#include <tests_common.h>
#include <ckm-common.h>
-#include <access_provider2.h>
+#include <scoped-app-context.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-control.h>
const char* TEST_ALIAS3 = "test-alias3";
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+const char* RSA_PUB_KEY_PEM =
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
{
// invalid arguments check
RUNNER_TEST(T3001_manager_allow_access_invalid)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
RUNNER_ASSERT(
CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
// invalid arguments check
RUNNER_TEST(T3002_manager_deny_access_invalid)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
// tries to allow access for non existing alias
RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access for non existing alias
RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access that does not exist in database
RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// deny non existing access to existing alias
int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
"Denying non existing access returned: " << CKMCErrorToString(ret));
}
// tries to allow access to application own data
RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// verifies that alias can not contain forbidden characters
RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// verifies that label can not contain forbidden characters
RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_read_not_visible(TEST_ALIAS_adr.c_str());
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
// access should be overwritten
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
// prepare: add data
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
// remove permission
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
deny_access(TEST_ALIAS, APP_LABEL_2);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
// prepare: add data
const char *additional_data = "label-2-data";
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
// add data as app 2
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
save_data(TEST_ALIAS, additional_data);
allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
// test accessibility to app 2 from app 1
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
// test if can access label2 alias from label1 domain - should succeed
check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
// prepare: add data
size_t count;
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
save_data(TEST_ALIAS2, TEST_DATA);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
// remove permission
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
deny_access(TEST_ALIAS, APP_LABEL_2);
}
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
// test accessibility from another label
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
}
// tries to deny non existing access
-RUNNER_TEST(T3105_control_
deny_access_non_existing_access, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3105_control_
remove_non_existing_access, RemoveDataEnv<APP_1>)
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
"Denying non existing access returned: " << CKMCErrorToString(ret));
}
RUNNER_TEST(T3106_control_allow_access_to_myself, RemoveDataEnv<APP_1>)
{
// prepare: add data
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
// test
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
// prepare: add data
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
// test
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
// prepare: add data
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
// test
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
// prepare: add data
size_t count;
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
save_data(TEST_ALIAS2, TEST_DATA);
allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
{
// prepare: add data
{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
save_data(TEST_ALIAS, TEST_DATA);
}
allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
{
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
+
+RUNNER_TEST(utc_ckmc_get_key_alias_info_list_p)
+{
+ ckmc_alias_info_list_s* ppalias_list = NULL;
+
+ int ret = ckmc_get_key_alias_info_list(&ppalias_list);
+ ckmc_alias_info_list_all_free(ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN, "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
+}
+
+RUNNER_TEST(utc_ckmc_get_key_alias_info_list_n)
+{
+ int ret = ckmc_get_key_alias_info_list(NULL);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER, "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
+}
+
+RUNNER_TEST(utc_ckmc_get_cert_alias_info_list_p)
+{
+ ckmc_alias_info_list_s* ppalias_list = NULL;
+
+ int ret = ckmc_get_cert_alias_info_list(&ppalias_list);
+ ckmc_alias_info_list_all_free(ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN, "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
+}
+
+RUNNER_TEST(utc_ckmc_get_cert_alias_info_list_n)
+{
+ int ret = ckmc_get_cert_alias_info_list(NULL);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER, "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
+}
+
+
+RUNNER_TEST(utc_ckmc_get_data_alias_info_list_p1)
+{
+ ckmc_alias_info_list_s* ppalias_list = NULL;
+
+ int ret = ckmc_get_data_alias_info_list(&ppalias_list);
+ ckmc_alias_info_list_all_free(ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_DB_ALIAS_UNKNOWN, "Expected CKMC_ERROR_DB_ALIAS_UNKNOWN, returned: " << CKMCErrorToString(ret));
+}
+
+
+RUNNER_TEST(utc_ckmc_get_data_alias_info_list_p2, RemoveDataEnv<APP_1>)
+{
+ ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ save_data(TEST_ALIAS, TEST_DATA);
+
+ ckmc_alias_info_list_s* ppalias_list = NULL;
+
+ int ret = ckmc_get_data_alias_info_list(&ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, returned: " << CKMCErrorToString(ret));
+
+ char* alias = NULL;
+ ret = ckmc_alias_info_get_alias(ppalias_list->info, &alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias, returned: " << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(ppalias_list->next == NULL, "More elements returned");
+ std::string aliasOrig = std::string(APP_LABEL_1) + " " + std::string(TEST_ALIAS);
+ RUNNER_ASSERT_MSG(strcmp(alias, aliasOrig.c_str()) == 0, "Invalid aliast returned : " << alias);
+
+ ckmc_alias_info_list_all_free(ppalias_list);
+
+}
+
+
+RUNNER_TEST(utc_ckmc_get_data_alias_info_list_n)
+{
+ int ret = ckmc_get_data_alias_info_list(NULL);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_INVALID_PARAMETER, "Expected invalid parameter error, returned: " << CKMCErrorToString(ret));
+}
+
+RUNNER_TEST(utc_ckmc_alias_info_get_alias_p)
+{
+ ckmc_alias_info_list_s *ppalias_list, *tmp;
+ ckmc_key_s test_key;
+ ckmc_policy_s test_policy;
+ int ret;
+ char* current_alias;
+ const char* alias = "utc_ckmc_alias_info_get_alias_p_test_alias";
+ bool foundAlias = false;
+
+ test_key.raw_key = (unsigned char *)RSA_PUB_KEY_PEM;
+ test_key.key_size = strlen(RSA_PUB_KEY_PEM);
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = NULL;
+
+ test_policy.password = NULL;
+ test_policy.extractable = true;
+
+ ret = ckmc_save_key(alias, test_key, test_policy);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+
+ ret = ckmc_get_key_alias_info_list(&ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+
+ tmp = ppalias_list;
+
+ while (tmp) {
+ ret = ckmc_alias_info_get_alias(tmp->info, ¤t_alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+ if (strstr(current_alias, alias)) {
+ foundAlias = true;
+ break;
+ }
+ tmp = tmp->next;
+ }
+ ckmc_alias_info_list_all_free(ppalias_list);
+ ckmc_remove_key(alias);
+ RUNNER_ASSERT_MSG(foundAlias == true, "Expected to find alias, but alias not found");
+}
+
+RUNNER_TEST(utc_ckmc_alias_info_is_password_protected_p)
+{
+ ckmc_alias_info_list_s *ppalias_list, *tmp;
+ ckmc_key_s test_key;
+ ckmc_policy_s test_policy;
+ int ret;
+ char* current_alias;
+ const char* alias = "utc_ckmc_alias_info_get_alias_p_test_alias";
+ bool foundAlias = false;
+
+ test_key.raw_key = (unsigned char *)RSA_PUB_KEY_PEM;
+ test_key.key_size = strlen(RSA_PUB_KEY_PEM);
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = NULL;
+
+ test_policy.password = NULL;
+ test_policy.extractable = true;
+
+ ret = ckmc_save_key(alias, test_key, test_policy);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+
+ ret = ckmc_get_key_alias_info_list(&ppalias_list);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+
+ tmp = ppalias_list;
+
+ while (tmp) {
+ ret = ckmc_alias_info_get_alias(tmp->info, ¤t_alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+ if (strstr(current_alias, alias)) {
+ foundAlias = true;
+ bool is_password_protected;
+ ret = ckmc_alias_info_is_password_protected(tmp->info, &is_password_protected);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Expected no error, got " << CKMCErrorToString(ret));
+ RUNNER_ASSERT(is_password_protected == false);
+ break;
+ }
+ tmp = tmp->next;
+ }
+ ckmc_alias_info_list_all_free(ppalias_list);
+ ckmc_remove_key(alias);
+ RUNNER_ASSERT(foundAlias == true);
+}
projects / platform / core / test / security-tests.git / blobdiff