projects / platform / core / test / security-tests.git / blob
? search:


e2d34ecf197f1f0684b1795fd6e994992dd4a9d2
[platform/core/test/security-tests.git] / tests / ckm / capi-certificate-chains.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  */
16 /*
17  * @file       capi-certificate-chains.cpp
18  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
19  * @version    1.0
20  */
21
22 #include <stdarg.h>
23
24 #include <string>
25 #include <memory>
26
27 #include <dpl/test/test_runner.h>
28
29 #include <tests_common.h>
30 #include <ckm-common.h>
31
32 #include <ckmc/ckmc-manager.h>
33 #include <ckmc/ckmc-control.h>
34 #include <ckmc/ckmc-type.h>
35 #include <ckmc/ckmc-error.h>
36
37 namespace {
38 const char* CERT[] = {
39     "-----BEGIN CERTIFICATE-----\n"
40     "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
41     "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
42     "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
43     "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
44     "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
45     "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
46     "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
47     "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
48     "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
49     "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
50     "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
51     "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
52     "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
53     "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
54     "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
55     "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
56     "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
57     "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
58     "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
59     "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
60     "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
61     "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
62     "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
63     "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
64     "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
65     "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
66     "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
67     "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
68     "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
69     "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
70     "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
71     "oFXtrg0=\n"
72     "-----END CERTIFICATE-----\n",
73
74     "-----BEGIN CERTIFICATE-----\n"
75     "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
76     "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
77     "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
78     "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
79     "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
80     "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
81     "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
82     "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
83     "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
84     "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
85     "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
86     "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
87     "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
88     "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
89     "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
90     "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
91     "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
92     "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
93     "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
94     "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
95     "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
96     "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
97     "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
98     "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
99     "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
100     "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
101     "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
102     "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
103     "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
104     "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
105     "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
106     "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
107     "-----END CERTIFICATE-----\n",
108 };
109
110 // index of CERT array
111 enum CertIdx{
112     CERT_EE,
113     CERT_IM,
114 };
115
116 template <typename F, typename... Args>
117 void assert_result(int expected, F&& func, Args... args)
118 {
119     int ret = func(args...);
120     RUNNER_ASSERT_MSG_BT(ret == expected, "Expected " << expected << " got: " << ret);
121 }
122
123 template <typename F, typename... Args>
124 void assert_positive(F&& func, Args... args)
125 {
126     assert_result(CKMC_ERROR_NONE, std::move(func), args...);
127 }
128
129 template <typename T>
130 size_t list_size(const T* list)
131 {
132     size_t size = 0;
133     while(list) {
134         list = list->next;
135         size++;
136     }
137     return size;
138 }
139
140 template <typename T>
141 void assert_list_size(const T* list, size_t expected)
142 {
143     size_t size = list_size(list);
144     RUNNER_ASSERT_MSG_BT(size == expected, "Expected chain size: " << expected << " got: " << size);
145 }
146
147 typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
148 typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
149 typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
150
151 CertPtr create_cert(CertIdx idx) {
152     size_t size = sizeof(CERT)/sizeof(CERT[0]);
153     RUNNER_ASSERT_MSG_BT(idx < size, "Certificate index out of range: " << idx << ">=" << size);
154
155     ckmc_cert_s* cert = NULL;
156     assert_positive(ckmc_cert_new,
157                     reinterpret_cast<unsigned char*>(const_cast<char*>(CERT[idx])),
158                     strlen(CERT[idx]),
159                     CKMC_FORM_PEM,
160                     &cert);
161
162     RUNNER_ASSERT_MSG_BT(cert != NULL, "Cert is NULL");
163     CertPtr c(cert, ckmc_cert_free);
164     return c;
165 }
166
167 void save_cert(const CertPtr& cert, const char* alias) {
168     ckmc_policy_s policy;
169     policy.password = NULL;
170     policy.extractable = 1;
171
172     int tmp;
173     assert_positive(ckmc_save_cert, alias, *cert, policy);
174 }
175
176 // list gets copies of aliases
177 AliasListPtr create_alias_list(const char* alias, ...) {
178     AliasListPtr aliasList(NULL, ckmc_alias_list_all_free);
179
180     va_list ap;
181
182     va_start(ap, alias);
183     ckmc_alias_list_s* last = NULL;
184     for (const char* a = alias; a != NULL; a = va_arg(ap, const char*)) {
185         if (aliasList == NULL) {
186             ckmc_alias_list_s* tmp = NULL;
187             assert_positive(ckmc_alias_list_new, strdup(a), &tmp);
188             aliasList = AliasListPtr(tmp, ckmc_alias_list_all_free);
189             RUNNER_ASSERT_MSG_BT(!!aliasList, "Alias list is NULL");
190             last = aliasList.get();
191         } else {
192             assert_positive(ckmc_alias_list_add, last, strdup(a), &last);
193             RUNNER_ASSERT_MSG_BT(last != NULL, "Last alias on the list is NULL");
194         }
195     }
196     va_end(ap);
197
198     return aliasList;
199 }
200
201 // list takes ownership of provided certificates
202 CertListPtr create_cert_list(ckmc_cert_s* cert, ...) {
203     CertListPtr certList(NULL, ckmc_cert_list_all_free);
204
205     va_list ap;
206
207     va_start(ap, cert);
208     ckmc_cert_list_s* last = NULL;
209     for (ckmc_cert_s* c = cert; c!=NULL; c = va_arg(ap, ckmc_cert_s*)) {
210         if (!certList) {
211             ckmc_cert_list_s* tmp = NULL;
212             assert_positive(ckmc_cert_list_new, c, &tmp);
213             certList = CertListPtr(tmp, ckmc_cert_list_all_free);
214             RUNNER_ASSERT_MSG_BT(!!certList, "Cert list is NULL");
215             last = certList.get();
216         } else {
217             assert_positive(ckmc_cert_list_add, last, c, &last);
218             RUNNER_ASSERT_MSG_BT(last != NULL, "Last cert on the list is NULL");
219         }
220     }
221     va_end(ap);
222
223     return certList;
224 }
225
226 const ckmc_cert_list_s* NULL_CERTS = NULL;
227 const ckmc_alias_list_s* NULL_ALIASES = NULL;
228
229 } // namespace anonymous
230
231 RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
232
233 RUNNER_TEST(TCCH_0000_init)
234 {
235     int temp;
236     assert_positive(ckmc_unlock_user_key, 0, "test-pass");
237 }
238
239 RUNNER_TEST(TCCH_0010_get_chain)
240 {
241     assert_positive(ckmc_remove_user_data,0);
242
243     CertPtr cert_ee = create_cert(CERT_EE);
244     CertPtr cert_im = create_cert(CERT_IM);
245
246     CertListPtr untrusted = create_cert_list(cert_im.release(), NULL);
247
248     // positive
249     ckmc_cert_list_s* chain1 = NULL;
250     assert_positive(ckmc_get_cert_chain, cert_ee.get(), untrusted.get(), &chain1);
251     CertListPtr list1(chain1, ckmc_cert_list_all_free);
252     assert_list_size(chain1, 3);
253
254     // negative
255     ckmc_cert_list_s* chain2 = NULL;
256     assert_result(CKMC_ERROR_VERIFICATION_FAILED,
257                   ckmc_get_cert_chain,
258                   cert_ee.get(),
259                   NULL_CERTS,
260                   &chain2);
261     CertListPtr list2(chain2, ckmc_cert_list_all_free);
262     assert_list_size(chain2, 0);
263 }
264
265 RUNNER_TEST(TCCH_0020_get_chain_with_alias)
266 {
267     assert_positive(ckmc_remove_user_data,0);
268
269     CertPtr cert_ee = create_cert(CERT_EE);
270     CertPtr cert_im = create_cert(CERT_IM);
271
272     save_cert(cert_im, "untrusted_certificate");
273
274     AliasListPtr untrusted = create_alias_list("untrusted_certificate", NULL);
275
276     // positive
277     ckmc_cert_list_s* chain1 = NULL;
278     assert_positive(ckmc_get_cert_chain_with_alias, cert_ee.get(), untrusted.get(), &chain1);
279     CertListPtr list1(chain1, ckmc_cert_list_all_free);
280     assert_list_size(chain1, 3);
281
282     // negative
283     ckmc_cert_list_s* chain2 = NULL;
284     assert_result(CKMC_ERROR_VERIFICATION_FAILED,
285                   ckmc_get_cert_chain_with_alias,
286                   cert_ee.get(),
287                   NULL_ALIASES,
288                   &chain2);
289     CertListPtr list2(chain2, ckmc_cert_list_all_free);
290     assert_list_size(chain2, 0);
291 }
292
293 RUNNER_TEST(TCCH_9999_deinit)
294 {
295     int temp;
296
297     assert_positive(ckmc_lock_user_key, 0);
298     assert_positive(ckmc_remove_user_data, 0);
299 }
Domain: Security / Uncategorized;