+/**
+ * Change password few times and challenge previous passwords - checks if security_server_set_pwd
+ * works as it should.
+ */
+RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
+{
+ const int history_depth = 5;
+ const unsigned int max_challenge = 3;
+ std::string prev_pass, new_pass = TEST_PASSWORD;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ for (int depth = 0; depth < history_depth; ++depth) {
+ prev_pass = new_pass;
+
+ //generate password name
+ new_pass = "history" + std::to_string(depth+1);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // challenge initial password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("depth = " + std::to_string(depth))));
+
+ // challenge previous password
+ verify_chk_pwd(
+ prev_pass.c_str(),
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 2,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("depth = " + std::to_string(depth)).c_str()));
+ }
+}
+
+/**
+ * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
+ * This test simulates user's behaviour - challenges valid and invalid passwords
+ * in various combinations.
+ */
+RUNNER_TEST(tc37_security_server_challenge_mixed)
+{
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ const unsigned int max_challenge = 2;
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
+ for (unsigned int i = 0; i < max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+
+ // Ensure that challenging valid password resets 'cuurrent attempt' value.
+ // If it didn't, the test would fail in third loop pass.
+ for (unsigned int i = 0; i < max_challenge + 1; ++i) {
+ // incorrect pwd
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+
+ // correct pwd
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 2,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+ }
+
+ // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
+ // any further attempts (even correct) are blocked
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ i,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+
+ // correct - refused
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
+ max_challenge + i,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+}
+
+/*
+ * Pasword change mixed with history depth change.
+ */
+RUNNER_TEST(tc38_security_server_history_depth_change)
+{
+ int ret;
+ const int initial_history_depth = 2;
+ const int decreased_history_depth = 1;
+ const int increased_history_depth = 3;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ ret = security_server_set_pwd_history(initial_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
+ * and SECOND_TEST_PASSWORD as a part of history.
+ */
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(decreased_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
+ * and THIRD_TEST_PASSWORD only.
+ */
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(increased_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+}
+
+/**
+ * Challenge invalid password, reset server and check if 'current attempts' is restored.
+ */
+RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
+{
+ unsigned int attempt, max_attempt, expire_sec;
+ const unsigned int max_challenge = 10;
+ const unsigned int invalid_attempts_num = 3;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("attempt = " + std::to_string(attempt))));
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == max_challenge, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(attempt == invalid_attempts_num, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
+ expire_sec);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // challenge invalid password
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ invalid_attempts_num + 1,
+ max_challenge,
+ TRACE_FROM_HERE);
+
+ // challenge valid password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ invalid_attempts_num + 2,
+ max_challenge,
+ TRACE_FROM_HERE);
+}
+
+/**
+ * Validate passwords history after security server reset.
+ */
+RUNNER_TEST(tc40_security_server_history_check_after_reset)
+{
+ const unsigned int history_depth = 2;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // try to reuse history passwords
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check if SS has correct behaviour when changing history depth to 0.
+ */
+RUNNER_TEST(tc41_security_server_empty_history_check)
+{
+ const unsigned int history_depth = 2;
+ const unsigned int empty_history_depth = 0;
+
+ //prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ //set new history count
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //set new password and fill history
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that everything went OK - try setting something that would cause reuse error
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ //reset history limit to no history at all
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(empty_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that current password still exists in memory
+ //expected attempt 3 because our previous tries increased attempt counter
+ verify_chk_pwd(
+ THIRD_TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 3,
+ 0,
+ TRACE_FROM_HERE);
+
+ //make sure that it's possible to reuse old password once history limit is set to 0
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //once again try setting earlier used passwords - now API should return success
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
+{
+ //prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //try setting different password and giving NULL as current once again
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // Assert security server sets infinite expiration time
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((time_t) expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
+ "invalid expiration time " << expire_sec);
+
+ clean_password_dir();
+}
+
+int main(int argc, char *argv[])
+{
+ SummaryCollector::Register();
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);