Commment signed webapks working and verified.

chrome/android/webapk/libs/client/junit/src/org/chromium/webapk/lib/client/WebApkVerifySignatureTest.java

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.webapk.lib.client;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.annotation.Config;
+
+import org.chromium.testing.local.LocalRobolectricTestRunner;
+import org.chromium.webapk.lib.client.WebApkVerifySignature.Error;
+
+import java.io.File;
+import java.io.RandomAccessFile;
+import java.nio.MappedByteBuffer;
+import java.nio.channels.FileChannel;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.spec.X509EncodedKeySpec;
+
+/** Unit tests for WebApkVerifySignature for Android. */
+@RunWith(LocalRobolectricTestRunner.class)
+@Config(manifest = Config.NONE)
+public class WebApkVerifySignatureTest {
+    /** Elliptical Curves, Digital Signature Algorithm */
+    private static final String KEY_FACTORY = "EC";
+
+    private static final String TEST_DATA_DIR = "chrome/test/data/webapks/";
+
+    static PublicKey readPublicKey(String publicDER) throws Exception {
+        return createPublicKey(Files.readAllBytes(Paths.get(publicDER)));
+    }
+
+    private static PublicKey createPublicKey(byte[] bytes) throws Exception {
+        return KeyFactory.getInstance(KEY_FACTORY).generatePublic(new X509EncodedKeySpec(bytes));
+    }
+
+    @Test
+    public void testHexToBytes() throws Exception {
+        assertEquals(null, WebApkVerifySignature.hexToBytes(""));
+        byte[] test = {(byte) 0xFF, (byte) 0xFE, 0x00, 0x01};
+        assertArrayEquals(test, WebApkVerifySignature.hexToBytes("fffe0001"));
+        assertArrayEquals(test, WebApkVerifySignature.hexToBytes("FFFE0001"));
+        assertEquals(null, WebApkVerifySignature.hexToBytes("f")); // Odd number of nibbles.
+    }
+
+    @Test
+    public void testCommentHash() throws Exception {
+        byte[] bytes = hexStringToByteArray("decafbad");
+        assertEquals(null, WebApkVerifySignature.parseCommentSignature("weapk:decafbad"));
+        assertEquals(null, WebApkVerifySignature.parseCommentSignature("webapk:"));
+        assertArrayEquals(bytes, WebApkVerifySignature.parseCommentSignature("webapk:decafbad"));
+        assertArrayEquals(bytes, WebApkVerifySignature.parseCommentSignature("webapk:12:decafbad"));
+        assertArrayEquals(
+                bytes, WebApkVerifySignature.parseCommentSignature("webapk:02: decafbad"));
+        assertArrayEquals(
+                bytes, WebApkVerifySignature.parseCommentSignature("webapk: 02: decafbad"));
+        assertArrayEquals(
+                bytes, WebApkVerifySignature.parseCommentSignature("XXXwebapk:decafbadXXX"));
+        assertArrayEquals(
+                bytes, WebApkVerifySignature.parseCommentSignature("\n\nwebapk:decafbad\n\n"));
+    }
+
+    public static String testFilename(String fname) {
+        return new File(TEST_DATA_DIR + fname).getPath();
+    }
+
+    @Test
+    public void testVerifyFiles() throws Exception {
+        PublicKey pub = readPublicKey(testFilename("public.der"));
+        String[] filenames = {"example.apk", "java-example.apk"};
+        for (String filename : filenames) {
+            RandomAccessFile file = new RandomAccessFile(testFilename(filename), "r");
+            FileChannel inChannel = file.getChannel();
+            MappedByteBuffer buf =
+                    inChannel.map(FileChannel.MapMode.READ_ONLY, 0, inChannel.size());
+            buf.load();
+            WebApkVerifySignature v = new WebApkVerifySignature(buf);
+            assertEquals(Error.OK, v.read());
+            assertEquals(Error.OK, v.verifySignature(pub));
+            buf.clear();
+            inChannel.close();
+            file.close();
+        }
+    }
+
+    @Test
+    public void testBadVerifyFiles() throws Exception {
+        PublicKey pub = readPublicKey(testFilename("public.der"));
+        String[] filenames = {
+                "bad-sig.apk", "bad-utf8-fname.apk", "empty.apk", "extra-len-too-large.apk",
+                "fcomment-too-large.apk", "no-cd.apk", "no-comment.apk", "no-eocd.apk",
+                "no-lfh.apk", "not-an.apk", "too-many-metainf.apk", "truncated.apk", "zeros.apk",
+                "zeros-at-end.apk",
+        };
+        for (String filename : filenames) {
+            RandomAccessFile file = new RandomAccessFile(testFilename(filename), "r");
+            FileChannel inChannel = file.getChannel();
+            MappedByteBuffer buf =
+                    inChannel.map(FileChannel.MapMode.READ_ONLY, 0, inChannel.size());
+            buf.load();
+            WebApkVerifySignature v = new WebApkVerifySignature(buf);
+            try {
+                if (v.read() == Error.OK) {
+                    assertTrue(v.verifySignature(pub) != WebApkVerifySignature.Error.OK);
+                }
+            } catch (SignatureException | IllegalArgumentException e) {
+                // expected
+            }
+            buf.clear();
+            inChannel.close();
+            file.close();
+        }
+    }
+
+    private static byte[] hexStringToByteArray(String s) {
+        int len = s.length();
+        if (len % 2 == 1) {
+            // Expect an even number of nibbles.
+            return null;
+        }
+        byte[] data = new byte[len / 2];
+        for (int i = 0; i < len; i += 2) {
+            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+                    | Character.digit(s.charAt(i + 1), 16));
+        }
+        return data;
+    }
+}