*/
#include <mutex>
+#include <utility>
#include <condition_variable>
-#include <chrono>
+#include <cassert>
+
+#include <ckmc/ckmc-type.h>
+#include <ckm/ckm-manager-async.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-raw-buffer.h>
+
+#include <fstream>
+
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <dpl/log/log.h>
-#include <ckm/ckm-manager-async.h>
-#include <ckm/ckm-control.h>
-#include <tests_common.h>
-#include <access_provider.h>
-RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+#include <tests_common.h>
+#include <ckm-common.h>
using namespace CKM;
using namespace std;
namespace {
+const char* TEST_LABEL = "test_label";
+const CertificateShPtrVector EMPTY_CERT_VECTOR;
+const AliasVector EMPTY_ALIAS_VECTOR;
+
class MyObserver: public ManagerAsync::Observer
{
public:
m_cv.notify_one();
}
- void ReceivedSaveKey()
- {
- LogDebug("Key saved");
- m_finished = true;
- m_cv.notify_one();
- }
+ void ReceivedSaveKey() { Succeeded(); }
+ void ReceivedSaveCertificate() { Succeeded(); }
+ void ReceivedSaveData() { Succeeded(); }
+ void ReceivedSavePKCS12() { Succeeded(); }
+
+ void ReceivedRemovedAlias() { Succeeded(); }
+
+ void ReceivedKey(Key &&) { Succeeded(); }
+ void ReceivedCertificate(Certificate &&) { Succeeded(); }
+ void ReceivedData(RawBuffer &&) { Succeeded(); }
+ void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
+
+ void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+
+ void ReceivedCreateKeyPairRSA() { Succeeded(); }
+ void ReceivedCreateKeyPairDSA() { Succeeded(); }
+ void ReceivedCreateKeyPairECDSA() { Succeeded(); }
+
+ void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
+ { m_certChain = move(chain); Succeeded(); }
+
+ void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
+ void ReceivedVerifySignature() { Succeeded(); }
+
+ void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
+
+ void ReceivedSetPermission() { Succeeded(); }
void WaitForResponse()
{
unique_lock < mutex > lock(m_mutex);
- if (!m_cv.wait_for(lock, std::chrono::seconds(5), [this] {return m_finished;}))
- RUNNER_ASSERT_MSG(false, "Timeout reached!");
+ m_cv.wait(lock, [this] {return m_finished;});
}
bool m_finished;
int m_error;
+ AliasVector m_aliases;
+ CertificateShPtrVector m_certChain;
+ PKCS12ShPtr m_pkcs;
+ RawBuffer m_signed;
+ int m_ocspStatus;
protected:
+ void Succeeded()
+ {
+ LogDebug("Succeeded");
+ m_finished = true;
+ m_cv.notify_one();
+ }
+
mutex m_mutex;
condition_variable m_cv;
};
-const uid_t USER_APP = 5000;
-const uid_t USER_ROOT = 0;
-const char* USER_PASS = "user-pass";
-const char* ROOT_PASS = "test-pass";
-const char* ALIAS1 = "alias1";
+typedef shared_ptr<MyObserver> MyObserverPtr;
+
+const char* TEST_PASS = "test-pass";
+
+enum Type {
+ RSA,
+ DSA,
+ ECDSA
+};
+
+struct KeyPair
+{
+ KeyPair(const std::string& prv_pem, const std::string& pub_pem) {
+ RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
+ prv = Key::create(buffer_prv);
+ assert(prv);
+
+ RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
+ pub = Key::create(buffer_pub);
+ assert(pub);
+ }
+
+ KeyShPtr prv;
+ KeyShPtr pub;
+};
+
+typedef map<Type, vector<KeyPair> > KeyMap;
+
+
+KeyMap initializeKeys()
+{
+ KeyMap km;
+
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
+ "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
+ "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
+ "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
+ "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
+ "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
+ "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
+ "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
+ "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
+ "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
+ "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
+ "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
+ "-----END RSA PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
+ "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
+ "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
+ "3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "-----END PUBLIC KEY-----"
+ );
+ km[DSA].emplace_back(
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
+ "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
+ "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
+ "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
+ "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
+ "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
+ "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
+ "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
+ "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
+ "yAKPlW7WQzgV5jLLNUW7\n"
+ "-----END DSA PRIVATE KEY-----",
+
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
+ "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
+ "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
+ "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
+ "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
+ "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
+ "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
+ "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
+ "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
+ "yAKPlW7WQzgV5jLLNUW7\n"
+ "-----END DSA PRIVATE KEY-----"
+ );
+ km[ECDSA].emplace_back(
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
+ "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
+ "sQ==\n"
+ "-----END EC PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
+ "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
+ "-----END PUBLIC KEY-----"
+ );
+ return km;
+}
+
+KeyMap keys = initializeKeys();
-string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+CertificateShPtr createCert(const std::string& cert) {
+ RawBuffer buffer_cert(cert.begin(), cert.end());
+ CertificateShPtr cptr = Certificate::create(buffer_cert, DataFormat::FORM_PEM);
+ assert(cptr);
+ return cptr;
+}
+
+typedef vector<CertificateShPtr> CertVector;
+
+CertVector initializeCerts()
+{
+ CertVector cv;
+ cv.emplace_back(createCert(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n"
+ ));
+
+ cv.emplace_back(createCert(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n"
+ ));
+ return cv;
+}
-KeyShPtr prepareKey()
+CertVector certs = initializeCerts();
+
+const RawBuffer raw_buffer(const char* buffer)
{
- RawBuffer buffer(keyPem.begin(), keyPem.end());
- KeyShPtr k = Key::create(buffer);
- RUNNER_ASSERT_MSG(k, "Key was not created!");
- return k;
+ return RawBuffer(buffer, buffer + strlen(buffer));
}
-void test_expect_invalid_param(const Alias &alias, const KeyShPtr &key, const Policy &policy)
+const RawBuffer test_buffer = raw_buffer("test_string");
+
+template <typename F, typename... Args>
+void test_negative(F&& func, int expected, Args... args)
{
- shared_ptr<MyObserver> obs = make_shared<MyObserver>();
+ MyObserverPtr obs = make_shared<MyObserver>();
ManagerAsync mgr;
- mgr.saveKey(static_pointer_cast < ManagerAsync::Observer > (obs), alias, key, policy);
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
obs->WaitForResponse();
RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
- RUNNER_ASSERT_MSG(obs->m_error == CKM_API_ERROR_INPUT_PARAM,
- "Expected " << CKM_API_ERROR_INPUT_PARAM << " error, got: " << obs->m_error);
+ RUNNER_ASSERT_MSG(
+ obs->m_error == expected,
+ "Expected " << expected << "/" << ErrorToString(expected) <<
+ " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
+}
+
+template <typename F, typename... Args>
+void test_invalid_param(F&& func, Args... args)
+{
+ test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
}
-void test_save_key() {
- shared_ptr<MyObserver> obs = make_shared<MyObserver>();
+template <typename F, typename... Args>
+void test_no_observer(F&& func, Args... args)
+{
+ ManagerAsync::ObserverPtr obs;
ManagerAsync mgr;
- KeyShPtr key = prepareKey();
+ try {
+ (mgr.*func)(obs, args...);
+ RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
+ } catch (const invalid_argument& e) {
+ RUNNER_ASSERT(true);
+ } catch (...) {
+ RUNNER_ASSERT_MSG(false, "Unexpected exception");
+ }
+}
+
+template <typename F, typename... Args>
+MyObserverPtr test_positive(F&& func, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
- mgr.saveKey(static_pointer_cast < ManagerAsync::Observer > (obs), ALIAS1, key, Policy());
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
obs->WaitForResponse();
RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
RUNNER_ASSERT_MSG(obs->m_error == 0,
- "Request failed " << obs->m_error << ":" << CKM::ErrorToString(obs->m_error));
+ "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
+ return obs;
}
+template <typename F, typename... Args>
+void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
+}
+
+template <typename F, typename... Args>
+void test_check_cert_chain(F&& func, size_t expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(
+ obs->m_certChain.size() == expected,
+ "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
+}
+
+typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const CertificateShPtrVector&,
+ const CertificateShPtrVector&,
+ bool);
+
+typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const AliasVector&,
+ const AliasVector&,
+ bool);
} // namespace anonymous
-// TODO get rid of test dependency
+
+RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+
RUNNER_TEST(TA0000_init)
{
int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, USER_PASS)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_ROOT, ROOT_PASS)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(USER_ROOT)),
- "Error=" << CKM::ErrorToString(temp));
+ ControlShPtr control = Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
+ "Error=" << ErrorToString(temp));
}
-RUNNER_TEST(TA0010_save_key_no_observer)
+// saveKey
+RUNNER_CHILD_TEST(TA0010_save_key_invalid_param)
{
- ManagerAsync::ObserverPtr obs;
- ManagerAsync mgr;
+ switch_to_storage_user(TEST_LABEL);
- KeyShPtr key = prepareKey();
+ test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
+ test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
+ test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
+}
- try {
- mgr.saveKey(obs, ALIAS1, key, Policy());
- RUNNER_ASSERT_MSG(false, "saveKey() should have thrown an exception");
- } catch (const std::invalid_argument& e) {
- RUNNER_ASSERT(true);
- } catch (...) {
- RUNNER_ASSERT_MSG(false, "Unexpected exception");
+RUNNER_CHILD_TEST(TA0020_save_key_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
+ test_negative(&ManagerAsync::saveKey,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ dbc.alias("alias"),
+ keys[RSA][0].prv,
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA0050_save_key_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
+}
+
+
+// saveCertificate
+RUNNER_CHILD_TEST(TA0110_save_cert_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
+ test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
+ test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
+ test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
+}
+
+RUNNER_CHILD_TEST(TA0120_save_cert_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), certs[0], Policy());
+ test_negative(&ManagerAsync::saveCertificate,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ dbc.alias("alias"),
+ certs[0],
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA0150_save_cert_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), certs[0], Policy());
+}
+
+
+// saveData
+RUNNER_CHILD_TEST(TA0210_save_data_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
+ test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
+ test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
+}
+
+RUNNER_CHILD_TEST(TA0220_save_data_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_negative(&ManagerAsync::saveData,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ dbc.alias("alias"),
+ test_buffer,
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA0250_save_data_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+}
+
+
+// removeKey
+RUNNER_CHILD_TEST(TA0310_remove_alias_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::removeAlias, "alias");
+ test_invalid_param(&ManagerAsync::removeAlias, "");
+}
+
+RUNNER_CHILD_TEST(TA0330_remove_alias_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
+}
+
+RUNNER_CHILD_TEST(TA0350_remove_key_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
+}
+
+
+RUNNER_CHILD_TEST(TA0450_remove_cert_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), certs[0], Policy());
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
+}
+
+
+RUNNER_CHILD_TEST(TA0550_remove_data_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
+}
+
+
+// getKey
+RUNNER_CHILD_TEST(TA0610_get_key_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getKey, "alias", "");
+ test_invalid_param(&ManagerAsync::getKey, "", "");
+}
+
+RUNNER_CHILD_TEST(TA0630_get_key_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
+}
+
+RUNNER_CHILD_TEST(TA0640_get_key_wrong_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_negative(&ManagerAsync::getKey,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias"),
+ "wrong-password");
+}
+
+RUNNER_CHILD_TEST(TA0650_get_key_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::getKey, dbc.alias("alias"), "password");
+}
+
+
+// getCertificate
+RUNNER_CHILD_TEST(TA0710_get_cert_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getCertificate, "alias", "");
+ test_invalid_param(&ManagerAsync::getCertificate, "", "");
+}
+
+RUNNER_CHILD_TEST(TA0730_get_cert_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getCertificate,
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN,
+ "non-existing-alias",
+ "");
+}
+
+RUNNER_CHILD_TEST(TA0740_get_cert_wrong_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate,
+ dbc.alias("alias"),
+ certs[0],
+ Policy("password"));
+ test_negative(&ManagerAsync::getCertificate,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias"),
+ "wrong-password");
+}
+
+RUNNER_CHILD_TEST(TA0750_get_cert_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), certs[0], Policy("password"));
+ test_positive(&ManagerAsync::getCertificate, dbc.alias("alias"), "password");
+}
+
+
+// getData
+RUNNER_CHILD_TEST(TA0810_get_data_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getData, "alias", "");
+ test_invalid_param(&ManagerAsync::getData, "", "");
+}
+
+RUNNER_CHILD_TEST(TA0830_get_data_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
+}
+
+RUNNER_CHILD_TEST(TA0840_get_data_wrong_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
+ test_negative(&ManagerAsync::getData,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias"),
+ "wrong-password");
+}
+
+RUNNER_CHILD_TEST(TA0850_get_data_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
+ test_positive(&ManagerAsync::getData, dbc.alias("alias"), "password");
+}
+
+
+// getKeyAliasVector
+RUNNER_CHILD_TEST(TA0910_get_key_alias_vector_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getKeyAliasVector);
+}
+
+RUNNER_CHILD_TEST(TA0950_get_key_alias_vector_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias1"), keys[RSA][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
+
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias2"), keys[DSA][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+}
+
+
+// getCertificateAliasVector
+RUNNER_CHILD_TEST(TA1010_get_cert_alias_vector_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getCertificateAliasVector);
+}
+
+RUNNER_CHILD_TEST(TA1050_get_cert_alias_vector_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias1"), certs[0], Policy());
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
+
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias2"), certs[1], Policy());
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+}
+
+
+// getDataAliasVector
+RUNNER_CHILD_TEST(TA1110_get_data_alias_vector_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getDataAliasVector);
+}
+
+RUNNER_CHILD_TEST(TA1150_get_data_alias_vector_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias1"), test_buffer, Policy());
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
+
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+}
+
+
+// createKeyPairRSA
+RUNNER_CHILD_TEST(TA1210_create_key_pair_rsa_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createKeyPairRSA,
+ 1024,
+ "alias_prv",
+ "alias_pub",
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1220_create_key_pair_rsa_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyPairRSA,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1250_create_key_pair_rsa_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::createKeyPairRSA,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
+}
+
+// createKeyPairDSA
+RUNNER_CHILD_TEST(TA1270_create_key_pair_dsa_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createKeyPairDSA,
+ 1024,
+ "alias_prv",
+ "alias_pub",
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1280_create_key_pair_dsa_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[DSA][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyPairDSA,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1290_create_key_pair_dsa_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::createKeyPairDSA,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
+}
+
+// createKeyPairECDSA
+RUNNER_CHILD_TEST(TA1310_create_key_pair_ecdsa_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createKeyPairECDSA,
+ ElipticCurve::prime192v1,
+ "alias_prv",
+ "alias_pub",
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1320_create_key_pair_ecdsa_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[ECDSA][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyPairECDSA,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ ElipticCurve::prime192v1,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1350_create_key_pair_ecdsa_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::createKeyPairECDSA,
+ ElipticCurve::prime192v1,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
+}
+
+
+// getCertificateChain
+RUNNER_CHILD_TEST(TA1410_get_certificate_chain_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ CertificateShPtr cert = certs[0];
+ CertificateShPtrVector certv = { certs[1] };
+ test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+ test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
+ CertificateShPtr(),
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+
+ Alias alias = "alias";
+ AliasVector aliasv = { alias };
+ test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
+ cert,
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+ test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
+ CertificateShPtr(),
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+}
+
+RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtr cert = certs[0];
+ CertificateShPtrVector certv = { certs[0] };
+ test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true);
+ test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+ AliasVector aliasv = { dbc.alias("alias") };
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], certs[0], Policy());
+ test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ EMPTY_ALIAS_VECTOR,
+ EMPTY_ALIAS_VECTOR,
+ true);
+ test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+}
+
+RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtr cert = certs[0];
+ CertificateShPtrVector certv = { certs[1] };
+ test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
+ 3,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+
+ AliasVector aliasv = { dbc.alias("alias") };
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], certs[1], Policy());
+ test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
+ 3,
+ cert,
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+}
+
+
+// createSignature
+RUNNER_CHILD_TEST(TA1510_create_signature_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createSignature,
+ "alias",
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+ test_invalid_param(&ManagerAsync::createSignature,
+ "",
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+ test_invalid_param(&ManagerAsync::createSignature,
+ "alias",
+ "",
+ RawBuffer(),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1520_create_signature_invalid_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_negative(&ManagerAsync::createSignature,
+ CKM_API_ERROR_INPUT_PARAM,
+ dbc.alias("alias"),
+ "wrong-password",
+ RawBuffer(),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1550_create_signature_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias"),
+ "password",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+
+// verifySignature
+RUNNER_CHILD_TEST(TA1610_verify_signature_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::verifySignature,
+ "",
+ "",
+ RawBuffer(),
+ RawBuffer(),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+ test_invalid_param(&ManagerAsync::verifySignature,
+ "",
+ "",
+ test_buffer,
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1620_verify_signature_invalid_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "pass1",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias_pub"),
+ "wrong-password",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1630_verify_signature_invalid_message)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
+
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub"),
+ "",
+ raw_buffer("invalid-unsigned-mesage"),
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1640_verify_signature_invalid_signature)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub"),
+ "",
+ test_buffer,
+ raw_buffer("invalid-signature"),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1650_verify_signature_wrong_key)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_SERVER_ERROR,
+ dbc.alias("alias_prv"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1660_verify_signature_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "pass1",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_positive(&ManagerAsync::verifySignature,
+ dbc.alias("alias_pub"),
+ "pass2",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+
+// ocspCheck
+RUNNER_CHILD_TEST(TA1710_ocsp_check_invalid_param)
+{
+ test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
+ test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
+}
+
+RUNNER_CHILD_TEST(TA1720_ocsp_check_negative)
+{
+ switch_to_storage_ocsp_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtrVector certv = { certs[0], certs[0] };
+
+ auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
+ RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
+ "Verification should fail. Got: " << obs->m_ocspStatus);
+}
+
+RUNNER_CHILD_TEST(TA1750_ocsp_check_positive)
+{
+ RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
+ switch_to_storage_ocsp_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtr cert = certs[0];
+ CertificateShPtrVector certv = { certs[1] };
+ auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+
+ auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
+ RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
+ "Verification failed. Error: " << obs->m_ocspStatus);
+}
+
+// setPermission
+RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
+}
+
+RUNNER_TEST(TA1820_allow_access)
+{
+ DBCleanup dbc;
+ CharPtr top_label = get_label();
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
+ test_positive(&ManagerAsync::setPermission,
+ dbc.alias("alias2"),
+ TEST_LABEL,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ dbc.alias("alias3"),
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+
+ {
+ ScopedLabel label(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
+
+ // test from allowed label, but without properly addressing alias (coming from default label)
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
+
+ // now test with appropriate addressing
+ std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
+ test_positive(&ManagerAsync::getData, full_alias2_address, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
+
+ std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
+ test_positive(&ManagerAsync::getData, full_alias3_address, "");
+ test_positive(&ManagerAsync::removeAlias, full_alias3_address);
}
}
-RUNNER_TEST(TA0020_save_key_no_alias)
+// denyAccess
+RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param)
{
- test_expect_invalid_param("", prepareKey(), Policy());
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
}
-RUNNER_TEST(TA0030_save_key_no_key)
+RUNNER_TEST(TA1920_deny_access)
{
- KeyShPtr key;
- test_expect_invalid_param(ALIAS1, key, Policy());
+ DBCleanup dbc;
+ CharPtr top_label = get_label();
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_positive(&ManagerAsync::setPermission,
+ dbc.alias("alias"),
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
+
+ {
+ ScopedLabel label(TEST_LABEL);
+
+ std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
+ }
}
-RUNNER_TEST(TA0090_save_key_positive)
+namespace
{
- test_save_key();
+CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
}
-RUNNER_CHILD_TEST(TA0100_user_save_key_positive)
+RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, USER_APP);
+ DBCleanup dbc;
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG_BT(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG_BT(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
+ int tmp;
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ test_positive(&ManagerAsync::savePKCS12,
+ alias_PKCS_exportable,
+ pkcs,
+ exportable,
+ exportable);
+ test_negative(&ManagerAsync::savePKCS12,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ alias_PKCS_exportable,
+ pkcs,
+ exportable,
+ exportable);
+
+ test_positive(&ManagerAsync::savePKCS12,
+ alias_PKCS_not_exportable,
+ pkcs,
+ notExportable,
+ notExportable);
+ test_negative(&ManagerAsync::savePKCS12,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ alias_PKCS_not_exportable,
+ pkcs,
+ notExportable,
+ notExportable);
+}
+
+RUNNER_TEST(TA2010_PKCS_get)
+{
+ DBCleanup dbc;
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ // fail - no entry
+ test_negative(&ManagerAsync::getPKCS12,
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN,
+ "i-do-not-exist",
+ CKM::Password(),
+ CKM::Password());
+
+
+ // fail - not exportable
+ test_negative(&ManagerAsync::getPKCS12,
+ CKM_API_ERROR_NOT_EXPORTABLE,
+ dbc.alias(alias_PKCS_not_exportable.c_str()),
+ CKM::Password(),
+ CKM::Password());
+
+ // success - exportable
+ auto obs = test_positive(&ManagerAsync::getPKCS12,
+ dbc.alias(alias_PKCS_exportable.c_str()),
+ CKM::Password(),
+ CKM::Password());
+
+ auto cert = obs->m_pkcs->getCertificate();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = obs->m_pkcs->getKey();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
- test_save_key();
+ auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG_BT(
+ 2 == caVector.size(),
+ "Wrong size of vector");
}
RUNNER_TEST(TA9999_deinit)
{
int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(USER_ROOT)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(USER_ROOT)),
- "Error=" << CKM::ErrorToString(temp));
+ ControlShPtr control = Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)),
+ "Error=" << ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
+ "Error=" << ErrorToString(temp));
}