#include <dirent.h>
#include "security-server.h"
#include <dpl/test/test_runner.h>
+#include <tests_common.h>
#include <dlog.h>
-#include "test.h"
#include "security_server_clean_env.h"
+#include "security_server_tests_common.h"
+#include <summary_collector.h>
-#define TEST_PASSWORD "IDLEPASS"
-#define SECOND_TEST_PASSWORD "OTHERIDLEPASS"
-#define THIRD_TEST_PASSWORD "THIRDPASS"
-/**
- * Reset security-server.
- *
- * Function should be run at the begining of every test, so every test is independent of each other.
- */
-void reset_security_server(){
- system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
- sync();
- restart_security_server();
- sleep(2);
-}
+// the maximum time (in seconds) passwords can expire in
+const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
+// test passwords
+const char* TEST_PASSWORD = "IDLEPASS";
+const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
+const char* THIRD_TEST_PASSWORD = "THIRDPASS";
+const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
+struct SystemClock {
+ SystemClock(time_t sft)
+ : m_original(time(0))
+ , m_shift(0)
+ {
+ shift(sft);
+ }
+
+ SystemClock()
+ : m_original(time(0))
+ , m_shift(0)
+ {}
+
+ void shift(time_t sft) {
+ m_shift += sft;
+ time_t shifted = m_original + m_shift;
+ RUNNER_ASSERT_BT(0 == stime(&shifted));
+ }
+
+ ~SystemClock() {
+ if (std::uncaught_exception()) {
+ stime(&m_original);
+ return;
+ }
+
+ RUNNER_ASSERT_BT(0 == stime(&m_original));
+ }
+private:
+ time_t m_original;
+ time_t m_shift;
+};
+
/**
* Confirm there is no password before tests are run.
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(expire_sec == 0, "expire_sec = " << expire_sec);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 0, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(attempt == 0, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
}
else
{
RUNNER_IGNORED_MSG("I'm not root");
}
- sleep(1);
}
/**
// TESTS:
// WITHOUT password
ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
// WITH password
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- sleep(1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// TESTS:
// WITHOUT password
ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
// WITH password
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- sleep(1);
- reset_security_server();
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// 33 char password
ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
// TEST
ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(expire_sec == 0, expire_sec);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 0, max_attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
}
/**
// TEST
ret = security_server_set_pwd(NULL, NULL, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
// TEST
// 33 char password
ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
reset_security_server();
// TEST
- sleep(1);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
// UINT_MAX will cause api error, it is to big value
ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- sleep(1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
// calculate max applicable valid days that will not be rejected by ss
// ensure, that after conversion from days to seconds in ss there will be no uint overflow
unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
- char* long_password = (char*) malloc(5001);
- long_password[5000] = '\0';
- memset(long_password, 'A', 5000);
- ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ std::string lng_pwd(5000, 'A');
+ ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
* Check empty password.
*/
-RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
+RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
{
int ret;
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
ret = security_server_set_pwd_validity(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_validity(1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
//When trying to set UINT_MAX we should get error.
ret = security_server_set_pwd_validity(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST:
- sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
}
/**
// ensure, that after conversion from days to seconds in ss there will be no uint overflow
unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TESTS
- sleep(1);
ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_max_challenge(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 6, "max_attempt = " << max_attempt);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, ret);
- sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
//TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
printf("5 subtests started...");
- for (i = 0; i < 5; i++) {
- sleep(1);
+ for (i = 1; i <= 5; i++) {
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(attempt == i, "attempt = " << attempt << ", expected " << i);
}
printf("DONE\n");
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(attempt == 0, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 10, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
printf("10 subtests started...");
- for (i = 0; i < 10; i++) {
- sleep(1);
+ for (i = 1; i <= 10; i++) {
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(attempt == i, "attempt = " << attempt << ", expected " << i);
}
// The check, that exceeds max number
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
printf("DONE\n");
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- char* long_password = (char*) malloc(5001);
- long_password[5000] = '\0';
- memset(long_password, 'A', 5000);
- ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ std::string lng_pwd(5000, 'A');
+ ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TESTS
- sleep(1);
ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(51);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(-5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(50);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(INT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(INT_MIN);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- sleep(1);
ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
clean_password_dir();
- sleep(1);
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_history(9);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
ret = security_server_reset_pwd("history0", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
printf("11 subtests started...");
for (i = 0; i < 11; i++) {
sprintf(buf1, "history%d", i);
sprintf(buf2, "history%d", i + 1);
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
printf("DONE\n");
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd("history11", "history1", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd("history1", "history8", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd("history1", "history12", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
printf("48 subtests started...");
for (i = 12; i < 60; i++) {
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
sprintf(buf1, "history%d", i);
sprintf(buf2, "history%d", i + 1);
ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
printf("DONE\n");
int i = 0;
unsigned int attempt, max_attempt, expire_sec;
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
usleep(i);
}
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
// Prepare environment
reset_security_server();
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = gettimeofday(&cur_time, NULL);
- RUNNER_ASSERT_MSG(ret > -1, ret);
+ RUNNER_ASSERT_MSG_BT(ret > -1, ret);
cur_time.tv_sec += (expire_sec + 1);
ret = settimeofday(&cur_time, NULL);
- RUNNER_ASSERT_MSG(ret > -1, ret);
+ RUNNER_ASSERT_MSG_BT(ret > -1, ret);
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
- sleep(1);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
reset_security_server();
// TEST
- sleep(1);
ret = security_server_reset_pwd(NULL, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
+/*
+ * Use this instead of security_server_chk_pwd directly to verify the function output.
+ * For example:
+ * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
+ */
+void verify_chk_pwd (
+ const char* challenge,
+ int expected_result,
+ unsigned int expected_current_attempt,
+ unsigned int expected_max_attempt,
+ const std::string &info = std::string())
+{
+ /* ensure that initial values differ from expected ones */
+ unsigned int attempt = expected_current_attempt - 1;
+ unsigned int max_attempt = expected_max_attempt - 1;
+ unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
+
+ // validate returned value
+ RUNNER_ASSERT_MSG_BT(ret == expected_result,
+ info << "security_server_chk_pwd returned "
+ << ret << " (expected: " << expected_result << ")");
+
+ // validate current attempts value
+ RUNNER_ASSERT_MSG_BT(attempt == expected_current_attempt,
+ info << "security_server_chk_pwd returned attempt = " << attempt <<
+ " (expected: " << expected_current_attempt << ")");
+
+ // validate max attempt value
+ RUNNER_ASSERT_MSG_BT(max_attempt == expected_max_attempt,
+ info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
+ " (expected: " << expected_max_attempt << ")");
+
+ RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
+ info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
+}
-int main(int argc, char *argv[])
+/**
+ * Reach last attempt few times in a row (before exceeding max_attempt).
+ */
+RUNNER_TEST(tc34_security_server_max_attempts)
+{
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // change max attempts number few times
+ std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
+
+ for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
+ unsigned int max_challenges = max_challenge_tab[pass];
+
+ ret = security_server_set_pwd_max_challenge(max_challenges);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // max_challenges-1 wrong password attempts
+ for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt_nr,
+ max_challenges,
+ std::string("pass = ") + std::to_string(pass) +
+ ", attempt = " + std::to_string(attempt_nr));
+
+ // Check correct password finally
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
+ max_challenges, max_challenges);
+ }
+}
+
+/**
+ * Decrease 'max challenge' number after several missed attempts.
+ */
+RUNNER_TEST(tc35_security_server_decrease_max_attempts)
+{
+ const unsigned int max_challenge_more = 10;
+ const unsigned int max_challenge_less = 5;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge_more,
+ std::string("attempt = ") + std::to_string(attempt));
+
+ // lower max_challenge
+ ret = security_server_set_pwd_max_challenge(max_challenge_less);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // try valid password - should pass (curr attempts is reset)
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
+
+ // remove max attempts limit
+ ret = security_server_set_pwd_max_challenge(0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // try valid password again - should pass
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
+
+ // try to change the password - should pass
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // validate new password
+ verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
+}
+
+/**
+ * Change password few times and challenge previous passwords - checks if security_server_set_pwd
+ * works as it should.
+ */
+RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ const int history_depth = 5;
+ const unsigned int max_challenge = 3;
+ std::string prev_pass, new_pass = TEST_PASSWORD;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ for (int depth = 0; depth < history_depth; ++depth) {
+ prev_pass = new_pass;
+
+ //generate password name
+ new_pass = "history" + std::to_string(depth+1);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // challenge initial password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ std::string("depth = ") + std::to_string(depth));
+
+ // challenge previous password
+ verify_chk_pwd(
+ prev_pass.c_str(),
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 2,
+ max_challenge,
+ std::string("depth = ") + std::to_string(depth));
+ }
+}
+
+/**
+ * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
+ * This test simulates user's behaviour - challenges valid and invalid passwords
+ * in various combinations.
+ */
+RUNNER_TEST(tc37_security_server_challenge_mixed)
+{
+ // Prepare environment
+ reset_security_server();
+
+ const unsigned int max_challenge = 2;
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
+ for (unsigned int i = 0; i < max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 1,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+
+ // Ensure that challenging valid password resets 'cuurrent attempt' value.
+ // If it didn't, the test would fail in third loop pass.
+ for (unsigned int i = 0; i < max_challenge + 1; ++i) {
+ // incorrect pwd
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+
+ // correct pwd
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 2,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+ }
+
+ // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
+ // any further attempts (even correct) are blocked
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ i,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+
+ // correct - refused
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
+ max_challenge + i,
+ max_challenge,
+ std::string("i = ") + std::to_string(i));
+}
+
+/*
+ * Pasword change mixed with history depth change.
+ */
+RUNNER_TEST(tc38_security_server_history_depth_change)
+{
+ int ret;
+ const int initial_history_depth = 2;
+ const int decreased_history_depth = 1;
+ const int increased_history_depth = 3;
+
+ // Prepare environment
+ reset_security_server();
+
+ ret = security_server_set_pwd_history(initial_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
+ * and SECOND_TEST_PASSWORD as a part of history.
+ */
+ ret = security_server_set_pwd_history(decreased_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
+ * and THIRD_TEST_PASSWORD only.
+ */
+ ret = security_server_set_pwd_history(increased_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+}
+
+/**
+ * Challenge invalid password, reset server and check if 'current attempts' is restored.
+ */
+RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
+{
+ unsigned int attempt, max_attempt, expire_sec;
+ const unsigned int max_challenge = 10;
+ const unsigned int invalid_attempts_num = 3;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge);
+
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == max_challenge, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(attempt == invalid_attempts_num, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
+ expire_sec);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // challenge invalid password
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ invalid_attempts_num + 1,
+ max_challenge);
+
+ // challenge valid password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ invalid_attempts_num + 2,
+ max_challenge);
+}
+
+/**
+ * Validate passwords history after security server reset.
+ */
+RUNNER_TEST(tc40_security_server_history_check_after_reset)
+{
+ const unsigned int history_depth = 2;
+
+ // Prepare environment
+ reset_security_server();
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // try to reuse history passwords
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
- return status;
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check if SS has correct behaviour when changing history depth to 0.
+ */
+RUNNER_TEST(tc41_security_server_empty_history_check)
+{
+ const unsigned int history_depth = 2;
+ const unsigned int empty_history_depth = 0;
+
+ //prepare environment
+ reset_security_server();
+
+ //set new history count
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //set new password and fill history
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that everything went OK - try setting something that would cause reuse error
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ //reset history limit to no history at all
+ ret = security_server_set_pwd_history(empty_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that current password still exists in memory
+ //expected attempt 3 because our previous tries increased attempt counter
+ verify_chk_pwd(
+ THIRD_TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 3,
+ 0);
+
+ //make sure that it's possible to reuse old password once history limit is set to 0
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //once again try setting earlier used passwords - now API should return success
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //try setting different password and giving NULL as current once again
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // Assert security server sets infinite expiration time
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
+ "invalid expiration time " << expire_sec);
+
+ clean_password_dir();
+}
+
+RUNNER_TEST(tc51_security_server_is_pwd_valid)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ unsigned int attempt, maxAttempt, validSec;
+ attempt = maxAttempt = validSec = 0;
+
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
+ " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
+
+
+ SystemClock clock(60*60*24*2);
+
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG_BT((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
+ "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
+ << " validSec=" << validSec);
+}
+
+RUNNER_TEST(tc52_security_server_is_pwd_valid)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ unsigned int attempt, maxAttempt, validSec;
+ attempt = maxAttempt = validSec = 0;
+
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG_BT((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
+ " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
+}
+
+RUNNER_TEST(tc53_security_server_is_pwd_valid)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 3);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ unsigned int attempt, maxAttempt, validSec;
+ attempt = maxAttempt = validSec = 0;
+
+ // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
+
+ SystemClock clock;
+ clock.shift(-60*60*24); // one day back
+
+ // password should be valid for 4 days == (60*60*24*4) 345600 seconds
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
+
+ clock.shift(-60*60*24*2); // 3 days back
+
+ // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
+ ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
+}
+
+int main(int argc, char *argv[])
+{
+ SummaryCollector::Register();
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
}