTINATION ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/author-signature.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/signature1.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/config.xml - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/index.html + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/author-signature.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/signature1.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/config.xml + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/widget_partner_operator/index.html DESTINATION ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner_operator ) INSTALL(FILES - "${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/reference/encoding test.empty" + "${CERT_SVC_VCORE_TESTS_DIR}/test-cases/reference/encoding test.empty" DESTINATION ${TZ_SYS_RO_APP}/widget/tests/reference ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/root_cacert0.pem + ${CERT_SVC_VCORE_TESTS_DIR}/test-cases/root_cacert0.pem DESTINATION ${TZ_SYS_SHARE}/ca-certificates/tizen ) diff --git a/tests/vcore/TestEnv.cpp b/tests/vcore/TestEnv.cpp deleted file mode 100644 index 8249446..0000000 --- a/tests/vcore/TestEnv.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "TestEnv.h" - -#define SIGNATURE_ERRORDESCRIBE(name) case ValidationCore::SignatureValidator::name: return #name -const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error) -{ - switch (error) { - SIGNATURE_ERRORDESCRIBE(SIGNATURE_VALID); - SIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID); - SIGNATURE_ERRORDESCRIBE(SIGNATURE_VERIFIED); - SIGNATURE_ERRORDESCRIBE(SIGNATURE_DISREGARD); - SIGNATURE_ERRORDESCRIBE(SIGNATURE_REVOKED); - default: - return "Invalid error code."; - } -} -#undef SIGNATURE_ERRORDESCRIBE - diff --git a/tests/vcore/vcore_tests.cpp b/tests/vcore/main.cpp similarity index 100% rename from tests/vcore/vcore_tests.cpp rename to tests/vcore/main.cpp diff --git a/tests/vcore/test-common.cpp b/tests/vcore/test-common.cpp new file mode 100644 index 0000000..5c7698b --- /dev/null +++ b/tests/vcore/test-common.cpp @@ -0,0 +1,225 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "test-common.h" + +#define SIGNATURE_ERRORDESCRIBE(name) case ValidationCore::SignatureValidator::name: return #name +const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error) +{ + switch (error) { + SIGNATURE_ERRORDESCRIBE(SIGNATURE_VALID); + SIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID); + SIGNATURE_ERRORDESCRIBE(SIGNATURE_VERIFIED); + SIGNATURE_ERRORDESCRIBE(SIGNATURE_DISREGARD); + SIGNATURE_ERRORDESCRIBE(SIGNATURE_REVOKED); + default: + return "Invalid error code."; + } +} +#undef SIGNATURE_ERRORDESCRIBE + +const std::string TestData::widget_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed/"; +const std::string TestData::widget_negative_hash_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_negative_hash/"; +const std::string TestData::widget_negative_signature_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_negative_signature/"; +const std::string TestData::widget_negative_certificate_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_negative_certificate/"; +const std::string TestData::widget_partner_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_partner/"; +const std::string TestData::widget_partner_operator_path = std::string(TESTAPP_RES_DIR) + "vcore_widget_uncompressed_partner_operator/"; + +const std::string TestData::certEE = + "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n" + "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n" + "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n" + "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n" + "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n" + "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n" + "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n" + "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n" + "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n" + "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n" + "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n" + "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n" + "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n" + "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n" + "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n" + "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n" + "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" + "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n" + "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n" + "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n" + "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n" + "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n" + "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n" + "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n" + "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n" + "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n" + "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n" + "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n" + "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n" + "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n" + "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n" + "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n" + "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n" + "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk"; + +const std::string TestData::certIM = + "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n" + "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n" + "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n" + "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n" + "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n" + "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n" + "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n" + "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n" + "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n" + "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n" + "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n" + "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n" + "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n" + "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n" + "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n" + "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n" + "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n" + "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n" + "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n" + "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n" + "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n" + "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q=="; + +const std::string TestData::certRoot = + "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\n" + "biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\n" + "U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n" + "aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\n" + "nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\n" + "t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\n" + "SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\n" + "BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\n" + "rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\n" + "NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\n" + "BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\n" + "BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\n" + "aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\n" + "MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\n" + "p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\n" + "5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\n" + "WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\n" + "4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\n" + "hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq"; + +const std::string TestData::googleCA = + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + +const std::string TestData::google2nd = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + +const std::string TestData::google3rd = + "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM" + "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg" + "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x" + "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" + "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw" + "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" + "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe" + "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys" + "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw" + "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0" + "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF" + "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0" + "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3" + "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF" + "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ" + "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3" + "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A="; + +const std::string TestData::certVerisign = + "MIIG+DCCBeCgAwIBAgIQU9K++SSnJF6DygHkbKokdzANBgkqhkiG9w0BAQUFADCB" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew" + "HhcNMTAwNTI2MDAwMDAwWhcNMTIwNTI1MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3" + "PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxGzAZBgNVBA8TElYx" + "LjAsIENsYXVzZSA1LihiKTEQMA4GA1UEBRMHMjQ5Nzg4NjELMAkGA1UEBhMCVVMx" + "DjAMBgNVBBEUBTk0MDQzMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1N" + "b3VudGFpbiBWaWV3MSIwIAYDVQQJFBk0ODcgRWFzdCBNaWRkbGVmaWVsZCBSb2Fk" + "MRcwFQYDVQQKFA5WZXJpU2lnbiwgSW5jLjEmMCQGA1UECxQdIFByb2R1Y3Rpb24g" + "U2VjdXJpdHkgU2VydmljZXMxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEi" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+PvvK+fZOXwno0yT/OTy2Zm9" + "ehnZjTtO/X2IWBEa3jG30C52uHFQI4NmXiQVNvJHkBaAj0ilVjvGdxXmkyyFsugt" + "IWOTZ8pSKdX1tmGFIon6Ko9+lBFkVkudA1ogAUbtTB8IcdeOlpK78T4SjdVMhY18" + "150YzSw6hRKlw52wBaDxtGZElvOth41K7TUcaDnQVzz5SBPW5MUhi7AWrdoSk17O" + "BozOzmB/jkYDVDnwLcbR89SLHEOle/idSYSDQUmab3y0JS8RyQV1+DB70mnFALnD" + "fLiL47nMQQCGxXgp5voQ2YmSXhevKmEJ9vvtC6C7yv2W6yomfS/weUEce9pvAgMB" + "AAGjggKCMIICfjCBiwYDVR0RBIGDMIGAghB3d3cudmVyaXNpZ24uY29tggx2ZXJp" + "c2lnbi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZl" + "cmlzaWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVy" + "aXNpZ24uZXUwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8oBwK/WBXCZDWi0dbuDgPyTK" + "iJIwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwt" + "Y3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkGC2CG" + "SAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv" + "bS9ycGEwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEw" + "HwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8wdgYIKwYBBQUHAQEEajBo" + "MCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3AudmVyaXNpZ24uY29tMDkG" + "CCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJpc2lnbi5jb20vRVZJbnRs" + "MjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw" + "HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u" + "dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB9VZxB" + "wDMRGyhFWYkY5rwUVGuDJiGeas2xRJC0G4+riQ7IN7pz2a2BhktmZ5HbxXL4ZEY4" + "yMN68DEVErhtKiuL02ng27alhlngadKQzSL8pLdmQ+3jEwm9nva5C/7pbeqy+qGF" + "is4IWNYOc4HKNkABxXm5v0ouys8HPNkTLFLep0gLqRXW3gYN2XbKUWMs7z7hJpkY" + "GxP8YQSxi513O2dWVCXB8S6erIz9E/bcfdXoCPyQdn42y3IEoJvPvBS3S55fD4+Q" + "Q43GPhumSg9a6S3hnyw8DX5OiUGmqgQrtSeDRsNmWqtWizEQbe+fotZpEn/7zYTa" + "tk1ni/k5jDH/QeuG"; diff --git a/tests/vcore/test-common.h b/tests/vcore/test-common.h new file mode 100644 index 0000000..624eb57 --- /dev/null +++ b/tests/vcore/test-common.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + +#include + +#include + +const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error); + +namespace TestData { + +extern const std::string widget_path; +extern const std::string widget_negative_hash_path; +extern const std::string widget_negative_signature_path; +extern const std::string widget_negative_certificate_path; +extern const std::string widget_partner_path; +extern const std::string widget_partner_operator_path; + +extern const std::string certEE; /* MBANK, signed by SYMANTEC, expires 04 Feb 2016 */ +extern const std::string certIM; /* SYMANTEC, signed by VERISIGN, expires 30 Oct 2023 */ +extern const std::string certRoot; /* VERISIGN, signed by self, expires 30 Oct 2023 */ + +extern const std::string googleCA; +extern const std::string google2nd; +extern const std::string google3rd; + +extern const std::string certVerisign; +} diff --git a/tests/vcore/test-ocsp-check.cpp b/tests/vcore/test-ocsp-check.cpp new file mode 100644 index 0000000..be979b6 --- /dev/null +++ b/tests/vcore/test-ocsp-check.cpp @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This is internal test. ocsp.h isn't included in devel package + */ +#include + +#include + +#include + +#include "test-common.h" + +using namespace ValidationCore; + +RUNNER_TEST_GROUP_INIT(T0030_OCSP_CHECK) + +/* + * Precondition + * 1) cert chain should be constructed + * 2) cert chain should be sorted + * 3) cert chain length >= 3 + */ +RUNNER_TEST(T0031_check_positive) +{ + try { + SignatureData data; + CertificateList certList; + + certList.push_back(CertificatePtr(new Certificate(TestData::certEE, Certificate::FORM_BASE64))); + certList.push_back(CertificatePtr(new Certificate(TestData::certIM, Certificate::FORM_BASE64))); + certList.push_back(CertificatePtr(new Certificate(TestData::certRoot, Certificate::FORM_BASE64))); + + data.setSortedCertificateList(certList); + + Ocsp::Result result = Ocsp::check(data); + + RUNNER_ASSERT_MSG( + result == Ocsp::Result::GOOD, + "verisign cert shouldn't be revoked"); + + } catch (Ocsp::Exception::Base &e) { + RUNNER_ASSERT_MSG(0, "Exception occured in T0031 : " << e.DumpToString()); + } +} diff --git a/tests/vcore/TestCases.cpp b/tests/vcore/test-signature-validator.cpp similarity index 67% rename from tests/vcore/TestCases.cpp rename to tests/vcore/test-signature-validator.cpp index 1d920cd..ba6e85e 100644 --- a/tests/vcore/TestCases.cpp +++ b/tests/vcore/test-signature-validator.cpp @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,119 +19,13 @@ #include #include #include -#include "TestEnv.h" - -namespace { - -const std::string widget_path = - "/usr/apps/widget/tests/vcore_widget_uncompressed/"; -const std::string widget_negative_hash_path = - "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_hash/"; -const std::string widget_negative_signature_path = - "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_signature/"; -const std::string widget_negative_certificate_path = - "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_certificate/"; -const std::string widget_partner_path = - "/usr/apps/widget/tests/vcore_widget_uncompressed_partner/"; -const std::string widget_partner_operator_path = - "/usr/apps/widget/tests/vcore_widget_uncompressed_partner_operator/"; - -const std::string googleCA = -"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" -"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" -"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" -"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" -"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" -"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" -"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" -"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" -"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" -"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" -"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" -"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; - -const std::string google2nd = -"MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" -"UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" -"bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" -"MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" -"d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" -"QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" -"PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" -"5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" -"3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" -"A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" -"BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" -"L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" -"AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" -"BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" -"BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" -"q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" -"bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; - -const std::string google3rd = -"MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM" -"MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg" -"THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x" -"MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" -"MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw" -"FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" -"AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe" -"qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys" -"Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw" -"DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0" -"ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF" -"BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0" -"cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3" -"dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF" -"BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ" -"wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3" -"fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A="; - -const std::string certVerisign = -"MIIG+DCCBeCgAwIBAgIQU9K++SSnJF6DygHkbKokdzANBgkqhkiG9w0BAQUFADCB" -"vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL" -"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug" -"YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv" -"VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew" -"HhcNMTAwNTI2MDAwMDAwWhcNMTIwNTI1MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3" -"PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxGzAZBgNVBA8TElYx" -"LjAsIENsYXVzZSA1LihiKTEQMA4GA1UEBRMHMjQ5Nzg4NjELMAkGA1UEBhMCVVMx" -"DjAMBgNVBBEUBTk0MDQzMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1N" -"b3VudGFpbiBWaWV3MSIwIAYDVQQJFBk0ODcgRWFzdCBNaWRkbGVmaWVsZCBSb2Fk" -"MRcwFQYDVQQKFA5WZXJpU2lnbiwgSW5jLjEmMCQGA1UECxQdIFByb2R1Y3Rpb24g" -"U2VjdXJpdHkgU2VydmljZXMxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEi" -"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+PvvK+fZOXwno0yT/OTy2Zm9" -"ehnZjTtO/X2IWBEa3jG30C52uHFQI4NmXiQVNvJHkBaAj0ilVjvGdxXmkyyFsugt" -"IWOTZ8pSKdX1tmGFIon6Ko9+lBFkVkudA1ogAUbtTB8IcdeOlpK78T4SjdVMhY18" -"150YzSw6hRKlw52wBaDxtGZElvOth41K7TUcaDnQVzz5SBPW5MUhi7AWrdoSk17O" -"BozOzmB/jkYDVDnwLcbR89SLHEOle/idSYSDQUmab3y0JS8RyQV1+DB70mnFALnD" -"fLiL47nMQQCGxXgp5voQ2YmSXhevKmEJ9vvtC6C7yv2W6yomfS/weUEce9pvAgMB" -"AAGjggKCMIICfjCBiwYDVR0RBIGDMIGAghB3d3cudmVyaXNpZ24uY29tggx2ZXJp" -"c2lnbi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZl" -"cmlzaWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVy" -"aXNpZ24uZXUwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8oBwK/WBXCZDWi0dbuDgPyTK" -"iJIwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwt" -"Y3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkGC2CG" -"SAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv" -"bS9ycGEwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEw" -"HwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8wdgYIKwYBBQUHAQEEajBo" -"MCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3AudmVyaXNpZ24uY29tMDkG" -"CCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJpc2lnbi5jb20vRVZJbnRs" -"MjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw" -"HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u" -"dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB9VZxB" -"wDMRGyhFWYkY5rwUVGuDJiGeas2xRJC0G4+riQ7IN7pz2a2BhktmZ5HbxXL4ZEY4" -"yMN68DEVErhtKiuL02ng27alhlngadKQzSL8pLdmQ+3jEwm9nva5C/7pbeqy+qGF" -"is4IWNYOc4HKNkABxXm5v0ouys8HPNkTLFLep0gLqRXW3gYN2XbKUWMs7z7hJpkY" -"GxP8YQSxi513O2dWVCXB8S6erIz9E/bcfdXoCPyQdn42y3IEoJvPvBS3S55fD4+Q" -"Q43GPhumSg9a6S3hnyw8DX5OiUGmqgQrtSeDRsNmWqtWizEQbe+fotZpEn/7zYTa" -"tk1ni/k5jDH/QeuG"; - -} // namespace anonymous + +#include "test-common.h" using namespace ValidationCore; +RUNNER_TEST_GROUP_INIT(T0010_SIGNATURE_VALIDATOR) + /* * test: Class SignatureFinder * description: SignatureFinder should search directory passed as @@ -139,10 +33,10 @@ using namespace ValidationCore; * expected: Signature finder should put information about 3 * signture files in SinatureFileInfoSet. */ -RUNNER_TEST(test01_signature_finder) +RUNNER_TEST(T0011_signature_finder) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_path); + SignatureFinder signatureFinder(TestData::widget_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -189,10 +83,10 @@ RUNNER_TEST(test01_signature_finder) * expected: Verificator should DISREGARD author signature and VERIFY * distrubutor signature. */ -RUNNER_TEST(test03t01_signature_validator) +RUNNER_TEST(T0012_signature_validator) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_path); + SignatureFinder signatureFinder(TestData::widget_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -203,7 +97,7 @@ RUNNER_TEST(test03t01_signature_validator) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_path, + TestData::widget_path, false, true, data); @@ -221,10 +115,10 @@ RUNNER_TEST(test03t01_signature_validator) } } -RUNNER_TEST(test03t02_signature_validator_negative_hash_input) +RUNNER_TEST(T00121_signature_validator_negative_hash_input) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_negative_hash_path); + SignatureFinder signatureFinder(TestData::widget_negative_hash_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -235,7 +129,7 @@ RUNNER_TEST(test03t02_signature_validator_negative_hash_input) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_negative_hash_path, + TestData::widget_negative_hash_path, false, true, data); @@ -248,10 +142,10 @@ RUNNER_TEST(test03t02_signature_validator_negative_hash_input) } } -RUNNER_TEST(test03t03_signature_validator_negative_signature_input) +RUNNER_TEST(T00122_signature_validator_negative_signature_input) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_negative_signature_path); + SignatureFinder signatureFinder(TestData::widget_negative_signature_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -262,7 +156,7 @@ RUNNER_TEST(test03t03_signature_validator_negative_signature_input) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_negative_signature_path, + TestData::widget_negative_signature_path, false, true, data); @@ -276,10 +170,10 @@ RUNNER_TEST(test03t03_signature_validator_negative_signature_input) } } -RUNNER_TEST(test03t04_signature_validator_partner) +RUNNER_TEST(T00123_signature_validator_partner) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_partner_path); + SignatureFinder signatureFinder(TestData::widget_partner_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -290,7 +184,7 @@ RUNNER_TEST(test03t04_signature_validator_partner) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_partner_path, + TestData::widget_partner_path, false, true, data); @@ -312,10 +206,10 @@ RUNNER_TEST(test03t04_signature_validator_partner) * expected: Verificator should DISREGARD author signature and VERIFY * distrubutor signature. */ -RUNNER_TEST(test04t01_signature_validator) +RUNNER_TEST(T0013_signature_validator) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_path); + SignatureFinder signatureFinder(TestData::widget_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -326,7 +220,7 @@ RUNNER_TEST(test04t01_signature_validator) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_path, + TestData::widget_path, false, false, data); @@ -344,10 +238,10 @@ RUNNER_TEST(test04t01_signature_validator) } } -RUNNER_TEST(test04t02_signature_validator_negative_hash_input) +RUNNER_TEST(T00131_signature_validator_negative_hash_input) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_negative_hash_path); + SignatureFinder signatureFinder(TestData::widget_negative_hash_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -358,7 +252,7 @@ RUNNER_TEST(test04t02_signature_validator_negative_hash_input) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_negative_hash_path, + TestData::widget_negative_hash_path, false, false, data); @@ -372,10 +266,10 @@ RUNNER_TEST(test04t02_signature_validator_negative_hash_input) } } -RUNNER_TEST(test04t03_signature_validator_negative_signature_input) +RUNNER_TEST(T00132_signature_validator_negative_signature_input) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_negative_signature_path); + SignatureFinder signatureFinder(TestData::widget_negative_signature_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -386,7 +280,7 @@ RUNNER_TEST(test04t03_signature_validator_negative_signature_input) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_negative_signature_path, + TestData::widget_negative_signature_path, false, false, data); @@ -400,10 +294,10 @@ RUNNER_TEST(test04t03_signature_validator_negative_signature_input) } } -RUNNER_TEST(test04t04_signature_validator_partner) +RUNNER_TEST(T00133_signature_validator_partner) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_partner_path); + SignatureFinder signatureFinder(TestData::widget_partner_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -414,7 +308,7 @@ RUNNER_TEST(test04t04_signature_validator_partner) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_partner_path, + TestData::widget_partner_path, false, false, data); @@ -434,10 +328,10 @@ RUNNER_TEST(test04t04_signature_validator_partner) * description: As above but this test also checks reference from signatures. * expected: All reference checks should return NO_ERROR. */ -RUNNER_TEST(test05t01_signature_reference) +RUNNER_TEST(T0014_signature_reference) { SignatureFileInfoSet signatureSet; - SignatureFinder signatureFinder(widget_path); + SignatureFinder signatureFinder(TestData::widget_path); RUNNER_ASSERT_MSG( SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), "SignatureFinder failed"); @@ -448,7 +342,7 @@ RUNNER_TEST(test05t01_signature_reference) SignatureData data; SignatureValidator::Result valResult = SignatureValidator::check( *iter, - widget_path, + TestData::widget_path, false, false, data); @@ -465,7 +359,7 @@ RUNNER_TEST(test05t01_signature_reference) "Validation failed"); /* - ReferenceValidator val(widget_path); + ReferenceValidator val(TestData::widget_path); int temp = val.checkReferences(data); RUNNER_ASSERT_MSG(ReferenceValidator::NO_ERROR == temp, "File[" << iter->getFileName() @@ -481,7 +375,7 @@ RUNNER_TEST(test05t01_signature_reference) * expected: checkReference should return NO_ERROR. */ /* -RUNNER_TEST(test05t02_signature_reference_encoding_dummy) +RUNNER_TEST(T00141_signature_reference_encoding_dummy) { ReferenceSet referenceSet; SignatureData data; @@ -501,7 +395,7 @@ RUNNER_TEST(test05t02_signature_reference_encoding_dummy) * expected: checkReference should return ERROR_REFERENCE_NOT_FOUND */ /* -RUNNER_TEST(test05t03_signature_reference_encoding_negative) +RUNNER_TEST(T00142_signature_reference_encoding_negative) { ReferenceSet referenceSet; SignatureData data; @@ -522,7 +416,7 @@ RUNNER_TEST(test05t03_signature_reference_encoding_negative) * expected: checkReference should return NO_ERROR */ /* -RUNNER_TEST(test05t04_signature_reference_encoding_space) +RUNNER_TEST(T00143_signature_reference_encoding_space) { ReferenceSet referenceSet; SignatureData data; @@ -543,7 +437,7 @@ RUNNER_TEST(test05t04_signature_reference_encoding_space) * expected: checkReference should return ERROR_REFERENCE_NOT_FOUND */ /* -RUNNER_TEST(test05t05_signature_reference_encoding_space_negative) +RUNNER_TEST(T00144_signature_reference_encoding_space_negative) { ReferenceSet referenceSet; SignatureData data; @@ -564,7 +458,7 @@ RUNNER_TEST(test05t05_signature_reference_encoding_space_negative) * expected: checkReference should return NO_ERROR */ /* -RUNNER_TEST(test05t06_signature_reference_encoding) +RUNNER_TEST(T00145_signature_reference_encoding) { ReferenceSet referenceSet; SignatureData data; @@ -585,7 +479,7 @@ RUNNER_TEST(test05t06_signature_reference_encoding) * expected: checkReference should return ERROR_DECODING_URL */ /* -RUNNER_TEST(test05t07_signature_reference_encoding_negative) +RUNNER_TEST(T00146_signature_reference_encoding_negative) { ReferenceSet referenceSet; SignatureData data; @@ -599,14 +493,17 @@ RUNNER_TEST(test05t07_signature_reference_encoding_negative) } */ + +RUNNER_TEST_GROUP_INIT(T0020_Certificate) + /* * test: class Certificate * description: Certificate should parse data passed to object constructor. * expected: Getters should be able to return certificate information. */ -RUNNER_TEST(test08t01_Certificate) +RUNNER_TEST(T0021_Certificate) { - Certificate cert(certVerisign, Certificate::FORM_BASE64); + Certificate cert(TestData::certVerisign, Certificate::FORM_BASE64); std::string result; result = cert.getCommonName(Certificate::FIELD_SUBJECT); @@ -628,9 +525,9 @@ RUNNER_TEST(test08t01_Certificate) * description: Certificate should parse data passed to object constructor. * expected: Function fingerprint should return valid fingerprint. */ -RUNNER_TEST(test08t02_Certificate) +RUNNER_TEST(T0022_Certificate) { - Certificate cert(certVerisign, Certificate::FORM_BASE64); + Certificate cert(TestData::certVerisign, Certificate::FORM_BASE64); Certificate::Fingerprint fin = cert.getFingerprint(Certificate::FINGERPRINT_SHA1); @@ -653,9 +550,9 @@ RUNNER_TEST(test08t02_Certificate) * expected: Function getAlternativeNameDNS should return list of * alternativeNames hardcoded in certificate. */ -RUNNER_TEST(test08t03_Certificate) +RUNNER_TEST(T0023_Certificate) { - Certificate cert(certVerisign, Certificate::FORM_BASE64); + Certificate cert(TestData::certVerisign, Certificate::FORM_BASE64); Certificate::AltNameSet nameSet = cert.getAlternativeNameDNS(); @@ -674,14 +571,14 @@ RUNNER_TEST(test08t03_Certificate) * description: Certificate should parse data passed to object constructor. * expected: 1st and 2nd certificate should be identified as CA. */ -RUNNER_TEST(test08t04_Certificate_isCA) +RUNNER_TEST(T0024_Certificate_isCA) { - Certificate cert1(googleCA, Certificate::FORM_BASE64); + Certificate cert1(TestData::googleCA, Certificate::FORM_BASE64); RUNNER_ASSERT(cert1.isCA() > 0); - Certificate cert2(google2nd, Certificate::FORM_BASE64); + Certificate cert2(TestData::google2nd, Certificate::FORM_BASE64); RUNNER_ASSERT(cert2.isCA() > 0); - Certificate cert3(google3rd, Certificate::FORM_BASE64); + Certificate cert3(TestData::google3rd, Certificate::FORM_BASE64); RUNNER_ASSERT(cert3.isCA() == 0); } diff --git a/vcore/CMakeLists.txt b/vcore/CMakeLists.txt index b2afd8d..e2bf091 100644 --- a/vcore/CMakeLists.txt +++ b/vcore/CMakeLists.txt @@ -51,6 +51,8 @@ SET(VCORE_SOURCES ${VCORE_DIR}/vcore/exception.cpp ${VCORE_DIR}/vcore/utils.c ${VCORE_DIR}/vcore/cert-svc-client.c + ${VCORE_DIR}/vcore/Ocsp.cpp + ${VCORE_DIR}/vcore/CryptoInit.cpp ) SET(VCORE_INCLUDES diff --git a/vcore/vcore/CryptoInit.cpp b/vcore/vcore/CryptoInit.cpp new file mode 100644 index 0000000..b1ad4cf --- /dev/null +++ b/vcore/vcore/CryptoInit.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file CryptoInit.cpp + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief Initialize openssl functions by singleton + */ + +#include + +#include + +#include + +IMPLEMENT_SINGLETON(ValidationCore::CryptoInit) + +namespace ValidationCore { + +CryptoInit::CryptoInit() +{ + SSL_load_error_strings(); + SSL_library_init(); +} + +CryptoInit::~CryptoInit() +{ +} + +} // namespace ValidationCore diff --git a/tests/vcore/TestEnv.h b/vcore/vcore/CryptoInit.h similarity index 53% rename from tests/vcore/TestEnv.h rename to vcore/vcore/CryptoInit.h index 60757f8..85ded0e 100644 --- a/tests/vcore/TestEnv.h +++ b/vcore/vcore/CryptoInit.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,11 +13,26 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef _TESTENV_H_ -#define _TESTENV_H_ +/* + * @file CryptoInit.h + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief Initialize openssl functions by singleton + */ +#pragma once + +#include +#include + +namespace ValidationCore { -#include +class CryptoInit : public VcoreDPL::Noncopyable +{ +public: + CryptoInit(); + virtual ~CryptoInit(); +}; -const char *validatorErrorToString(ValidationCore::SignatureValidator::Result error); +typedef VcoreDPL::Singleton CryptoInitSingleton; -#endif +} // namespace ValidationCore diff --git a/vcore/vcore/Ocsp.cpp b/vcore/vcore/Ocsp.cpp new file mode 100644 index 0000000..82b947e --- /dev/null +++ b/vcore/vcore/Ocsp.cpp @@ -0,0 +1,327 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file Ocsp.cpp + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief OCSP check for signature validator. It should be used only internally. + */ + +#include +#include + +#include +#include +#include + +#include +#include + +#include + +/* Maximum leeway in validity period : 5 minitues as a default */ +#define MAX_VALIDITY_PERIOD (5 * 60) + +namespace { + +typedef std::unique_ptr> X509_STORE_CTX_PTR; +typedef std::unique_ptr> X509_STACK_PTR; +typedef std::unique_ptr> X509_STORE_PTR; +typedef std::unique_ptr> SSL_CTX_PTR; +typedef std::unique_ptr> BIO_PTR; +typedef std::unique_ptr> RAIIstr; +typedef std::unique_ptr> OCSP_REQUEST_PTR; +typedef std::unique_ptr> OCSP_RESPONSE_PTR; +typedef std::unique_ptr> OCSP_BASICRESP_PTR; + +inline X509_STACK_PTR create_x509_stack() +{ + return X509_STACK_PTR(sk_X509_new_null(), [](STACK_OF(X509) *stack) { sk_X509_free(stack); }); +} + +inline X509_STORE_CTX_PTR create_x509_store_ctx() +{ + return X509_STORE_CTX_PTR(X509_STORE_CTX_new(), X509_STORE_CTX_free); +} + +inline X509_STORE_PTR create_x509_store() +{ + return X509_STORE_PTR(X509_STORE_new(), X509_STORE_free); +} + +inline SSL_CTX_PTR create_SSL_CTX() +{ + return SSL_CTX_PTR(SSL_CTX_new(SSLv23_client_method()), SSL_CTX_free); +} + +inline RAIIstr create_RAIIstr(char *str) +{ + return RAIIstr(str, [](void *ptr) { OPENSSL_free(ptr); }); +} + +inline BIO_PTR create_BIO(BIO *bio) +{ + return BIO_PTR(bio, BIO_free_all); +} + +inline OCSP_REQUEST_PTR create_OCSP_REQUEST() +{ + return OCSP_REQUEST_PTR(OCSP_REQUEST_new(), OCSP_REQUEST_free); +} + +inline OCSP_RESPONSE_PTR create_OCSP_RESPONSE(OCSP_RESPONSE *resp) +{ + return OCSP_RESPONSE_PTR(resp, OCSP_RESPONSE_free); +} + +inline OCSP_BASICRESP_PTR create_OCSP_BASICRESP(OCSP_BASICRESP *basicResp) +{ + return OCSP_BASICRESP_PTR(basicResp, OCSP_BASICRESP_free); +} + +void BIO_write_and_free(BIO *bio) +{ + if (!bio) + return; + + std::vector message(1024); + int size = BIO_read(bio, message.data(), message.size()); + if (size > 0) { + message.resize(size); + LogError("OCSP error description [" + << std::string(message.begin(), message.end()) << "]"); + } + + BIO_free_all(bio); +} + +} // namespace anonymous + +namespace ValidationCore { + +Ocsp::Ocsp() +{ +} + +Ocsp::~Ocsp() +{ +} + +Ocsp::Result checkInternal( + const CertificatePtr &_cert, + const CertificatePtr &_issuer, + X509_STACK_PTR &trustedCerts) +{ + /* initialize openssl library */ + CryptoInitSingleton::Instance(); + + BIO_PTR bioLogger(BIO_new(BIO_s_mem()), BIO_write_and_free); + + X509 *cert = _cert->getX509(); + X509 *issuer = _issuer->getX509(); + std::string ocspUrl = _cert->getOCSPURL(); + + if (ocspUrl.empty()) + VcoreThrowMsg(Ocsp::Exception::OcspUnsupported, + "Certificate[" << _cert->getOneLine() << "] doesn't provide OCSP extension"); + + char *_ocspUrl = new char[ocspUrl.length() + 1]; + if (_ocspUrl == NULL) + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to alloc memory"); + strncpy(_ocspUrl, ocspUrl.c_str(), ocspUrl.length() + 1); + + char *_host = NULL; + char *_port = NULL; + char *_path = NULL; + int use_ssl = 0; + + int temp = OCSP_parse_url(_ocspUrl, &_host, &_port, &_path, &use_ssl); + + LogDebug("ocspUrl[" << _ocspUrl + << "] host[" << _host + << "] port[" << _port + << "] path[" << _path + << "] use_ssl[" << use_ssl << "]"); + + delete []_ocspUrl; + + if (temp == 0) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::InvalidUrl, "ocsp url parsing failed. url : " << ocspUrl); + } + + RAIIstr host = create_RAIIstr(_host); + RAIIstr port = create_RAIIstr(_port); + RAIIstr path = create_RAIIstr(_path); + + BIO_PTR cbio = create_BIO(BIO_new_connect(host.get())); + if (cbio.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to create bio connect"); + } + + if (port) + BIO_set_conn_port(cbio.get(), port.get()); + + if (use_ssl == 1) { + SSL_CTX_PTR ssl_ctx = create_SSL_CTX(); + if (ssl_ctx.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to SSL_CTX_new"); + } + + SSL_CTX_set_mode(ssl_ctx.get(), SSL_MODE_AUTO_RETRY); + + BIO_PTR sbio = create_BIO(BIO_new_ssl(ssl_ctx.get(), 1)); + if (sbio.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to BIO_new_ssl"); + } + + cbio.reset(BIO_push(sbio.get(), cbio.get())); + if (cbio.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to BIO_push"); + } + } + + if (BIO_do_connect(cbio.get()) <= 0) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::NetworkError, "Failed to BIO_do_connect"); + } + + OCSP_REQUEST_PTR req = create_OCSP_REQUEST(); + if (req.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to OCSP_REQUEST_new"); + } + + OCSP_CERTID *certid = OCSP_cert_to_id(NULL, cert, issuer); + if (certid == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to OCSP_cert_to_id"); + } + + if (OCSP_request_add0_id(req.get(), certid) == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::UnknownError, "Failed to OCSP_request_add0_id"); + } + + OCSP_RESPONSE_PTR resp = + create_OCSP_RESPONSE(OCSP_sendreq_bio(cbio.get(), path.get(), req.get())); + + if (resp.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::NetworkError, "Failed to OCSP_sendreq_bio"); + } + + if (OCSP_response_status(resp.get()) != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::ServerError, "Failed to OCSP_response_status"); + } + + OCSP_BASICRESP_PTR basicResp = + create_OCSP_BASICRESP(OCSP_response_get1_basic(resp.get())); + if (basicResp.get() == NULL) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_response_get1_basic"); + } + + X509_STORE_PTR trustedStore = create_x509_store(); + if (trustedCerts.get()) { + for (int idx = 0; idx < sk_X509_num(trustedCerts.get()); idx++) + X509_STORE_add_cert(trustedStore.get(), sk_X509_value(trustedCerts.get(), idx)); + X509_STORE_add_cert(trustedStore.get(), issuer); + } + + if (OCSP_basic_verify(basicResp.get(), NULL, trustedStore.get(), 0) <= 0) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_basic_verify"); + } + + if (OCSP_check_nonce(req.get(), basicResp.get()) == 0) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "nonce exists but not equal"); + } + + int ocspStatus = -1; + int reason = 0; + ASN1_GENERALIZEDTIME *rev = NULL; + ASN1_GENERALIZEDTIME *thisupd = NULL; + ASN1_GENERALIZEDTIME *nextupd = NULL; + if (OCSP_resp_find_status( + basicResp.get(), + certid, + &ocspStatus, + &reason, + &rev, + &thisupd, + &nextupd) == 0) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_resp_find_status"); + } + + if (OCSP_check_validity(thisupd, nextupd, MAX_VALIDITY_PERIOD, -1) == 0) { + ERR_print_errors(bioLogger.get()); + VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Failed to OCSP_check_validity"); + } + + if (ocspStatus != V_OCSP_CERTSTATUS_GOOD && ocspStatus != V_OCSP_CERTSTATUS_REVOKED) + VcoreThrowMsg(Ocsp::Exception::InvalidResponse, "Unknown ocsp status."); + + return ocspStatus == V_OCSP_CERTSTATUS_GOOD ? + Ocsp::Result::GOOD : Ocsp::Result::REVOKED; +} + +Ocsp::Result Ocsp::check(const SignatureData &data) +{ + if (!data.isCertListSorted()) + VcoreThrowMsg(Exception::InvalidParam, "cert list should be sorted"); + + const CertificateList &certChain = data.getCertList(); + if (certChain.size() < 3) + VcoreThrowMsg(Exception::InvalidParam, "cert chain is too short"); + + X509_STACK_PTR trustedCerts = create_x509_stack(); + + auto it = certChain.cbegin(); + it++; + it++; + /* don't trust the user cert and the first intermediate CA cert */ + for (; it != certChain.cend(); it++) { + const auto &cert = it->get(); + + if (cert->getDER().empty()) + VcoreThrowMsg(Exception::InvalidParam, "Broken certificate chain."); + + sk_X509_push(trustedCerts.get(), cert->getX509()); + } + + auto itCert = certChain.cbegin(); + auto itIssuer = certChain.cbegin(); + itIssuer++; + /* check ocsp except except self-signed root CA cert */ + for (; itIssuer != certChain.end(); itCert++, itIssuer++) { + if (checkInternal(*itCert, *itIssuer, trustedCerts) == Result::REVOKED) + return Result::REVOKED; + + LogDebug("ocsp status good for cert : " << (*itCert)->getOneLine()); + } + + return Result::GOOD; +} + +} diff --git a/vcore/vcore/Ocsp.h b/vcore/vcore/Ocsp.h new file mode 100644 index 0000000..d335e67 --- /dev/null +++ b/vcore/vcore/Ocsp.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file Ocsp.h + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief OCSP check for signature validator. It should be used only internally. + */ +#pragma once + +#include +#include + +namespace ValidationCore { + +class Ocsp { +public: + virtual ~Ocsp(); + + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidParam); + VCORE_DECLARE_EXCEPTION_TYPE(Base, OcspUnsupported); + VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidUrl); + VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidResponse); + VCORE_DECLARE_EXCEPTION_TYPE(Base, ServerError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, NetworkError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, UnknownError); + }; + + enum Result { + GOOD, + REVOKED + }; + + /* + * Remarks: input cert chain should be sorted state. + */ + static Result check(const SignatureData &data); + +private: + explicit Ocsp(); +}; + +} diff --git a/vcore/vcore/SignatureData.cpp b/vcore/vcore/SignatureData.cpp index d90ff43..d8accdf 100644 --- a/vcore/vcore/SignatureData.cpp +++ b/vcore/vcore/SignatureData.cpp @@ -102,6 +102,11 @@ void SignatureData::setStorageType(const CertStoreId::Set &storeIdSet) m_storeIdSet = storeIdSet; } +bool SignatureData::isCertListSorted() const +{ + return m_certificateSorted; +} + const CertStoreId::Set& SignatureData::getStorageType() const { return m_storeIdSet; diff --git a/vcore/vcore/SignatureData.h b/vcore/vcore/SignatureData.h index 64310e3..b49d592 100644 --- a/vcore/vcore/SignatureData.h +++ b/vcore/vcore/SignatureData.h @@ -47,6 +47,7 @@ public: void setReference(const ReferenceSet &referenceSet); void setSortedCertificateList(const CertificateList &list); void setStorageType(const CertStoreId::Set &storeIdSet); + bool isCertListSorted() const; const ReferenceSet& getReferenceSet() const; CertificateList getCertList() const; diff --git a/vcore/vcore/SignatureValidator.cpp b/vcore/vcore/SignatureValidator.cpp index c366fd8..efdc1b5 100644 --- a/vcore/vcore/SignatureValidator.cpp +++ b/vcore/vcore/SignatureValidator.cpp @@ -20,7 +20,8 @@ * @brief Implementatin of tizen signature validation protocol. */ -#include +#include + #include #include #include @@ -28,8 +29,9 @@ #include #include #include +#include -#include +#include namespace { @@ -248,21 +250,16 @@ static int makeDataBySignature( * Same logic (check, checkList) is functionalized here. * * [in] fileInfo : file info of signature to check - * [in] checkOcsp : If on, check ocsp. * [out] disregard : distributor signature disregard flag. * [out] context : xml sec for validating. * [out] data : signature data for validationg and will be finally returned to client. */ static SignatureValidator::Result checkInternal( const SignatureFileInfo &fileInfo, - bool checkOcsp, bool &disregard, XmlSec::XmlSecContext &context, SignatureData &data) { - // TODO: impl ocsp check - (void) checkOcsp; - if (makeDataBySignature(fileInfo, true, data)) return SignatureValidator::SIGNATURE_INVALID; @@ -330,7 +327,7 @@ SignatureValidator::Result SignatureValidator::check( try { XmlSec::XmlSecContext context; - Result result = checkInternal(fileInfo, checkOcsp, disregard, context, outData); + Result result = checkInternal(fileInfo, disregard, context, outData); if (result != SIGNATURE_VERIFIED) return result; @@ -354,12 +351,23 @@ SignatureValidator::Result SignatureValidator::check( } } } + + if (checkOcsp && Ocsp::check(outData) == Ocsp::Result::REVOKED) + return SIGNATURE_REVOKED; + } catch (const CertificateCollection::Exception::Base &e) { LogError("CertificateCollection exception : " << e.DumpToString()); return SIGNATURE_INVALID; } catch (const XmlSec::Exception::Base &e) { LogError("XmlSec exception : " << e.DumpToString()); return SIGNATURE_INVALID; + } catch (const Ocsp::Exception::Base &e) { + LogError("Ocsp exception : " << e.DumpToString()); + /* + * Don't care ocsp exception here. + * just return signature disregard or verified + * because exception case will be handled by cert-checker after app installed + */ } catch (...) { LogError("Unknown exception in SignatureValidator::check"); return SIGNATURE_INVALID; @@ -380,7 +388,7 @@ SignatureValidator::Result SignatureValidator::checkList( try { XmlSec::XmlSecContext context; - Result result = checkInternal(fileInfo, checkOcsp, disregard, context, outData); + Result result = checkInternal(fileInfo, disregard, context, outData); if (result != SIGNATURE_VERIFIED) return result; @@ -412,12 +420,23 @@ SignatureValidator::Result SignatureValidator::checkList( return SIGNATURE_INVALID; } } + + if (checkOcsp && Ocsp::check(outData) == Ocsp::Result::REVOKED) + return SIGNATURE_REVOKED; + } catch (const CertificateCollection::Exception::Base &e) { LogError("CertificateCollection exception : " << e.DumpToString()); return SIGNATURE_INVALID; } catch (const XmlSec::Exception::Base &e) { LogError("XmlSec exception : " << e.DumpToString()); return SIGNATURE_INVALID; + } catch (const Ocsp::Exception::Base &e) { + LogError("Ocsp exception : " << e.DumpToString()); + /* + * Don't care ocsp exception here. + * just return signature disregard or verified + * because exception case will be handled by cert-checker after app installed + */ } catch (...) { LogError("Unknown exception in SignatureValidator::checkList"); return SIGNATURE_INVALID;