#include <tests_common.h>
#include <access_provider2.h>
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-password.h>
#include <fstream>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
#include <dpl/log/log.h>
static const int USER_APP = 5000;
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
CKM::RawBuffer buffer(binData.begin(), binData.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_TEST(T1033_remove_bin_data)
std::string binData2 = "My bin data2";
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeData(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->removeData("data1")),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->removeData("data3")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 1,
- "Wrong size of list: " << aliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == 1,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
}
-RUNNER_TEST(T12114_deinit)
+/*
+ * These test cases tests CKM service if malicious data is provided over the socket.
+ */
+
+RUNNER_TEST(T12114_rsa_key_damaged_serviceTest)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ // fake the client - let the service detect the problem
+ class WrongKeyImpl : public CKM::Key
+ {
+ public:
+ WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ }
+
+ virtual bool empty() const {
+ return false;
+ }
+
+ virtual CKM::KeyType getType() const {
+ return CKM::KeyType::KEY_RSA_PUBLIC;
+ }
+ virtual int getSize() const {
+ return 1024;
+ }
+ virtual CKM::ElipticCurve getCurve() const {
+ return CKM::ElipticCurve::prime192v1;
+ }
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+ virtual ~WrongKeyImpl() {}
+ private:
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Berta\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto key = std::make_shared<WrongKeyImpl>(buffer);
+ CKM::Alias alias = "damaged-rsa";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12115_saveCertificate_damaged_serviceTest)
+{
+ // fake the client - let the service detect the problem
+ class WrongCertImpl : public CKM::Certificate
+ {
+ public:
+ WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ m_x509 = X509_new();
+ }
+
+ bool empty() const {
+ return false;
+ }
+
+ virtual X509 *getX509() const {
+ return m_x509;
+ }
+
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+
+ virtual ~WrongCertImpl() {
+ X509_free(m_x509);
+ }
+ private:
+ X509* m_x509;
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Stefan\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto cert = std::make_shared<WrongCertImpl>(buffer);
+ CKM::Alias alias = "damaged-cert";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12116_deinit)
{
int temp;
auto control = CKM::Control::create();
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
CKM::Alias alias("imcert");
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
int tmp;
auto manager = CKM::Manager::create();
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(alias);
+ aliasVector.push_back(full_address);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
RUNNER_TEST(T1314_ocsp_check)
{
+ RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
+
std::string ee = "-----BEGIN CERTIFICATE-----\n"
"MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
"ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
RUNNER_ASSERT_MSG(
key->getDER() == key2->getDER(),
"Key value has been changed by service");
+
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeKey(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
"Error=" << CKM::ErrorToString(temp));
"Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
CKM::AliasVector av;
-
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));