auto key = CKM::Key::create(buffer, CKM::Password());
CKM::KeyShPtr key_name, key_full_addr;
CKM::Alias alias = "mykey-2";
- CharPtr top_label = get_label();
- std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+ std::string top_label = getOwnerIdFromSelf();
+ std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str());
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1034_app_remove_bin_data)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12101_key_exist)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12102_saveKey_empty_alias)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12103_saveKey_foreign_label)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12104_saveKey_empty_key)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias; //alias is not initialized
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
RUNNER_TEST(T12108_saveData_empty_alias)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12109_saveData_foreign_label)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12110_saveData_empty_data)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12113_getData_alias_not_exist)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
*/
RUNNER_TEST(T12114_RSA_key_damaged)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12115_RSA_key_too_short)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12116_DSA_key_too_short)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
"is not woking on the device. OCSP tests requires network access!");
}
-RUNNER_TEST(T1312_get_chain)
+RUNNER_TEST(T13121_get_chain_no_cert)
+{
+ CKM::CertificateShPtrVector certChain;
+ CKM::CertificateShPtr cert;
+
+ auto manager = CKM::Manager::create();
+
+ int ret = manager->getCertificateChain(cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
+ "Function should fail for empty certificate");
+}
+
+RUNNER_TEST(T13122_get_chain_empty_cert)
+{
+ CKM::CertificateShPtrVector certChain;
+ CKM::CertificateShPtr cert = CKM::Certificate::create(CKM::RawBuffer(),
+ CKM::DataFormat::FORM_PEM);
+
+ auto manager = CKM::Manager::create();
+
+ int ret = manager->getCertificateChain(cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
+ "Function should fail for empty certificate");
+}
+
+RUNNER_TEST(T13129_get_chain)
{
auto cert = TestData::getTestCertificate(TestData::MBANK);
auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
"Wrong size of certificate chain.");
}
-RUNNER_TEST(T1314_ocsp_check)
+RUNNER_TEST(T13141_ocsp_check_valid_chain)
{
- RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
-
auto cert = TestData::getTestCertificate(TestData::MBANK);
auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
CKM::CertificateShPtrVector certVector = {cert1};
RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
}
+RUNNER_TEST(T13142_ocsp_check_empty)
+{
+ CKM::CertificateShPtrVector certVector;
+
+ auto manager = CKM::Manager::create();
+
+ int tmp;
+ int status;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
+ "ocspCheck should fail for empty certificate vector");
+}
+
+RUNNER_TEST(T13143_ocsp_check_empty_ptrs)
+{
+ CKM::CertificateShPtrVector certVector = {
+ CKM::CertificateShPtr(),
+ CKM::CertificateShPtr(),
+ CKM::CertificateShPtr()};
+
+ auto manager = CKM::Manager::create();
+
+ int tmp;
+ int status;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
+ "ocspCheck should fail for empty certificate vector");
+}
+
+RUNNER_TEST(T13144_ocsp_check_root)
+{
+ auto root = TestData::getTestCertificate(TestData::EQUIFAX);
+ CKM::CertificateShPtrVector certVector = {root};
+
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
+
+ int tmp;
+ int status;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
+ "Ocsp should fail for single certificate");
+}
+
+RUNNER_TEST(T13145_ocsp_check_no_ocsp)
+{
+ auto root = TestData::getTestCertificate(TestData::EQUIFAX);
+ auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST);
+ auto ca1 = TestData::getTestCertificate(TestData::GIAG2);
+
+ CKM::CertificateShPtrVector certVector = {ca1, ca2, root};
+
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty");
+
+ int tmp;
+ int status;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed");
+}
+
RUNNER_TEST(T1315_deinit)
{
remove_user_data(0);
CKM::Alias certeeAlias("CertEE");
CKM::Alias certimAlias("CertIM");
{
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
ScopedAccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
auto manager = CKM::Manager::create();
RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
// actual test
{
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
ScopedAccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
auto manager = CKM::Manager::create();
int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
RUNNER_TEST(T1701_init_unlock_key)
{
+ unlock_user_data(USER_TEST+1, "t170-special-password");
+
ScopedAccessProvider ap("t170-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- unlock_user_data(USER_TEST+1, "t170-special-password");
}
RUNNER_CHILD_TEST(T1702_insert_data)
RUNNER_TEST(T1810_verify_get_certificate_chain)
{
// this certificate has been signed using PKCS chain
- std::string im = "-----BEGIN CERTIFICATE-----\n"
- "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
- "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
- "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
- "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
- "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
- "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
- "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
- "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
- "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
- "Qw==\n"
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIBozCCAQwCAQEwDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+ "c3RtZS5jb20wHhcNMTUxMjA5MTA0NjU0WhcNMjUxMjA2MTA0NjU0WjAYMRYwFAYD\n"
+ "VQQDDA1lZUB0ZXN0bWUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP\n"
+ "+fNsZB1Vlmhnk0IwYDs7Pw9E38KQfTt/egqqRFN6IvIt0CCDBXqnPTujuvlO2OyL\n"
+ "XVuALnIBmTDm5Oz+oz+qiY6/XrVS/CoACNZyMo6ihG9OeocvDbU3jXEaPGL6ib/x\n"
+ "jlms0aA9d5L9TO2lEzEP7bFKgHCB8FWINcxSP5zl1QIDAQABMA0GCSqGSIb3DQEB\n"
+ "BQUAA4GBAKBpVJMkdK6/qnAz7d7Bul/BhhSLEYbNPdxRiUj3U2dt0GJgswMu2SNT\n"
+ "/3NXB8V8mnnXR6cWn5bmjyA7ZpQEKAatS/KEQ9wfLXyCgYDRebX71mVKAI3XcyxB\n"
+ "p2qsOWWaJhuHmC1GVjx3foL+RDrmRo6BiucNHMIuvrd1W36eKdhj\n"
"-----END CERTIFICATE-----\n";
auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
RUNNER_TEST(T1902_get_data)
{
+ ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
projects / platform / core / test / security-tests.git / blobdiff