| /* |
| * Copyright (C) 2018 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include <string> |
| |
| #include <android-base/file.h> |
| #include <android-base/logging.h> |
| #include <android-base/scopeguard.h> |
| #include <gtest/gtest.h> |
| #include <libavb/libavb.h> |
| #include <ziparchive/zip_archive.h> |
| |
| #include "apex_file.h" |
| #include "apex_key.h" |
| |
| static std::string testDataDir = android::base::GetExecutableDirectory() + "/"; |
| |
| namespace android { |
| namespace apex { |
| namespace { |
| |
| TEST(ApexFileTest, GetOffsetOfSimplePackage) { |
| const std::string filePath = testDataDir + "apex.apexd_test.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_TRUE(apexFile.Ok()); |
| |
| int32_t zip_image_offset; |
| size_t zip_image_size; |
| { |
| ZipArchiveHandle handle; |
| int32_t rc = OpenArchive(filePath.c_str(), &handle); |
| ASSERT_EQ(0, rc); |
| auto close_guard = |
| android::base::make_scope_guard([&handle]() { CloseArchive(handle); }); |
| |
| ZipEntry entry; |
| rc = FindEntry(handle, ZipString("apex_payload.img"), &entry); |
| ASSERT_EQ(0, rc); |
| |
| zip_image_offset = entry.offset; |
| EXPECT_EQ(zip_image_offset % 4096, 0); |
| zip_image_size = entry.uncompressed_length; |
| EXPECT_EQ(zip_image_size, entry.compressed_length); |
| } |
| |
| EXPECT_EQ(zip_image_offset, apexFile->GetImageOffset()); |
| EXPECT_EQ(zip_image_size, apexFile->GetImageSize()); |
| } |
| |
| TEST(ApexFileTest, GetOffsetMissingFile) { |
| const std::string filePath = testDataDir + "missing.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_FALSE(apexFile.Ok()); |
| EXPECT_NE(std::string::npos, |
| apexFile.ErrorMessage().find("Failed to open package")) |
| << apexFile.ErrorMessage(); |
| } |
| |
| TEST(ApexFileTest, GetApexManifest) { |
| const std::string filePath = testDataDir + "apex.apexd_test.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_TRUE(apexFile.Ok()); |
| EXPECT_EQ("com.android.apex.test_package", apexFile->GetManifest().name()); |
| EXPECT_EQ(1u, apexFile->GetManifest().version()); |
| } |
| |
| TEST(ApexFileTest, VerifyApexVerity) { |
| const std::string filePath = testDataDir + "apex.apexd_test.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_TRUE(apexFile.Ok()) << apexFile.ErrorMessage(); |
| |
| auto verity_or = apexFile->VerifyApexVerity(); |
| ASSERT_TRUE(verity_or.Ok()) << verity_or.ErrorMessage(); |
| |
| const ApexVerityData& data = *verity_or; |
| EXPECT_NE(nullptr, data.desc.get()); |
| EXPECT_EQ(std::string("1772301d454698dd155205b7851959c625d8a3e6" |
| "d39360122693bad804b70007"), |
| data.salt); |
| EXPECT_EQ(std::string("f6139829a01059be55b13e09c4fddbb5565a8626"), |
| data.root_digest); |
| } |
| |
| // TODO: May consider packaging a debug key in debug builds (again). |
| #if 0 |
| TEST(ApexFileTest, VerifyApexVerityNoKeyDir) { |
| const std::string filePath = testDataDir + "apex.apexd_test.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_TRUE(apexFile.Ok()) << apexFile.ErrorMessage(); |
| |
| auto verity_or = apexFile->VerifyApexVerity({"/tmp/"}); |
| ASSERT_FALSE(verity_or.Ok()); |
| } |
| #endif |
| |
| // TODO(jiyong): re-enable this test. This test is disabled because the build |
| // system now always bundles the public key that was used to sign the APEX. |
| // In debuggable build, the bundled public key is used as the last fallback. |
| // As a result, the verification is always successful (and thus test fails). |
| // In order to re-enable this test, we have to manually create an APEX |
| // where public key is not bundled. |
| #if 0 |
| TEST(ApexFileTest, VerifyApexVerityNoKeyInst) { |
| const std::string filePath = testDataDir + "apex.apexd_test_no_inst_key.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_TRUE(apexFile.Ok()) << apexFile.ErrorMessage(); |
| |
| auto verity_or = apexFile->VerifyApexVerity(); |
| ASSERT_FALSE(verity_or.Ok()); |
| } |
| #endif |
| |
| TEST(ApexFileTest, GetBundledPublicKey) { |
| const std::string filePath = testDataDir + "apex.apexd_test.apex"; |
| StatusOr<ApexFile> apexFile = ApexFile::Open(filePath); |
| ASSERT_TRUE(apexFile.Ok()); |
| |
| const std::string keyPath = |
| testDataDir + "apexd_testdata/com.android.apex.test_package.avbpubkey"; |
| std::string keyContent; |
| ASSERT_TRUE(android::base::ReadFileToString(keyPath, &keyContent)) |
| << "Failed to read " << keyPath; |
| |
| EXPECT_EQ(keyContent, apexFile->GetBundledPublicKey()); |
| } |
| |
| } // namespace |
| } // namespace apex |
| } // namespace android |
| |
| int main(int argc, char** argv) { |
| android::base::InitLogging(argv, &android::base::StderrLogger); |
| ::testing::InitGoogleTest(&argc, argv); |
| return RUN_ALL_TESTS(); |
| } |