2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file capi-certificate-chains.cpp
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
27 #include <dpl/test/test_runner.h>
29 #include <tests_common.h>
30 #include <ckm-common.h>
32 #include <ckmc/ckmc-manager.h>
33 #include <ckmc/ckmc-control.h>
34 #include <ckmc/ckmc-type.h>
35 #include <ckmc/ckmc-error.h>
38 const char* CERT[] = {
39 "-----BEGIN CERTIFICATE-----\n"
40 "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
41 "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
42 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
43 "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
44 "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
45 "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
46 "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
47 "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
48 "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
49 "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
50 "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
51 "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
52 "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
53 "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
54 "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
55 "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
56 "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
57 "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
58 "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
59 "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
60 "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
61 "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
62 "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
63 "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
64 "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
65 "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
66 "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
67 "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
68 "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
69 "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
70 "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
72 "-----END CERTIFICATE-----\n",
74 "-----BEGIN CERTIFICATE-----\n"
75 "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
76 "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
77 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
78 "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
79 "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
80 "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
81 "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
82 "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
83 "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
84 "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
85 "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
86 "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
87 "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
88 "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
89 "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
90 "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
91 "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
92 "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
93 "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
94 "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
95 "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
96 "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
97 "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
98 "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
99 "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
100 "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
101 "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
102 "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
103 "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
104 "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
105 "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
106 "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
107 "-----END CERTIFICATE-----\n",
110 // index of CERT array
116 template <typename F, typename... Args>
117 void assert_result(int expected, F&& func, Args... args)
119 int ret = func(args...);
120 RUNNER_ASSERT_MSG_BT(ret == expected, "Expected " << expected << " got: " << ret);
123 template <typename F, typename... Args>
124 void assert_positive(F&& func, Args... args)
126 assert_result(CKMC_ERROR_NONE, std::move(func), args...);
129 template <typename T>
130 size_t list_size(const T* list)
140 template <typename T>
141 void assert_list_size(const T* list, size_t expected)
143 size_t size = list_size(list);
144 RUNNER_ASSERT_MSG_BT(size == expected, "Expected chain size: " << expected << " got: " << size);
147 typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
148 typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
149 typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
151 CertPtr create_cert(CertIdx idx) {
152 size_t size = sizeof(CERT)/sizeof(CERT[0]);
153 RUNNER_ASSERT_MSG_BT(idx < size, "Certificate index out of range: " << idx << ">=" << size);
155 ckmc_cert_s* cert = NULL;
156 assert_positive(ckmc_cert_new,
157 reinterpret_cast<unsigned char*>(const_cast<char*>(CERT[idx])),
162 RUNNER_ASSERT_MSG_BT(cert != NULL, "Cert is NULL");
163 CertPtr c(cert, ckmc_cert_free);
167 void save_cert(const CertPtr& cert, const char* alias) {
168 ckmc_policy_s policy;
169 policy.password = NULL;
170 policy.extractable = 1;
173 assert_positive(ckmc_save_cert, alias, *cert, policy);
176 // list gets copies of aliases
177 AliasListPtr create_alias_list(const char* alias, ...) {
178 AliasListPtr aliasList(NULL, ckmc_alias_list_all_free);
183 ckmc_alias_list_s* last = NULL;
184 for (const char* a = alias; a != NULL; a = va_arg(ap, const char*)) {
185 if (aliasList == NULL) {
186 ckmc_alias_list_s* tmp = NULL;
187 assert_positive(ckmc_alias_list_new, strdup(a), &tmp);
188 aliasList = AliasListPtr(tmp, ckmc_alias_list_all_free);
189 RUNNER_ASSERT_MSG_BT(!!aliasList, "Alias list is NULL");
190 last = aliasList.get();
192 assert_positive(ckmc_alias_list_add, last, strdup(a), &last);
193 RUNNER_ASSERT_MSG_BT(last != NULL, "Last alias on the list is NULL");
201 // list takes ownership of provided certificates
202 CertListPtr create_cert_list(ckmc_cert_s* cert, ...) {
203 CertListPtr certList(NULL, ckmc_cert_list_all_free);
208 ckmc_cert_list_s* last = NULL;
209 for (ckmc_cert_s* c = cert; c!=NULL; c = va_arg(ap, ckmc_cert_s*)) {
211 ckmc_cert_list_s* tmp = NULL;
212 assert_positive(ckmc_cert_list_new, c, &tmp);
213 certList = CertListPtr(tmp, ckmc_cert_list_all_free);
214 RUNNER_ASSERT_MSG_BT(!!certList, "Cert list is NULL");
215 last = certList.get();
217 assert_positive(ckmc_cert_list_add, last, c, &last);
218 RUNNER_ASSERT_MSG_BT(last != NULL, "Last cert on the list is NULL");
226 const ckmc_cert_list_s* NULL_CERTS = NULL;
227 const ckmc_alias_list_s* NULL_ALIASES = NULL;
229 } // namespace anonymous
231 RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
233 RUNNER_TEST(TCCH_0000_init)
236 assert_positive(ckmc_unlock_user_key, 0, "test-pass");
239 RUNNER_TEST(TCCH_0010_get_chain)
241 assert_positive(ckmc_remove_user_data,0);
243 CertPtr cert_ee = create_cert(CERT_EE);
244 CertPtr cert_im = create_cert(CERT_IM);
246 CertListPtr untrusted = create_cert_list(cert_im.release(), NULL);
249 ckmc_cert_list_s* chain1 = NULL;
250 assert_positive(ckmc_get_cert_chain, cert_ee.get(), untrusted.get(), &chain1);
251 CertListPtr list1(chain1, ckmc_cert_list_all_free);
252 assert_list_size(chain1, 3);
255 ckmc_cert_list_s* chain2 = NULL;
256 assert_result(CKMC_ERROR_VERIFICATION_FAILED,
261 CertListPtr list2(chain2, ckmc_cert_list_all_free);
262 assert_list_size(chain2, 0);
265 RUNNER_TEST(TCCH_0020_get_chain_with_alias)
267 assert_positive(ckmc_remove_user_data,0);
269 CertPtr cert_ee = create_cert(CERT_EE);
270 CertPtr cert_im = create_cert(CERT_IM);
272 save_cert(cert_im, "untrusted_certificate");
274 AliasListPtr untrusted = create_alias_list("untrusted_certificate", NULL);
277 ckmc_cert_list_s* chain1 = NULL;
278 assert_positive(ckmc_get_cert_chain_with_alias, cert_ee.get(), untrusted.get(), &chain1);
279 CertListPtr list1(chain1, ckmc_cert_list_all_free);
280 assert_list_size(chain1, 3);
283 ckmc_cert_list_s* chain2 = NULL;
284 assert_result(CKMC_ERROR_VERIFICATION_FAILED,
285 ckmc_get_cert_chain_with_alias,
289 CertListPtr list2(chain2, ckmc_cert_list_all_free);
290 assert_list_size(chain2, 0);
293 RUNNER_TEST(TCCH_9999_deinit)
297 assert_positive(ckmc_lock_user_key, 0);
298 assert_positive(ckmc_remove_user_data, 0);