projects / platform / core / test / security-tests.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CKM: Revert "Add PASSWORD_PROTECTION_DISABLE feature"
[platform/core/test/security-tests.git] / src / ckm / main.cpp
diff --git a/src/ckm/main.cpp b/src/ckm/main.cpp
index 9c41077..06694ec 100644 (file)
--- a/src/ckm/main.cpp
+++ b/src/ckm/main.cpp
@@ -19,12 +19,16 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#include <dpl/log/log.h>
-
 namespace {
 const int USER_APP = 5000;
 const int GROUP_APP = 5000;
+
+const int USER_APP_2 = 5020;
+const int USER_APP_3 = 5030;
+
+const char * const APP_PASS  = "user-pass";
 const int USER_TEST = 5001;
+const char* TEST_LABEL = "test_label";
 
 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
@@ -70,11 +74,11 @@ RUNNER_TEST(T0011_Control)
     auto control = CKM::Control::create();
 
     control->removeUserData(0);
-    control->removeUserData(20);
+    control->removeUserData(USER_APP_2);
     control->removeUserData(USER_APP);
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
         "Error=" << CKM::ErrorToString(temp));
 }
 
@@ -83,10 +87,10 @@ RUNNER_TEST(T0012_Control)
     int temp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
@@ -95,7 +99,7 @@ RUNNER_TEST(T0013_Control)
     int temp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
         "Error=" << CKM::ErrorToString(temp));
 }
 
@@ -104,31 +108,31 @@ RUNNER_TEST(T0014_Control)
     int temp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
         "Error=" << CKM::ErrorToString(temp));
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
         "Error=" << CKM::ErrorToString(temp));
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+        CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
         "Error=" << CKM::ErrorToString(temp));
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
         "Error=" << CKM::ErrorToString(temp));
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
         "Error=" << CKM::ErrorToString(temp));
 
     RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+        CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
         "Error=" << CKM::ErrorToString(temp));
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
@@ -137,16 +141,16 @@ RUNNER_TEST(T0015_Control)
     int temp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+        CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
@@ -155,19 +159,19 @@ RUNNER_TEST(T0016_Control_negative_wrong_password)
     int temp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+        CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
@@ -175,14 +179,7 @@ RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
 
 RUNNER_TEST(T1010_init)
 {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    unlock_user_data(USER_APP, "user-pass");
 }
 
 RUNNER_TEST(T1011_key)
@@ -203,7 +200,7 @@ RUNNER_TEST(T1011_key)
     CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
     auto key = CKM::Key::create(buffer, CKM::Password());
     CKM::KeyShPtr key2;
-    CKM::Alias alias = "mykey";
+    CKM::Alias alias = sharedDatabase("mykey");
 
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
@@ -223,7 +220,7 @@ RUNNER_TEST(T1012_certificate)
 
     auto cert = TestData::getTestCertificate(TestData::GIAG2);
     CKM::CertificateShPtr cert2;
-    CKM::Alias alias = "myCert";
+    CKM::Alias alias = sharedDatabase("myCert");
 
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
@@ -238,7 +235,7 @@ RUNNER_TEST(T1012_certificate)
 
 RUNNER_CHILD_TEST(T1013_user_app_save_key)
 {
-    AccessProvider ap("mylabel");
+    ScopedAccessProvider ap("mylabel");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
@@ -271,6 +268,10 @@ RUNNER_CHILD_TEST(T1013_user_app_save_key)
 
 RUNNER_TEST(T1014_save_with_label)
 {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int temp;
     auto manager = CKM::Manager::create();
 
@@ -288,8 +289,8 @@ RUNNER_TEST(T1014_save_with_label)
     auto key = CKM::Key::create(buffer, CKM::Password());
     CKM::KeyShPtr key_name, key_full_addr;
     CKM::Alias alias = "mykey-2";
-    CharPtr top_label = get_label();
-    std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+    std::string top_label = getOwnerIdFromSelf();
+    std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str());
 
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
@@ -314,21 +315,8 @@ RUNNER_TEST(T1014_save_with_label)
 
 RUNNER_TEST(T1015_deinit)
 {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
+    remove_user_data(USER_APP);
 }
 
 RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
@@ -338,9 +326,6 @@ RUNNER_TEST(T1020_init)
     int temp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
         "Error=" << CKM::ErrorToString(temp));
 }
@@ -364,26 +349,27 @@ RUNNER_TEST(T1021_save_keys_get_alias)
     auto key = CKM::Key::create(buffer, CKM::Password());
     CKM::AliasVector labelAliasVector;
 
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
+        CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
 }
 
 RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
 {
-    AccessProvider ap("mylabel");
+    ScopedAccessProvider ap("mylabel");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
@@ -404,6 +390,7 @@ RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
     auto key = CKM::Key::create(buffer, CKM::Password());
     CKM::AliasVector labelAliasVector;
 
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
@@ -417,13 +404,13 @@ RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
         CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
 }
 
 RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
 {
-    AccessProvider ap("mylabel");
+    ScopedAccessProvider ap("mylabel");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
@@ -458,35 +445,15 @@ RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
 
 RUNNER_TEST(T1029_deinit)
 {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
+    remove_user_data(USER_APP);
 }
 
 RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-
 RUNNER_TEST(T1030_init)
 {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
+    reset_user_data(USER_APP, APP_PASS);
 }
 
 RUNNER_TEST(T1031_save_get_bin_data)
@@ -504,41 +471,43 @@ RUNNER_TEST(T1031_save_get_bin_data)
 
     CKM::AliasVector labelAliasVector;
 
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
+        CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
 
     CKM::RawBuffer buffer;
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
         buffer == buffer2,
         "Data corrupted");
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
         "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
 }
 
 RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
 {
-    AccessProvider ap("mylabel");
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
@@ -551,6 +520,7 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
 
     CKM::AliasVector labelAliasVector;
 
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
@@ -564,8 +534,8 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
         CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
 }
 
 RUNNER_TEST(T1033_remove_bin_data)
@@ -578,80 +548,113 @@ RUNNER_TEST(T1033_remove_bin_data)
 
     CKM::AliasVector labelAliasVector;
 
-    std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
+    std::string invalid_address = sharedDatabase("i-do-not-exist");
     RUNNER_ASSERT_MSG(
         CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
+        CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
+        CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 1,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
+        labelAliasVector.size() == (current_aliases_num-2),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
 
     CKM::RawBuffer buffer;
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
         buffer == buffer2,
         "Data corrupted");
     RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1034_getData_wrong_password)
+RUNNER_TEST(T1034_app_remove_bin_data)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int temp;
     auto manager = CKM::Manager::create();
 
-    std::string binData1 = "My bin data4";
+    std::string binData2 = "My bin data";
+    CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
 
-    CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+    CKM::AliasVector labelAliasVector;
 
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
+    std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+        "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
         "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
+        "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
+        "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        labelAliasVector.size() == (current_aliases_num-2),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
 
     CKM::RawBuffer buffer;
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        buffer == buffer1,
+        buffer == buffer2,
         "Data corrupted");
-
     RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1035_deinit)
+RUNNER_TEST(T1035_getData_wrong_password)
 {
     int temp;
-    auto control = CKM::Control::create();
+    auto manager = CKM::Manager::create();
+
+    std::string binData1 = "My bin data4";
+
+    CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
 
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
         "Error=" << CKM::ErrorToString(temp));
+
+    CKM::RawBuffer buffer;
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+        buffer == buffer1,
+        "Data corrupted");
+
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
         "Error=" << CKM::ErrorToString(temp));
 }
 
+RUNNER_TEST(T1036_deinit)
+{
+    remove_user_data(0);
+    remove_user_data(USER_APP);
+}
+
 RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
 
 RUNNER_TEST(T1040_init)
@@ -664,16 +667,17 @@ RUNNER_TEST(T1040_init)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_CHILD_TEST(T1041_create_rsa_key)
+RUNNER_CHILD_TEST(T1041_create_RSA_key)
 {
     int temp;
     auto manager = CKM::Manager::create();
     CKM::AliasVector av;
 
-    AccessProvider ap("mylabel-rsa");
+    ScopedAccessProvider ap("mylabel-rsa");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
@@ -681,17 +685,17 @@ RUNNER_CHILD_TEST(T1041_create_rsa_key)
         CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        2 == (temp = av.size()),
-        "Vector size: " << temp << ". Expected: 2");
+        (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
 }
 
-RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
+RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
 {
     int temp;
     auto manager = CKM::Manager::create();
     CKM::AliasVector av;
 
-    AccessProvider ap("mylabel-rsa");
+    ScopedAccessProvider ap("mylabel-rsa");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
@@ -703,16 +707,17 @@ RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_CHILD_TEST(T1043_create_dsa_key)
+RUNNER_CHILD_TEST(T1043_create_DSA_key)
 {
     int temp;
     auto manager = CKM::Manager::create();
     CKM::AliasVector av;
 
-    AccessProvider ap("mylabel-dsa");
+    ScopedAccessProvider ap("mylabel-dsa");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
@@ -720,21 +725,35 @@ RUNNER_CHILD_TEST(T1043_create_dsa_key)
         CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        2 == (temp = av.size()),
-        "Vector size: " << temp << ". Expected: 2");
+        (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
 }
 
-RUNNER_TEST(T1049_deinit)
+RUNNER_CHILD_TEST(T1044_create_AES_key)
 {
     int temp;
-    auto control = CKM::Control::create();
+    auto manager = CKM::Manager::create();
+    CKM::AliasVector av;
 
+    AccessProvider ap("mylabel-aes");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+    int current_aliases_num = count_aliases(ALIAS_KEY);
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+        CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+        CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
         "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        (current_aliases_num+1) == (temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
+}
+
+RUNNER_TEST(T1049_deinit)
+{
+    remove_user_data(USER_APP);
 }
 
 
@@ -742,22 +761,15 @@ RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
 
 RUNNER_TEST(T1110_init)
 {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    unlock_user_data(USER_APP, "user-pass");
 }
 
 RUNNER_TEST(T1111_CreateKeyPairRSA)
 {
     int temp;
     auto manager = CKM::Manager::create();
-    CKM::Alias a1("rsa-test-1");
-    CKM::Alias a2("rsa-test-2");
+    CKM::Alias a1 = sharedDatabase("rsa-test-1");
+    CKM::Alias a2 = sharedDatabase("rsa-test-2");
     CKM::Policy p1;
     CKM::Policy p2;
     RUNNER_ASSERT_MSG(
@@ -772,8 +784,8 @@ RUNNER_TEST(T1112_CreateKeyPairDSA)
 {
     int temp;
     auto manager = CKM::Manager::create();
-    CKM::Alias a1("dsa-test-1");
-    CKM::Alias a2("dsa-test-2");
+    CKM::Alias a1 = sharedDatabase("dsa-test-1");
+    CKM::Alias a2 = sharedDatabase("dsa-test-2");
     CKM::Policy p1;
     CKM::Policy p2;
     RUNNER_ASSERT_MSG(
@@ -788,8 +800,8 @@ RUNNER_TEST(T1113_CreateKeyPairECDSA)
 {
     int temp;
     auto manager = CKM::Manager::create();
-    CKM::Alias a1("ecdsa-test-1");
-    CKM::Alias a2("ecdsa-test-2");
+    CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
+    CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
     CKM::Policy p1;
     CKM::Policy p2;
     RUNNER_ASSERT_MSG(
@@ -799,33 +811,23 @@ RUNNER_TEST(T1113_CreateKeyPairECDSA)
 
 RUNNER_TEST(T1114_deinit)
 {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
 }
 
 RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
 
 RUNNER_TEST(T12100_init)
 {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    reset_user_data(USER_APP, APP_PASS);
 }
 
 RUNNER_TEST(T12101_key_exist)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int ret;
     auto manager = CKM::Manager::create();
 
@@ -857,6 +859,11 @@ RUNNER_TEST(T12101_key_exist)
 
 RUNNER_TEST(T12102_saveKey_empty_alias)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
         "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
         "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
@@ -881,6 +888,11 @@ RUNNER_TEST(T12102_saveKey_empty_alias)
 
 RUNNER_TEST(T12103_saveKey_foreign_label)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
       "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
       "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
@@ -904,6 +916,11 @@ RUNNER_TEST(T12103_saveKey_foreign_label)
 
 RUNNER_TEST(T12104_saveKey_empty_key)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     CKM::KeyShPtr key; //key is not initialized
     CKM::Alias alias = "empty-key";
 
@@ -916,6 +933,11 @@ RUNNER_TEST(T12104_saveKey_empty_key)
 
 RUNNER_TEST(T12105_saveCertificate_empty_alias)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     auto cert = TestData::getTestCertificate(TestData::GIAG2);
     CKM::Alias alias; //alias is not initialized
 
@@ -928,6 +950,11 @@ RUNNER_TEST(T12105_saveCertificate_empty_alias)
 
 RUNNER_TEST(T12106_saveCertificate_foreign_label)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     auto cert = TestData::getTestCertificate(TestData::GIAG2);
     CKM::Alias alias = "iamsomebodyelse alias";
 
@@ -940,6 +967,11 @@ RUNNER_TEST(T12106_saveCertificate_foreign_label)
 
 RUNNER_TEST(T12107_saveCertificate_empty_cert)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     CKM::CertificateShPtr cert; //cert is not initialized
     CKM::Alias alias = "empty-cert";
 
@@ -952,6 +984,11 @@ RUNNER_TEST(T12107_saveCertificate_empty_cert)
 
 RUNNER_TEST(T12108_saveData_empty_alias)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     std::string testData = "test data test data test data";
     CKM::RawBuffer buffer(testData.begin(), testData.end());
     CKM::Alias alias;
@@ -965,6 +1002,11 @@ RUNNER_TEST(T12108_saveData_empty_alias)
 
 RUNNER_TEST(T12109_saveData_foreign_label)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     std::string testData = "test data test data test data";
     CKM::RawBuffer buffer(testData.begin(), testData.end());
     CKM::Alias alias = "iamsomebodyelse alias";
@@ -978,6 +1020,11 @@ RUNNER_TEST(T12109_saveData_foreign_label)
 
 RUNNER_TEST(T12110_saveData_empty_data)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     CKM::RawBuffer buffer;
     CKM::Alias alias = "empty-data";
 
@@ -994,6 +1041,11 @@ RUNNER_TEST(T12110_saveData_empty_data)
 
 RUNNER_TEST(T12111_getKey_alias_not_exist)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     CKM::KeyShPtr key;
     CKM::Alias alias = "this-alias-not-exist";
 
@@ -1006,6 +1058,11 @@ RUNNER_TEST(T12111_getKey_alias_not_exist)
 
 RUNNER_TEST(T12112_getCertificate_alias_not_exist)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     CKM::CertificateShPtr certificate;
     CKM::Alias alias = "this-alias-not-exist";
 
@@ -1018,6 +1075,11 @@ RUNNER_TEST(T12112_getCertificate_alias_not_exist)
 
 RUNNER_TEST(T12113_getData_alias_not_exist)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int temp;
     auto manager = CKM::Manager::create();
     CKM::RawBuffer buffer;
@@ -1030,8 +1092,13 @@ RUNNER_TEST(T12113_getData_alias_not_exist)
 /*
  * These test cases tests API when damaged keys are used
  */
-RUNNER_TEST(T12114_rsa_key_damaged)
+RUNNER_TEST(T12114_RSA_key_damaged)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int ret;
     auto manager = CKM::Manager::create();
 
@@ -1057,8 +1124,13 @@ RUNNER_TEST(T12114_rsa_key_damaged)
         "Error=" << CKM::ErrorToString(ret));
 }
 
-RUNNER_TEST(T12115_rsa_key_too_short)
+RUNNER_TEST(T12115_RSA_key_too_short)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int ret;
     auto manager = CKM::Manager::create();
 
@@ -1081,8 +1153,13 @@ RUNNER_TEST(T12115_rsa_key_too_short)
         "Error=" << CKM::ErrorToString(ret));
 }
 
-RUNNER_TEST(T12116_dsa_key_too_short)
+RUNNER_TEST(T12116_DSA_key_too_short)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int ret;
     auto manager = CKM::Manager::create();
 
@@ -1108,13 +1185,33 @@ RUNNER_TEST(T12116_dsa_key_too_short)
         "Error=" << CKM::ErrorToString(ret));
 }
 
+RUNNER_TEST(T12117_AES_key_too_short)
+{
+    int ret;
+    auto manager = CKM::Manager::create();
+
+    size_t key_size = (128-1);
+    CKM::RawBuffer key_AES = createRandomBuffer(key_size/8);
+
+    auto key = CKM::Key::create(key_AES);
+    CKM::Alias alias = "short-AES";
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+        "Error=" << CKM::ErrorToString(ret));
+}
 
 /*
  * These test cases tests CKM service if malicious data is provided over the socket.
  */
 
-RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
+RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     int ret;
     auto manager = CKM::Manager::create();
 
@@ -1155,8 +1252,13 @@ RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
         "Error=" << CKM::ErrorToString(ret));
 }
 
-RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
+RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
 {
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     // fake the client - let the service detect the problem
     class WrongCertImpl : public CKM::Certificate
     {
@@ -1196,28 +1298,16 @@ RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T12119_deinit)
+RUNNER_TEST(T12120_deinit)
 {
-     int temp;
-     auto control = CKM::Control::create();
-
-     RUNNER_ASSERT_MSG(
-         CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-         "Error=" << CKM::ErrorToString(temp));
-     RUNNER_ASSERT_MSG(
-         CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-         "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(USER_APP);
 }
 
 RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
 
 RUNNER_TEST(T1311_init)
 {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
     RUNNER_ASSERT_MSG(time(0) > 1405343457,
         "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
 
@@ -1228,7 +1318,40 @@ RUNNER_TEST(T1311_init)
         "is not woking on the device. OCSP tests requires network access!");
 }
 
-RUNNER_TEST(T1312_get_chain)
+RUNNER_TEST(T13121_get_chain_no_cert)
+{
+    CKM::CertificateShPtrVector certChain;
+    CKM::CertificateShPtr cert;
+
+    auto manager = CKM::Manager::create();
+
+    int ret = manager->getCertificateChain(cert,
+                                       EMPTY_CERT_VECTOR,
+                                       EMPTY_CERT_VECTOR,
+                                       true,
+                                       certChain);
+    RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
+                         "Function should fail for empty certificate");
+}
+
+RUNNER_TEST(T13122_get_chain_empty_cert)
+{
+    CKM::CertificateShPtrVector certChain;
+    CKM::CertificateShPtr cert = CKM::Certificate::create(CKM::RawBuffer(),
+                                                          CKM::DataFormat::FORM_PEM);
+
+    auto manager = CKM::Manager::create();
+
+    int ret = manager->getCertificateChain(cert,
+                                       EMPTY_CERT_VECTOR,
+                                       EMPTY_CERT_VECTOR,
+                                       true,
+                                       certChain);
+    RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
+                         "Function should fail for empty certificate");
+}
+
+RUNNER_TEST(T13129_get_chain)
 {
     auto cert = TestData::getTestCertificate(TestData::MBANK);
     auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
@@ -1269,9 +1392,7 @@ RUNNER_TEST(T1313_get_chain_with_alias)
 
     CKM::CertificateShPtrVector certChain;
     CKM::AliasVector aliasVector;
-    CKM::Alias alias("imcert");
-    CharPtr top_label = get_label();
-    std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+    CKM::Alias alias = sharedDatabase("imcert");
 
     int tmp;
     auto manager = CKM::Manager::create();
@@ -1291,7 +1412,7 @@ RUNNER_TEST(T1313_get_chain_with_alias)
         CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
         "Error=" << CKM::ErrorToString(tmp));
 
-    aliasVector.push_back(full_address);
+    aliasVector.push_back(alias);
 
     tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
     RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
@@ -1301,10 +1422,8 @@ RUNNER_TEST(T1313_get_chain_with_alias)
         "Wrong size of certificate chain.");
 }
 
-RUNNER_TEST(T1314_ocsp_check)
+RUNNER_TEST(T13141_ocsp_check_valid_chain)
 {
-    RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
-
     auto cert = TestData::getTestCertificate(TestData::MBANK);
     auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
     CKM::CertificateShPtrVector certVector = {cert1};
@@ -1339,31 +1458,87 @@ RUNNER_TEST(T1314_ocsp_check)
     RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
 }
 
-RUNNER_TEST(T1315_deinit)
+RUNNER_TEST(T13142_ocsp_check_empty)
 {
-    int temp;
-    auto control = CKM::Control::create();
+    CKM::CertificateShPtrVector certVector;
 
+    auto manager = CKM::Manager::create();
+
+    int tmp;
+    int status;
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
+            CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
+        "ocspCheck should fail for empty certificate vector");
+}
+
+RUNNER_TEST(T13143_ocsp_check_empty_ptrs)
+{
+    CKM::CertificateShPtrVector certVector = {
+            CKM::CertificateShPtr(),
+            CKM::CertificateShPtr(),
+            CKM::CertificateShPtr()};
+
+    auto manager = CKM::Manager::create();
+
+    int tmp;
+    int status;
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+            CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
+        "ocspCheck should fail for empty certificate vector");
+}
+
+RUNNER_TEST(T13144_ocsp_check_root)
+{
+    auto root = TestData::getTestCertificate(TestData::EQUIFAX);
+    CKM::CertificateShPtrVector certVector = {root};
+
+    auto manager = CKM::Manager::create();
+
+    RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
+
+    int tmp;
+    int status;
+    RUNNER_ASSERT_MSG(
+            CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
+        "Ocsp should fail for single certificate");
+}
+
+RUNNER_TEST(T13145_ocsp_check_no_ocsp)
+{
+    auto root = TestData::getTestCertificate(TestData::EQUIFAX);
+    auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST);
+    auto ca1 = TestData::getTestCertificate(TestData::GIAG2);
+
+    CKM::CertificateShPtrVector certVector = {ca1, ca2, root};
+
+    auto manager = CKM::Manager::create();
+
+    RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
+    RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty");
+    RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty");
+
+    int tmp;
+    int status;
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)),
+        "Error=" << CKM::ErrorToString(tmp));
+
+    RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed");
+}
+
+RUNNER_TEST(T1315_deinit)
+{
+    remove_user_data(0);
 }
 
 RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
 
 RUNNER_TEST(T1411_init)
 {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
 }
 
-RUNNER_TEST(T1412_rsa_key_create_verify)
+RUNNER_TEST(T1412_RSA_key_create_verify)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -1411,8 +1586,8 @@ RUNNER_TEST(T1412_rsa_key_create_verify)
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "pub1";
-    CKM::Alias aliasPrv = "prv1";
+    CKM::Alias aliasPub = sharedDatabase("pub1");
+    CKM::Alias aliasPrv = sharedDatabase("prv1");
     CKM::Password password = "1234";
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -1454,7 +1629,7 @@ RUNNER_TEST(T1412_rsa_key_create_verify)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1413_dsa_key_create_verify)
+RUNNER_TEST(T1413_DSA_key_create_verify)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -1487,8 +1662,8 @@ RUNNER_TEST(T1413_dsa_key_create_verify)
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "pub2";
-    CKM::Alias aliasPrv = "prv2";
+    CKM::Alias aliasPub = sharedDatabase("pub2");
+    CKM::Alias aliasPrv = sharedDatabase("prv2");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
     CKM::RawBuffer signature;
@@ -1530,7 +1705,7 @@ RUNNER_TEST(T1413_dsa_key_create_verify)
 }
 
 
-RUNNER_TEST(T1414_ec_key_create_verify)
+RUNNER_TEST(T1414_ECDSA_key_create_verify)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -1548,8 +1723,8 @@ RUNNER_TEST(T1414_ec_key_create_verify)
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "ecpub2";
-    CKM::Alias aliasPrv = "ecprv2";
+    CKM::Alias aliasPub = sharedDatabase("ecpub2");
+    CKM::Alias aliasPrv = sharedDatabase("ecprv2");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
     CKM::RawBuffer signature;
@@ -1604,14 +1779,14 @@ RUNNER_TEST(T1414_ec_key_create_verify)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1415_rsa_key_create_verify_negative)
+RUNNER_TEST(T1415_RSA_key_create_verify_negative)
 {
     int temp;
     auto manager = CKM::Manager::create();
     std::string message = "message asdfaslkdfjlksadjf test";
 
-    CKM::Alias aliasPub = "pub1";
-    CKM::Alias aliasPrv = "prv1";
+    CKM::Alias aliasPub = sharedDatabase("pub1");
+    CKM::Alias aliasPrv = sharedDatabase("prv1");
 
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -1651,14 +1826,14 @@ RUNNER_TEST(T1415_rsa_key_create_verify_negative)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1416_dsa_key_create_verify_negative)
+RUNNER_TEST(T1416_DSA_key_create_verify_negative)
 {
     int temp;
     auto manager = CKM::Manager::create();
     std::string message = "message asdfaslkdfjlksadjf test";
 
-    CKM::Alias aliasPub = "pub2";
-    CKM::Alias aliasPrv = "prv2";
+    CKM::Alias aliasPub = sharedDatabase("pub2");
+    CKM::Alias aliasPrv = sharedDatabase("prv2");
 
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -1698,7 +1873,7 @@ RUNNER_TEST(T1416_dsa_key_create_verify_negative)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
+RUNNER_TEST(T1417_RSA_cert_create_verify_signature)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -1740,8 +1915,8 @@ RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "pub1-cert";
-    CKM::Alias aliasPrv = "prv1-cert";
+    CKM::Alias aliasPub = sharedDatabase("pub1-cert");
+    CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
     CKM::RawBuffer signature;
@@ -1796,7 +1971,7 @@ RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
+RUNNER_TEST(T1418_DSA_cert_create_verify_signature)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -1837,8 +2012,8 @@ RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "pub2-cert";
-    CKM::Alias aliasPrv = "prv2-cert";
+    CKM::Alias aliasPub = sharedDatabase("pub2-cert");
+    CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
     CKM::RawBuffer signature;
@@ -1893,7 +2068,7 @@ RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
+RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -1928,8 +2103,8 @@ RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "pub3";
-    CKM::Alias aliasPrv = "prv3";
+    CKM::Alias aliasPub = sharedDatabase("pub3");
+    CKM::Alias aliasPrv = sharedDatabase("prv3");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
     CKM::RawBuffer signature;
@@ -1986,15 +2161,7 @@ RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
 
 RUNNER_TEST(T1420_deinit)
 {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
 }
 
 RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
@@ -2002,10 +2169,7 @@ RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
 RUNNER_TEST(T14180_init)
 {
     int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
 
     auto manager = CKM::Manager::create();
 
@@ -2051,8 +2215,8 @@ RUNNER_TEST(T14180_init)
       "zQIDAQAB\n"
       "-----END PUBLIC KEY-----\n";
 
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
     CKM::Password password = "1234";
 
     auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
@@ -2082,8 +2246,8 @@ RUNNER_TEST(T14180_init)
         "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
         "-----END PUBLIC KEY-----\n";
 
-    CKM::Alias aliasEcPub = "ecpub_nohash1";
-    CKM::Alias aliasEcPrv = "ecprv_nohash1";
+    CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
+    CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
 
     auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
     auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
@@ -2102,14 +2266,14 @@ RUNNER_TEST(T14180_init)
 }
 
 
-RUNNER_TEST(T14181_rsa_create_signatue_nohash)
+RUNNER_TEST(T14181_RSA_create_signatue_nohash)
 {
     int temp;
     auto manager = CKM::Manager::create();
     std::string message = "message asdfaslkdfjlksadjf test";
 
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
 
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -2149,14 +2313,14 @@ RUNNER_TEST(T14181_rsa_create_signatue_nohash)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
+RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad)
 {
     int temp;
     auto manager = CKM::Manager::create();
     std::string message = "message asdfaslkdfjlksadjf test";
 
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
 
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
@@ -2173,7 +2337,7 @@ RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
+RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -2198,8 +2362,8 @@ RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
                           "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
                           "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
 
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
 
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -2217,15 +2381,15 @@ RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
 }
 
 
-RUNNER_TEST(T14184_ec_create_signatue_nohash)
+RUNNER_TEST(T14184_ECDSA_create_signatue_nohash)
 {
     int temp;
     auto manager = CKM::Manager::create();
 
     std::string message = "message test";
 
-    CKM::Alias aliasPub = "ecpub_nohash1";
-    CKM::Alias aliasPrv = "ecprv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
     CKM::RawBuffer signature;
@@ -2265,7 +2429,7 @@ RUNNER_TEST(T14184_ec_create_signatue_nohash)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
+RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
 {
     int temp;
     auto manager = CKM::Manager::create();
@@ -2273,13 +2437,13 @@ RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
     int msgSize = 1024*1024;
     char big_msg[msgSize];
     for(int i =0; i<msgSize-1; i++) {
-       big_msg[i] = 'a';
+        big_msg[i] = 'a';
     }
     big_msg[msgSize-1]=0x00;
     std::string message(big_msg);
 
-    CKM::Alias aliasPub = "ecpub_nohash1";
-    CKM::Alias aliasPrv = "ecprv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
     CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
     CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
     CKM::RawBuffer signature;
@@ -2298,66 +2462,55 @@ RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
 
 RUNNER_TEST(T14189_deinit)
 {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
 }
 
 
 RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
 
-namespace {
-CKM::Alias certeeAlias("CertEE");
-CKM::Alias certimAlias("CertIM");
-}
-RUNNER_CHILD_TEST(T1510_init_unlock_key)
+RUNNER_TEST(T1510_init_unlock_key)
 {
-    reset_user_data(USER_TEST, "strong-password");
-
-    // initial DB feed
-    AccessProvider ap("my-label");
-    ap.allowAPI("key-manager::api-storage", "rw");
-    ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+    reset_user_data(USER_TEST, APP_PASS);
+}
 
-    auto manager = CKM::Manager::create();
+RUNNER_TEST(T1511_insert_data)
+{
     auto certee = TestData::getTestCertificate(TestData::MBANK);
     auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
-    RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
-    RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
-}
+    CKM::Alias certeeAlias("CertEE");
+    CKM::Alias certimAlias("CertIM");
+    {
+        ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+        ScopedAccessProvider ap("my-label");
+        ap.allowAPI("key-manager::api-storage", "rw");
+        ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+        auto manager = CKM::Manager::create();
+        RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
+        RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
+    }
 
-RUNNER_TEST(T1511_restart_CKM)
-{
     // restart CKM
     stop_service(MANAGER);
     start_service(MANAGER);
-    unlock_user_data(USER_TEST, "strong-password");
-}
 
-RUNNER_CHILD_TEST(T1512_check_data_exists)
-{
     // actual test
-    AccessProvider ap("my-label");
-    ap.allowAPI("key-manager::api-storage", "rw");
-    ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
-    auto manager = CKM::Manager::create();
-    auto certee = TestData::getTestCertificate(TestData::MBANK);
-    auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
-    int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
-    int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
-    RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
-        "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
-    RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
-        "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+    {
+        ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+        ScopedAccessProvider ap("my-label");
+        ap.allowAPI("key-manager::api-storage", "rw");
+        ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+        auto manager = CKM::Manager::create();
+        int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
+        int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
+        RUNNER_ASSERT_MSG(
+            CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+            "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
+        RUNNER_ASSERT_MSG(
+            CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+            "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+    }
 }
 
 RUNNER_TEST(T1519_deinit)
@@ -2365,28 +2518,28 @@ RUNNER_TEST(T1519_deinit)
     remove_user_data(USER_TEST);
 }
 
-
 RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
 
 RUNNER_TEST(T1701_init_unlock_key)
 {
-    int tmp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
-        "Error=" << CKM::ErrorToString(tmp));
+    unlock_user_data(USER_TEST+1, "t170-special-password");
+
+    ScopedAccessProvider ap("t170-special-label");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
 }
 
 RUNNER_CHILD_TEST(T1702_insert_data)
 {
     int temp;
-    AccessProvider ap("t170-special-label");
+    ScopedAccessProvider ap("t170-special-label");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
 
     auto certee = TestData::getTestCertificate(TestData::MBANK);
 
     auto manager = CKM::Manager::create();
+    size_t current_aliases_num = count_aliases(ALIAS_CERT);
     int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
 
     RUNNER_ASSERT_MSG(
@@ -2398,8 +2551,8 @@ RUNNER_CHILD_TEST(T1702_insert_data)
         CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
         "Error=" << CKM::ErrorToString(temp));
     RUNNER_ASSERT_MSG(
-        1 == (temp = av.size()),
-        "Vector size: " << temp << ". Expected: 1");
+        (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
 }
 
 RUNNER_TEST(T1703_removeApplicationData)
@@ -2414,7 +2567,7 @@ RUNNER_TEST(T1703_removeApplicationData)
 RUNNER_CHILD_TEST(T1704_data_test)
 {
     int temp;
-    AccessProvider ap("t170-special-label");
+    ScopedAccessProvider ap("t170-special-label");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
 
@@ -2431,15 +2584,7 @@ RUNNER_CHILD_TEST(T1704_data_test)
 
 RUNNER_TEST(T1705_deinit)
 {
-    int tmp;
-
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
-        "Error=" << CKM::ErrorToString(tmp));
+    remove_user_data(USER_TEST+1);
 }
 
 RUNNER_TEST(T17101_init)
@@ -2471,7 +2616,7 @@ RUNNER_TEST(T17101_init)
 RUNNER_CHILD_TEST(T17102_prep_data_01)
 {
     int temp;
-    AccessProvider ap("t1706-special-label");
+    ScopedAccessProvider ap("t1706-special-label");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
 
@@ -2491,7 +2636,7 @@ RUNNER_CHILD_TEST(T17102_prep_data_01)
 RUNNER_CHILD_TEST(T17103_prep_data_02)
 {
     int temp;
-    AccessProvider ap("t1706-special-label2");
+    ScopedAccessProvider ap("t1706-special-label2");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
 
@@ -2511,7 +2656,7 @@ RUNNER_CHILD_TEST(T17103_prep_data_02)
 RUNNER_CHILD_TEST(T17104_prep_data_03)
 {
     int temp;
-    AccessProvider ap("t1706-special-label");
+    ScopedAccessProvider ap("t1706-special-label");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
 
@@ -2531,7 +2676,7 @@ RUNNER_CHILD_TEST(T17104_prep_data_03)
 RUNNER_CHILD_TEST(T17105_prep_data_04)
 {
     int temp;
-    AccessProvider ap("t1706-special-label2");
+    ScopedAccessProvider ap("t1706-special-label2");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
 
@@ -2564,7 +2709,7 @@ RUNNER_TEST(T17106_remove_application)
 RUNNER_CHILD_TEST(T17107_check_data_01)
 {
     int temp;
-    AccessProvider ap("t1706-special-label");
+    ScopedAccessProvider ap("t1706-special-label");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
 
@@ -2582,7 +2727,7 @@ RUNNER_CHILD_TEST(T17107_check_data_01)
 RUNNER_CHILD_TEST(T17108_check_data_02)
 {
     int temp;
-    AccessProvider ap("t1706-special-label2");
+    ScopedAccessProvider ap("t1706-special-label2");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
 
@@ -2610,7 +2755,7 @@ RUNNER_TEST(T17109_unlock_user2)
 RUNNER_CHILD_TEST(T17110_check_data_03)
 {
     int temp;
-    AccessProvider ap("t1706-special-label");
+    ScopedAccessProvider ap("t1706-special-label");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
 
@@ -2628,7 +2773,7 @@ RUNNER_CHILD_TEST(T17110_check_data_03)
 RUNNER_CHILD_TEST(T17111_check_data_04)
 {
     int temp;
-    AccessProvider ap("t1706-special-label2");
+    ScopedAccessProvider ap("t1706-special-label2");
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
 
@@ -2645,39 +2790,24 @@ RUNNER_CHILD_TEST(T17111_check_data_04)
 
 RUNNER_TEST(T17112_deinit)
 {
-    int tmp;
-
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
-        "Error=" << CKM::ErrorToString(tmp));
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
-        "Error=" << CKM::ErrorToString(tmp));
+    remove_user_data(USER_TEST+2);
+    remove_user_data(USER_TEST+3);
 }
 
 RUNNER_TEST_GROUP_INIT(T180_PKCS12);
 
 namespace
 {
-CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
-CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
-CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
-CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
-CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
-const char *PKCS_PASSWD = "PKCS-pass";
+CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
+CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
+CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
+CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
 }
 
 RUNNER_TEST(T1800_init)
 {
-    reset_user_data(0, PKCS_PASSWD);
+    remove_user_data(0);
 }
 
 RUNNER_TEST(T1801_parse_PKCS12) {
@@ -2864,7 +2994,7 @@ RUNNER_TEST(T1806_get_PKCS)
 
     // fail - no entry
     RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
         "Error=" << CKM::ErrorToString(temp));
 
     // fail - not exportable
@@ -3039,17 +3169,17 @@ RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
 RUNNER_TEST(T1810_verify_get_certificate_chain)
 {
     // this certificate has been signed using PKCS chain
-    std::string im = "-----BEGIN CERTIFICATE-----\n"
-        "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
-        "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
-        "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
-        "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
-        "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
-        "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
-        "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
-        "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
-        "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
-        "Qw==\n"
+    std::string im =
+        "-----BEGIN CERTIFICATE-----\n"
+        "MIIBozCCAQwCAQEwDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+        "c3RtZS5jb20wHhcNMTUxMjA5MTA0NjU0WhcNMjUxMjA2MTA0NjU0WjAYMRYwFAYD\n"
+        "VQQDDA1lZUB0ZXN0bWUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP\n"
+        "+fNsZB1Vlmhnk0IwYDs7Pw9E38KQfTt/egqqRFN6IvIt0CCDBXqnPTujuvlO2OyL\n"
+        "XVuALnIBmTDm5Oz+oz+qiY6/XrVS/CoACNZyMo6ihG9OeocvDbU3jXEaPGL6ib/x\n"
+        "jlms0aA9d5L9TO2lEzEP7bFKgHCB8FWINcxSP5zl1QIDAQABMA0GCSqGSIb3DQEB\n"
+        "BQUAA4GBAKBpVJMkdK6/qnAz7d7Bul/BhhSLEYbNPdxRiUj3U2dt0GJgswMu2SNT\n"
+        "/3NXB8V8mnnXR6cWn5bmjyA7ZpQEKAatS/KEQ9wfLXyCgYDRebX71mVKAI3XcyxB\n"
+        "p2qsOWWaJhuHmC1GVjx3foL+RDrmRo6BiucNHMIuvrd1W36eKdhj\n"
         "-----END CERTIFICATE-----\n";
 
     auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
@@ -3120,7 +3250,7 @@ RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
 
 RUNNER_TEST(T1812_get_pkcs12_password_tests)
 {
-    CKM::Alias alias = "t1812alias1";
+    CKM::Alias alias = sharedDatabase("t1812alias1");
 
     auto manager = CKM::Manager::create();
     std::ifstream is("/usr/share/ckm-test/pkcs.p12");
@@ -3189,24 +3319,21 @@ RUNNER_TEST(T1813_deinit)
 }
 
 RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-
+namespace {
+const char * const T190_PASSWD = "t190-special-password";
+}
 RUNNER_TEST(T1901_init_unlock_key)
 {
-    int tmp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
-        "Error=" << CKM::ErrorToString(tmp));
+    reset_user_data(USER_APP, T190_PASSWD);
 }
 
 RUNNER_TEST(T1902_get_data)
 {
+    ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
+    ScopedAccessProvider ap(TEST_LABEL);
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     auto manager = CKM::Manager::create();
     CKM::KeyShPtr ptr;
 
@@ -3222,12 +3349,16 @@ RUNNER_TEST(T1903_lock_database)
     int tmp;
     auto control = CKM::Control::create();
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
         "Error=" << CKM::ErrorToString(tmp));
 }
 
 RUNNER_TEST(T1904_get_data_from_locked_database)
 {
+    ScopedAccessProvider ap(TEST_LABEL);
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
     auto manager = CKM::Manager::create();
     CKM::KeyShPtr ptr;
 
@@ -3240,15 +3371,10 @@ RUNNER_TEST(T1904_get_data_from_locked_database)
 
 RUNNER_TEST(T1905_deinit)
 {
-    int tmp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(tmp));
+    remove_user_data(USER_APP);
 }
 
 int main(int argc, char *argv[])
 {
-    DPL::Log::LogSystemSingleton::Instance().SetTag("CKM_TESTS");
     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
 }
Domain: Security / Uncategorized;