From: sangwan.kwon Date: Wed, 12 Jul 2017 10:50:55 +0000 (+0900) Subject: [API Changed] Refine launch, uninstall API X-Git-Tag: submit/tizen/20170720.071940~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fc9094e1ccf2b04be0a9fd28c6165fdf8159365e;p=platform%2Fcore%2Fsecurity%2Ftrust-anchor.git [API Changed] Refine launch, uninstall API [AS-IS] - Installer should save data(1):"package-certs-path". - Launcher should be able to get data(1) for using launch API. - Installer should be able to get data(1) for using uninstall API. [TO-BE] - Installer does not need to save and get data(1). - Launcher does not need to get data(1). Change-Id: Ieeec21a62830d5a02e53c592999e041feef1dc5a Signed-off-by: sangwan.kwon --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 2af5a0a..06282c4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,6 +37,7 @@ ADD_DEFINITIONS("-DTANCHOR_PKG_DIR=\"${TANCHOR_PKG}\"") ADD_DEFINITIONS("-DTANCHOR_TEST_DIR=\"${TANCHOR_TEST}\"") ADD_DEFINITIONS("-DTANCHOR_BUNDLE=\"${TANCHOR_BUNDLE}\"") ADD_DEFINITIONS("-DTANCHOR_SYSCA=\"${TANCHOR_SYSCA}\"") +ADD_DEFINITIONS("-DTANCHOR_PKG_CERTS=\"${TANCHOR_PKG_CERTS}\"") ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS=\"${TZ_SYS_CA_CERTS}\"") ADD_DEFINITIONS("-DTZ_SYS_CA_BUNDLE=\"${TZ_SYS_CA_BUNDLE}\"") diff --git a/api/tanchor/trust-anchor.h b/api/tanchor/trust-anchor.h index a19ac1d..40ab82d 100644 --- a/api/tanchor/trust-anchor.h +++ b/api/tanchor/trust-anchor.h @@ -42,8 +42,8 @@ extern "C" { * @details Package custom certificates would be installed on system. * This function should be called before trust_anchor_launch(). * @param[in] package_id Package id - * @param[in] pkg_certs_path Package custom certificates path * @param[in] uid user id + * @param[in] pkg_certs_path Package custom certificates path * @param[in] with_system_certs Whether system certificates use or not * @return #TRUST_ANCHOR_ERROR_NONE on success, * negative on error @@ -57,8 +57,8 @@ extern "C" { * @see trust_anchor_uninstall() */ int trust_anchor_install(const char *package_id, - const char *pkg_certs_path, uid_t uid, + const char *pkg_certs_path, bool with_system_certs); @@ -66,7 +66,6 @@ int trust_anchor_install(const char *package_id, * @brief Launch trust anchor. * @details After lauching trust anchor, package can use custom certificates. * @param[in] package_id Package id - * @param[in] pkg_certs_path Package custom certificates path * @param[in] uid user id * @return #TRUST_ANCHOR_ERROR_NONE on success, * negative on error @@ -78,15 +77,12 @@ int trust_anchor_install(const char *package_id, * @retval #TRUST_ANCHOR_ERROR_INTERNAL Internal error * @see trust_anchor_install() */ -int trust_anchor_launch(const char *package_id, - const char *pkg_certs_path, - uid_t uid); +int trust_anchor_launch(const char *package_id, uid_t uid); /** * @brief Uninstall trust anchor. * @param[in] package_id Package id - * @param[in] pkg_certs_path Package custom certificates path * @param[in] uid user id * @return #TRUST_ANCHOR_ERROR_NONE on success, * negative on error @@ -95,9 +91,7 @@ int trust_anchor_launch(const char *package_id, * @retval #TRUST_ANCHOR_ERROR_INTERNAL Internal error * @see trust_anchor_install() */ -int trust_anchor_uninstall(const char *package_id, - const char *pkg_certs_path, - uid_t uid); +int trust_anchor_uninstall(const char *package_id, uid_t uid); #ifdef __cplusplus diff --git a/api/tanchor/trust-anchor.hxx b/api/tanchor/trust-anchor.hxx index 01dba2e..015a92d 100644 --- a/api/tanchor/trust-anchor.hxx +++ b/api/tanchor/trust-anchor.hxx @@ -38,9 +38,7 @@ namespace tanchor { class TANCHOR_API TrustAnchor { public: - explicit TrustAnchor(const std::string &packageId, - const std::string &certsDir, - uid_t uid) noexcept; + explicit TrustAnchor(const std::string &packageId, uid_t uid) noexcept; virtual ~TrustAnchor(void); TrustAnchor(const TrustAnchor &) = delete; @@ -48,7 +46,7 @@ public: TrustAnchor &operator=(const TrustAnchor &) = delete; TrustAnchor &operator=(TrustAnchor &&) = delete; - int install(bool withSystemCerts) noexcept; + int install(const std::string &pkgCertsPath, bool withSystemCerts) noexcept; int uninstall(void) noexcept; int launch(void) noexcept; diff --git a/examples/installer.c b/examples/installer.c index f4b26f1..e2dea7d 100644 --- a/examples/installer.c +++ b/examples/installer.c @@ -35,7 +35,7 @@ int main() bool with_sys = false; uid_t uid = -1; - int ret = trust_anchor_install("pkgid", "/pkg_certs_path", uid, with_sys); + int ret = trust_anchor_install("pkgid", uid, "/pkg_certs_path", with_sys); if (ret != TRUST_ANCHOR_ERROR_NONE) { printf("Failed to install operation"); return -1; @@ -44,7 +44,7 @@ int main() /* * When app uninstalled trust_anchor_uninstall() should be called once. */ - ret = trust_anchor_uninstall("pkgid", "/pkg_certs_path", uid); + ret = trust_anchor_uninstall("pkgid", uid); if (ret != TRUST_ANCHOR_ERROR_NONE) { printf("Failed to uninstall operation"); return -1; diff --git a/examples/launcher.c b/examples/launcher.c index b193da8..51320bf 100644 --- a/examples/launcher.c +++ b/examples/launcher.c @@ -38,7 +38,7 @@ int main() */ uid_t uid = -1; - int ret = trust_anchor_launch("pkgid", "/pkg_certs_path", uid); + int ret = trust_anchor_launch("pkgid", uid); if (ret != TRUST_ANCHOR_ERROR_NONE) { printf("Failed to launch operation"); return -1; diff --git a/packaging/trust-anchor.spec b/packaging/trust-anchor.spec index 931cad3..3c0c53f 100644 --- a/packaging/trust-anchor.spec +++ b/packaging/trust-anchor.spec @@ -16,17 +16,18 @@ BuildRequires: ca-certificates-devel Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig -%global lib_name tanchor -%global user_name security_fw -%global group_name security_fw -%global smack_label System - -%global tanchor_base %{TZ_SYS_DATA}/%{lib_name} -%global tanchor_pkg %{tanchor_base}/pkg -%global tanchor_bundle %{tanchor_base}/ca-bundle.pem -%global tanchor_sysca %{tanchor_base}/.sysca -%global tanchor_test %{tanchor_base}/test -%global tanchor_example %{tanchor_base}/example +%global lib_name tanchor +%global user_name security_fw +%global group_name security_fw +%global smack_label System + +%global tanchor_base %{TZ_SYS_DATA}/%{lib_name} +%global tanchor_pkg %{tanchor_base}/pkg +%global tanchor_bundle %{tanchor_base}/ca-bundle.pem +%global tanchor_sysca %{tanchor_base}/.sysca +%global tanchor_pkgcerts %{tanchor_base}/.pkgcerts +%global tanchor_test %{tanchor_base}/test +%global tanchor_example %{tanchor_base}/example %description The package provides trust-anchor which the application can assign @@ -40,6 +41,7 @@ SSL root certificates for its HTTPS communication. %dir %attr(-, %{user_name}, %{group_name}) %{tanchor_base} %dir %attr(-, %{user_name}, %{group_name}) %{tanchor_pkg} %attr(-, %{user_name}, %{group_name}) %{tanchor_bundle} +%attr(-, %{user_name}, %{group_name}) %{tanchor_pkgcerts} %attr(444 %{user_name}, %{group_name}) %{tanchor_sysca} %prep @@ -63,6 +65,7 @@ SSL root certificates for its HTTPS communication. -DTANCHOR_PKG=%{tanchor_pkg} \ -DTANCHOR_BUNDLE=%{tanchor_bundle} \ -DTANCHOR_SYSCA=%{tanchor_sysca} \ + -DTANCHOR_PKG_CERTS=%{tanchor_pkgcerts} \ -DTANCHOR_TEST=%{tanchor_test} \ -DTANCHOR_EXAMPLE=%{tanchor_example} \ -DTZ_SYS_CA_CERTS=%{TZ_SYS_CA_CERTS} \ @@ -79,6 +82,7 @@ mkdir -p %{buildroot}%{tanchor_pkg} touch %{buildroot}%{tanchor_bundle} touch %{buildroot}%{tanchor_sysca} +touch %{buildroot}%{tanchor_pkgcerts} %post -p /sbin/ldconfig diff --git a/src/api.cpp b/src/api.cpp index a9ecc8d..55313bb 100644 --- a/src/api.cpp +++ b/src/api.cpp @@ -28,28 +28,24 @@ using namespace tanchor; TANCHOR_API int trust_anchor_install(const char *package_id, - const char *pkg_certs_path, uid_t uid, + const char *pkg_certs_path, bool with_system_certs) { - TrustAnchor ta(package_id, pkg_certs_path, uid); - return ta.install(with_system_certs); + TrustAnchor ta(package_id, uid); + return ta.install(pkg_certs_path, with_system_certs); } TANCHOR_API -int trust_anchor_launch(const char *package_id, - const char *pkg_certs_path, - uid_t uid) +int trust_anchor_launch(const char *package_id, uid_t uid) { - TrustAnchor ta(package_id, pkg_certs_path, uid); + TrustAnchor ta(package_id, uid); return ta.launch(); } TANCHOR_API -int trust_anchor_uninstall(const char *package_id, - const char *pkg_certs_path, - uid_t uid) +int trust_anchor_uninstall(const char *package_id, uid_t uid) { - TrustAnchor ta(package_id, pkg_certs_path, uid); + TrustAnchor ta(package_id, uid); return ta.uninstall(); } diff --git a/src/certificate.cpp b/src/certificate.cpp index d3d5fa7..103c864 100644 --- a/src/certificate.cpp +++ b/src/certificate.cpp @@ -22,7 +22,10 @@ #include "certificate.hxx" #include +#include #include + +#include "file-system.hxx" #include "exception.hxx" #include @@ -42,20 +45,21 @@ const int HASH_LENGTH = 8; } // namespace anonymous -Certificate::Certificate(const std::string &path) : - m_fp(FilePtr(::fopen(path.c_str(), "rb"), ::fclose)) +Certificate::Certificate(const std::string &path) : m_path(path) { - if (this->m_fp == nullptr) - throw std::invalid_argument("Failed to open [" + path + "]."); } std::string Certificate::getSubjectNameHash() const { - X509Ptr x509(::PEM_read_X509(this->m_fp.get(), NULL, NULL, NULL), + FilePtr fp = FilePtr(::fopen(this->m_path.c_str(), "rb"), ::fclose); + if (fp == nullptr) + throw std::invalid_argument("Failed to open [" + this->m_path + "]."); + + X509Ptr x509(::PEM_read_X509(fp.get(), NULL, NULL, NULL), ::X509_free); if (x509 == nullptr) { - ::rewind(this->m_fp.get()); - x509 = X509Ptr(::PEM_read_X509_AUX(this->m_fp.get(), NULL, NULL, NULL), + ::rewind(fp.get()); + x509 = X509Ptr(::PEM_read_X509_AUX(fp.get(), NULL, NULL, NULL), ::X509_free); } @@ -71,15 +75,7 @@ std::string Certificate::getSubjectNameHash() const std::string Certificate::getCertificateData() const { - std::fseek(this->m_fp.get(), 0L, SEEK_END); - unsigned int fsize = std::ftell(this->m_fp.get()); - std::rewind(this->m_fp.get()); - - std::string content(fsize, 0); - if (fsize != std::fread(static_cast(&content[0]), 1, fsize, - this->m_fp.get())) - throw std::logic_error("Failed to read certificate from fp."); - + std::string content = File::read(this->m_path); return this->parseData(content); } diff --git a/src/certificate.hxx b/src/certificate.hxx index 6ecc2aa..dcc695e 100644 --- a/src/certificate.hxx +++ b/src/certificate.hxx @@ -22,13 +22,9 @@ #pragma once #include -#include -#include namespace tanchor { -using FilePtr = std::unique_ptr; - class Certificate { public: explicit Certificate(const std::string &path); @@ -45,7 +41,7 @@ public: private: std::string parseData(const std::string &data) const; - FilePtr m_fp; + std::string m_path; }; } // namespace tanchor diff --git a/src/environment.hxx b/src/environment.hxx index 60558bb..0aedbb4 100644 --- a/src/environment.hxx +++ b/src/environment.hxx @@ -30,6 +30,7 @@ const std::string SYS_BUNDLE_PATH(TZ_SYS_CA_BUNDLE); const std::string TANCHOR_SYSCA_PATH = TANCHOR_SYSCA; const std::string TANCHOR_BUNDLE_PATH = TANCHOR_BUNDLE; +const std::string TANCHOR_PKG_CERTS_PATH = TANCHOR_PKG_CERTS; const std::string MOUNT_POINT_CERTS(TZ_SYS_CA_CERTS); const std::string MOUNT_POINT_BUNDLE(TZ_SYS_CA_BUNDLE); diff --git a/src/file-system.cpp b/src/file-system.cpp index 190b2f9..ec1ab6d 100644 --- a/src/file-system.cpp +++ b/src/file-system.cpp @@ -24,6 +24,7 @@ #include #include #include +#include #include @@ -37,6 +38,22 @@ void File::linkTo(const std::string &src, const std::string &dst) ThrowErrno(errno, "Failed to link " + src + " -> " + dst); } +std::string File::read(const std::string &path) +{ + FilePtr fp = FilePtr(::fopen(path.c_str(), "rb"), ::fclose); + if (fp == nullptr) + throw std::invalid_argument("Failed to open [" + path + "]."); + + std::fseek(fp.get(), 0L, SEEK_END); + unsigned int fsize = std::ftell(fp.get()); + std::rewind(fp.get()); + + std::string buff(fsize, 0); + if (fsize != std::fread(static_cast(&buff[0]), 1, fsize, fp.get())) + throw std::logic_error("Failed to read [" + path + "]"); + return buff; +} + std::string File::readLink(const std::string &path) { std::vector buf(PATH_MAX); diff --git a/src/file-system.hxx b/src/file-system.hxx index 4bd3c94..ce1df38 100644 --- a/src/file-system.hxx +++ b/src/file-system.hxx @@ -22,14 +22,18 @@ #pragma once #include +#include namespace tanchor { +using FilePtr = std::unique_ptr; + class File { public: static void linkTo(const std::string &src, const std::string &dst); static std::string readLink(const std::string &path); static std::string getName(const std::string &path); + static std::string read(const std::string &path); }; } // namespace tanchor diff --git a/src/logic.cpp b/src/logic.cpp index bc3779d..c688911 100644 --- a/src/logic.cpp +++ b/src/logic.cpp @@ -39,8 +39,7 @@ namespace tanchor { -Logic::Logic(const std::string &pkgCertsPath, const std::string &basePath) : - m_pkgCertsPath(pkgCertsPath), +Logic::Logic(const std::string &basePath) : m_customBasePath(basePath), m_customCertsPath(m_customBasePath + "/certs"), m_customBundlePath(m_customBasePath + "/bundle"), @@ -91,7 +90,7 @@ void Logic::makeCustomCerts(void) } // link pkg certificates to the custom directory as subjectNameHash - runtime::DirectoryIterator iter(this->m_pkgCertsPath), end; + runtime::DirectoryIterator iter(this->getPkgCertsPath()), end; while (iter != end) { Certificate cert(iter->getPath()); std::string uName = this->getUniqueCertName(cert.getSubjectNameHash()); @@ -124,7 +123,7 @@ void Logic::makeCustomBundle(void) if (this->m_customCertsData.empty()) { DEBUG("System certificates is changed after TrustAnchor installation."); - runtime::DirectoryIterator iter(this->m_pkgCertsPath), end; + runtime::DirectoryIterator iter(this->getPkgCertsPath()), end; while (iter != end) { Certificate cert(iter->getPath()); this->m_customCertsData.emplace_back(cert.getCertificateData()); @@ -143,9 +142,9 @@ void Logic::makeCustomBundle(void) INFO("Success to make pkg custom bundle."); } -bool Logic::isPkgCertsValid(void) const +bool Logic::isPkgCertsValid(const std::string &path) const { - runtime::File file(this->m_pkgCertsPath); + runtime::File file(path); if (!file.exists()) ThrowExc(TRUST_ANCHOR_ERROR_NO_SUCH_FILE, @@ -158,6 +157,33 @@ bool Logic::isPkgCertsValid(void) const return file.isDirectory(); } +void Logic::setPkgCertsPath(const std::string &path) const +{ + if (!this->isPkgCertsValid(path)) + throw std::invalid_argument("Pkg certs dir should be directory."); + + + runtime::File tanchorPkgCerts(path::TANCHOR_PKG_CERTS_PATH); + tanchorPkgCerts.copyTo(this->m_customBasePath); + + runtime::File pkgCertsPath(this->m_customBasePath + "/" + + File::getName(path::TANCHOR_PKG_CERTS_PATH)); + pkgCertsPath.open(O_RDWR | O_APPEND); + pkgCertsPath.lock(); + pkgCertsPath.write(path.c_str(), path.length()); + pkgCertsPath.unlock(); + + DEBUG("Success to set package certificates path : " << path); +} + +std::string Logic::getPkgCertsPath(void) const +{ + std::string path = File::read(this->m_customBasePath + "/" + + File::getName(path::TANCHOR_PKG_CERTS_PATH)); + DEBUG("Package certificates path : " << path); + return path; +} + void Logic::setSystemCertsUsed(void) const { runtime::File tanchorSysCA(path::TANCHOR_SYSCA_PATH); diff --git a/src/logic.hxx b/src/logic.hxx index a543363..f55ef58 100644 --- a/src/logic.hxx +++ b/src/logic.hxx @@ -29,7 +29,7 @@ namespace tanchor { class Logic { public: - explicit Logic(const std::string &pkgCertsPath, const std::string &basePath); + explicit Logic(const std::string &basePath); virtual ~Logic(void) = default; Logic(const Logic &) = delete; @@ -43,7 +43,8 @@ public: void makeCustomCerts(void); void makeCustomBundle(void); - bool isPkgCertsValid(void) const; + void setPkgCertsPath(const std::string &path) const; + std::string getPkgCertsPath(void) const; bool isSystemCertsUsed(void) const; bool isSystemCertsModified(void) const; @@ -55,8 +56,8 @@ public: private: std::string getUniqueCertName(const std::string &name) const; + bool isPkgCertsValid(const std::string &path) const; - std::string m_pkgCertsPath; std::string m_customBasePath; std::string m_customCertsPath; std::string m_customBundlePath; diff --git a/src/trust-anchor.cpp b/src/trust-anchor.cpp index e08ae57..4c1a154 100644 --- a/src/trust-anchor.cpp +++ b/src/trust-anchor.cpp @@ -31,12 +31,10 @@ namespace tanchor { class TrustAnchor::Impl { public: - explicit Impl(const std::string &packageId, - const std::string &certsDir, - uid_t uid) noexcept; + explicit Impl(const std::string &packageId, uid_t uid) noexcept; virtual ~Impl(void) = default; - int install(bool withSystemCerts) noexcept; + int install(const std::string &pkgCertsPath, bool withSystemCerts) noexcept; int uninstall(void) const noexcept; int launch(void) noexcept; int rollback(void) const noexcept; @@ -48,11 +46,8 @@ private: Logic m_logic; }; -TrustAnchor::Impl::Impl(const std::string &packageId, - const std::string &certsDir, - uid_t uid) noexcept : - m_logic(certsDir, - path::BASE_PKG_PATH + "/" + +TrustAnchor::Impl::Impl(const std::string &packageId, uid_t uid) noexcept : + m_logic(path::BASE_PKG_PATH + "/" + std::to_string(static_cast(uid)) + "/" + packageId) { @@ -62,18 +57,17 @@ TrustAnchor::Impl::Impl(const std::string &packageId, void TrustAnchor::Impl::preInstall(void) { this->m_logic.init(); - - if (!this->m_logic.isPkgCertsValid()) - throw std::invalid_argument("Pkg certs dir should be directory."); DEBUG("Success to pre-install stage."); } -int TrustAnchor::Impl::install(bool withSystemCerts) noexcept +int TrustAnchor::Impl::install(const std::string &pkgCertsPath, + bool withSystemCerts) noexcept { EXCEPTION_GUARD_START this->preInstall(); + this->m_logic.setPkgCertsPath(pkgCertsPath); if (withSystemCerts) this->m_logic.setSystemCertsUsed(); @@ -118,7 +112,7 @@ void TrustAnchor::Impl::preLaunch(void) DEBUG("This package use system certificates."); if (this->m_logic.isSystemCertsModified()) { WARN("System certificates be changed. Do re-install for refresh."); - this->install(true); + this->install(this->m_logic.getPkgCertsPath(), true); } DEBUG("Success to pre-launch stage."); } @@ -139,19 +133,18 @@ int TrustAnchor::Impl::launch() noexcept EXCEPTION_GUARD_END } -TrustAnchor::TrustAnchor(const std::string &packageId, - const std::string &certsDir, - uid_t uid) noexcept : - m_pImpl(new Impl(packageId, certsDir, uid)) {} +TrustAnchor::TrustAnchor(const std::string &packageId, uid_t uid) noexcept : + m_pImpl(new Impl(packageId, uid)) {} TrustAnchor::~TrustAnchor(void) = default; -int TrustAnchor::install(bool withSystemCerts) noexcept +int TrustAnchor::install(const std::string &pkgCertsPath, + bool withSystemCerts) noexcept { if (this->m_pImpl == nullptr) return TRUST_ANCHOR_ERROR_OUT_OF_MEMORY; - int ret = this->m_pImpl->install(withSystemCerts); + int ret = this->m_pImpl->install(pkgCertsPath, withSystemCerts); if (ret != TRUST_ANCHOR_ERROR_NONE) { ERROR("Failed to intall ACTA. Remove custom directory for rollback."); diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 289ef72..c1db1df 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -57,6 +57,8 @@ SET(CAPI_LAUNCHER_SRCS main.cpp SET(INTERNAL_SRCS main.cpp test-util.cpp test-certificate.cpp + ${TANCHOR_SRC}/exception.cpp + ${TANCHOR_SRC}/file-system.cpp ${TANCHOR_SRC}/certificate.cpp) SET(SSL_SRCS main.cpp test-curl.cpp diff --git a/tests/test-capi-installer.cpp b/tests/test-capi-installer.cpp index 546cc6b..a29f504 100644 --- a/tests/test-capi-installer.cpp +++ b/tests/test-capi-installer.cpp @@ -28,39 +28,39 @@ TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_POSITIVE) { - int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, false); + int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, false); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_WITH_SYS_POSITIVE) { - int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, true); + int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, true); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_NEGATIVE) { - int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID, false); + int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, DUMMY_CERTS_DIR, false); TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(CAPI_TRUST_ANCHOR_INSTALL_WITH_SYS_NEGATIVE) { - int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID, true); + int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, DUMMY_CERTS_DIR, true); TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(CAPI_TRUST_ANCHOR_UNINSTALL_POSITIVE) { - int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, false); + int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, false); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); - ret = trust_anchor_uninstall(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); + ret = trust_anchor_uninstall(DUMMY_PKG_ID, DUMMY_UID); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(CAPI_TRUST_ANCHOR_UNINSTALL_NEGATIVE) { - int ret = trust_anchor_uninstall(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID); + int ret = trust_anchor_uninstall(DUMMY_PKG_ID, DUMMY_UID); TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE); } diff --git a/tests/test-capi-launcher.cpp b/tests/test-capi-launcher.cpp index 2953953..53b87f5 100644 --- a/tests/test-capi-launcher.cpp +++ b/tests/test-capi-launcher.cpp @@ -35,13 +35,13 @@ TESTCASE(CAPI_TRUST_ANCHOR_LAUNCH) auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS); auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE); - int ret = trust_anchor_install(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID, true); + int ret = trust_anchor_install(DUMMY_PKG_ID, DUMMY_UID, PKG_CERTS_DIR, true); // pre-condition int pid = fork(); if (pid == 0) { - ret = trust_anchor_launch(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); + ret = trust_anchor_launch(DUMMY_PKG_ID, DUMMY_UID); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); auto afterLsChild = test::util::ls(TZ_SYS_RO_CA_CERTS); diff --git a/tests/test-curl.cpp b/tests/test-curl.cpp index a3764fd..338b9b5 100644 --- a/tests/test-curl.cpp +++ b/tests/test-curl.cpp @@ -42,8 +42,8 @@ TESTCASE(CONNECT_SSL) TESTCASE(TRUST_ANCHOR_LAUNCH) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(false); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, false); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); std::cout << "##########################################" << std::endl; @@ -79,8 +79,8 @@ TESTCASE(TRUST_ANCHOR_LAUNCH) TESTCASE(TRUST_ANCHOR_LAUNCH_WITH_SYS) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(true); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, true); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); std::cout << "##########################################" << std::endl; diff --git a/tests/test-installer.cpp b/tests/test-installer.cpp index b75d632..12c564b 100644 --- a/tests/test-installer.cpp +++ b/tests/test-installer.cpp @@ -34,36 +34,36 @@ TESTCASE(TRUST_ANCHOR_INSTALL_POSITIVE) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(false); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, false); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(TRUST_ANCHOR_INSTALL_WITH_SYS_POSITIVE) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(true); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, true); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(TRUST_ANCHOR_INSTALL_NEGATIVE) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID); - int ret = ta.install(false); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(DUMMY_CERTS_DIR, false); TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(TRUST_ANCHOR_INSTALL_WITH_SYS_NEGATIVE) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID); - int ret = ta.install(true); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(DUMMY_CERTS_DIR, true); TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE); } TESTCASE(TRUST_ANCHOR_UNINSTALL_POSITIVE) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(false); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, false); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); ret = ta.uninstall(); @@ -72,7 +72,7 @@ TESTCASE(TRUST_ANCHOR_UNINSTALL_POSITIVE) TESTCASE(TRUST_ANCHOR_UNINSTALL_NEGATIVE) { - tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_CERTS_DIR, DUMMY_UID); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); int ret = ta.uninstall(); TEST_EXPECT(false, ret == TRUST_ANCHOR_ERROR_NONE); } diff --git a/tests/test-launcher.cpp b/tests/test-launcher.cpp index 96e1aa8..1034c0f 100644 --- a/tests/test-launcher.cpp +++ b/tests/test-launcher.cpp @@ -37,8 +37,8 @@ TESTCASE(TRUST_ANCHOR_LAUNCH) auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS); auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE); - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(false); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, false); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); // pre-condition @@ -73,8 +73,8 @@ TESTCASE(TRUST_ANCHOR_LAUNCH_WITH_SYS) auto beforeLs = test::util::ls(TZ_SYS_RO_CA_CERTS); auto beforeCat = test::util::cat(TZ_SYS_RO_CA_BUNDLE); - tanchor::TrustAnchor ta(DUMMY_PKG_ID, PKG_CERTS_DIR, DUMMY_UID); - int ret = ta.install(true); + tanchor::TrustAnchor ta(DUMMY_PKG_ID, DUMMY_UID); + int ret = ta.install(PKG_CERTS_DIR, true); TEST_EXPECT(true, ret == TRUST_ANCHOR_ERROR_NONE); // pre-condition