Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 67d3c00e50f159e27b1d11c533fb473ad63cd6f5^! / . / libs / apkverify / tests / apkverify_test.rs
commit67d3c00e50f159e27b1d11c533fb473ad63cd6f5[log] [tgz]
authorAlice Wang <aliceywang@google.com>Fri Sep 16 10:08:25 2022 +0000
committerAlice Wang <aliceywang@google.com>Mon Sep 19 07:13:02 2022 +0000
treef8272397b805dc1b73d42e29da97b9bd67755ac9
parentc6076c55be52394b1ac6a8e598613e4f0c146e79 [diff] [blame]
[apkverify][test] Verify public key in apk verification tests

Prior to this cl, we only checked if the verification result exists in
tests.

Bug: 197052981
Bug: 239534874
Test: libapkverify.integration_test
Change-Id: I59dc53148a06dc9aa1e152b4152274a4ed9bd30e

diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index 3818259..d7b1dc2 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs

@@ -15,7 +15,7 @@
  */
 
 use apkverify::{testing::assert_contains, verify};
-use std::matches;
+use std::{fs, matches, path::Path};
 
 const KEY_NAMES_DSA: &[&str] = &["1024", "2048", "3072"];
 const KEY_NAMES_ECDSA: &[&str] = &["p256", "p384", "p521"];
@@ -34,7 +34,7 @@
 
 #[test]
 fn test_verify_v3() {
-    assert!(verify("tests/data/test.apex").is_ok());
+    validate_apk_public_key("tests/data/test.apex");
 }
 
 #[test]
@@ -49,32 +49,34 @@
 #[test]
 fn test_verify_v3_ecdsa_sha256() {
     for key_name in KEY_NAMES_ECDSA.iter() {
-        assert!(verify(format!("tests/data/v3-only-with-ecdsa-sha256-{}.apk", key_name)).is_ok());
+        validate_apk_public_key(format!("tests/data/v3-only-with-ecdsa-sha256-{}.apk", key_name));
     }
 }
 
 #[test]
 fn test_verify_v3_ecdsa_sha512() {
     for key_name in KEY_NAMES_ECDSA.iter() {
-        assert!(verify(format!("tests/data/v3-only-with-ecdsa-sha512-{}.apk", key_name)).is_ok());
+        validate_apk_public_key(format!("tests/data/v3-only-with-ecdsa-sha512-{}.apk", key_name));
     }
 }
 
 #[test]
 fn test_verify_v3_rsa_sha256() {
     for key_name in KEY_NAMES_RSA.iter() {
-        assert!(
-            verify(format!("tests/data/v3-only-with-rsa-pkcs1-sha256-{}.apk", key_name)).is_ok()
-        );
+        validate_apk_public_key(format!(
+            "tests/data/v3-only-with-rsa-pkcs1-sha256-{}.apk",
+            key_name
+        ));
     }
 }
 
 #[test]
 fn test_verify_v3_rsa_sha512() {
     for key_name in KEY_NAMES_RSA.iter() {
-        assert!(
-            verify(format!("tests/data/v3-only-with-rsa-pkcs1-sha512-{}.apk", key_name)).is_ok()
-        );
+        validate_apk_public_key(format!(
+            "tests/data/v3-only-with-rsa-pkcs1-sha512-{}.apk",
+            key_name
+        ));
     }
 }
 
@@ -167,20 +169,45 @@
 
 #[test]
 fn test_verify_v3_unknown_additional_attr() {
-    assert!(verify("tests/data/v3-only-unknown-additional-attr.apk").is_ok());
+    validate_apk_public_key("tests/data/v3-only-unknown-additional-attr.apk");
 }
 
 #[test]
 fn test_verify_v3_unknown_pair_in_apk_sig_block() {
-    assert!(verify("tests/data/v3-only-unknown-pair-in-apk-sig-block.apk").is_ok());
+    validate_apk_public_key("tests/data/v3-only-unknown-pair-in-apk-sig-block.apk");
 }
 
 #[test]
 fn test_verify_v3_ignorable_unsupported_sig_algs() {
-    assert!(verify("tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk").is_ok());
+    validate_apk_public_key("tests/data/v3-only-with-ignorable-unsupported-sig-algs.apk");
 }
 
 #[test]
 fn test_verify_v3_stamp() {
-    assert!(verify("tests/data/v3-only-with-stamp.apk").is_ok());
+    validate_apk_public_key("tests/data/v3-only-with-stamp.apk");
+}
+
+fn validate_apk_public_key<P: AsRef<Path>>(apk_path: P) {
+    // Validates public key from verification == expected public key.
+    let public_key_from_verification = verify(apk_path.as_ref());
+    let public_key_from_verification =
+        public_key_from_verification.expect("Error in verification result");
+
+    let expected_public_key_path = format!("{}.der", apk_path.as_ref().to_str().unwrap());
+    assert!(
+        fs::metadata(&expected_public_key_path).is_ok(),
+        "File does not exist. You can re-create it with:\n$ echo -en {} > {}\n",
+        public_key_from_verification.iter().map(|b| format!("\\\\x{:02x}", b)).collect::<String>(),
+        expected_public_key_path
+    );
+    let expected_public_key = fs::read(&expected_public_key_path).unwrap();
+    assert_eq!(
+        expected_public_key,
+        public_key_from_verification.as_ref(),
+        "{}",
+        expected_public_key_path
+    );
+
+    // TODO(b/239534874): Validates public key extracted directly from apk
+    // (without verification) == expected public key.
 }