diff options
author | Janusz Kozerski <j.kozerski@samsung.com> | 2015-07-03 14:26:44 +0200 |
---|---|---|
committer | Janusz Kozerski <j.kozerski@samsung.com> | 2015-07-17 14:33:45 +0200 |
commit | ecacacfce9dc0f97fc67ba032726583b8881ed97 (patch) | |
tree | b8710bbd27d939524bf26bb802056d6736c85f8a | |
parent | 1bf0726b3028ddfaae0cdd70e46b416335da39a0 (diff) | |
download | cert-checker-ecacacfce9dc0f97fc67ba032726583b8881ed97.tar.gz cert-checker-ecacacfce9dc0f97fc67ba032726583b8881ed97.tar.bz2 cert-checker-ecacacfce9dc0f97fc67ba032726583b8881ed97.zip |
Add OCSP verification (CKM API is used)
* Add tests for certificates
* Remove unnecessary methods in Logic class
* Add missing include
* Use new cert-checker-vcore API
Change-Id: Idfa777d1f1ba6f7142ea78e29bf1bc63415b128e
-rw-r--r-- | packaging/cert-checker.spec | 5 | ||||
-rw-r--r-- | src/CMakeLists.txt | 1 | ||||
-rw-r--r-- | src/certs.cpp | 178 | ||||
-rw-r--r-- | src/include/cchecker/certs.h | 31 | ||||
-rw-r--r-- | src/include/cchecker/logic.h | 6 | ||||
-rw-r--r-- | src/logic.cpp | 69 | ||||
-rw-r--r-- | tests/CMakeLists.txt | 16 | ||||
-rw-r--r-- | tests/certs_.cpp | 38 | ||||
-rw-r--r-- | tests/certs_.h | 37 | ||||
-rw-r--r-- | tests/files/app1/author-signature.xml | 75 | ||||
-rw-r--r-- | tests/files/app1/signature1.xml | 80 | ||||
-rw-r--r-- | tests/files/app_2/signature1.xml | 80 | ||||
-rw-r--r-- | tests/test_certs.cpp | 477 |
13 files changed, 1043 insertions, 50 deletions
diff --git a/packaging/cert-checker.spec b/packaging/cert-checker.spec index 9f3ce30..0d11355 100644 --- a/packaging/cert-checker.spec +++ b/packaging/cert-checker.spec @@ -15,6 +15,7 @@ BuildRequires: pkgconfig(notification) BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: pkgconfig(cert-svc-vcore) +BuildRequires: pkgconfig(key-manager) BuildRequires: pkgconfig(libsystemd-journal) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(sqlite3) @@ -44,7 +45,8 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir} " %cmake . -DVERSION=%{version} \ -DDB_INSTALL_DIR=%{TZ_SYS_DB} \ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ - -DCMAKE_VERBOSE_MAKEFILE=ON + -DCMAKE_VERBOSE_MAKEFILE=ON \ + -DTEST_APP_SIGNATURES_DIR="/root/cert-checker-test" make %{?jobs:-j%jobs} @@ -68,3 +70,4 @@ rm -rf %{buildroot} %defattr(-,root,root,-) %{_bindir}/cert-checker-tests %{TZ_SYS_DB}/.cert-checker-test.db +/root/cert-checker-test/*/*.xml diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index bd75eb5..d5a56eb 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -8,6 +8,7 @@ PKG_CHECK_MODULES(CERT_CHECKER_DEP gio-2.0 icu-i18n notification + key-manager libsystemd-journal libtzplatform-config sqlite3 diff --git a/src/certs.cpp b/src/certs.cpp index 5b69ba0..277546d 100644 --- a/src/certs.cpp +++ b/src/certs.cpp @@ -18,7 +18,7 @@ * @author Janusz Kozerski (j.kozerski@samsung.com) * @version 1.0 * @brief This file is the implementation of certificates logic - * Getting out findinf app signature, getting certificates out of + * Getting out app signature, getting certificates out of * signature. Checking OCSP */ #include <sys/types.h> @@ -26,13 +26,15 @@ #include <list> #include <memory> #include <string> -#include <set> #include <vector> -#include <vcore/Certificate.h> +#include <vcore/CertificateCollection.h> #include <vcore/SignatureReader.h> #include <vcore/SignatureFinder.h> #include <vcore/WrtSignatureValidator.h> #include <vcore/VCore.h> +#include <ckm/ckm-type.h> +#include <ckm/ckm-raw-buffer.h> +#include <tzplatform_config.h> #include <cchecker/certs.h> #include <cchecker/log.h> @@ -47,6 +49,7 @@ namespace CCHECKER { Certs::Certs() { ValidationCore::VCoreInit(); + m_ckm = CKM::Manager::create(); } Certs::~Certs() @@ -136,10 +139,9 @@ void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_u LogDebug("Certificate: " << app_cert << " has been added"); // check OCSP URL - std::string ocsp_url = DPL::ToUTF8String((*cert_iter)->getOCSPURL()); + std::string ocsp_url = (*cert_iter)->getOCSPURL(); if (ocsp_url != std::string("")) { - std::string issuer = DPL::ToUTF8String( - (*cert_iter)->getCommonName(ValidationCore::Certificate::FIELD_ISSUER)); + std::string issuer = (*cert_iter)->getCommonName(ValidationCore::Certificate::FIELD_ISSUER); int64_t time = (*cert_iter)->getNotBefore(); url_t url(issuer, ocsp_url, time); ocsp_urls.push_back(url); @@ -158,4 +160,168 @@ void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_u } } +bool Certs::ocsp_create_list (const chain_t &chain, ValidationCore::CertificateList &certs_list) +{ + ValidationCore::CertificateCollection collection; + ValidationCore::CertificateList list; + + LogDebug("Chain size: " << chain.size()); + for (auto &iter : chain) { + try { + ValidationCore::CertificatePtr p_cert( + new ValidationCore::Certificate(iter, ValidationCore::Certificate::FORM_BASE64)); + list.push_back(p_cert); + } catch (const ValidationCore::Certificate::Exception::Base& exception) { + LogError("Error while creating certificate from BASE64: " << exception.DumpToString()); + return false; + } + LogDebug("Load certificate to list: " << list.size()); + } + + // Function collection.load which takes certificate in std::string BASE64 fails for some reason, + // so load(const CertificateList &certList) is used. + collection.load(list); + LogDebug("Load certificate to CertificateCollection: " << collection.size()); + + if (!collection.sort()) { + LogError("Cannot make chain of certificates"); + // What to do if chain cannot be build? + return false; + } + + if (collection.isChain()) { + LogDebug("Build chain succeed, size: " << collection.size()); + } else { + LogError("Building chain failed"); + return false; + } + + certs_list = collection.getCertificateList(); + + return true; +} + +bool Certs::ocsp_build_chain (const ValidationCore::CertificateList &certs_list, CKM::CertificateShPtrVector &vect_ckm_chain) +{ + CKM::CertificateShPtrVector vect_untrusted; + + bool first = true; + CKM::CertificateShPtr cert_end_entity; + LogDebug("Size of certs_list: " << certs_list.size()); + for (auto &iter : certs_list) { + std::string cert_cp(iter->getBase64()); + CKM::RawBuffer buff(cert_cp.begin(), cert_cp.end()); + CKM::CertificateShPtr cert = CKM::Certificate::create(buff, CKM::DataFormat::FORM_DER_BASE64); + + if (!cert) { + LogDebug("CKM failed to create certificate"); + return false; + } + else if (first) { + cert_end_entity = cert; + first = false; + LogDebug("Found end entity certificate"); + } + else { + vect_untrusted.push_back(cert); + LogDebug("Found untrusted certificate"); + } + } + + int ret = m_ckm->getCertificateChain( + cert_end_entity, + vect_untrusted, + CKM::CertificateShPtrVector(), + true, // useTrustedSystemCertificates + vect_ckm_chain); + if (ret != CKM_API_SUCCESS) { + LogError("CKM getCertificateChain returned: " << ret); + // TODO: Add handling for different errors codes? + return false; + } + + return true; +} + +Certs::ocsp_response_t Certs::check_ocsp_chain (const chain_t &chain) +{ + ValidationCore::CertificateList certs_list; + if (!ocsp_create_list(chain, certs_list)) { + LogError("Error while build list of certificates"); + return Certs::ocsp_response_t::OCSP_CERT_ERROR; + } + + CKM::CertificateShPtrVector vect_ckm_chain; + + if (!ocsp_build_chain(certs_list, vect_ckm_chain)) { + LogError("Error while build chain of certificates"); + return Certs::ocsp_response_t::OCSP_CERT_ERROR; + } + + int status; + int ret = m_ckm->ocspCheck(vect_ckm_chain, status); + if (ret != CKM_API_SUCCESS) { + LogError("CKM ckeck OCSP returned " << ret); + // Add handling for different errors codes + // For these we can try to check ocsp again later: + switch (ret) { + case CKM_API_ERROR_SOCKET: + case CKM_API_ERROR_BAD_REQUEST: + case CKM_API_ERROR_BAD_RESPONSE: + case CKM_API_ERROR_SEND_FAILED: + case CKM_API_ERROR_RECV_FAILED: + case CKM_API_ERROR_SERVER_ERROR: + case CKM_API_ERROR_OUT_OF_MEMORY: + return Certs::ocsp_response_t::OCSP_CHECK_AGAIN; + // Any other error should be recurrent - checking the same app again + // should give the same result. + default: + return Certs::ocsp_response_t::OCSP_CERT_ERROR; + } + } + + LogDebug("OCSP status: " << status); + switch (status) { + // Remove app from "to-check" list: + case CKM_API_OCSP_STATUS_GOOD: + return Certs::ocsp_response_t::OCSP_APP_OK; + case CKM_API_OCSP_STATUS_UNSUPPORTED: + case CKM_API_OCSP_STATUS_UNKNOWN: + case CKM_API_OCSP_STATUS_INVALID_URL: + return Certs::ocsp_response_t::OCSP_CERT_ERROR; + + //Show popup to user and remove app from "to-check" list + case CKM_API_OCSP_STATUS_REVOKED: + return Certs::ocsp_response_t::OCSP_APP_REVOKED; + + //Keep app for checking it again later: + case CKM_API_OCSP_STATUS_NET_ERROR: + case CKM_API_OCSP_STATUS_INVALID_RESPONSE: + case CKM_API_OCSP_STATUS_REMOTE_ERROR: + case CKM_API_OCSP_STATUS_INTERNAL_ERROR: + return Certs::ocsp_response_t::OCSP_CHECK_AGAIN; + + default: + // This should never happen + return Certs::ocsp_response_t::OCSP_CERT_ERROR; + } +} + +Certs::ocsp_response_t Certs::check_ocsp (const app_t &app) +{ + bool check_again = false; + + for (auto &iter : app.signatures) { + Certs::ocsp_response_t resp = check_ocsp_chain(iter); + if (resp == Certs::ocsp_response_t::OCSP_APP_REVOKED) + return Certs::ocsp_response_t::OCSP_APP_REVOKED; + if (resp == Certs::ocsp_response_t::OCSP_CHECK_AGAIN) + check_again = true; + } + + if (check_again) + return Certs::ocsp_response_t::OCSP_CHECK_AGAIN; + return Certs::ocsp_response_t::OCSP_APP_OK; +} + } // CCHECKER diff --git a/src/include/cchecker/certs.h b/src/include/cchecker/certs.h index ed8efe0..7da95e6 100644 --- a/src/include/cchecker/certs.h +++ b/src/include/cchecker/certs.h @@ -25,19 +25,36 @@ #ifndef CCHECKER_CERTS_H #define CCHECKER_CERTS_H +#include <ckm/ckm-certificate.h> +#include <vcore/Certificate.h> + #include <cchecker/app.h> +#include <ckm/ckm-manager.h> namespace CCHECKER { class Certs { public: - Certs(); - virtual ~Certs(); - void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls); - private: - void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls); - void search_app (app_t &app, ocsp_urls_t &ocsp_urls); - + enum class ocsp_response_t { + OCSP_APP_OK, + OCSP_APP_REVOKED, + OCSP_CHECK_AGAIN, + OCSP_CERT_ERROR + }; + Certs(); + virtual ~Certs(); + void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls); + ocsp_response_t check_ocsp (const app_t &app); // TODO: add custom url support + protected: // Needed for tests + ocsp_response_t check_ocsp_chain (const chain_t &chain); + void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls); + void search_app (app_t &app, ocsp_urls_t &ocsp_urls); + bool ocsp_create_list(const chain_t &chain, ValidationCore::CertificateList &certs_list); + bool ocsp_build_chain (const ValidationCore::CertificateList &certs_list, + CKM::CertificateShPtrVector &vect_ckm_chain); + + //private: + CKM::ManagerShPtr m_ckm; }; } // CCHECKER diff --git a/src/include/cchecker/logic.h b/src/include/cchecker/logic.h index d698437..8627c1d 100644 --- a/src/include/cchecker/logic.h +++ b/src/include/cchecker/logic.h @@ -80,13 +80,9 @@ class Logic { error_t setup_db(); void load_database_to_buffer(); - void check_ocsp(app_t &app); void add_ocsp_url(const std::string &issuer, const std::string &url, int64_t date); - void pkgmanager_uninstall(const app_t &app); - void get_certs_from_signature(const std::string &signature, std::vector<std::string> &cert); - void add_app_to_buffer_and_database(const app_t &app); - void remove_app_from_buffer(const app_t &app); + void remove_app_from_buffer_and_database(const app_t &app); void pkgmgr_callback_internal(GVariant *parameters, pkgmgr_event_t event); error_t register_dbus_signal_handler(GDBusProxy *proxy, diff --git a/src/logic.cpp b/src/logic.cpp index 445c266..e919e5f 100644 --- a/src/logic.cpp +++ b/src/logic.cpp @@ -317,27 +317,11 @@ void Logic::connman_callback(GDBusProxy */*proxy*/, } } -void Logic::check_ocsp(app_t &app) -{ - (void)app; -} - void Logic::add_ocsp_url(const string &issuer, const string &url, int64_t date) { m_sqlquery->set_url(issuer, url, date); } -void Logic::pkgmanager_uninstall(const app_t &app) -{ - (void)app; -} - -void Logic::get_certs_from_signature(const string &signature, vector<string> &cert) -{ - (void)signature; - (void)cert; -} - void Logic::load_database_to_buffer() { LogDebug("Loading database to the buffer"); @@ -357,8 +341,32 @@ void Logic::process_queue(void) error_t Logic::process_buffer(void) { - for(auto iter = m_buffer.begin(); iter != m_buffer.end(); iter++) { - // TODO: Implement checking OCSP + for (auto iter = m_buffer.begin(); iter != m_buffer.end();) { + // If OCSP checking fails we should remove application from buffer and database + Certs::ocsp_response_t ret; + ret = m_certs.check_ocsp(*iter); + if (ret == Certs::ocsp_response_t::OCSP_APP_OK || + ret == Certs::ocsp_response_t::OCSP_CERT_ERROR) { + LogDebug(iter->str() << " OCSP verified (or not available for app's chains)"); + app_t app_cpy = *iter; + iter++; + remove_app_from_buffer_and_database(app_cpy); + } + else if (ret == Certs::ocsp_response_t::OCSP_APP_REVOKED) { + LogDebug(iter->str() << " certificate has been revoked. Popup should be shown"); + app_t app_cpy = *iter; + iter++; + // TODO: Do not remove app here - just waits for user answer from popup + // Temporary solution because popup doesn't work + remove_app_from_buffer_and_database(app_cpy); + + } + else { + LogDebug(iter->str() << " should be checked again later"); + // If check_ocsp returns Certs::ocsp_response_t::OCSP_CHECK_AGAIN + // app should be checked again later + iter++; + } } return NO_ERROR; } @@ -409,8 +417,7 @@ void Logic::process_event(const event_t &event) } } else if (event.event_type == event_t::event_type_t::APP_UNINSTALL) { - remove_app_from_buffer(event.app); - m_sqlquery->remove_app_from_check_list(event.app); + remove_app_from_buffer_and_database(event.app); } else LogError("Unknown event type"); @@ -428,21 +435,23 @@ void Logic::add_app_to_buffer_and_database(const app_t &app) m_buffer.push_back(app); } -void Logic::remove_app_from_buffer(const app_t &app) +// Notice that this operator doesn't compare list of certificate, because it isn't needed here. +// This operator is implemented only for using in m_buffer.remove() method; +// Operator which compares certificates is implemented in tests. +bool operator ==(const app_t &app1, const app_t &app2) +{ + return app1.app_id == app2.app_id && + app1.pkg_id == app2.pkg_id && + app1.uid == app2.uid; +} + +void Logic::remove_app_from_buffer_and_database(const app_t &app) { // First remove app from DB m_sqlquery->remove_app_from_check_list(app); // Then remove app from buffer - for (auto iter = m_buffer.begin(); iter != m_buffer.end(); ++iter) { - if (iter->app_id == app.app_id && - iter->pkg_id == app.pkg_id && - iter->uid == app.uid) { - LogDebug(iter->str() << " found in buffer - will be removed"); - m_buffer.erase(iter); - break; - } - } + m_buffer.remove(app); } bool Logic::get_should_exit(void) const diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index bff89b6..f3cd9e4 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,12 +1,13 @@ PKG_CHECK_MODULES(CERT_CHECKER_TESTS_DEP REQUIRED + cert-svc-vcore dbus-1 dbus-glib-1 db-util glib-2.0 gio-2.0 icu-i18n - notification + key-manager libsystemd-journal libtzplatform-config sqlite3 @@ -14,6 +15,7 @@ PKG_CHECK_MODULES(CERT_CHECKER_TESTS_DEP FIND_PACKAGE(Threads REQUIRED) ADD_DEFINITIONS( "-DBOOST_TEST_DYN_LINK" ) +ADD_DEFINITIONS("-DTEST_APP_SIGNATURES_DIR=\"${TEST_APP_SIGNATURES_DIR}\"") SET(CERT_CHECKER_SRC_PATH ${PROJECT_SOURCE_DIR}/src) SET(CERT_CHECKER_TESTS_SRC_PATH ${PROJECT_SOURCE_DIR}/tests) @@ -28,9 +30,12 @@ SET(CERT_CHECKER_TESTS_SOURCES ${CERT_CHECKER_TESTS_SRC_PATH}/test_db.cpp ${CERT_CHECKER_TESTS_SRC_PATH}/test_queue.cpp ${CERT_CHECKER_TESTS_SRC_PATH}/queue_test_thread.cpp + ${CERT_CHECKER_TESTS_SRC_PATH}/test_certs.cpp + ${CERT_CHECKER_TESTS_SRC_PATH}/certs_.cpp # cert-checker ${CERT_CHECKER_SRC_PATH}/app.cpp ${CERT_CHECKER_SRC_PATH}/queue.cpp + ${CERT_CHECKER_SRC_PATH}/certs.cpp # logs ${CERT_CHECKER_SRC_PATH}/log/log.cpp # dpl @@ -65,4 +70,13 @@ TARGET_LINK_LIBRARIES(${TARGET_CERT_CHECKER_TESTS} -ldl ) +#### Test files/signatures +INSTALL(FILES + files/app1/author-signature.xml + files/app1/signature1.xml + DESTINATION ${TEST_APP_SIGNATURES_DIR}/app1/) +INSTALL(FILES + files/app_2/signature1.xml + DESTINATION ${TEST_APP_SIGNATURES_DIR}/app_2/) + INSTALL(TARGETS ${TARGET_CERT_CHECKER_TESTS} DESTINATION ${BINDIR}) diff --git a/tests/certs_.cpp b/tests/certs_.cpp new file mode 100644 index 0000000..8155b90 --- /dev/null +++ b/tests/certs_.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file certs_.cpp + * @author Janusz Kozerski (j.kozerski@samsung.com) + * @version 1.0 + * @brief Implementation of Certs for testing + */ + +#include <certs_.h> + +using namespace CCHECKER; + +Certs_::~Certs_() +{} + +Certs_::ocsp_response_t Certs_::check_ocsp_chain_ (const chain_t &chain) +{ + return this->check_ocsp_chain(chain); +} + +void Certs_::find_app_signatures_ (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls) +{ + return this->find_app_signatures(app, app_path, ocsp_urls); +} diff --git a/tests/certs_.h b/tests/certs_.h new file mode 100644 index 0000000..70dece5 --- /dev/null +++ b/tests/certs_.h @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file certs_.h + * @author Janusz Kozerski (j.kozerski@samsung.com) + * @version 1.0 + * @brief Implementation of Certs for testing + */ + +#include <cchecker/certs.h> + +#ifndef CCHECKER_DBFIXTURE_H +#define CCHECKER_DBFIXTURE_H + +using namespace CCHECKER; + +class Certs_ : public Certs { + public: + virtual ~Certs_(); + ocsp_response_t check_ocsp_chain_ (const chain_t &chain); + void find_app_signatures_ (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls); +}; + +#endif //CCHECKER_DBFIXTURE_H diff --git a/tests/files/app1/author-signature.xml b/tests/files/app1/author-signature.xml new file mode 100644 index 0000000..0fb85ce --- /dev/null +++ b/tests/files/app1/author-signature.xml @@ -0,0 +1,75 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="images/tizen_32.png"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue> +</Reference> +<Reference URI="icon.png"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue> +</Reference> +<Reference URI="js/main.js"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>gJORpAB1ok2tUJx0JeQkk9ByvXOQLMG4BMddjCQxYBs=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>yckSRw904y3goDeL/oBnL0BM2kWy22cS4l8EFOrnhbM=</DigestValue> +</Reference> +<Reference URI="css/style.css"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>mVyzTIt7toDjqJDyK8zFNfUxuVnC7msv17Oai/+NZdI=</DigestValue> +</Reference> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>KXS856VpStHxKdsgVoSkzgI0faEpYC0wTg2+ahLwCEk=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +QBiwbw/ChRHbNgpCMP5ht2U/BX9sfBgKFTmxEsxywtl1QUBRi+XbK3fhjt+SqBwv32RtEq0TouwB +7rthEpLNj9R+GJwCdjNpl79kEvZcY+KaWk2gSXsQ5THtnN9wXxfi95ke84lOpbQ6+y8pPzLbEx5Q +yYdu4jOAIscr2NV9bbM= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIIClDCCAf2gAwIBAgIGAT4hYbcpMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG +A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD +VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB +MB4XDTEzMDQxOTA4MjA1MloXDTQwMDkwNDA4MjA1MVowgZUxCzAJBgNVBAYTAlBMMREwDwYDVQQI +DAhNYXpvdmlhbjEPMA0GA1UEBwwGV2Fyc2F3MQ4wDAYDVQQKDAVTUlBPTDERMA8GA1UECwwIS1NG +L1dTU1AxJTAjBgkqhkiG9w0BCQEWFmoua296ZXJza2lAc2Ftc3VuZy5jb20xGDAWBgNVBAMMD0ph +bnVzeiBLb3plcnNraTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs0REWSsOn/QyVDSjSTRE +0W+LacX4cifRYI16nQi8WJhCAymhOg4UVXUk31Iwta8lOnQvgoce8bR+/dbCzDBmnogq8KXWlEtn +Ma3X6Tvz5BZfNy4Zj44G/aK0tJvnBj28h2ZZe545BNNW4zKR4SvNie9uM8v1r16PZaaS0YxOXl0C +AwEAATANBgkqhkiG9w0BAQUFAAOBgQCGuwLCcQAAQz2Op83gTl0Pb+f7AinL8d3XGRC8dtFPqSrZ +wN3gEEIQxQeYLahEVPAsD1K9aWebbWm/sjpDERKW7hmYvGYz90Z+ocLKdork5XgQWqVGt7qi+pxZ +x6VDuNVxDrQtsX/hLf/YBhZJuzs/LSdlErUKQM8fdxvVzbld3w== +</X509Certificate> +<X509Certificate> +MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw +IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0 +IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ +BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu +IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl +biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK +xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz +dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL +AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC +iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C +K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk= +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/files/app1/signature1.xml b/tests/files/app1/signature1.xml new file mode 100644 index 0000000..844066e --- /dev/null +++ b/tests/files/app1/signature1.xml @@ -0,0 +1,80 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="author-signature.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>VPyQoHNa+V9BwhCD/D8Yk94MFRnWdS7LLts1CIUwp1Y=</DigestValue> +</Reference> +<Reference URI="images/tizen_32.png"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue> +</Reference> +<Reference URI="icon.png"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue> +</Reference> +<Reference URI="js/main.js"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>gJORpAB1ok2tUJx0JeQkk9ByvXOQLMG4BMddjCQxYBs=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>yckSRw904y3goDeL/oBnL0BM2kWy22cS4l8EFOrnhbM=</DigestValue> +</Reference> +<Reference URI="css/style.css"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>mVyzTIt7toDjqJDyK8zFNfUxuVnC7msv17Oai/+NZdI=</DigestValue> +</Reference> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>KXS856VpStHxKdsgVoSkzgI0faEpYC0wTg2+ahLwCEk=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +IjFZ+/u8TVgj1DcogK/3X54hOxIrWYFllqppy9x7VoCjNmfc3d+ceezOcs2Vhg8CHpBcPMb9m4iD +eAPHMz0HXZbHjfOlKqBwXbaPLf6b7zJBhhgD8vTCcq2q8FYq9jIEe/7FMe2E36XoBRgS6cl6Y//y +K6vhCnlJKbrmZBsCMeA= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry +aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS +MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex +IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp +YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK +90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H +mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB +hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez +GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1 +vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc= +</X509Certificate> +<X509Certificate> +MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw +IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj +IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb +VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe +OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp +bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah +2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ +KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+ +yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0 +VhfnkHwPltmrpYVe +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/files/app_2/signature1.xml b/tests/files/app_2/signature1.xml new file mode 100644 index 0000000..ade9e14 --- /dev/null +++ b/tests/files/app_2/signature1.xml @@ -0,0 +1,80 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="author-signature.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>STd01qoNmkFKYFkHtIfTNzz44Sooj4yPcbnpPMvNXrA=</DigestValue> +</Reference> +<Reference URI="images/tizen_32.png"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue> +</Reference> +<Reference URI="icon.png"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue> +</Reference> +<Reference URI="js/main.js"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>gJORpAB1ok2tUJx0JeQkk9ByvXOQLMG4BMddjCQxYBs=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>yckSRw904y3goDeL/oBnL0BM2kWy22cS4l8EFOrnhbM=</DigestValue> +</Reference> +<Reference URI="css/style.css"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>mVyzTIt7toDjqJDyK8zFNfUxuVnC7msv17Oai/+NZdI=</DigestValue> +</Reference> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>n6D6h7VGH+8sz01o3wJNEWZNaoOQ2u3Lr2u1lcxkR9Y=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +fxRqA7mM4PjJLYYTgz2nnV7VNmBvHU17VY3uAEKShLlYclmvj5GKNfdmlHrSd08KxMcHiqSJc1OE +up2BNsnJ3UHIV6LLqFlOqdybXg3CH8jPiHWKG8Ns8xbljpIemRq5p3ZrMZdaTXjmP4B92GoWEdo2 +5uFbrpGzZLxpxnyAxLE= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry +aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS +MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex +IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp +YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK +90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H +mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB +hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez +GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1 +vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc= +</X509Certificate> +<X509Certificate> +MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw +IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj +IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb +VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe +OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp +bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah +2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ +KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+ +yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0 +VhfnkHwPltmrpYVe +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/test_certs.cpp b/tests/test_certs.cpp new file mode 100644 index 0000000..1867e4e --- /dev/null +++ b/tests/test_certs.cpp @@ -0,0 +1,477 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_certs.cpp + * @author Janusz Kozerski (j.kozerski@samsung.com) + * @version 1.0 + * @brief Tests of certs class (signatures, certificates, OCSP) + */ + +#include <boost/test/unit_test.hpp> +#include <string> +#include <thread> + +#include <cchecker/log.h> +#include <certs_.h> +#include <app_event_operators.h> + +using namespace CCHECKER; + +BOOST_FIXTURE_TEST_SUITE(CERT_TEST, Certs_) + +BOOST_AUTO_TEST_CASE(Certs_OCSP_positive) { + + //*.wikipedia.com: + chain_t chain = { + "MIIH1jCCBr6gAwIBAgISESGXLjKl5bLinUct/tty1iduMA0GCSqGSIb3DQEBCwUA\ +MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD\ +VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB\ +MjU2IC0gRzIwHhcNMTQxMjE2MjEyNDAzWhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD\ +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\ +aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV\ +BAMMDyoud2lraXBlZGlhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\ +ggEBAMH1s5FRkOrf7p3fQNqqKbre0J/7w3isYDt/tRZw4bHm7mI73Y5335iwulvr\ +Bmsq93RSMHizLx8J0RdkKcfitWS/o0kIKP1wehDzHOerH6s1e7Z3j/uI6mMzDZMs\ +EWDnPA21kwqtXEIwYEAj+tRU832j3CeJ3pMCE75uE+lnN0hVJIXd2c0/hnPRAWTV\ +ENV6FQGCy1zwowlndvFTALQ+4LSCNtZnwVtSecgKVPAO/WkLMk2OdLB6UITT1wPN\ +iP2qzm2uFWetO/MzN6paOiS2DqXFp4r7KZTSNOl3CTn8MufKGPqA0ajJJDLSX0/K\ +DmC1Sw6ndBerUuRDSaDeEq2I8HMCAwEAAaOCBGkwggRlMA4GA1UdDwEB/wQEAwIF\ +oDBJBgNVHSAEQjBAMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3\ +dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzCCAq4GA1UdEQSCAqUwggKhgg8q\ +Lndpa2lwZWRpYS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3Jn\ +gg4qLndpa2lkYXRhLm9yZ4IPKi53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZv\ +dW5kYXRpb24ub3Jngg4qLndpa2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAq\ +Lndpa2lzb3VyY2Uub3JnghEqLndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdl\ +Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53\ +aWtpcGVkaWEub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IQKi5tLndpa2lkYXRhLm9y\ +Z4IRKi5tLndpa2ltZWRpYS5vcmeCGyoubS53aWtpbWVkaWFmb3VuZGF0aW9uLm9y\ +Z4IQKi5tLndpa2luZXdzLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtp\ +c291cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uu\ +b3JnghIqLm0ud2lrdGlvbmFyeS5vcmeCFCouemVyby53aWtpcGVkaWEub3Jngg1t\ +ZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5vcmeCDXdpa2lt\ +ZWRpYS5vcmeCF3dpa2ltZWRpYWZvdW5kYXRpb24ub3Jnggx3aWtpbmV3cy5vcmeC\ +DXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeC\ +Dndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4INd2lraXBlZGlhLm9yZzAJ\ +BgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHR8E\ +QjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5p\ +emF0aW9udmFsc2hhMmcyLmNybDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUH\ +MAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5p\ +emF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIu\ +Z2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwHQYDVR0OBBYE\ +FPijzqMJdm7bqDx4SGOcGUzAx0qdMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07\ +gwBA5hp8MA0GCSqGSIb3DQEBCwUAA4IBAQC45+nGVISGOZctc9mxhil3EDmlBIzY\ +5mQJ+APT5oUGthZfe6v9lP7yRLIEhHMDl72Jrnzzx3ksUnAqJTOcsnuzQvZq45pn\ +gOk/sO6ilkOun/u5QBigxne1/P4g2SYkISqRqA0Z9FloEd6odDb6dbIHhhz270rH\ +3pjewMLq6OA09eklPav4f3NiBL/VcqG53TRTJW6eHxZuEsGAgBmwk6jKf8e+BjmZ\ +4V9POUs5kH7d1OJs9d5Fv9y3t/Yt1pGaHyK/DTUbYVhMyn0EaLxd3FLJ9ABKpQJ+\ +OUcTfe55U2Ox1H/87b6Ca04DDl3u2i87jPbhgshWSNwU8+llHCst0sbG", + +"MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG\ +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\ +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw\ +MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\ +YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW\ +YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\ +DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc\ +C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj\ +SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj\ +mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt\ +Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl\ +2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B\ +Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT\ +HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0\ +dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow\ +KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB\ +BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv\ +bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI\ +hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s\ +32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy\ +XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3\ +30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA\ +SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G\ +K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=", + +"MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\ +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\ +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\ +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\ +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\ +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\ +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\ +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\ +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\ +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\ +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\ +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\ +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\ +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\ +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\ +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\ +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A=="}; + + Certs::ocsp_response_t resp = check_ocsp_chain_ (chain); + LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp); + BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_CHECK_AGAIN); +} + +BOOST_AUTO_TEST_CASE(Certs_OCSP_negative_1) { + // Broken chain of certificates + + //*.wikipedia.com: + chain_t chain = { + "MIIH1jCCBr6gAwIBAgISESGXLjKl5bLinUct/tty1iduMA0GCSqGSIb3DQEBCwUA\ +MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD\ +VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB\ +MjU2IC0gRzIwHhcNMTQxMjE2MjEyNDAzWhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD\ +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\ +aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV\ +BAMMDyoud2lraXBlZGlhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\ +ggEBAMH1s5FRkOrf7p3fQNqqKbre0J/7w3isYDt/tRZw4bHm7mI73Y5335iwulvr\ +Bmsq93RSMHizLx8J0RdkKcfitWS/o0kIKP1wehDzHOerH6s1e7Z3j/uI6mMzDZMs\ +EWDnPA21kwqtXEIwYEAj+tRU832j3CeJ3pMCE75uE+lnN0hVJIXd2c0/hnPRAWTV\ +ENV6FQGCy1zwowlndvFTALQ+4LSCNtZnwVtSecgKVPAO/WkLMk2OdLB6UITT1wPN\ +iP2qzm2uFWetO/MzN6paOiS2DqXFp4r7KZTSNOl3CTn8MufKGPqA0ajJJDLSX0/K\ +DmC1Sw6ndBerUuRDSaDeEq2I8HMCAwEAAaOCBGkwggRlMA4GA1UdDwEB/wQEAwIF\ +oDBJBgNVHSAEQjBAMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3\ +dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzCCAq4GA1UdEQSCAqUwggKhgg8q\ +Lndpa2lwZWRpYS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3Jn\ +gg4qLndpa2lkYXRhLm9yZ4IPKi53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZv\ +dW5kYXRpb24ub3Jngg4qLndpa2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAq\ +Lndpa2lzb3VyY2Uub3JnghEqLndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdl\ +Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53\ +aWtpcGVkaWEub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IQKi5tLndpa2lkYXRhLm9y\ +Z4IRKi5tLndpa2ltZWRpYS5vcmeCGyoubS53aWtpbWVkaWFmb3VuZGF0aW9uLm9y\ +Z4IQKi5tLndpa2luZXdzLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtp\ +c291cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uu\ +b3JnghIqLm0ud2lrdGlvbmFyeS5vcmeCFCouemVyby53aWtpcGVkaWEub3Jngg1t\ +ZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5vcmeCDXdpa2lt\ +ZWRpYS5vcmeCF3dpa2ltZWRpYWZvdW5kYXRpb24ub3Jnggx3aWtpbmV3cy5vcmeC\ +DXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeC\ +Dndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4INd2lraXBlZGlhLm9yZzAJ\ +BgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHR8E\ +QjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5p\ +emF0aW9udmFsc2hhMmcyLmNybDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUH\ +MAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5p\ +emF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIu\ +Z2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwHQYDVR0OBBYE\ +FPijzqMJdm7bqDx4SGOcGUzAx0qdMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07\ +gwBA5hp8MA0GCSqGSIb3DQEBCwUAA4IBAQC45+nGVISGOZctc9mxhil3EDmlBIzY\ +5mQJ+APT5oUGthZfe6v9lP7yRLIEhHMDl72Jrnzzx3ksUnAqJTOcsnuzQvZq45pn\ +gOk/sO6ilkOun/u5QBigxne1/P4g2SYkISqRqA0Z9FloEd6odDb6dbIHhhz270rH\ +3pjewMLq6OA09eklPav4f3NiBL/VcqG53TRTJW6eHxZuEsGAgBmwk6jKf8e+BjmZ\ +4V9POUs5kH7d1OJs9d5Fv9y3t/Yt1pGaHyK/DTUbYVhMyn0EaLxd3FLJ9ABKpQJ+\ +OUcTfe55U2Ox1H/87b6Ca04DDl3u2i87jPbhgshWSNwU8+llHCst0sbG"}; + + Certs::ocsp_response_t resp = check_ocsp_chain_ (chain); + LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp); + BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_CERT_ERROR); +} + +BOOST_AUTO_TEST_CASE(Certs_OCSP_negative_2) { + // Last Certificate is corrupted + + chain_t chain = { + "MIIH1jCCBr6gAwIBAgISESGXLjKl5bLinUct/tty1iduMA0GCSqGSIb3DQEBCwUA\ +MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD\ +VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB\ +MjU2IC0gRzIwHhcNMTQxMjE2MjEyNDAzWhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD\ +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\ +aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV\ +BAMMDyoud2lraXBlZGlhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\ +ggEBAMH1s5FRkOrf7p3fQNqqKbre0J/7w3isYDt/tRZw4bHm7mI73Y5335iwulvr\ +Bmsq93RSMHizLx8J0RdkKcfitWS/o0kIKP1wehDzHOerH6s1e7Z3j/uI6mMzDZMs\ +EWDnPA21kwqtXEIwYEAj+tRU832j3CeJ3pMCE75uE+lnN0hVJIXd2c0/hnPRAWTV\ +ENV6FQGCy1zwowlndvFTALQ+4LSCNtZnwVtSecgKVPAO/WkLMk2OdLB6UITT1wPN\ +iP2qzm2uFWetO/MzN6paOiS2DqXFp4r7KZTSNOl3CTn8MufKGPqA0ajJJDLSX0/K\ +DmC1Sw6ndBerUuRDSaDeEq2I8HMCAwEAAaOCBGkwggRlMA4GA1UdDwEB/wQEAwIF\ +oDBJBgNVHSAEQjBAMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3\ +dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzCCAq4GA1UdEQSCAqUwggKhgg8q\ +Lndpa2lwZWRpYS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3Jn\ +gg4qLndpa2lkYXRhLm9yZ4IPKi53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZv\ +dW5kYXRpb24ub3Jngg4qLndpa2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAq\ +Lndpa2lzb3VyY2Uub3JnghEqLndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdl\ +Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53\ +aWtpcGVkaWEub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IQKi5tLndpa2lkYXRhLm9y\ +Z4IRKi5tLndpa2ltZWRpYS5vcmeCGyoubS53aWtpbWVkaWFmb3VuZGF0aW9uLm9y\ +Z4IQKi5tLndpa2luZXdzLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtp\ +c291cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uu\ +b3JnghIqLm0ud2lrdGlvbmFyeS5vcmeCFCouemVyby53aWtpcGVkaWEub3Jngg1t\ +ZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5vcmeCDXdpa2lt\ +ZWRpYS5vcmeCF3dpa2ltZWRpYWZvdW5kYXRpb24ub3Jnggx3aWtpbmV3cy5vcmeC\ +DXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeC\ +Dndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4INd2lraXBlZGlhLm9yZzAJ\ +BgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHR8E\ +QjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5p\ +emF0aW9udmFsc2hhMmcyLmNybDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUH\ +MAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5p\ +emF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIu\ +Z2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwHQYDVR0OBBYE\ +FPijzqMJdm7bqDx4SGOcGUzAx0qdMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07\ +gwBA5hp8MA0GCSqGSIb3DQEBCwUAA4IBAQC45+nGVISGOZctc9mxhil3EDmlBIzY\ +5mQJ+APT5oUGthZfe6v9lP7yRLIEhHMDl72Jrnzzx3ksUnAqJTOcsnuzQvZq45pn\ +gOk/sO6ilkOun/u5QBigxne1/P4g2SYkISqRqA0Z9FloEd6odDb6dbIHhhz270rH\ +3pjewMLq6OA09eklPav4f3NiBL/VcqG53TRTJW6eHxZuEsGAgBmwk6jKf8e+BjmZ\ +4V9POUs5kH7d1OJs9d5Fv9y3t/Yt1pGaHyK/DTUbYVhMyn0EaLxd3FLJ9ABKpQJ+\ +OUcTfe55U2Ox1H/87b6Ca04DDl3u2i87jPbhgshWSNwU8+llHCst0sbG", + +"MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG\ +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\ +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw\ +MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\ +YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW\ +YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\ +DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc\ +C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj\ +SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj\ +mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt\ +Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl\ +2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B\ +Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT\ +HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0\ +dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow\ +KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB\ +BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv\ +bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI\ +hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s\ +32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy\ +XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3\ +30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA\ +SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G\ +K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=", + +"MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\ +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\ +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\ +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\ +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\ +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\ +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\ +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\ +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\ +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\ +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\ +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\ +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\ +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\ +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\ +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\ +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4"}; + + Certs::ocsp_response_t resp = check_ocsp_chain_ (chain); + LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp); + BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_CERT_ERROR); +} + +BOOST_AUTO_TEST_CASE(Certs_OCSP_positive_1) { + + chain_t chain = { + // MBANK, signed by SYMANTEC, expires 04 Feb 2016 + "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\ +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\ +IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\ +MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\ +ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\ +MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\ +DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\ +bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\ +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\ +JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\ +Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\ +aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\ +Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\ +dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\ +Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\ +HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\ +BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\ +dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\ +c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\ +BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\ +BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\ +KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\ +eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\ +AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\ +ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\ +9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\ +rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\ +LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\ +U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\ +vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\ +SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\ +aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\ +WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk", + + // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023 + "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\ +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\ +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\ +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\ +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\ +aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\ +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\ +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\ +YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\ +AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\ +FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\ +BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\ +pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\ +IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\ +zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\ +MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\ +BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\ +L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\ +eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\ +LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\ +GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\ +Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\ +hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\ +nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\ +qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\ +eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\ +LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\ +2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==" + }; + + Certs::ocsp_response_t resp = check_ocsp_chain_ (chain); + LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp); + BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_APP_OK); +} + +BOOST_AUTO_TEST_CASE(find_app_signatures_1) { + + // App1 + app_t app1("app_id", "pkg_id", 101, {}); + ocsp_urls_t ocsp_urls; + std::string path1 = std::string(TEST_APP_SIGNATURES_DIR) + std::string("/app1"); + + find_app_signatures (app1, path1, ocsp_urls); + BOOST_REQUIRE(app1.signatures.size() == 2); + // set signatures/certificates in defined oder; + sort(app1); + + app_t origin1("app_id", "pkg_id", 101, {}); + chain_t chain1 = {"MIIClDCCAf2gAwIBAgIGAT4hYbcpMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG\ +A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD\ +VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB\ +MB4XDTEzMDQxOTA4MjA1MloXDTQwMDkwNDA4MjA1MVowgZUxCzAJBgNVBAYTAlBMMREwDwYDVQQI\ +DAhNYXpvdmlhbjEPMA0GA1UEBwwGV2Fyc2F3MQ4wDAYDVQQKDAVTUlBPTDERMA8GA1UECwwIS1NG\ +L1dTU1AxJTAjBgkqhkiG9w0BCQEWFmoua296ZXJza2lAc2Ftc3VuZy5jb20xGDAWBgNVBAMMD0ph\ +bnVzeiBLb3plcnNraTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs0REWSsOn/QyVDSjSTRE\ +0W+LacX4cifRYI16nQi8WJhCAymhOg4UVXUk31Iwta8lOnQvgoce8bR+/dbCzDBmnogq8KXWlEtn\ +Ma3X6Tvz5BZfNy4Zj44G/aK0tJvnBj28h2ZZe545BNNW4zKR4SvNie9uM8v1r16PZaaS0YxOXl0C\ +AwEAATANBgkqhkiG9w0BAQUFAAOBgQCGuwLCcQAAQz2Op83gTl0Pb+f7AinL8d3XGRC8dtFPqSrZ\ +wN3gEEIQxQeYLahEVPAsD1K9aWebbWm/sjpDERKW7hmYvGYz90Z+ocLKdork5XgQWqVGt7qi+pxZ\ +x6VDuNVxDrQtsX/hLf/YBhZJuzs/LSdlErUKQM8fdxvVzbld3w==", + "MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO\ +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw\ +IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0\ +IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ\ +BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu\ +IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl\ +biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK\ +xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz\ +dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL\ +AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC\ +iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C\ +K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk="}; + + chain_t chain2 = {"MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV\ +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE\ +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry\ +aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS\ +MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex\ +IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp\ +YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK\ +90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H\ +mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB\ +hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez\ +GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1\ +vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc=", + "MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO\ +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw\ +IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj\ +IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL\ +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6\ +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb\ +VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe\ +OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp\ +bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah\ +2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ\ +KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+\ +yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0\ +VhfnkHwPltmrpYVe"}; + + + origin1.signatures.push_back(chain1); + origin1.signatures.push_back(chain2); + // set signatures/certificates in defined oder; + sort(origin1); + + LogDebug("APP1: " << app1.str() << ", CERTS: " << app1.str_certs()); + LogDebug("ORIG: " << origin1.str() << ", CERTS: " << origin1.str_certs()); + + BOOST_REQUIRE(app1 == origin1); + + // App_2 + app_t app2("app_id", "pkg_id", 102, {}); + std::string path2 = std::string(TEST_APP_SIGNATURES_DIR) + std::string("/app_2"); + + find_app_signatures (app2, path2, ocsp_urls); + BOOST_REQUIRE(app2.signatures.size() == 1); + // set signatures/certificates in defined oder; + sort(app2); + + + chain_t chain3 = {"MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV\ +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE\ +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry\ +aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS\ +MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex\ +IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp\ +YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK\ +90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H\ +mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB\ +hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez\ +GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1\ +vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc=", + "MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO\ +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw\ +IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj\ +IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL\ +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6\ +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb\ +VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe\ +OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp\ +bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah\ +2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ\ +KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+\ +yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0\ +VhfnkHwPltmrpYVe"}; + + app_t origin2("app_id", "pkg_id", 102, {}); + origin2.signatures.push_back(chain3); + + // set signatures/certificates in defined oder; + sort(origin2); + + BOOST_REQUIRE(app2 == origin2); +} + +BOOST_AUTO_TEST_SUITE_END() |