From: sangwan.kwon Date: Mon, 6 Mar 2017 03:46:20 +0000 (+0900) Subject: Implement CAPI and add testcase about ACTA X-Git-Tag: submit/tizen/20170412.224043~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=83a0814c8b7dea74e46cd07f0092f784d124843c;p=platform%2Fcore%2Fsecurity%2Fcert-svc.git Implement CAPI and add testcase about ACTA Change-Id: I8260e43c68d24e01e80f506ef71a91101c8aee9a Signed-off-by: sangwan.kwon --- diff --git a/src/transec/Api.cpp b/src/transec/Api.cpp new file mode 100644 index 0000000..69578ab --- /dev/null +++ b/src/transec/Api.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file Api.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief Implementation of App custom trust anchor CAPI. + */ +#include "acta/app-custom-trust-anchor.h" + +#include "AppCustomTrustAnchor.h" + +using namespace transec; + +int acta_global_install(const char *package_id, + const char *app_certificates_path, + bool with_system_certificates) +{ + AppCustomTrustAnchor acta(package_id, app_certificates_path); + return acta.install(with_system_certificates); +} + +int acta_usr_install(const char *package_id, + const char *app_certificates_path, + uid_t uid, + bool with_system_certificates) +{ + AppCustomTrustAnchor acta(package_id, app_certificates_path, uid); + return acta.install(with_system_certificates); +} + +int acta_global_launch(const char *package_id, + const char *app_certificates_path, + bool with_system_certificates) +{ + AppCustomTrustAnchor acta(package_id, app_certificates_path); + return acta.launch(with_system_certificates); +} + +int acta_usr_launch(const char *package_id, + const char *app_certificates_path, + uid_t uid, + bool with_system_certificates) +{ + AppCustomTrustAnchor acta(package_id, app_certificates_path, uid); + return acta.launch(with_system_certificates); +} + +int acta_global_uninstall(const char *package_id, + const char *app_certificates_path) +{ + AppCustomTrustAnchor acta(package_id, app_certificates_path); + return acta.uninstall(); +} + +int acta_usr_uninstall(const char *package_id, + const char *app_certificates_path, + uid_t uid) +{ + AppCustomTrustAnchor acta(package_id, app_certificates_path, uid); + return acta.uninstall(); +} diff --git a/src/transec/CMakeLists.txt b/src/transec/CMakeLists.txt index 7446fe3..196d5e1 100644 --- a/src/transec/CMakeLists.txt +++ b/src/transec/CMakeLists.txt @@ -25,6 +25,7 @@ PKG_CHECK_MODULES(${TARGET_TRANSEC_LIB}_DEP SET(${TARGET_TRANSEC_LIB}_SRCS InitLib.cpp Exception.cpp + Api.cpp Certificate.cpp AppCustomTrustAnchor.cpp ) @@ -48,9 +49,16 @@ SET_TARGET_PROPERTIES(${TARGET_TRANSEC_LIB} TARGET_LINK_LIBRARIES(${TARGET_TRANSEC_LIB} ${${TARGET_TRANSEC_LIB}_DEP_LIBRARIES} ) + INSTALL(TARGETS ${TARGET_TRANSEC_LIB} DESTINATION ${LIB_INSTALL_DIR}) + INSTALL(FILES AppCustomTrustAnchor.h DESTINATION ${INCLUDEDIR}/cert-svc/transec ) + +INSTALL(DIRECTORY + acta + DESTINATION + ${INCLUDEDIR}) diff --git a/tests/transec/CMakeLists.txt b/tests/transec/CMakeLists.txt index 64294de..90101d8 100644 --- a/tests/transec/CMakeLists.txt +++ b/tests/transec/CMakeLists.txt @@ -18,6 +18,9 @@ # SET(TEST_SRCS main.cpp + test-util.cpp + test-capi-installer.cpp + test-capi-launcher.cpp test-acta-installer.cpp test-acta-launcher.cpp test-certificate.cpp diff --git a/tests/transec/test-acta-launcher.cpp b/tests/transec/test-acta-launcher.cpp index d66bcf4..ec00fae 100644 --- a/tests/transec/test-acta-launcher.cpp +++ b/tests/transec/test-acta-launcher.cpp @@ -24,65 +24,20 @@ #include -#include -#include #include -#include -#include -#include - +#include "test-util.h" #include "test-resource.h" RUNNER_TEST_GROUP_INIT(T0600_API_ACTA_LAUNCER) using namespace transec; -namespace { - -std::string ls(const char *path) -{ - using FilePtr = std::unique_ptr; - std::string cmd("/bin/ls "); - cmd.append(path); - - FilePtr ls(::popen(cmd.c_str(), "r"), ::pclose); - if (ls == nullptr) - return std::string(); - - std::vector buf(1024); - std::string ret; - while (::fgets(buf.data(), buf.size(), ls.get())) - ret.append(buf.data()); - - return ret; -} - -std::string cat(const char *path) -{ - using FilePtr = std::unique_ptr; - std::string cmd("/bin/cat "); - cmd.append(path); - - FilePtr ls(::popen(cmd.c_str(), "r"), ::pclose); - if (ls == nullptr) - return std::string(); - - std::vector buf(1024); - std::string ret; - while (::fgets(buf.data(), buf.size(), ls.get())) - ret.append(buf.data()); - - return ret; -} - -} // namesapce anonymous - // Launch needs CAP_SYS_ADMIN RUNNER_TEST(T0601_ACTA_LAUNCH) { - auto beforeLs = ::ls(TZ_SYS_RO_CA_CERTS); - auto beforeCat = ::cat(TZ_SYS_RO_CA_BUNDLE); + auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS); + auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE); AppCustomTrustAnchor acta(DUMMY_PKG_ID, APP_CERTS_DIR); int ret = acta.install(true); @@ -94,17 +49,17 @@ RUNNER_TEST(T0601_ACTA_LAUNCH) ret = acta.launch(true); RUNNER_ASSERT_MSG(ret == 0, "ACTA launch should be success."); - auto afterLsChild = ::ls(TZ_SYS_RO_CA_CERTS); + auto afterLsChild = test::util::ls(TZ_SYS_RO_CA_CERTS); RUNNER_ASSERT_MSG(beforeLs != afterLsChild, "Failed to launch."); - auto afterCatChild = ::cat(TZ_SYS_RO_CA_BUNDLE); + auto afterCatChild = test::util::cat(TZ_SYS_RO_CA_BUNDLE); RUNNER_ASSERT_MSG(beforeCat != afterCatChild, "Failed to launch."); } else { - auto afterLsParent = ::ls(TZ_SYS_RO_CA_CERTS); + auto afterLsParent = test::util::ls(TZ_SYS_RO_CA_CERTS); RUNNER_ASSERT_MSG(beforeLs == afterLsParent, "Failed to launch."); - auto afterCatParent = ::cat(TZ_SYS_RO_CA_BUNDLE); + auto afterCatParent = test::util::cat(TZ_SYS_RO_CA_BUNDLE); RUNNER_ASSERT_MSG(beforeCat == afterCatParent, "Failed to launch."); } } diff --git a/tests/transec/test-capi-installer.cpp b/tests/transec/test-capi-installer.cpp new file mode 100644 index 0000000..775c29c --- /dev/null +++ b/tests/transec/test-capi-installer.cpp @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test-capi-installer.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief Unit test program of ACTA CAPI for installer + */ + +#include + +#include "acta/app-custom-trust-anchor.h" + +#include "test-resource.h" + +RUNNER_TEST_GROUP_INIT(T0800_CAPI_ACTA_INSTALLER) + +RUNNER_TEST(T0801_CAPI_ACTA_INSTALL_GLOBAL_APP_POSITIVE) +{ + int ret = acta_global_install(DUMMY_PKG_ID, APP_CERTS_DIR, false); + RUNNER_ASSERT_MSG(ret == 0, "ACTA install should be success."); +} + +RUNNER_TEST(T0802_CAPI_ACTA_INSTALL_GLOBAL_APP_WITH_SYS_POSITIVE) +{ + int ret = acta_global_install(DUMMY_PKG_ID, APP_CERTS_DIR, true); + RUNNER_ASSERT_MSG(ret == 0, "ACTA install should be success."); +} + +RUNNER_TEST(T0803_CAPI_ACTA_INSTALL_USER_APP_POSITIVE) +{ + int ret = acta_usr_install(DUMMY_PKG_ID, APP_CERTS_DIR, DUMMY_UID, false); + RUNNER_ASSERT_MSG(ret == 0, "ACTA install should be success."); +} + +RUNNER_TEST(T0804_CAPI_ACTA_INSTALL_USER_APP_WITH_SYS_POSITIVE) +{ + int ret = acta_usr_install(DUMMY_PKG_ID, APP_CERTS_DIR, DUMMY_UID, true); + RUNNER_ASSERT_MSG(ret == 0, "ACTA install should be success."); +} + +RUNNER_TEST(T0805_CAPI_ACTA_INSTALL_GLOBAL_APP_NEGATIVE) +{ + int ret = acta_global_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, false); + RUNNER_ASSERT_MSG(ret != 0, "ACTA install should be fail."); +} + +RUNNER_TEST(T0806_CAPI_ACTA_INSTALL_GLOBAL_APP_WITH_SYS_NEGATIVE) +{ + int ret = acta_global_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, true); + RUNNER_ASSERT_MSG(ret != 0, "ACTA install should be fail."); +} + +RUNNER_TEST(T0807_CAPI_ACTA_INSTALL_USER_APP_NEGATIVE) +{ + int ret = acta_usr_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID, false); + RUNNER_ASSERT_MSG(ret != 0, "ACTA install should be fail."); +} + +RUNNER_TEST(T0808_CAPI_ACTA_INSTALL_USER_APP_WITH_SYS_NEGATIVE) +{ + int ret = acta_usr_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID, true); + RUNNER_ASSERT_MSG(ret != 0, "ACTA install should be fail."); +} + +RUNNER_TEST(T0821_CAPI_ACTA_UNINSTALL_GLOBAL_APP_POSITIVE) +{ + int ret = acta_global_install(DUMMY_PKG_ID, APP_CERTS_DIR, false); + RUNNER_ASSERT_MSG(ret == 0, "ACTA install should be success."); + + ret = acta_global_uninstall(DUMMY_PKG_ID, APP_CERTS_DIR); + RUNNER_ASSERT_MSG(ret == 0, "ACTA uninstall should be success."); +} + +RUNNER_TEST(T0822_CAPI_ACTA_UNINSTALL_USER_APP_POSITIVE) +{ + int ret = acta_usr_install(DUMMY_PKG_ID, APP_CERTS_DIR, DUMMY_UID, false); + RUNNER_ASSERT_MSG(ret == 0, "ACTA install should be success."); + + ret = acta_usr_uninstall(DUMMY_PKG_ID, APP_CERTS_DIR, DUMMY_UID); + RUNNER_ASSERT_MSG(ret == 0, "ACTA uninstall should be success."); +} + +RUNNER_TEST(T0823_CAPI_ACTA_UNINSTALL_GLOBAL_APP_NEGATIVE) +{ + int ret = acta_global_uninstall(DUMMY_PKG_ID, DUMMY_CERTS_DIR); + RUNNER_ASSERT_MSG(ret != 0, "ACTA uninstall should be fail."); +} + +RUNNER_TEST(T0824_CAPI_ACTA_UNINSTALL_USER_APP_NEGATIVE) +{ + int ret = acta_usr_uninstall(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID); + RUNNER_ASSERT_MSG(ret != 0, "ACTA uninstall should be fail."); +} diff --git a/tests/transec/test-capi-launcher.cpp b/tests/transec/test-capi-launcher.cpp new file mode 100644 index 0000000..5b4e4b6 --- /dev/null +++ b/tests/transec/test-capi-launcher.cpp @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test-capi-launcher.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief Unit test program of ACTA for launcher + */ + +#include + +#include + +#include + +#include "test-util.h" +#include "test-resource.h" + +RUNNER_TEST_GROUP_INIT(T0500_CAPI_ACTA_LAUNCER) + +// Launch needs CAP_SYS_ADMIN +RUNNER_TEST(T0501_ACTA_LAUNCH) +{ + auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS); + auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE); + + int ret = acta_global_install(DUMMY_PKG_ID, APP_CERTS_DIR, true); + + // pre-condition + int pid = fork(); + + if (pid == 0) { + ret = acta_global_launch(DUMMY_PKG_ID, APP_CERTS_DIR, true); + RUNNER_ASSERT_MSG(ret == 0, "ACTA launch should be success."); + + auto afterLsChild = test::util::ls(TZ_SYS_RO_CA_CERTS); + RUNNER_ASSERT_MSG(beforeLs != afterLsChild, "Failed to launch."); + + auto afterCatChild = test::util::cat(TZ_SYS_RO_CA_BUNDLE); + RUNNER_ASSERT_MSG(beforeCat != afterCatChild, "Failed to launch."); + + } else { + auto afterLsParent = test::util::ls(TZ_SYS_RO_CA_CERTS); + RUNNER_ASSERT_MSG(beforeLs == afterLsParent, "Failed to launch."); + + auto afterCatParent = test::util::cat(TZ_SYS_RO_CA_BUNDLE); + RUNNER_ASSERT_MSG(beforeCat == afterCatParent, "Failed to launch."); + } +} diff --git a/tests/transec/test-util.cpp b/tests/transec/test-util.cpp new file mode 100644 index 0000000..38fb534 --- /dev/null +++ b/tests/transec/test-util.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test-util.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief + */ +#include "test-util.h" + +#include + +#include +#include +#include + +namespace test { +namespace util { + +std::string ls(const char *path) +{ + using FilePtr = std::unique_ptr; + std::string cmd("/bin/ls "); + cmd.append(path); + + FilePtr ls(::popen(cmd.c_str(), "r"), ::pclose); + if (ls == nullptr) + return std::string(); + + std::vector buf(1024); + std::string ret; + while (::fgets(buf.data(), buf.size(), ls.get())) + ret.append(buf.data()); + + return ret; +} + +std::string cat(const char *path) +{ + using FilePtr = std::unique_ptr; + std::string cmd("/bin/cat "); + cmd.append(path); + + FilePtr ls(::popen(cmd.c_str(), "r"), ::pclose); + if (ls == nullptr) + return std::string(); + + std::vector buf(1024); + std::string ret; + while (::fgets(buf.data(), buf.size(), ls.get())) + ret.append(buf.data()); + + return ret; +} + +} // namespace util +} // namespace test diff --git a/tests/transec/test-util.h b/tests/transec/test-util.h new file mode 100644 index 0000000..e10d706 --- /dev/null +++ b/tests/transec/test-util.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test-util.h + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief + */ +#pragma once + +#include +#include + +namespace test { +namespace util { + +std::string ls(const char *path); +std::string cat(const char *path); + +} // namespace util +} // namespace test