<manifest>
<assign>
- <filesystem path="/usr/bin/test-performance-check.sh" exec_label="_" />
-
<filesystem path="/usr/bin/security-manager-tests" exec_label="System::Privileged" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
BuildRequires: pkgconfig(security-privilege-manager)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: openssl1.1
-Requires: perf
Requires: gdb
Requires: diffutils
Requires: iproute2
%defattr(-, root, root, -)
/usr/bin/security-tests.sh
/usr/bin/security-tests-all.sh
-/usr/bin/test-performance-check.sh
/usr/bin/setup-nether-tests-nns.sh
/usr/bin/teardown-nether-tests-nns.sh
/usr/bin/setup-nether-tests-dns.sh
ADD_DEFINITIONS(${SYS_FRAMEWORK_TEST_OTHER_CFLAGS})
+OPTION("TZ_BACKEND" OFF)
+IF(TZ_BACKEND)
+ ADD_DEFINITIONS("-DTZ_BACKEND")
+ENDIF(TZ_BACKEND)
+
include(framework/config.cmake)
SET(DPL_FRAMEWORK_TEST_LIBRARY "dpl-test-framework")
WORLD_EXECUTE
)
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/test-performance-check.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
IF(BUILD_CKM OR BUILD_SM OR BUILD_CYNARA OR BUILD_WEB)
ADD_SUBDIRECTORY(common)
ENDIF(BUILD_CKM OR BUILD_SM OR BUILD_CYNARA OR BUILD_WEB)
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @version 1.0
*/
#include <dpl/test/test_runner.h>
+#include <ckm_helpers.h>
int main (int argc, char *argv[]) {
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ int exitCode = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+
+ detectCkmBugTrustzoneLeak();
+
+ return exitCode;
}
-# Copyright (c) 2013-2019 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2013-2020 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
ADD_DEFINITIONS("-DCKM_TEST_DIR=\"${CKM_TEST_DIR}\"")
ADD_DEFINITIONS("-DCKM_RW_DATA_DIR=\"${CKM_RW_DATA_DIR}\"")
-OPTION("TZ_BACKEND" OFF)
-IF(TZ_BACKEND)
- ADD_DEFINITIONS("-DTZ_BACKEND")
-ENDIF(TZ_BACKEND)
-
-OPTION("TZ_BACKEND" OFF)
-IF(TZ_BACKEND)
- ADD_DEFINITIONS("-DTZ_BACKEND")
-ENDIF(TZ_BACKEND)
PKG_CHECK_MODULES(CKM_TEST_COMMON_DEP
REQUIRED
#include <scoped-app-context.h>
#include <ckm-common.h>
#include <ckm-privileged-common.h>
+#include <ckm_helpers.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
RUNNER_TEST(T1511_insert_data)
{
- auto certee = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto certim = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto certim = TestData::getTestCertificate(TestData::TEST_IM_CA);
CKM::Alias certeeAlias("CertEE");
CKM::Alias certimAlias("CertIM");
{
int temp;
ScopedAppContext ctx(TEST_LABEL, USER_TEST+1, GROUP_APP);
- auto certee = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
auto manager = CKM::Manager::create();
size_t current_aliases_num = count_aliases(ALIAS_CERT);
std::cerr << argv[0] << " should be executed as root. Aborting" << std::endl;
return -1;
}
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ int exitCode = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+
+ detectCkmBugTrustzoneLeak();
+
+ return exitCode;
}
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
- // third party
- BALTIMORE_CYBER_TRUST_ROOT, // Baltimore CyberTrust Root, (root CA), expires May 13, 2025
- MS_IT_TLS_CA_5, // Microsoft IT TLS CA 5, signed by Baltimore CyberTrust Root,
- // expires May 20, 2024
- MICROSOFT_COM, // www.microsoft.com - signed by Microsoft IT TLS CA 5,
- // expires October 22, 2021
-
// ocsp available chain on third party
- MS_IT_TLS_CA_2, // Microsoft IT TLS CA 2, signed by Baltimore CyberTrust Root, expires 20 May 2024
- BING_COM, // BING, signed by Microsoft IT TLS CA 2, expires 30 Apr 2021
+ GLOBALSIGN_ROOT_CA, // GlobalSign Root CA, expires Jan 28 2028
+ GTS_ROOT_R1, // Google GTS Root R1, signed by GlobalSign Root CA,
+ // expires Jan 28 2028
// footer - last element in the set
NO_CERT
case certificateID::TEST_IM_CA: return RawCertificateID::TEST_IM_CA;
case certificateID::TEST_LEAF: return RawCertificateID::TEST_LEAF;
- case certificateID::THIRD_PARTY_ROOT_CA: return RawCertificateID::BALTIMORE_CYBER_TRUST_ROOT;
- case certificateID::THIRD_PARTY_IM_CA: return RawCertificateID::MS_IT_TLS_CA_5;
- case certificateID::THIRD_PARTY_LEAF: return RawCertificateID::MICROSOFT_COM;
-
- case certificateID::OCSP_AVAILABLE_IM: return RawCertificateID::MS_IT_TLS_CA_2;
- case certificateID::OCSP_AVAILABLE_LEAF: return RawCertificateID::BING_COM;
+ case certificateID::OCSP_ROOT_CA: return RawCertificateID::GLOBALSIGN_ROOT_CA;
+ case certificateID::OCSP_AVAILABLE_IM: return RawCertificateID::GTS_ROOT_R1;
case certificateID::NO_CERT: return RawCertificateID::NO_CERT;
default: throw std::invalid_argument("Invalid raw certificat ID!");
cm[RawCertificateID::TEST_LEAF].certPtr = createCert(raw_base64);
}
- // BING, signed by Microsoft IT TLS CA 2, expires 30 Apr 2021
+ // GlobalSign Root CA, expires Jan 28 2028
{
std::string raw_base64(
"-----BEGIN CERTIFICATE-----\n"
- "MIIN+jCCC+KgAwIBAgITIAAGDxuOsc5CY0aDQgAAAAYPGzANBgkqhkiG9w0BAQsF\n"
- "ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT\n"
- "B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE\n"
- "CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDIw\n"
- "HhcNMTkwNDMwMjA0ODAwWhcNMjEwNDMwMjA0ODAwWjAXMRUwEwYDVQQDEwx3d3cu\n"
- "YmluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhIlPb0iP7\n"
- "xRmUScK43QI7Ci/lvfMumWhRFAHcFzjIDHs74sq0B+ze8HW5PR6LWRe/d3yR5dC8\n"
- "7gQs0qXGitzsP9vWJcpwKV273tlnWiEfgZx5tvNCFdHOqoYoHL3a8zed/JkGTEeX\n"
- "ukGEX0TeBgCjcVTj5qRxJhjlWxs3AcB/q4f4vi3QG80TbSU2UO0lkvhvfs73C1jq\n"
- "i7Zspia/YsMqcQ6X+APAZ+4guKjQr5q32tzj2FGtJO6ZmZuNV9Wwb32891UhwZ3D\n"
- "2PrIcnCNlIQ1/Fah6im7Vc67qO2x/++r7gO7PtR8byCFnFuNUVQxhSIkCkj6FvPx\n"
- "cYefok0wJ0VRAgMBAAGjggnIMIIJxDCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHe\n"
- "AHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFqcApGzAAABAMA\n"
- "RjBEAiAiASIs5j19VcTLbxcOGHQlIl62d3iy1FY8dnNq+6lebQIgchbSq2Qh78zs\n"
- "mmucyslucBycij/FYUe3F1lNpJiB9KsAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAl\n"
- "CBcvo6odBxPTDAAAAWpwCkgDAAAEAwBHMEUCIQDx6RqcvDdfIY9qdAuaRFBVvSHN\n"
- "ttpAzie3KP9AAiGvBwIgSMvjse/hJusDoRFnSTtX96ierTaqzQH4oDLLnW/Gwc0A\n"
- "dQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAWpwCkbmAAAEAwBG\n"
- "MEQCICbYF6Lv93BFrwLguzmas/5gQ87fzRHkTaMxDSD7PlhRAiA/DXOeTcHaiUPQ\n"
- "WsKbJ/7x9EWKvVisqtQMnYk6cBxbBwB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2Msx\n"
- "tT/TM5a1toGoAAABanAKRtoAAAQDAEcwRQIgardRfR7bxwSGF212a603dXYz6O5z\n"
- "YHpPks8/RR/AMzQCIQD4VYDD+2zVDHEjz8elkKEzhgzTdOMtc1yYhCU+eHAGkjAn\n"
- "BgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQB\n"
- "gjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueT\n"
- "egIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3\n"
- "Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUy\n"
- "MENBJTIwMi5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20w\n"
- "HQYDVR0OBBYEFDcHtZt8HkKSRO8ETiTkCLixB9PaMAsGA1UdDwQEAwIEsDCCBW0G\n"
- "A1UdEQSCBWQwggVgggx3d3cuYmluZy5jb22CEGRpY3QuYmluZy5jb20uY26CEyou\n"
- "cGxhdGZvcm0uYmluZy5jb22CCiouYmluZy5jb22CCGJpbmcuY29tghZpZW9ubGlu\n"
- "ZS5taWNyb3NvZnQuY29tghMqLndpbmRvd3NzZWFyY2guY29tghljbi5pZW9ubGlu\n"
- "ZS5taWNyb3NvZnQuY29tghEqLm9yaWdpbi5iaW5nLmNvbYINKi5tbS5iaW5nLm5l\n"
- "dIIOKi5hcGkuYmluZy5jb22CGGVjbi5kZXYudmlydHVhbGVhcnRoLm5ldIINKi5j\n"
- "bi5iaW5nLm5ldIINKi5jbi5iaW5nLmNvbYIQc3NsLWFwaS5iaW5nLmNvbYIQc3Ns\n"
- "LWFwaS5iaW5nLm5ldIIOKi5hcGkuYmluZy5uZXSCDiouYmluZ2FwaXMuY29tgg9i\n"
- "aW5nc2FuZGJveC5jb22CFmZlZWRiYWNrLm1pY3Jvc29mdC5jb22CG2luc2VydG1l\n"
- "ZGlhLmJpbmcub2ZmaWNlLm5ldIIOci5iYXQuYmluZy5jb22CECouci5iYXQuYmlu\n"
- "Zy5jb22CEiouZGljdC5iaW5nLmNvbS5jboIPKi5kaWN0LmJpbmcuY29tgg4qLnNz\n"
- "bC5iaW5nLmNvbYIQKi5hcHBleC5iaW5nLmNvbYIWKi5wbGF0Zm9ybS5jbi5iaW5n\n"
- "LmNvbYINd3AubS5iaW5nLmNvbYIMKi5tLmJpbmcuY29tgg9nbG9iYWwuYmluZy5j\n"
- "b22CEXdpbmRvd3NzZWFyY2guY29tgg5zZWFyY2gubXNuLmNvbYIRKi5iaW5nc2Fu\n"
- "ZGJveC5jb22CGSouYXBpLnRpbGVzLmRpdHUubGl2ZS5jb22CDyouZGl0dS5saXZl\n"
- "LmNvbYIYKi50MC50aWxlcy5kaXR1LmxpdmUuY29tghgqLnQxLnRpbGVzLmRpdHUu\n"
- "bGl2ZS5jb22CGCoudDIudGlsZXMuZGl0dS5saXZlLmNvbYIYKi50My50aWxlcy5k\n"
- "aXR1LmxpdmUuY29tghUqLnRpbGVzLmRpdHUubGl2ZS5jb22CCzNkLmxpdmUuY29t\n"
- "ghNhcGkuc2VhcmNoLmxpdmUuY29tghRiZXRhLnNlYXJjaC5saXZlLmNvbYIVY253\n"
- "ZWIuc2VhcmNoLmxpdmUuY29tggxkZXYubGl2ZS5jb22CDWRpdHUubGl2ZS5jb22C\n"
- "EWZhcmVjYXN0LmxpdmUuY29tgg5pbWFnZS5saXZlLmNvbYIPaW1hZ2VzLmxpdmUu\n"
- "Y29tghFsb2NhbC5saXZlLmNvbS5hdYIUbG9jYWxzZWFyY2gubGl2ZS5jb22CFGxz\n"
- "NGQuc2VhcmNoLmxpdmUuY29tgg1tYWlsLmxpdmUuY29tghFtYXBpbmRpYS5saXZl\n"
- "LmNvbYIObG9jYWwubGl2ZS5jb22CDW1hcHMubGl2ZS5jb22CEG1hcHMubGl2ZS5j\n"
- "b20uYXWCD21pbmRpYS5saXZlLmNvbYINbmV3cy5saXZlLmNvbYIcb3JpZ2luLmNu\n"
- "d2ViLnNlYXJjaC5saXZlLmNvbYIWcHJldmlldy5sb2NhbC5saXZlLmNvbYIPc2Vh\n"
- "cmNoLmxpdmUuY29tghJ0ZXN0Lm1hcHMubGl2ZS5jb22CDnZpZGVvLmxpdmUuY29t\n"
- "gg92aWRlb3MubGl2ZS5jb22CFXZpcnR1YWxlYXJ0aC5saXZlLmNvbYIMd2FwLmxp\n"
- "dmUuY29tghJ3ZWJtYXN0ZXIubGl2ZS5jb22CE3dlYm1hc3RlcnMubGl2ZS5jb22C\n"
- "FXd3dy5sb2NhbC5saXZlLmNvbS5hdYIUd3d3Lm1hcHMubGl2ZS5jb20uYXUwgawG\n"
- "A1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20v\n"
- "cGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDIuY3Js\n"
- "hklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9z\n"
- "b2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDIuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGC\n"
- "NyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv\n"
- "bXNjb3JwL2NwczAfBgNVHSMEGDAWgBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAdBgNV\n"
- "HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBAA1g\n"
- "NJF5ks5Qrg0/qeOXQbcO3SCs+HKTKxVL8QdaTL3s5gsmWQzcYNS671DmN4lEob2g\n"
- "WWZKyKAzQbjDOcf9ndxX4+i+PaCw5K3uONbMOwnuOCwRvDy8YEoCb3OzKFX4sjzh\n"
- "1HVL/ljKHUPT+9ap/SpYserNxixibqF2LZYx+9hwr1bcx9GWrg3CoFUFgSZqRQ14\n"
- "eiK94iM5kzJLKynKPhez+UOwS5VRev1mxh5nD9hBPzXHHqI9mNWu/lyr7KPUMigi\n"
- "QfKKZuqV6W3i1H3BoJi1uDkL3SJo1F39XN3AyGSAZWS9RNn5JzEQQGiJRjrz/PE1\n"
- "vTg1BlbsPdKa4gGZGdGBWcj2eXZc+GbLpTy3qWlmJrEn2KGLeomyndlftRPFrBUH\n"
- "/5Mio5OeSawjlacBV25fKaoZ1BPc3i+HGKd5ctddCy6kJsgdMD221zGvf/0uW25Z\n"
- "ImzDeH7KkOcGbzyWJwBzDgra0RP+qRgK3aYPSWI81OLlnHJ2VOix/UU63NCK2fO/\n"
- "URzE8KxoHrgRGXCE52viHv6ksL7QXWelbERU7GEpcZU1suPhDohn4CrfrCYCjpa5\n"
- "Ys6ci7Rren82SsXJBfNrgm2U4lxWfzWj+2Ay6yATbdoOPntue8cbbMoTzoNMHQXD\n"
- "2DpjtFPs8/RVOFQb0IFVluCrTAnHmI8tTtsmzg6z\n"
- "-----END CERTIFICATE-----\n");
- cm[RawCertificateID::BING_COM].raw_base64 = raw_base64;
- cm[RawCertificateID::BING_COM].certPtr = createCert(raw_base64);
-
+ "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
+ "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
+ "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
+ "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
+ "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
+ "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
+ "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
+ "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
+ "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
+ "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
+ "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
+ "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
+ "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
+ "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
+ "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
+ "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
+ "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
+ "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
+ "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
+ "-----END CERTIFICATE-----\n"
+ );
+ cm[RawCertificateID::GLOBALSIGN_ROOT_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::GLOBALSIGN_ROOT_CA].certPtr = createCert(raw_base64);
}
- // Microsoft IT TLS CA 2, signed by Baltimore CyberTrust Root, expires 20 May 2024
+ // Google GTS Root R1, signed by GlobalSign Root CA, expires Jan 28 2028
{
std::string raw_base64(
"-----BEGIN CERTIFICATE-----\n"
- "MIIFtDCCBJygAwIBAgIQDywQyVsGwJN/uNRJ+D6FaTANBgkqhkiG9w0BAQsFADBa\n"
- "MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\n"
- "clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2\n"
- "MDUyMDEyNTE1N1oXDTI0MDUyMDEyNTE1N1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD\n"
- "VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy\n"
- "b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE\n"
- "AxMVTWljcm9zb2Z0IElUIFRMUyBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n"
- "MIICCgKCAgEAnqoVwRuhY1/mURjFFrsR3AtNm5EKukBJK9zWBgvFd1ksNEJFC06o\n"
- "yRbwKPMflpW/HtOfzIeBliGk57MwZq18bgASr70sPUWuoD917HUgBfxBYoF8zA7Z\n"
- "Ie5zAHODFboJL7Fg/apgbQs/GiZZNCi0QkQUWzw0nTUmVSNQ0mz6pCu95Dv1WMsL\n"
- "GyPGfdN9zD3Q/QEDyJ695QgjRIxYA1DUE+54ti2k6r0ycKFQYkyWwZ25HD1h2kYt\n"
- "3ovW85vF6y7tjTqUEcLbgKUCB81/955hdLLsbFd6f9o2PkU8xuOc3U+bUedvv6Sb\n"
- "tvGjBEZeFyH8/CaQhzlsKMH0+OPOFv/bMqcLarPw1V1sOV1bl4W9vi2278niblzI\n"
- "bEHt7nN888p4KNIwqCcXaGhbtS4tjn3NKI6v1d2XRyxIvCJDjgoZ09zF39Pyoe92\n"
- "sSRikZh7xns4tQEQ8BCs4o5NBSx8UxEsgyzNSskWGEWqsIjt+7+A1skDDZv6k2o8\n"
- "VCHNbTLFKS7d72wMI4ErpzVsBIicxaG2ezuMBBuqThxIiJ+G9zfoP9lxim/9rvJA\n"
- "xbh3nujA1VJfkOYTJIojEAYCxR3QjEoGdapJmBle97AfqEBnwoJsu2wav8h9v+po\n"
- "DL4h6dRzRUxY1DHypcFlXGoHu/REQgFLq2IN30/AhQLN90Pj9TT2RQECAwEAAaOC\n"
- "AUIwggE+MB0GA1UdDgQWBBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAfBgNVHSMEGDAW\n"
- "gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud\n"
- "DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\n"
- "BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln\n"
- "aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0\n"
- "LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG\n"
- "AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB\n"
- "CwUAA4IBAQBsf+pqb89rW8E0rP/cDuB9ixMX4C9OWQ7EA7n0BSllR64ZmuhU9mTV\n"
- "2L0G4HEiGXvOmt15i99wJ0ho2/dvMxm1ZeufkAfMuEc5fQ9RE5ENgNR2UCuFB2Bt\n"
- "bVmaKUAWxscN4GpXS4AJv+/HS0VXs5Su19J0DA8Bg+lo8ekCl4dq2G1m1WsCvFBI\n"
- "oLIjd4neCLlGoxT2jA43lj2JpQ/SMkLkLy9DXj/JHdsqJDR5ogcij4VIX8V+bVD0\n"
- "NCw7kQa6Ulq9Zo0jDEq1at4zSeH4mV2PMM3LwIXBA2xo5sda1cnUWJo3Pq4uMgcL\n"
- "e0t+fCut38NMkTl8F0arflspaqUVVUov\n"
- "-----END CERTIFICATE-----\n");
- cm[RawCertificateID::MS_IT_TLS_CA_2].raw_base64 = raw_base64;
- cm[RawCertificateID::MS_IT_TLS_CA_2].certPtr = createCert(raw_base64);
-
- }
-
- // Baltimore CyberTrust Root, (root CA), expires May 13, 2025
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\n"
- "RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\n"
- "VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\n"
- "DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\n"
- "ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\n"
- "VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\n"
- "mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\n"
- "IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\n"
- "mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n"
- "XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\n"
- "dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\n"
- "jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\n"
- "BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\n"
- "DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n"
- "9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\n"
- "jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\n"
- "Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\n"
- "ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n"
- "R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n"
- "-----END CERTIFICATE-----\n");
- cm[RawCertificateID::BALTIMORE_CYBER_TRUST_ROOT].raw_base64 = raw_base64;
- cm[RawCertificateID::BALTIMORE_CYBER_TRUST_ROOT].certPtr = createCert(raw_base64);
- }
-
- // Microsoft IT TLS CA 5, signed by Baltimore CyberTrust Root, expires May 20, 2024
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIFtDCCBJygAwIBAgIQCIjNUl8ZJERNFKWCkd65UjANBgkqhkiG9w0BAQsFADBa\n"
- "MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\n"
- "clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2\n"
- "MDUyMDEyNTMwM1oXDTI0MDUyMDEyNTMwM1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD\n"
- "VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy\n"
- "b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE\n"
- "AxMVTWljcm9zb2Z0IElUIFRMUyBDQSA1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n"
- "MIICCgKCAgEAmt+BXDuPrul5lrmaeaeB8jnaVShGIwLFgmYHthXe/Zw6GpuRCdJm\n"
- "jwuJF/hxhyF/ONM/miUAtzXQq/gIejbzUFvfKykn3qTdJJL69MZwjTYqmvCA3jX6\n"
- "HkKdCYGq1QcKFqXFWkJtQr4eQoK0VzCZW0Ur1I/TCgbGc5Ok4YPvxb8FJ6d4zbML\n"
- "4J4iFvOY3KYU6MyU1yP50FCZu7ULEJXx3wLpj46dVpk82I/TWPtckn49e/hQSVr3\n"
- "EHt3+OZKkEpVUt6UrXQJoGRXLM0HkJ8WrZXD0Qa68e9sBbUErKncGzGbDi0ZlQRP\n"
- "3mbLrTVyrxmCCLIUOhZfsDyb240MsALWJh/oFXHE7/ljOUOM6cKSLqHCoDAlDpYn\n"
- "X56jK4LWEL08GR6mh/5VITpcQfwBmMwvkv9mOLS4ZpwPEmhLSqyGu16Y/56mnFNs\n"
- "MxGk0K5SR9eLj/GWrLkpmo8s8a1kGMMmuwBk3lBwwLvsxmuu06DvwPFcDfLMelna\n"
- "GDMvWRCtZxQsXyJDSkTh6N3g51UWTgnvA0wMSFBa8APfju9jyltnh0NALAa2Hw8+\n"
- "U8BmP9cUFeYIYphIfoPlp7VdUS1ULWH9NF3Ut4DN0n3OsSQ785dsbBPeihfJivVI\n"
- "lUL3EpDjEBf2oQDFNiplkZ4F7EIuWriZG//UTrX6ZlXZg46/CCmN+gsCAwEAAaOC\n"
- "AUIwggE+MB0GA1UdDgQWBBQI/iWfdOqHBMK8u46oOF8zxtFsZTAfBgNVHSMEGDAW\n"
- "gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud\n"
- "DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\n"
- "BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln\n"
- "aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0\n"
- "LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG\n"
- "AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB\n"
- "CwUAA4IBAQA+8s8wpXq/HmrfOVgYKDzDne7ngcVL/Gf2vx9ON9re8K/uivkDe2Bn\n"
- "dMc72v8rSuv9VHUTi+XCgRK6UhIguimKOs1DJMzVFwX+nBY/c+BtQcB2PfKrSMVZ\n"
- "YmS6RE8KGII/Qeo/GDpY56AwV3X10WoxFLaUmWXatugB3uSr+7Xz5RkKGF+kAlfe\n"
- "tlwmb3P+Lgn1CEPED8ckf50oZ2Wh3FvwOv34cIXnpU8k3kI/HUQ7XYUGhR0eHNTZ\n"
- "TlHk/R4RFsyeANmXGpfjZceGNRtTdr4y0SxBSUujPpMMW3dXBzA8NYuM0WmiJ/pV\n"
- "6KudEB7RF9+6bInTyVvXC5SIqdi0ldeO\n"
- "-----END CERTIFICATE-----\n");
- cm[RawCertificateID::MS_IT_TLS_CA_5].raw_base64 = raw_base64;
- cm[RawCertificateID::MS_IT_TLS_CA_5].certPtr = createCert(raw_base64);
- }
-
- // www.microsoft.com - signed by Microsoft IT TLS CA 5, expires October 22, 2021
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIJHzCCBwegAwIBAgITLQAMNxVixB2TlAh/aAAAAAw3FTANBgkqhkiG9w0BAQsF\n"
- "ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT\n"
- "B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE\n"
- "CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDUw\n"
- "HhcNMTkxMDIxMjIwNDA0WhcNMjExMDIxMjIwNDA0WjCBiDELMAkGA1UEBhMCVVMx\n"
- "CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv\n"
- "ZnQgQ29ycG9yYXRpb24xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEa\n"
- "MBgGA1UEAxMRd3d3Lm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\n"
- "DwAwggEKAoIBAQDTEK1CzUwdArEOb/vDOqds7/vQ1yGQtAYaZYNBch27Kw3/XKnf\n"
- "td3NVj7tYe7MhI1U+bknxhSx7m4ti7Pzt6mxQiTZ/KegYhxosd3sOEikXgJVzECv\n"
- "h0Mvd6adrvi00cUeQz0dlkUkuxMAjiFs+FX7Ogf4xt8ub4hKZPGB85vDnQQ0OHVh\n"
- "L9IuUbYHhmh8EoDEdR+og+lj7u5OKt3YEWntgbnfV1d66U59kfp5Dg4T/zFjqz/l\n"
- "U3KGBWgj0YoxH8KGfuq2YfFQsm7Q4MDJnR2PNUbwwrK5JldcRn27o5SVZxaB55bs\n"
- "dyHWL0GbG5JoIIWg8pGJXKYGfARDEVjWijBPAgMBAAGjggR7MIIEdzCCAXwGCisG\n"
- "AQQB1nkCBAIEggFsBIIBaAFmAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyAL\n"
- "zE7xZOMAAAFt8GJxcQAABAMARzBFAiEAldKDzhaLTJ1PpTpE7TmrRp+nDwoEZbW5\n"
- "JOfrPKoR6PsCIBOqc6bzu7MnferBbxkUKwS67LpFTJgxYk6RV98m5fK2AHUAVYHU\n"
- "whaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFt8GJyzQAABAMARjBEAiBa\n"
- "JqHGYrk+yh3ccuelsJxqLbhE3DJuSBZxe+xEpiabhQIgRdcckht/x8uG6tSrRKg5\n"
- "0GdwnWlFKMBDT50rQjIPflMAdQB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5ql2iZ\n"
- "fiLw1wAAAW3wYnG7AAAEAwBGMEQCIGToqXolvHTes1f0QwV9RSvEE5HVwX6jn70+\n"
- "KaExl0+BAiBosObeHSU867FO1Aw5dw+R01ZZ1fudHxDwuXgLvqFmQzAnBgkrBgEE\n"
- "AYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQx\n"
- "MC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIB\n"
- "HTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jv\n"
- "c29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIw\n"
- "NS5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0O\n"
- "BBYEFParvwUeQbdw6ZH4GpVu9gwrCfuVMAsGA1UdDwQEAwIEsDCBmQYDVR0RBIGR\n"
- "MIGOghN3d3dxYS5taWNyb3NvZnQuY29tghF3d3cubWljcm9zb2Z0LmNvbYIYc3Rh\n"
- "dGljdmlldy5taWNyb3NvZnQuY29tghFpLnMtbWljcm9zb2Z0LmNvbYINbWljcm9z\n"
- "b2Z0LmNvbYIRYy5zLW1pY3Jvc29mdC5jb22CFXByaXZhY3kubWljcm9zb2Z0LmNv\n"
- "bTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0\n"
- "LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIw\n"
- "NS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9N\n"
- "aWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNS5jcmwwTQYDVR0gBEYwRDBCBgkr\n"
- "BgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29t\n"
- "L3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFAj+JZ906ocEwry7jqg4XzPG0Wxl\n"
- "MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC\n"
- "AgEAdWMaW3NOP5Yr47Sow1UZNLMmDlxNjz+8DcHiflQfKsImOvs/UflUrMGXG7rH\n"
- "57NbJZ9nYpSTHWxSJfKsGPc3pgc5R1sxZxDb6lBuXEN9NvhJMmPwBkyKJAAnjYN6\n"
- "yCNZP4X6dBOONW8uopknF+CRHDZdSiMaFiE4fVCe0LrO90b4ROPsRV8zHn57i1B1\n"
- "69n1cqsLXrMHvK0Xnu7rwrvvd5BbOaqm7DrgwJYUk0UciNEfcyN2dNRcCxofWQdV\n"
- "GQqvagqtjyDCm/EJ6DJ2kWllGHjauc8IkMaUeCedTYphChEckXoRBZikZtyL0oZj\n"
- "67iKht6mm4fST+x0Zuu5wdzUoCTQsNTHV0GSbcVIRcgmaNiwP+0+lrRocUrj2h/7\n"
- "2IQN8Pe/+CrDeVJNlKA9gWNl+t1F/r3CKWnkENyNUCTggiCSojdY9Rkj1rTieP6M\n"
- "SBUZBWf3MB5XIuaLOTO0/whM831krxNG/k0mdCpDtdKvCKIcARrkKM9A3TxtVpOd\n"
- "8f9kifcGaPqTQYr8fxhrNB864qsCG17o8ZckBKW8FY5H/jSQAZb1qbwsTbBMXJIr\n"
- "0lAPwH7LIAHJJyslG0X3Mp0ARumGWqVwiHOCaLXO1iSQX0wW4yo+lGxWONvOIoad\n"
- "2Ned/fxM675fEVC+r+DI6BKbt9ChfIXiXeULqOZC3yp2Fo8=\n"
- "-----END CERTIFICATE-----\n");
- cm[RawCertificateID::MICROSOFT_COM].raw_base64 = raw_base64;
- cm[RawCertificateID::MICROSOFT_COM].certPtr = createCert(raw_base64);
+ "MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX\n"
+ "MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE\n"
+ "CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx\n"
+ "OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT\n"
+ "GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx\n"
+ "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63\n"
+ "ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS\n"
+ "iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k\n"
+ "KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ\n"
+ "DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk\n"
+ "j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5\n"
+ "cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW\n"
+ "CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499\n"
+ "iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei\n"
+ "Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap\n"
+ "sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b\n"
+ "9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP\n"
+ "BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf\n"
+ "BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw\n"
+ "JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH\n"
+ "MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al\n"
+ "oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy\n"
+ "MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF\n"
+ "AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9\n"
+ "NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9\n"
+ "WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw\n"
+ "9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy\n"
+ "+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi\n"
+ "d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=\n"
+ "-----END CERTIFICATE-----\n"
+ );
+ cm[RawCertificateID::GTS_ROOT_R1].raw_base64 = raw_base64;
+ cm[RawCertificateID::GTS_ROOT_R1].certPtr = createCert(raw_base64);
}
return cm;
TEST_IM_CA,
TEST_LEAF,
- // third party
- THIRD_PARTY_ROOT_CA,
- THIRD_PARTY_IM_CA,
- THIRD_PARTY_LEAF,
-
- // ocsp available certificate chain, thirt party
+ // ocsp available certificate chain, third party
+ OCSP_ROOT_CA,
OCSP_AVAILABLE_IM,
- OCSP_AVAILABLE_LEAF,
// footer
NO_CERT
main.cpp
)
+FIND_PACKAGE (Threads)
+
INCLUDE_DIRECTORIES(
${PROJECT_SOURCE_DIR}/src/common
..
TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS}
${TARGET_CKM_TEST_COMMON}
${COMMON_TARGET_TEST}
+ ${CMAKE_THREAD_LIBS_INIT}
)
INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
/*
- * Copyright (c) 2016 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RUNNER_TEST(TA0120_save_cert_already_exists, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(TEST_LEAF), Policy());
test_negative(&ManagerAsync::saveCertificate,
CKM_API_ERROR_DB_ALIAS_EXISTS,
"alias",
- getTestCertificate(OCSP_AVAILABLE_LEAF),
+ getTestCertificate(TEST_LEAF),
Policy());
}
RUNNER_TEST(TA0150_save_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(TEST_LEAF), Policy());
}
RUNNER_TEST(TA0450_remove_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(TEST_LEAF), Policy());
test_positive(&ManagerAsync::removeAlias, "alias");
}
{
test_positive(&ManagerAsync::saveCertificate,
"alias",
- getTestCertificate(OCSP_AVAILABLE_LEAF),
+ getTestCertificate(TEST_LEAF),
Policy("password"));
test_negative(&ManagerAsync::getCertificate,
CKM_API_ERROR_AUTHENTICATION_FAILED,
static constexpr char PASS[] = "password";
static constexpr char ALIAS[] = "alias";
- const auto cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
+ const auto cert = getTestCertificate(TEST_LEAF);
mgr.saveCertificate(obs, ALIAS, cert, Policy(PASS));
obs->WaitForSuccess();
RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(TEST_LEAF), Policy());
test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1") });
- test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(OCSP_AVAILABLE_IM), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(TEST_IM_CA), Policy());
test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1"),
aliasWithLabelFromSelf("alias2") });
// getCertificateChain
RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
+ CertificateShPtr cert = getTestCertificate(TEST_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(TEST_IM_CA) };
test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
cert,
certv,
RUNNER_TEST(TA1420_get_certificate_chain_negative, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_LEAF) };
+ CertificateShPtr cert = getTestCertificate(TEST_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(TEST_LEAF) };
+ CertificateShPtrVector trustedv = { getTestCertificate(TEST_ROOT_CA) };
test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
+ trustedv,
true);
test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
certv,
- EMPTY_CERT_VECTOR,
+ trustedv,
true);
AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], certv[0], Policy());
+ AliasVector trusted_aliasv = { "trusted" };
+ test_positive(&ManagerAsync::saveCertificate, trusted_aliasv[0], trustedv[0], Policy());
test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
EMPTY_ALIAS_VECTOR,
- EMPTY_ALIAS_VECTOR,
+ trusted_aliasv,
true);
test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
aliasv,
- EMPTY_ALIAS_VECTOR,
+ trusted_aliasv,
true);
}
RUNNER_TEST(TA1450_get_certificate_chain_positive, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
+ CertificateShPtr cert = getTestCertificate(TEST_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(TEST_IM_CA) };
+ CertificateShPtrVector trustedv = { getTestCertificate(TEST_ROOT_CA) };
test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
3,
cert,
certv,
- EMPTY_CERT_VECTOR,
- true);
+ trustedv,
+ false);
AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(OCSP_AVAILABLE_IM), Policy());
+ AliasVector trusted_aliasv = { "trusted" };
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], certv[0], Policy());
+ test_positive(&ManagerAsync::saveCertificate, trusted_aliasv[0], trustedv[0], Policy());
test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
3,
cert,
aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
+ trusted_aliasv,
+ false);
}
RUNNER_TEST(TA1720_ocsp_check_negative, UserEnv)
{
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_LEAF), getTestCertificate(OCSP_AVAILABLE_LEAF) };
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM), getTestCertificate(OCSP_AVAILABLE_IM) };
auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
RUNNER_TEST(TA1750_ocsp_check_positive, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
- CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
+ CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_IM);
+ CertificateShPtrVector certv;
auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
cert,
certv,
auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
- "Verification failed. Error: " << obs->m_ocspStatus);
+ "Verification failed. Error: " << obs2->m_ocspStatus);
}
// setPermission
ckmc_cert_s* cert = NULL;
assert_positive(ckmc_cert_new,
- reinterpret_cast<unsigned char*>(const_cast<char*>(cert_raw.c_str())),
+ reinterpret_cast<unsigned char*>(cert_raw.data()),
cert_raw.size(),
CKMC_FORM_PEM,
&cert);
ChainVerifierBase();
virtual ~ChainVerifierBase();
- void addTrusted(TestData::certificateID idx);
+ virtual void addTrusted(TestData::certificateID idx);
void addUntrusted(TestData::certificateID idx);
- void enableSystem(bool enable);
+ void disableSystem();
- virtual void verifyPositive(TestData::certificateID idx, size_t expected) = 0;
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED) = 0;
+ virtual void verifyPositive(TestData::certificateID idx, size_t expected) const = 0;
+ virtual void verifyNegative(TestData::certificateID idx,
+ int error = CKMC_ERROR_VERIFICATION_FAILED) const = 0;
protected:
void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert);
addAlias(m_untrustedAliases, ss.str().c_str());
}
-void ChainVerifierBase::enableSystem(bool enable)
+void ChainVerifierBase::disableSystem()
{
- m_system = enable;
+ m_system = false;
}
void ChainVerifierBase::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
class ChainVerifierOld : public ChainVerifierBase {
public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+ void addTrusted(TestData::certificateID) override {
+ RUNNER_FAIL_MSG("Old API does not support trusted certificates");
+ }
+ void verifyPositive(TestData::certificateID idx, size_t expected) const override;
+ void verifyNegative(TestData::certificateID idx,
+ int error = CKMC_ERROR_VERIFICATION_FAILED) const override;
};
class ChainVerifier : public ChainVerifierBase {
public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+ void verifyPositive(TestData::certificateID idx, size_t expected) const override;
+ void verifyNegative(TestData::certificateID idx,
+ int error = CKMC_ERROR_VERIFICATION_FAILED) const override;
};
-void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected)
+void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected) const
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_free(cert);
}
-void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected)
+void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected) const
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_free(cert);
}
-void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error)
+void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error) const
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_free(cert);
}
-void ChainVerifier::verifyNegative(TestData::certificateID idx, int error)
+void ChainVerifier::verifyNegative(TestData::certificateID idx, int error) const
{
ckmc_cert_s* cert = create_cert(idx);
remove_user_data(APP_UID);
ChainVerifierOld cv;
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
- cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3); // including system cert
+ cv.verifyNegative(TestData::TEST_LEAF);
+
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
+
+ cv.addUntrusted(TestData::TEST_IM_CA);
+ cv.verifyNegative(TestData::TEST_LEAF);
+
+ cv.addUntrusted(TestData::TEST_ROOT_CA);
cv.verifyNegative(TestData::TEST_LEAF);
}
remove_user_data(APP_UID);
ChainVerifierOld cv;
- cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // including system cert
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
}
// check invalid arguments
{
remove_user_data(APP_UID);
- ckmc_cert_s* ca2 = create_cert(TestData::THIRD_PARTY_LEAF);
- ckmc_cert_s* ca1 = create_cert(TestData::THIRD_PARTY_IM_CA);
+ ckmc_cert_s* leaf = create_cert(TestData::TEST_LEAF);
+ ckmc_cert_s* ca = create_cert(TestData::TEST_IM_CA);
+ ckmc_cert_s* root = create_cert(TestData::TEST_ROOT_CA);
ckmc_cert_list_s* chain = NULL;
// cert
- CertListPtr untrusted_c = create_cert_list(ca1, NULL);
- ca1 = NULL;
+ CertListPtr untrusted_c = create_cert_list(ca, NULL);
+ ca = NULL;
+ CertListPtr trusted_c = create_cert_list(root, NULL);
assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
NULL_CERT,
untrusted_c.get(),
- untrusted_c.get(),
+ trusted_c.get(),
true,
&chain);
assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
- ca2,
- untrusted_c.get(),
+ leaf,
untrusted_c.get(),
+ trusted_c.get(),
true,
NULL_CHAIN);
- ckmc_cert_free(ca2);
+ ckmc_cert_free(leaf);
}
/*
* This test verifies that chain of trust won't be successfully built unless system or trusted
- * certificates are used even if real trusted root ca certs are used as untrusted.
+ * certificates are used.
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
- cv.verifyNegative(TestData::THIRD_PARTY_ROOT_CA);
+ cv.disableSystem();
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
+ cv.verifyNegative(TestData::OCSP_ROOT_CA);
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
+ cv.addUntrusted(TestData::OCSP_ROOT_CA);
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
}
/*
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
+ cv.disableSystem();
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.verifyPositive(TestData::TEST_IM_CA, 2);
cv.verifyNegative(TestData::TEST_LEAF);
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // including system cert
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
+ cv.verifyNegative(TestData::TEST_ROOT_CA);
}
/*
ChainVerifier cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.verifyPositive(TestData::TEST_IM_CA, 2); // signed by trusted cert (TEST_ROOT_CA)
- cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // signed by system cert (THIRD_PARTY_ROOT_CA)
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
-}
-
-RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
-{
- remove_user_data(APP_UID);
-
- ChainVerifier cv;
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
- cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3); // including system cert
+ cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // signed by system cert (OCSP_ROOT_CA)
cv.verifyNegative(TestData::TEST_LEAF);
}
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
+ cv.disableSystem();
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addUntrusted(TestData::TEST_IM_CA);
cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
}
/*
remove_user_data(APP_UID);
ChainVerifier cv;
- cv.enableSystem(false);
+ cv.disableSystem();
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addTrusted(TestData::TEST_IM_CA);
cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
-}
-
-RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
-{
- remove_user_data(APP_UID);
-
- ChainVerifier cv;
- cv.enableSystem(true);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
-
- cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3);
- cv.verifyNegative(TestData::TEST_LEAF);
+ cv.verifyNegative(TestData::OCSP_AVAILABLE_IM);
}
RUNNER_TEST(TCCH_9999_deinit)
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s *cert2;
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s cert;
CKMCReadableError(temp));
}
-RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
-
- char* password = NULL;
- ckmc_cert_s *cert2 = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- CKM::Alias alias = "test-cert-1-DSA";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
RUNNER_TEST(T30211_deinit_C_API)
{
int temp;
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_LEAF);
std::string im = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_IM);
ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(im.data());
+ c_cert.cert_size = im.size();
c_cert.data_format = CKMC_FORM_PEM;
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
ckmc_cert_list_s *cert_chain_list;
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ int tmp = ckmc_get_cert_chain(&c_cert, NULL, &cert_chain_list);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = const_cast<char *>(key_passwd);
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pubpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
{
int temp;
- const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
"MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
"BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
"YMYCBhubtrVaLmc=\n"
"-----END PUBLIC KEY-----";
- const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
"NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
"ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
ckmc_raw_buffer_s *signature = NULL;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(priv.data());
prikey.key_size = priv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = NULL;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *raw_key = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int key_size = keyPem.size();
ckmc_key_type_e key_type = CKMC_KEY_NONE;
char *password = const_cast< char *>("");
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *data = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int size = keyPem.size();
ckmc_raw_buffer_s *buff;
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
+ unsigned char *raw_cert = reinterpret_cast<unsigned char *>(certPem.data());
unsigned int size = certPem.size();
ckmc_data_format_e form = CKMC_FORM_PEM;
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);
#include <string>
#include <vector>
#include <unordered_map>
+#include <thread>
#include <dpl/test/test_runner.h>
#include <ckm-common.h>
encrypted);
});
}
+
+/////////////////////////////////////////
+// Mulithreaded test for synchronous API
+/////////////////////////////////////////
+RUNNER_TEST(TED_3000_muliple_threads, SyncEnv)
+{
+ std::vector<std::thread> threads;
+ threads.reserve(10);
+ for(unsigned i = 0; i < 10;++i)
+ threads.emplace_back([]{ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256}); });
+ for (auto& thread : threads)
+ thread.join();
+}
#include <tests_common.h>
#include <test-certs.h>
+#include <ckm_helpers.h>
#include <ckm-common.h>
#include <ckm/ckm-manager.h>
int temp;
auto manager = CKM::Manager::create();
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::CertificateShPtr cert2;
CKM::Alias alias = "myCert";
auto manager = CKM::Manager::create();
CKM::AliasPwdVector expected;
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
std::string currentAlias;
size_t beforeSaveAliasCount = count_aliases(ALIAS_CERT);
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias; //alias is not initialized
int temp;
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias = "iamsomebodyelse alias";
int temp;
RUNNER_TEST(T13129_get_chain)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
+ CKM::CertificateShPtrVector trusted = {root};
int tmp;
auto manager = CKM::Manager::create();
tmp = manager->getCertificateChain(cert,
EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
+ trusted,
true,
certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
0 == certChain.size(),
"Wrong size of certificate chain.");
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, certVector, trusted, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1313_get_chain_with_alias)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
- CKM::Alias alias = "imcert";
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, EMPTY_ALIAS_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
"Error=" << CKM::APICodeToString(tmp));
0 == certChain.size(),
"Wrong size of certificate chain.");
+ CKM::AliasVector aliasVector = { "imcert" };
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(aliasVector[0], cert1, CKM::Policy())),
"Error=" << CKM::APICodeToString(tmp));
- aliasVector.push_back(alias);
+ CKM::AliasVector trustedAliasVector = { "rootcert" };
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(trustedAliasVector[0], root, CKM::Policy())),
+ "Error=" << CKM::APICodeToString(tmp));
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, aliasVector, trustedAliasVector, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
RUNNER_TEST(T13141_ocsp_check_valid_chain)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
- CKM::CertificateShPtrVector certVector = {cert1};
+ auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+
CKM::CertificateShPtrVector certChain;
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::APICodeToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
+ 2 == certChain.size(),
"Wrong size of certificate chain.");
int status;
RUNNER_TEST(T13144_ocsp_check_root)
{
- auto root = TestData::getTestCertificate(TestData::THIRD_PARTY_ROOT_CA);
+ auto root = TestData::getTestCertificate(TestData::OCSP_ROOT_CA);
CKM::CertificateShPtrVector certVector = {root};
auto manager = CKM::Manager::create();
return -1;
}
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ int exitCode = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+
+ detectCkmBugTrustzoneLeak();
+
+ return exitCode;
}
cynara-creds-sd-bus
security-manager
security-privilege-manager
+ key-manager
REQUIRED
)
${PROJECT_SOURCE_DIR}/src/common/tzplatform.cpp
${PROJECT_SOURCE_DIR}/src/common/privilege_manager.cpp
${PROJECT_SOURCE_DIR}/src/common/scoped_process_label.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/ckm_helpers.cpp
)
#system and local includes
--- /dev/null
+/*
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ckm_helpers.cpp
+ * @author Mateusz Cegielka (m.cegielka@samsung.com)
+ * @version 1.0
+ * @brief Utilities common to ckm and ckm-integration tests
+ */
+
+#include <ckm_helpers.h>
+
+#include <iostream>
+
+#include <ckmc/ckmc-manager.h>
+
+void detectCkmBugTrustzoneLeak()
+{
+#ifdef TZ_BACKEND
+ const char* alias = "detect-bug-trustzone-leak";
+ unsigned char data[] = {0};
+
+ ckmc_raw_buffer_s buffer;
+ buffer.data = data;
+ buffer.size = sizeof(data) / sizeof(data[0]);
+ ckmc_policy_s policy;
+ policy.password = nullptr;
+ policy.extractable = true;
+
+ int ret = ckmc_save_data(alias, buffer, policy);
+ ckmc_remove_alias(alias);
+
+ if (ret == CKMC_ERROR_SERVER_ERROR) {
+ std::cerr << "\x1B[1;33m"
+ "### Warning #############################################################\n"
+ "# TrustZone may have ran out of memory due to running CKM tests #\n"
+ "# multiple times. This happens because ckmc_remove_user_data is not #\n"
+ "# able to remove individual objects stored in TrustZone, as the user #\n"
+ "# database may be encrypted. If that happens, tests that use TrustZone #\n"
+ "# backend will start failing, and you will need to somehow restore #\n"
+ "# TrustZone and key-manager to an earlier state, before the memory was #\n"
+ "# exhausted. #\n"
+ "# #\n"
+ "# If you're working with a Tizen emulator and tef-simulator, there are #\n"
+ "# two ways to do this. The simpler way to do so are QEMU snapshots. You #\n"
+ "# should have access to `make snapshot-restore` and #\n"
+ "# `make snapshot-push` commands in the same directory where you run #\n"
+ "# `run.sh`, and a snapshot with a clean image is available by default. #\n"
+ "# The second, faster way to do this is to run `rm -r #\n"
+ "# /opt/usr/apps/ta_sdk/data/* /opt/data/ckm/{db*,key*,removed*} && #\n"
+ "# systemctl restart central-key-manager tef-simulator. #\n"
+ "#########################################################################\n"
+ "\x1B[0m\n";
+ }
+#endif
+}
--- /dev/null
+/*
+ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ckm_helpers.h
+ * @author Mateusz Cegielka (m.cegielka@samsung.com)
+ * @version 1.0
+ * @brief Utilities common to ckm and ckm-integration tests
+ */
+
+#pragma once
+
+void detectCkmBugTrustzoneLeak();
+++ /dev/null
-#!/bin/sh
-
-NOF_TRIES=3
-i=$NOF_TRIES
-ERR_FILE=error.log
-RESULTS_FILE=results.log
-
-SUM=0
-
-black="\033[0;30m";
-red="\033[0;31m";
-green="\033[0;32m";
-brown="\033[0;33m";
-blue="\033[0;34m";
-purple="\033[0;35m";
-grey="\033[1;30m";
-yellow="\033[1;33m";
-default="\033[0m";
-
-
-function echo_as_percent () {
-full=$(( $1 / 100 ))
-rest_full=$(( $1 % 100 ))
-dec=$(($rest_full / 10 ))
-rest_dec=$(($rest_full % 10 ))
-echo "$full.$dec$rest_dec%"
-echo "$full.$dec$rest_dec%" >> $RESULTS_FILE
-
-}
-
-date >> $RESULTS_FILE
-date >> $ERR_FILE
-
-while [ $((i--)) -gt 0 ]
-do
-echo -e "$blue==============test no $i=============$default"
-
-perf record -a -g & > /dev/null 2> /dev/null
-sleep 1
-security-tests-all.sh > /dev/null 2> /dev/null
-pkill -SIGINT perf
-
-sleep 2
-
-echo "perf results:"
-perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk
-OUTPUT=$(perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk | sed "s:%.*$::g;s:^[ \t]::g;s:[^0-9]::g;s:^0::g;s:^0::g;s:$:+:g;$ s:+::" | tr -d "\n")
-
-echo -e "$blue sum:"
-echo_as_percent $(($OUTPUT))
-echo -e "$default"
-
-SUM=$(($SUM + $OUTPUT))
-
-done
-echo -e "$blue==============done============="
-OUTPUT=$(($SUM/3))
-echo "average:"
-echo "average:" >> $RESULTS_FILE
-echo_as_percent $OUTPUT
-echo -e "$default"
-
-
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Dariusz Michaluk (d.michaluk@samsung.com)
*
continue;
/*
- * - YACA_PADDING_PKCS1 & YACA_PADDING_PKCS1_SSLV23 are compatible in case of
- * public_encrypt/private_decrypt
+ * - YACA_PADDING_PKCS1 & YACA_PADDING_PKCS1_SSLV23 are compatible
* - YACA_PADDING_NONE checks only the input length
*/
expected = YACA_ERROR_INVALID_PARAMETER;
if (p.padding == YACA_PADDING_NONE ||
- (et == ET_PUB && ((p.padding == YACA_PADDING_PKCS1 && padding == YACA_PADDING_PKCS1_SSLV23) ||
- (p.padding == padding))))
+ (p.padding == YACA_PADDING_PKCS1 && padding == YACA_PADDING_PKCS1_SSLV23) ||
+ (p.padding == YACA_PADDING_PKCS1_SSLV23 && padding == YACA_PADDING_PKCS1))
expected = YACA_ERROR_NONE;
- YACA_RESULT(expected, decrypt(p.padding, dec_key.get(),
- ciphertext.get(), ciphertext_len,
- &tmp, &plaintext_len));
+ int ret = decrypt(p.padding, dec_key.get(),
+ ciphertext.get(), ciphertext_len,
+ &tmp, &plaintext_len);
+ if (ret != expected && expected == YACA_ERROR_INVALID_PARAMETER) {
+ YACA_ASSERT_MSG(ret == YACA_ERROR_NONE, "Got unexpected error " << ret);
+ YACA_ASSERT_MSG(plaintext_len != max_len,
+ "Message unpadded with invalid padding has correct length");
+ }
}
/* decryption with SSLV23 will fail if it was used during encryption */