#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <access_provider2.h>
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-password.h>
#include <fstream>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
#include <dpl/log/log.h>
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-static const int USER_TEST = 5001;
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
/*
* How to numerate tests:
* D - subtest.
*/
+RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
+RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // all further tests will start with newly started service,
+ // OpenSSL on the service side will have to be properly initialized too
+ stop_service(MANAGER);
+ start_service(MANAGER);
+}
-RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL);
+RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
-RUNNER_TEST(T0010_Control)
+RUNNER_TEST(T0011_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0020_Control)
+RUNNER_TEST(T0012_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0030_Control)
+RUNNER_TEST(T0013_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0040_Control)
+RUNNER_TEST(T0014_Control)
{
int temp;
auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")),
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0050_Control)
+RUNNER_TEST(T0015_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
+RUNNER_TEST(T0016_Control_negative_wrong_password)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
RUNNER_TEST(T1010_init)
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
RUNNER_CHILD_TEST(T1013_user_app_save_key)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
key->getDER() == key2->getDER(), "Key value has been changed by service");
}
+RUNNER_TEST(T1014_save_with_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key_name, key_full_addr;
+ CKM::Alias alias = "mykey-2";
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // lookup by name
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_name->getDER(),
+ "Key value has been changed by service");
+
+ // lookup by full address
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_full_addr->getDER(),
+ "Key value has been changed by service");
+}
-RUNNER_TEST(T1014_deinit)
+RUNNER_TEST(T1015_deinit)
{
int temp;
auto control = CKM::Control::create();
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+ "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
}
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
- SecurityServer::AccessProvider ap("mylabel");
+ AccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::RawBuffer buffer(binData.begin(), binData.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_TEST(T1033_remove_bin_data)
std::string binData2 = "My bin data2";
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data1")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data3")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 1,
- "Wrong size of list: " << aliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == 1,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1039_deinit)
+RUNNER_TEST(T1034_getData_wrong_password)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data4";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG_BT(
+ buffer == buffer1,
+ "Data corrupted");
+
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1035_deinit)
{
int temp;
auto control = CKM::Control::create();
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- SecurityServer::AccessProvider ap("mylabel-rsa");
+ AccessProvider ap("mylabel-rsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
"Vector size: " << temp << ". Expected: 2");
}
-RUNNER_CHILD_TEST(T1042_create_dsa_key)
+RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-rsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1043_create_dsa_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- SecurityServer::AccessProvider ap("mylabel-dsa");
+ AccessProvider ap("mylabel-dsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12103_saveKey_empty_key)
+RUNNER_TEST(T12103_saveKey_foreign_label)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int ret;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12104_saveKey_empty_key)
{
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12104_saveCertificate_empty_alias)
+RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
std::string certPem =
"-----BEGIN CERTIFICATE-----\n"
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12105_saveCertificate_empty_cert)
+RUNNER_TEST(T12106_saveCertificate_foreign_label)
+{
+ std::string certPem =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ CKM::RawBuffer buffer(certPem.begin(), certPem.end());
+ auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12106_saveData_empty_alias)
+RUNNER_TEST(T12108_saveData_empty_alias)
{
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12107_saveData_empty_data)
+RUNNER_TEST(T12109_saveData_foreign_label)
+{
+ std::string testData = "test data test data test data";
+ CKM::RawBuffer buffer(testData.begin(), testData.end());
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12110_saveData_empty_data)
{
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
* These test cases tests API when trying to get data from not existing alias
*/
-RUNNER_TEST(T12108_getKey_alias_not_exist)
+RUNNER_TEST(T12111_getKey_alias_not_exist)
{
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12109_getCertificate_alias_not_exist)
+RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12110_getData_alias_not_exist)
+RUNNER_TEST(T12113_getData_alias_not_exist)
{
int temp;
auto manager = CKM::Manager::create();
/*
* These test cases tests API when damaged keys are used
*/
-RUNNER_TEST(T12111_rsa_key_damaged)
+RUNNER_TEST(T12114_rsa_key_damaged)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12112_rsa_key_too_short)
+RUNNER_TEST(T12115_rsa_key_too_short)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12113_dsa_key_too_short)
+RUNNER_TEST(T12116_dsa_key_too_short)
{
int ret;
auto manager = CKM::Manager::create();
}
-RUNNER_TEST(T12114_deinit)
+/*
+ * These test cases tests CKM service if malicious data is provided over the socket.
+ */
+
+RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ // fake the client - let the service detect the problem
+ class WrongKeyImpl : public CKM::Key
+ {
+ public:
+ WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ }
+
+ virtual bool empty() const {
+ return false;
+ }
+
+ virtual CKM::KeyType getType() const {
+ return CKM::KeyType::KEY_RSA_PUBLIC;
+ }
+ virtual int getSize() const {
+ return 1024;
+ }
+ virtual CKM::ElipticCurve getCurve() const {
+ return CKM::ElipticCurve::prime192v1;
+ }
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+ virtual ~WrongKeyImpl() {}
+ private:
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Berta\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto key = std::make_shared<WrongKeyImpl>(buffer);
+ CKM::Alias alias = "damaged-rsa";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
+{
+ // fake the client - let the service detect the problem
+ class WrongCertImpl : public CKM::Certificate
+ {
+ public:
+ WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ m_x509 = X509_new();
+ }
+
+ bool empty() const {
+ return false;
+ }
+
+ virtual X509 *getX509() const {
+ return m_x509;
+ }
+
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+
+ virtual ~WrongCertImpl() {
+ X509_free(m_x509);
+ }
+ private:
+ X509* m_x509;
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Stefan\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto cert = std::make_shared<WrongCertImpl>(buffer);
+ CKM::Alias alias = "damaged-cert";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12119_deinit)
{
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
CKM::Alias alias("imcert");
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(alias);
+ aliasVector.push_back(full_address);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
+ RUNNER_ASSERT_MSG_BT(
3 == certChain.size(),
"Wrong size of certificate chain.");
}
RUNNER_TEST(T1314_ocsp_check)
{
+ RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
+
std::string ee = "-----BEGIN CERTIFICATE-----\n"
"MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
"ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
+ RUNNER_ASSERT_MSG_BT(
3 == certChain.size(),
"Wrong size of certificate chain.");
"Error=" << CKM::ErrorToString(temp));
}
+
RUNNER_TEST(T1414_ec_key_create_verify)
{
int temp;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_CHILD_TEST(T1510_init_unlock_key)
+RUNNER_TEST(T14180_init)
{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
+ int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
-RUNNER_CHILD_TEST(T1511_init_insert_data)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+ auto manager = CKM::Manager::create();
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ // Prepare RSA Key Pair
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
+ "\n"
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----\n";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Password password = "1234";
+
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // Prepare ECDSA Key Pair
+ std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
+ "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
+ "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string ecpub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
+ "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END PUBLIC KEY-----\n";
+
+ CKM::Alias aliasEcPub = "ecpub_nohash1";
+ CKM::Alias aliasEcPrv = "ecprv_nohash1";
+
+ auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
+ auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14181_rsa_create_signatue_nohash)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14184_ec_create_signatue_nohash)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ int msgSize = 1024*1024;
+ char big_msg[msgSize];
+ for(int i =0; i<msgSize-1; i++) {
+ big_msg[i] = 'a';
+ }
+ big_msg[msgSize-1]=0x00;
+ std::string message(big_msg);
+
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14189_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_CHILD_TEST(T1510_init_unlock_key)
+{
+ int tmp;
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1511_insert_data)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
"HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
"uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
"ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
RUNNER_CHILD_TEST(T1519_deinit)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1610_init_lock_key)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- int temp;
+ int temp;
auto manager = CKM::Manager::create();
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
RUNNER_ASSERT_MSG(
key->getDER() == key2->getDER(),
"Key value has been changed by service");
+
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
+ CKM_API_SUCCESS == (temp = manager->removeAlias(alias)),
"Error=" << CKM::ErrorToString(temp));
}
RUNNER_CHILD_TEST(T1612_init_change_user_password)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
"Error=" << CKM::ErrorToString(tmp));
+ // confirm changed password
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_APP,"user-pass")),
+ CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM::ErrorToString(tmp));
}
RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
{
- SecurityServer::AccessProvider ap("my-label");
+ AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- int temp;
+ int temp;
auto manager = CKM::Manager::create();
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)),
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->removeAlias(alias)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1619_deinit)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1701_init_unlock_key)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1702_insert_data)
+{
+ int temp;
+ AccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto manager = CKM::Manager::create();
+ auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+
+ CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T1703_removeApplicationData)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1704_data_test)
+{
+ int temp;
+ AccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_TEST(T1705_deinit)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T17101_init)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17102_prep_data_01)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17103_prep_data_02)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17104_prep_data_03)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17105_prep_data_04)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1619_deinit)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1701_init_unlock_key)
+RUNNER_TEST(T17106_remove_application)
{
int tmp;
+
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1702_init_insert_data)
+RUNNER_CHILD_TEST(T17107_check_data_01)
{
int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
+ AccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+ CKM::AliasVector av;
auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
-
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17108_check_data_02)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
1 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 1");
}
-RUNNER_TEST(T1703_removeApplicationData)
+RUNNER_TEST(T17109_unlock_user2)
{
int tmp;
+
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1704_data_test)
+RUNNER_CHILD_TEST(T17110_check_data_03)
{
int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
+ AccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
0 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 0");
}
-RUNNER_TEST(T1705_deinit)
+RUNNER_CHILD_TEST(T17111_check_data_04)
{
- int tmp;
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
}
-RUNNER_TEST(T17101_init)
+RUNNER_TEST(T17112_deinit)
{
int tmp;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
"Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
"Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST_GROUP_INIT(T180_PKCS12);
+
+namespace
+{
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
+}
+
+RUNNER_TEST(T1800_init) {
+ int temp;
+ auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto manager = CKM::Manager::create();
+ manager->removeAlias(alias_PKCS_collision);
+ manager->removeAlias(alias_PKCS_exportable);
+ manager->removeAlias(alias_PKCS_not_exportable);
+ manager->removeAlias(alias_PKCS_priv_key_copy);
+ manager->removeAlias(alias_PKCS_priv_key_wrong);
}
-RUNNER_CHILD_TEST(T17102_prep_data_01)
+RUNNER_TEST(T1801_parse_PKCS12) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 0 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(T1802_negative_wrong_password) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "error");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1803_negative_broken_buffer) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
+ buffer[4]=0;
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // save private key
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
- CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
+{
auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
+ int tmp;
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T17103_prep_data_02)
+RUNNER_TEST(T1806_get_PKCS)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ CKM::PKCS12ShPtr pkcs;
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+ // fail - not exportable
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
"Error=" << CKM::ErrorToString(temp));
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
}
-RUNNER_CHILD_TEST(T17104_prep_data_03)
+RUNNER_TEST(T1807_create_and_verify_signature)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ std::string message = "message test";
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T17105_prep_data_04)
+RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
+ "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
+ "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
+ "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
+ "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
+ "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
+ "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
+ "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
+ "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
+ "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
+ "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
+ "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
+ "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
+ "-----END RSA PRIVATE KEY-----";
+ std::string message = "message test";
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
-}
-RUNNER_TEST(T17106_remove_application)
-{
- int tmp;
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_copy,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T17107_check_data_01)
+RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
{
int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-RUNNER_CHILD_TEST(T17108_check_data_02)
-{
- int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_wrong,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
"Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T17109_unlock_user2)
+RUNNER_TEST(T1810_verify_get_certificate_chain)
{
+ // this certificate has been signed using PKCS chain
+ std::string im = "-----BEGIN CERTIFICATE-----\n"
+ "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+ "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
+ "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
+ "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
+ "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
+ "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
+ "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
+ "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
+ "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
+ "Qw==\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector aliasVector;
+
int tmp;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_ALIAS_VECTOR,
+ EMPTY_ALIAS_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
-RUNNER_CHILD_TEST(T17110_check_data_03)
-{
- int temp;
- SecurityServer::AccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+ aliasVector.push_back(alias_PKCS_exportable);
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
+ // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
+ RUNNER_ASSERT_MSG_BT(
+ 4 == certChain.size(),
+ "Wrong size of certificate chain: " << certChain.size());
}
-RUNNER_CHILD_TEST(T17111_check_data_04)
+RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
{
- int temp;
- SecurityServer::AccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
+ int tmp;
+
+ // remove the whole PKCS12 bundles
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17112_deinit)
-{
- int tmp;
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
- auto control = CKM::Control::create();
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
"Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
"Error=" << CKM::ErrorToString(tmp));
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_TEST_GROUP_INIT(T180_PKCS12);
+RUNNER_TEST(T1812_negative_get_pkcs12_wrong_password)
+{
+ CKM::Alias alias = "t1812alias1";
-RUNNER_TEST(T1801) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
std::istreambuf_iterator<char> begin(is), end;
std::vector<char> buff(begin, end);
+ CKM::PKCS12ShPtr pkcs12;
+
CKM::RawBuffer buffer(buff.size());
memcpy(buffer.data(), buff.data(), buff.size());
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG_BT(
NULL != pkcs.get(),
"Error in PKCS12::create()");
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 0 == caVector.size(),
- "Wrong size of vector");
-}
-
-RUNNER_TEST(T1802_negative_wrong_password) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
+ int temp;
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy("easypass"), CKM::Policy("easypass"))),
+ "Error=" << CKM::ErrorToString(temp));
- auto pkcs = CKM::PKCS12::create(buffer, "error");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
+ RUNNER_ASSERT_MSG_BT(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1803_negative_broken_buffer) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
- buffer[4]=0;
+RUNNER_TEST(T1813_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);