{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s *cert2;
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s cert;
CKMCReadableError(temp));
}
-RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s *cert2 = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- CKM::Alias alias = "test-cert-1-DSA";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
RUNNER_TEST(T30211_deinit_C_API)
{
int temp;
}
-RUNNER_TEST(T3036_deinit_C_API)
+RUNNER_TEST(T3036_alias_new_C_API)
+{
+ char *full_alias = NULL;
+ std::string owner_id = "iocma412ovyc";
+ std::string alias = "fvyuweq27c";
+
+ std::string full_alias_str = owner_id + ckmc_owner_id_separator + alias;
+
+ int temp = ckmc_alias_new(owner_id.c_str(), alias.c_str(), &full_alias);
+ std::unique_ptr<char, void(*)(void *)> p(full_alias, ::free);
+ RUNNER_ASSERT_MSG(temp == CKMC_ERROR_NONE, CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(full_alias_str == full_alias,
+ "Invalid full alias. expected(" << full_alias_str <<
+ ") actual(" << full_alias << ")");
+}
+
+RUNNER_TEST(T3037_deinit_C_API)
{
int temp;
RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
{
- const size_t BIG_SIZE = 5000000;
+ // We don't know which backend will be used
+ const size_t BIG_SIZE = 100000;
std::vector<char> big_data(BIG_SIZE);
std::ifstream is("/dev/urandom", std::ifstream::binary);
check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
}
+RUNNER_TEST(T3046_save_get_password_protected_data)
+{
+ const char *alias = "T3046_data_alias";
+ const char *password = "test-password";
+ std::vector<unsigned char> data = { 0x28, 0x34, 0x5a, 0xf3 };
+
+ ckmc_raw_buffer_s raw_buffer;
+ raw_buffer.data = data.data();
+ raw_buffer.size = data.size();
+
+ ckmc_policy_s policy;
+ policy.password = const_cast<char *>(password);
+ policy.extractable = 1;
+
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(alias, raw_buffer, policy)),
+ CKMCReadableError(temp));
+
+ ckmc_raw_buffer_s *raw_buffer_stored = nullptr;
+
+ // test negative case first
+ temp = ckmc_get_data(alias, "invalid_password", &raw_buffer_stored);
+
+ // make scoped buffer for in case of success
+ std::unique_ptr<ckmc_raw_buffer_s, void(*)(ckmc_raw_buffer_s *)> scoped_buffer(
+ raw_buffer_stored, ckmc_buffer_free);
+
+ RUNNER_ASSERT_MSG(temp == CKMC_ERROR_AUTHENTICATION_FAILED,
+ "expected(" << CKMCErrorToString(CKMC_ERROR_AUTHENTICATION_FAILED)
+ << ") but ret(" << CKMCErrorToString(temp) << ")");
+
+ temp = ckmc_get_data(alias, password, &raw_buffer_stored);
+ // reset buffer with raw buffer of positive case
+ scoped_buffer.reset(raw_buffer_stored);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ raw_buffer_stored->size == raw_buffer.size,
+ "stored raw buffer size(" << raw_buffer_stored->size
+ << ") is differ to original raw buffer size(" << raw_buffer.size << ")");
+ for (size_t i = 0; i < raw_buffer_stored->size; ++i)
+ RUNNER_ASSERT_MSG(
+ raw_buffer_stored->data[i] == raw_buffer.data[i],
+ "stored raw buffer data[" << i << "](" << raw_buffer_stored->data[i]
+ << ") is differ to original raw buffer data["
+ << i << "](" << raw_buffer.data[i] << ")");
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_alias(alias)),
+ CKMCReadableError(temp));
+}
+
RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
+ std::string im = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_IM);
ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(im.data());
+ c_cert.cert_size = im.size();
c_cert.data_format = CKMC_FORM_PEM;
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
ckmc_cert_list_s *cert_chain_list;
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ int tmp = ckmc_get_cert_chain(&c_cert, NULL, &cert_chain_list);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = const_cast<char *>(key_passwd);
CKMCReadableError(temp));
}
-RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
+RUNNER_TEST(T3083a_CAPI__rsa_key_create_verify_negative)
{
int temp;
CKMCReadableError(temp));
}
+RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
+{
+ int temp;
+
+ unsigned char hashed_msg[256] = {}; // shouldn't need padding (2048-bit key)
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = hashed_msg;
+ msg_buff.size = sizeof(hashed_msg);
+ ckmc_raw_buffer_s short_data = prepare_message_buffer("length not equal to key size");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_raw_buffer_s *signature;
+
+ // sign: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // sign: no padding + no hash + short data
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ short_data,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // sign: no padding + no hash + correct length
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+
+ // sign: padding + no hash + short data
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ short_data,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // verify: padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
+
+
RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
{
int temp;
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pubpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
{
int temp;
- const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
"MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
"BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
"YMYCBhubtrVaLmc=\n"
"-----END PUBLIC KEY-----";
- const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
"NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
"ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
ckmc_raw_buffer_s *signature = NULL;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(priv.data());
prikey.key_size = priv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = NULL;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *raw_key = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int key_size = keyPem.size();
ckmc_key_type_e key_type = CKMC_KEY_NONE;
char *password = const_cast< char *>("");
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *data = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int size = keyPem.size();
ckmc_raw_buffer_s *buff;
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
+ unsigned char *raw_cert = reinterpret_cast<unsigned char *>(certPem.data());
unsigned int size = certPem.size();
ckmc_data_format_e form = CKMC_FORM_PEM;
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);
{
CKM::Alias alias_PKCS_exportable = "CAPI-test-PKCS-export";
CKM::Alias alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+CKM::Alias alias_PKCS_key_not_exportable = "CAPI-test-PKCS-no-key-export";
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
RUNNER_ASSERT_MSG(
CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
+ CKMCReadableError(temp));
// try to lookup key
ckmc_key_s *key_lookup = NULL;
CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
CKMCReadableError(temp));
ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), "", &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
// try to lookup certificate
ckmc_cert_s *cert_lookup = NULL;
CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
CKMCReadableError(temp));
ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
ckmc_pkcs12_free(pkcs);
pkcs = NULL;
+ // success - partially exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_key_not_exportable.c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL == pkcs->priv_key, "there should be no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+ size_t cntr = 0;
+ ckmc_cert_list_s *iter = pkcs->ca_chain;
+ do {
+ cntr++;
+ iter = iter->next;
+ } while (iter);
+ RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+ ckmc_pkcs12_free(pkcs);
+
+
// success - exportable
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
- size_t cntr = 0;
- ckmc_cert_list_s *iter = pkcs->ca_chain;
+ cntr = 0;
+ iter = pkcs->ca_chain;
do {
cntr ++;
iter = iter->next;
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_key_not_exportable.c_str())),
+ CKMCReadableError(tmp));
// expect lookup fails due to unknown alias
// try to lookup key
CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
CKMCReadableError(tmp));
ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
// try to lookup certificate
ckmc_cert_s *cert_lookup = NULL;
CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
CKMCReadableError(tmp));
ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)