+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd
- *
- * Licensed under the Apache License, Version 2.0 (the License);
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file cynara_client.cpp
- * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
- * @version 1.0
- * @brief Tests for libcynara-client
- */
-
-#include <tests_common.h>
-#include <privilege-control.h>
-#include <cynara/cynara-client.h>
-
-#include <memory>
-#include <functional>
-
-
-static const char *FAKE_PRIV_1 = "test_for_cynara_rules";
-static const char *FAKE_PRIV_2 = "0fbc6f4f45c4641b373bfcc1bf4c1ad9";
-static const char *PRIVILEGES_1[] = { FAKE_PRIV_1, NULL };
-static const char *FAKE_APP_1 = "fake_app_1";
-
-
-static void install_app_with_perms(const char *app_id, const char **perms) {
- DB_BEGIN
- int install_check = perm_app_install(app_id);
- RUNNER_ASSERT_MSG_BT(install_check == PC_OPERATION_SUCCESS,
- "Unable to install app " << perm_strerror(install_check));
- int enable_perm_check = perm_app_enable_permissions(
- app_id, APP_TYPE_WGT, perms, true);
- RUNNER_ASSERT_MSG_BT(enable_perm_check == PC_OPERATION_SUCCESS,
- "Unable to enable privileges " << perm_strerror(enable_perm_check));
- DB_END
-}
-
-static void remove_perms_and_uninstall(const char *app_id, const char **perms) {
- DB_BEGIN
- int disable_perm_check = perm_app_disable_permissions(app_id, APP_TYPE_WGT, perms);
- RUNNER_ASSERT_MSG_BT(disable_perm_check == PC_OPERATION_SUCCESS,
- "Unable to disable privileges " << perm_strerror(disable_perm_check));
- int uninstall_check = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG_BT(uninstall_check == PC_OPERATION_SUCCESS,
- "Unable to install app " << perm_strerror(uninstall_check));
- DB_END
-}
-
-static void do_cynara_finish(cynara *cynara_data) {
- cynara_api_result finish_ret = static_cast<cynara_api_result>(cynara_finish(cynara_data));
- if(std::uncaught_exception() == false)
- RUNNER_ASSERT_MSG_BT(finish_ret == CYNARA_API_SUCCESS, "Cynara finish failed");
-}
-
-// cynara is an incomplete type, so deleter signature needs to be explicitly declared
-static std::unique_ptr<cynara, std::function<decltype(do_cynara_finish)>> do_cynara_initialize() {
- cynara *cynara_data = nullptr;
- cynara_api_result init_ret = static_cast<cynara_api_result>(
- cynara_initialize(&cynara_data, NULL));
- RUNNER_ASSERT_MSG_BT(init_ret == CYNARA_API_SUCCESS, "Cynara initialize failed");
- return std::function<decltype(do_cynara_initialize)>::result_type(cynara_data, do_cynara_finish);
-}
-
-
-RUNNER_TEST_GROUP_INIT(cynara_client)
-
-RUNNER_TEST(initialize) {
- auto cynara_data = do_cynara_initialize();
- RUNNER_ASSERT_MSG_BT(cynara_data != nullptr, "Cynara initialize data invalid");
-}
-
-RUNNER_TEST(check_grant) {
- install_app_with_perms(FAKE_APP_1, PRIVILEGES_1);
-
- auto cynara_data = do_cynara_initialize();
- cynara_api_result check_ret = static_cast<cynara_api_result>(cynara_check(
- cynara_data.get(), "User", "", "", PRIVILEGES_1[0]));
-
- remove_perms_and_uninstall(FAKE_APP_1, PRIVILEGES_1);
- RUNNER_ASSERT_MSG_BT(check_ret == CYNARA_API_SUCCESS,
- "Cynara check failed (ret=" << check_ret << ")");
-}
-
-RUNNER_TEST(check_deny) {
- auto cynara_data = do_cynara_initialize();
- cynara_api_result check_ret = static_cast<cynara_api_result>(cynara_check(
- cynara_data.get(), "User", "", "", FAKE_PRIV_2));
-
- RUNNER_ASSERT_MSG_BT(check_ret == CYNARA_API_ACCESS_DENIED,
- "Cynara check failed (ret=" << check_ret << ")");
-}
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * @file test_cases.cpp
+ * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
+ * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
+ * @version 1.1
+ * @brief Tests for libcynara-client and libcynara-admin
+ */
+
+#include <tests_common.h>
+#include <cynara_test_client.h>
+#include <cynara_test_admin.h>
+
+#include <climits>
+
+RUNNER_TEST_GROUP_INIT(cynara_tests)
+
+RUNNER_TEST(tc01_cynara_initialize) {
+ CynaraTestClient cynara;
+}
+
+RUNNER_TEST(tc02_admin_initialize) {
+ CynaraTestAdmin admin;
+}
+
+RUNNER_TEST(tc03_cynara_check_invalid_params) {
+ CynaraTestClient cynara;
+
+ const char *client = "client03";
+ const char *user = "user03";
+ const char *privilege = "privilege03";
+ const char *session = "session03";
+
+ cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
+ cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
+ cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
+ cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
+}
+
+void checkInvalidPolicy(CynaraTestAdmin &admin,
+ const char *bucket,
+ const char *client,
+ const char *user,
+ const char *privilege,
+ const int result,
+ const char *resultExtra)
+{
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, client, user, privilege, result, resultExtra);
+
+ admin.setPolicies(cp, CYNARA_ADMIN_API_INVALID_PARAM);
+}
+
+RUNNER_TEST(tc04_admin_set_policies_invalid_params) {
+ CynaraTestAdmin admin;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *client = "client04";
+ const char *user = "user04";
+ const char *privilege = "privilege04";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultBucket = CYNARA_ADMIN_BUCKET;
+ const char *resultExtra = nullptr;
+
+ checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
+ checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
+}
+
+RUNNER_TEST(tc05_admin_set_bucket_invalid_params) {
+ CynaraTestAdmin admin;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const int operationAllow = CYNARA_ADMIN_ALLOW;
+ const int operationDelete = CYNARA_ADMIN_DELETE;
+ const char *extra = nullptr;
+
+ admin.setBucket(nullptr, operationAllow, extra, CYNARA_ADMIN_API_INVALID_PARAM);
+ admin.setBucket(bucket, INT_MAX, extra, CYNARA_ADMIN_API_INVALID_PARAM);
+ admin.setBucket(bucket, operationDelete, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
+}
projects / platform / core / test / security-tests.git / commitdiff