${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp
${PROJECT_SOURCE_DIR}/src/ckm/clean-env.cpp
${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
)
test1801.pkcs12
pkcs.p12
capi-t3096.p12
+ XML_1_okay.xml
+ XML_2_okay.xml
+ XML_3_wrong.xml
DESTINATION /usr/share/ckm-test
)
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
+ <Key name="test-key1" type="RSA_PUB" password="123">
+ <PEM>
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
+ +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
+ tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
+ x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
+ QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
+ 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
+ m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
+ +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
+ f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
+ +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
+ 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
+ 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ </PEM>
+ <Permission accessor="web_app1"/>
+ </Key>
+ <Key name="test-key2" type="RSA_PRV" exportable="true">
+ <DER>
+ MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
+ jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
+ 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
+ QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
+ GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
+ xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
+ TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
+ VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
+ wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
+ BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
+ 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
+ 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
+ pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
+ 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
+ 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
+ RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
+ bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
+ jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
+ 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
+ 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
+ GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
+ UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
+ /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
+ AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
+ ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
+ TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
+ ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
+ v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
+ xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
+ 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
+ eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
+ 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
+ xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
+ sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
+ WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
+ gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
+ W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
+ G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
+ oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
+ yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
+ 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
+ Vx676FQrM4EzjSSqgA==
+ </DER>
+ <Permission accessor="web_app2"/>
+ </Key>
+ <Cert exportable="true" name="test-cert1">
+ <DER>
+ MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
+ EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
+ VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
+ MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
+ MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
+ BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
+ 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
+ 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
+ 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
+ +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
+ AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
+ PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
+ 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
+ 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
+ wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
+ 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
+ kOg11TpPdNDkhb1J4ZCh2gupDg==
+ </DER>
+ <Permission accessor="web_app2"/>
+ </Cert>
+ <Data name="test-data1" exportable="true">
+ <ASCII>My secret data</ASCII>
+ <Permission accessor="web_app1"/>
+ <Permission accessor="web_app2"/>
+ </Data>
+ <Key name="test-aes1" type="AES">
+ <Base64>
+ MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+ </Base64>
+ <Permission accessor="web_app1"/>
+ <Permission accessor="web_app2"/>
+ </Key>
+</InitialValues>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
+ <Key name="test2-key1" type="RSA_PUB" password="123">
+ <PEM>
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
+ +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
+ tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
+ x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
+ QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
+ 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
+ m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
+ +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
+ f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
+ +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
+ 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
+ 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ </PEM>
+ <Permission accessor="web_app1"/>
+ </Key>
+ <Key name="test2-key2" type="RSA_PRV" exportable="true">
+ <DER>
+ MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
+ jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
+ 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
+ QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
+ GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
+ xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
+ TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
+ VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
+ wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
+ BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
+ 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
+ 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
+ pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
+ 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
+ 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
+ RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
+ bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
+ jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
+ 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
+ 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
+ GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
+ UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
+ /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
+ AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
+ ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
+ TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
+ ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
+ v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
+ xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
+ 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
+ eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
+ 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
+ xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
+ sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
+ WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
+ gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
+ W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
+ G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
+ oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
+ yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
+ 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
+ Vx676FQrM4EzjSSqgA==
+ </DER>
+ <Permission accessor="web_app2"/>
+ </Key>
+ <Cert exportable="true" name="test2-cert1">
+ <DER>
+ MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
+ EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
+ VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
+ MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
+ MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
+ BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
+ 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
+ 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
+ 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
+ +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
+ AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
+ PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
+ 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
+ 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
+ wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
+ 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
+ kOg11TpPdNDkhb1J4ZCh2gupDg==
+ </DER>
+ <Permission accessor="web_app2"/>
+ </Cert>
+ <Data name="test2-data1" exportable="true">
+ <ASCII>My secret data</ASCII>
+ <Permission accessor="web_app1"/>
+ <Permission accessor="web_app2"/>
+ </Data>
+ <Key name="test2-aes1" type="AES">
+ <Base64>
+ MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+ </Base64>
+ <Permission accessor="web_app1"/>
+ <Permission accessor="web_app2"/>
+ </Key>
+</InitialValues>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
+ <Key name="test3-key1" type="RSA_PUB" password="123">
+ <Permission accessor="web_app1"/>
+ <PEM>
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
+ +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
+ tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
+ x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
+ QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
+ 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
+ m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
+ +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
+ f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
+ +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
+ 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
+ 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ </PEMIAMWRONG>
+ </Key>
+ <Key name="test3-key2" type="RSA_PRV" exportable="true">
+ <DER>
+ MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
+ jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
+ 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
+ QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
+ GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
+ xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
+ TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
+ VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
+ wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
+ BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
+ 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
+ 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
+ pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
+ 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
+ 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
+ RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
+ bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
+ jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
+ 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
+ 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
+ GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
+ UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
+ /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
+ AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
+ ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
+ TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
+ ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
+ v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
+ xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
+ 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
+ eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
+ 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
+ xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
+ sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
+ WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
+ gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
+ W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
+ G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
+ oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
+ yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
+ 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
+ Vx676FQrM4EzjSSqgA==
+ </DER>
+ <Permission accessor="web_app2"/>
+ </Key>
+ <Cert exportable="true" name="test3-cert1">
+ <DER>
+ MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
+ EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
+ VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
+ MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
+ MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
+ BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
+ 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
+ 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
+ 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
+ +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
+ AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
+ PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
+ 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
+ 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
+ wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
+ 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
+ kOg11TpPdNDkhb1J4ZCh2gupDg==
+ </DER>
+ <Permission accessor="web_app2"/>
+ </Cert>
+ <Data name="test3-data1" exportable="true">
+ <ASCII>My secret data</ASCII>
+ <Permission accessor="web_app1"/>
+ <Permission accessor="web_app2"/>
+ </Data>
+ <Key name="test3-aes1" type="AES">
+ <Base64>
+ MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+ </Base64>
+ <Permission accessor="web_app1"/>
+ <Permission accessor="web_app2"/>
+ </Key>
+</InitialValues>
#include <tests_common.h>
AccessProvider::AccessProvider(const std::string &mySubject)
- : m_mySubject(mySubject)
-{}
+ : m_mySubject(mySubject), m_inSwitchContext(false)
+{
+ RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
+}
+
+AccessProvider::AccessProvider(const std::string &mySubject, int uid, int gid)
+ : m_mySubject(mySubject), m_inSwitchContext(false)
+{
+ RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
+ applyAndSwithToUser(uid, gid);
+}
void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
m_smackAccess.add(m_mySubject, api, rule);
m_smackAccess.apply();
}
-void AccessProvider::applyAndSwithToUser(int uid, int gid) {
+void AccessProvider::applyAndSwithToUser(int uid, int gid)
+{
+ RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context");
+
+ // get calling label
+ char* my_label = NULL;
+ RUNNER_ASSERT(smack_new_label_from_self(&my_label) > 0);
+ if(my_label)
+ {
+ m_origLabel = std::string(my_label);
+ free(my_label);
+ }
+ RUNNER_ASSERT(m_origLabel.size() > 0);
+
RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
"Error in smack_revoke_subject(" << m_mySubject << ")");
apply();
RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
"Error in smack_set_label_for_self.");
- RUNNER_ASSERT_MSG(0 == setgid(gid),
+
+ m_origUid = getuid();
+ m_origGid = getgid();
+ RUNNER_ASSERT_MSG(0 == setegid(gid),
"Error in setgid.");
- RUNNER_ASSERT_MSG(0 == setuid(uid),
+ RUNNER_ASSERT_MSG(0 == seteuid(uid),
"Error in setuid.");
+ m_inSwitchContext = true;
}
+ScopedAccessProvider::~ScopedAccessProvider()
+{
+ if(m_inSwitchContext == true)
+ {
+ RUNNER_ASSERT_MSG(0 == setegid(m_origGid), "Error in setgid.");
+ RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid.");
+ RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
+ "Error in smack_revoke_subject(" << m_mySubject << ")");
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_origLabel.c_str()),
+ "Error in smack_set_label_for_self.");
+ m_inSwitchContext = false;
+ }
+}
* limitations under the License.
*/
/*
- * @file access_provider.h
+ * @file access_provider2.h
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief Common functions and macros used in security-tests package.
class AccessProvider {
public:
- AccessProvider(const std::string &mySubject);
+ explicit AccessProvider(const std::string &mySubject);
+ AccessProvider(const std::string &mySubject, int uid, int gid);
+ virtual ~AccessProvider() {}
AccessProvider(const AccessProvider &second) = delete;
AccessProvider& operator=(const AccessProvider &second) = delete;
void apply();
void applyAndSwithToUser(int uid, int gid);
- virtual ~AccessProvider(){}
private:
- std::string m_mySubject;
SmackAccess m_smackAccess;
+protected:
+ std::string m_mySubject;
+ uid_t m_origUid;
+ gid_t m_origGid;
+ std::string m_origLabel;
+ bool m_inSwitchContext;
};
-#endif // _ACCESS_FOR_DUMMIES_H_
+class ScopedAccessProvider : public AccessProvider {
+public:
+ explicit ScopedAccessProvider(const std::string &mySubject)
+ : AccessProvider(mySubject) {}
+ ScopedAccessProvider(const std::string &mySubject, int uid, int gid)
+ : AccessProvider(mySubject, uid, gid) {}
+ virtual ~ScopedAccessProvider();
+};
+#endif // _ACCESS_FOR_DUMMIES_H_
#include <tests_common.h>
#include <test-certs.h>
#include <ckm-common.h>
+#include <access_provider2.h>
using namespace CKM;
using namespace std;
namespace {
-const char* TEST_LABEL = "test_label";
+const char* TEST_LABEL = "test_label";
+const char* TEST_LABEL_2 = "test_label-2";
+
+const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+
const CertificateShPtrVector EMPTY_CERT_VECTOR;
const AliasVector EMPTY_ALIAS_VECTOR;
void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
- void ReceivedCreateKeyPairRSA() { Succeeded(); }
- void ReceivedCreateKeyPairDSA() { Succeeded(); }
- void ReceivedCreateKeyPairECDSA() { Succeeded(); }
+ void ReceivedCreateKeyPair() { Succeeded(); }
void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
{ m_certChain = move(chain); Succeeded(); }
"3Op0tEjy0jpmzeyNiQIDAQAB\n"
"-----END PUBLIC KEY-----"
);
- km[DSA].emplace_back(
- "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
- "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
- "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
- "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
- "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
- "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
- "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
- "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
- "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
- "yAKPlW7WQzgV5jLLNUW7\n"
- "-----END DSA PRIVATE KEY-----",
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6\n"
+ "YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6T\n"
+ "AQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7m\n"
+ "Tus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2QNv3kBPuYdQQrXhoxCcIVtSIl8pU\n"
+ "fI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8SGjA6mSpmrp7lPlKE\n"
+ "9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWpxOzb\n"
+ "lliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37J\n"
+ "IudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4\n"
+ "V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDes\n"
+ "NBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ4rsmBqOwuglHFW52dIZEG9u/20ta\n"
+ "QMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLiBLx0Yr/RXKf6gJUCAwEA\n"
+ "AQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh18pva5Kzh\n"
+ "EU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh\n"
+ "9u236vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXN\n"
+ "GF5JjNcCOQxO1Em8pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG\n"
+ "5DPb19r9XjQhUPjbcq3/4qmLwtLT9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+\n"
+ "fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK6wX2IQ+7vJoWQyg2w6DbpSRq\n"
+ "cyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxeeRpNqFU9OCw0B\n"
+ "d3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O\n"
+ "bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBW\n"
+ "gUyLSdxR5RoEjBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbP\n"
+ "ggFZ8JnuwgtNo0soVKsWGATH65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX8\n"
+ "0jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H1TYDjwA1iBFku/O/xx7Jag7Y0A2l\n"
+ "1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MOGFTs5r9QyM//sm5D\n"
+ "2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDOUCx6\n"
+ "xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0\n"
+ "/zX4MFMD/Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWd\n"
+ "kKpm9xcFddATlT0CggEBAOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvE\n"
+ "qgKHOgZO9ztD6/UgX41uc+3rKfvmY5AsldGZgd0ov/DyeF0N834LeBVayG1fdcEt\n"
+ "amqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9TwoUWS2xmldc+nehCdHs\n"
+ "WQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ETjKemdK\n"
+ "HQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5\n"
+ "ZB7ev8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FW\n"
+ "Nqvwp9PQzxwTv8wuxBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o\n"
+ "1Rad6jtb1SiV9KcPk83wIeoUk/xp0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7L\n"
+ "qpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8eTEywu5yrMGeAjVpLFfKlmGI\n"
+ "pYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk2kuGLYXISfUG\n"
+ "j0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a\n"
+ "xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8W\n"
+ "X4+ZEW7S4heLsUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/a\n"
+ "W22I0REV5UU8bS1F7taV93EwWmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVy\n"
+ "FjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4igfJpPcUFYOazZ3Y7q53RdCgIPKKy\n"
+ "iVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GHW93TUDTKWlTXyUFm\n"
+ "C2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltYG08t\n"
+ "fEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL6\n"
+ "06qeBC8xoVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQ\n"
+ "pyVWfB+F2ppBOYtKvNubyKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+I\n"
+ "Qj8I06c1T31kzfJ71Vx1DUWZW/65xmFD4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rq\n"
+ "uPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+Vx676FQrM4EzjSSqgA==\n"
+ "-----END RSA PRIVATE KEY-----\n",
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3\n"
+ "+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui\n"
+ "tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB\n"
+ "x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2\n"
+ "QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8\n"
+ "9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4\n"
+ "m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA\n"
+ "+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp\n"
+ "f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4\n"
+ "+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ\n"
+ "4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+\n"
+ "8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==\n"
+ "-----END PUBLIC KEY-----");
+ km[DSA].emplace_back(
"-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
"rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
"DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
"S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
"yAKPlW7WQzgV5jLLNUW7\n"
- "-----END DSA PRIVATE KEY-----"
+ "-----END DSA PRIVATE KEY-----\n",
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMixBFiCdTiablWszLKSk03N4dNAA7wT\n"
+ "aEkBw7A08Gt2izxqZqStwmfIFo2HnpmyVy5c0Qom7GIOzLhUz0pRHx8dOpOIXmz7\n"
+ "g0CvN2t3A1CkpaMCok1+CkJ1otkfD2jznt+VxDh3Jg2cDPX9I0ae/TcObwRhE1EU\n"
+ "1oU3DvME+PJXAhUA3KPuKMt+sJsNkOLqid3k2nU2zSECgYEAhxLVx5a3DoMAaZjD\n"
+ "Dbuv/WUu2qOuryPTDRoXovL6ln/L5ZPD0pPXx5Eo+ZWCu5VKfdVVUl43TRdqgq98\n"
+ "9IeRNEgTmuujZkQieGneDRVqTsRclZ7sooFFepIw0WSd2Mq/WfI0p5ZISr1eqXpI\n"
+ "+fwnxN+ZvJSk9IiCVlG8nYMfAckDgYQAAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkB\n"
+ "eukXzeZGqNWEjgzLAjMZEVYMDLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23\n"
+ "ToR8fQuiBu+KvtAP/QuCOJ/LS0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6\n"
+ "J2+fygnWcOOSo6s=\n"
+ "-----END PUBLIC KEY-----\n"
);
km[ECDSA].emplace_back(
"-----BEGIN EC PRIVATE KEY-----\n"
{
public:
void init(const std::string &) {
- reset_user_data(0, TEST_PASS);
- reset_user_data(APP_UID, TEST_PASS);
+ remove_user_data(0);
+ remove_user_data(APP_UID);
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ unlock_user_data(APP_UID, TEST_PASS);
}
void finish() {
remove_user_data(APP_UID);
DBCleanup dbc;
test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub2"), keys[RSA][1].pub, Policy(""));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub3"), keys[DSA][0].prv, Policy(""));
auto obs = test_positive(&ManagerAsync::createSignature,
dbc.alias("alias_prv"),
"",
HashAlgorithm::SHA1,
RSAPaddingAlgorithm::PKCS1);
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_SERVER_ERROR,
+ test_positive(&ManagerAsync::verifySignature,
dbc.alias("alias_prv"),
"",
test_buffer,
obs->m_signed,
HashAlgorithm::SHA1,
RSAPaddingAlgorithm::PKCS1);
+
+ test_positive(&ManagerAsync::verifySignature,
+ dbc.alias("alias_pub"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub2"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub3"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
}
RUNNER_CHILD_TEST(TA1660_verify_signature_positive, CKMAsyncAPIEnv)
RUNNER_TEST(TA1820_allow_access, CKMAsyncAPIEnv)
{
- DBCleanup dbc;
- CharPtr top_label = get_label();
- test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
- test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
- test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias2"),
- TEST_LABEL,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias3"),
- TEST_LABEL,
- CKM::Permission::READ | CKM::Permission::REMOVE);
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
+ std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ gc.save(alias1.c_str(), TEST_DATA);
+ gc.save(alias2.c_str(), TEST_DATA);
+ gc.save(alias3.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL_2,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ }
{
- ScopedLabel label(TEST_LABEL);
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
// test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
// now test with appropriate addressing
- std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
- test_positive(&ManagerAsync::getData, full_alias2_address, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
+ test_positive(&ManagerAsync::getData, alias2, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
- std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
- test_positive(&ManagerAsync::getData, full_alias3_address, "");
- test_positive(&ManagerAsync::removeAlias, full_alias3_address);
+ test_positive(&ManagerAsync::getData, alias3, "");
+ test_positive(&ManagerAsync::removeAlias, alias3);
}
}
RUNNER_TEST(TA1920_deny_access, CKMAsyncAPIEnv)
{
- DBCleanup dbc;
- CharPtr top_label = get_label();
- test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias"),
- TEST_LABEL,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ gc.save(alias1.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::NONE);
+ }
{
- ScopedLabel label(TEST_LABEL);
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
- std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
}
}
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- dbc.alias(alias_PKCS_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
pkcs,
exportable,
exportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- dbc.alias(alias_PKCS_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- dbc.alias(alias_PKCS_not_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
pkcs,
notExportable,
notExportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- dbc.alias(alias_PKCS_not_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
pkcs,
notExportable,
notExportable);
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- dbc.alias(alias_PKCS_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- dbc.alias(alias_PKCS_not_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
pkcs,
notExportable,
notExportable);
// fail - no entry
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- "i-do-not-exist",
+ sharedDatabase("i-do-not-exist").c_str(),
CKM::Password(),
CKM::Password());
// fail - not exportable
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_NOT_EXPORTABLE,
- dbc.alias(alias_PKCS_not_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
CKM::Password(),
CKM::Password());
// success - exportable
auto obs = test_positive(&ManagerAsync::getPKCS12,
- dbc.alias(alias_PKCS_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
CKM::Password(),
CKM::Password());
2 == caVector.size(),
"Wrong size of vector");
}
+
+RUNNER_TEST(TA9999_deinit)
+{
+ remove_user_data(0);
+ remove_user_data(APP_UID);
+}
#include <ckm/ckm-type.h>
namespace {
+const int USER_ROOT = 0;
+const int APP_1 = 6000;
+const int GROUP_1 = 6000;
+const int APP_2 = 6200;
+const int GROUP_2 = 6200;
+const char * const APP_PASS_1 = "app-pass-1";
+const char * const APP_PASS_2 = "app-pass-2";
+const char* APP_LABEL_1 = "APP_LABEL_1";
+const char* APP_LABEL_2 = "APP_LABEL_2";
+const char* APP_LABEL_3 = "APP_LABEL_3";
+const char* APP_LABEL_4 = "APP_LABEL_4";
-const uid_t USER_ROOT = 0;
-const char* APP_PASS = "user-pass";
-const char* ROOT_PASS = "test-pass";
const char* NO_ALIAS = "definitely-non-existent-alias";
const char* NO_OWNER = "definitely-non-existent-owner";
const char* TEST_ALIAS2 = "test-alias2";
const char* TEST_ALIAS3 = "test-alias3";
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL2 = "test-label2";
-const char* TEST_LABEL3 = "test-label3";
-const char* TEST_LABEL4 = "test-label4";
-
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-void save_data(const char* alias, const char *data)
-{
- ckmc_raw_buffer_s buffer;
- buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
- buffer.size = strlen(data);
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = true;
-
- int ret = ckmc_save_data(alias, buffer, policy);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
-}
-
-void save_data(const char* alias)
-{
- save_data(alias, TEST_DATA);
-}
-
-void check_remove_allowed(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- // remove, but ignore non existing
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
- "Removing data failed: " << CKMCErrorToString(ret));
-}
-
-void check_remove_denied(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_PERMISSION_DENIED == ret,
- "App with different label shouldn't have rights to remove this data. Error: " << ret);
-}
-
-void check_remove_not_visible(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "App with different label shouldn't have rights to see this data. Error: " << ret);
-}
-
-void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE)
-{
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
- RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result: " << CKMCErrorToString(ret));
-
- if(expected_code == CKMC_ERROR_NONE)
- {
- // compare data with expected
- RUNNER_ASSERT_MSG(
- buffer->size == strlen(test_data),
- "Extracted data length do not match expected data length (encrypted?).");
-
- RUNNER_ASSERT_MSG(
- memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), test_data, buffer->size) == 0,
- "Extracted data do not match expected data (encrypted?).");
-
- ckmc_buffer_free(buffer);
- }
-}
-
-void check_read_allowed(const char* alias, const char *data)
-{
- // try to read previously saved data - label taken implicitly
- check_read(alias, 0, data);
-}
-void check_read_allowed(const char* alias)
-{
- check_read_allowed(alias, TEST_DATA);
-}
-
-void check_read_not_visible(const char* alias)
-{
- // try to read previously saved data - label taken implicitly
- {
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(alias, NULL, &buffer);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "App with different label shouldn't have rights to see this data." << CKMCErrorToString(ret));
- ckmc_buffer_free(buffer);
- }
-}
-
void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
{
int ret = ckmc_allow_access(alias, accessor, accessRights);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void allow_access(const char* alias, const char* accessor, int permissionMask)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
- RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode));
-}
-
-void deny_access(const char* alias, const char* accessor)
-{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << CKMCErrorToString(ret));
-}
-
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
-{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode));
-}
-
-void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
{
// data removal should revoke this access
- int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights);
+ int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
+void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
{
// data removal should revoke this access
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
+ int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void deny_access_by_adm(const char* alias, const char* accessor)
+void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
{
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
}
-int count_aliases()
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ret = ckmc_get_data_alias_list(&aliasList);
- if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
- return 0;
-
- RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret));
-
- ckmc_alias_list_s *plist = aliasList;
- int count = 0;
- while(plist)
- {
- plist = plist->next;
- count++;
- }
- ckmc_alias_list_all_free(aliasList);
- return count;
-}
-
-void check_alias_count(int expected)
+void check_alias_count(size_t expected)
{
- int count = count_aliases();
+ size_t count = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
}
-// saves data upon construction and deletes it upon destruction
-class ScopedSaveData
-{
-public:
- ScopedSaveData(const char* alias) : m_alias(alias)
- {
- save_data(alias);
- }
- ScopedSaveData(const char* alias, const char *data) : m_alias(alias)
- {
- save_data(alias, data);
- }
-
- ~ScopedSaveData()
- {
- /*
- * Let it throw. If we can't remove data then remaining tests results will be
- * unreliable anyway.
- */
- check_remove_allowed(m_alias);
- }
-private:
- const char* m_alias;
-};
-
} // namespace anonymous
-RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
+RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
/////////////////////////////////////////////////////////////////////////////
// Manager
RUNNER_TEST(T3000_init)
{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
+ reset_user_data(APP_1, APP_PASS_1);
+ reset_user_data(APP_2, APP_PASS_2);
}
// invalid arguments check
RUNNER_TEST(T3001_manager_allow_access_invalid)
{
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
RUNNER_ASSERT(
CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
RUNNER_ASSERT(
// invalid arguments check
RUNNER_TEST(T3002_manager_deny_access_invalid)
{
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access for non existing alias
RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access that does not exist in database
RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- ScopedSaveData ssd(TEST_ALIAS);
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// deny non existing access to existing alias
int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
// tries to allow access to application own data
RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- ScopedSaveData ssd(TEST_ALIAS);
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
CharPtr label = get_label();
int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
// verifies that alias can not contain forbidden characters
RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
{
- switch_to_storage_user(TEST_LABEL);
- ScopedSaveData ssd(TEST_ALIAS);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
std::string test_alias_playground = std::string("AAA BBB CCC");
check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// control: expect success
check_read(TEST_ALIAS, 0, TEST_DATA);
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+ check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
}
// verifies that label can not contain forbidden characters
RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
{
- switch_to_storage_user(TEST_LABEL);
- ScopedSaveData ssd(TEST_ALIAS);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// basic test
- std::string test_label_playground = std::string("AAA BBB CCC");
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// insert part of the separator in the middle
- test_label_playground = std::string(TEST_LABEL);
- test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator);
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ APP_LABEL_1_playground = std::string(APP_LABEL_1);
+ APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// prepend separator
- test_label_playground = std::string(TEST_LABEL);
- test_label_playground.insert(0, ckmc_label_name_separator);
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ APP_LABEL_1_playground = std::string(APP_LABEL_1);
+ APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// append separator
- test_label_playground = std::string(TEST_LABEL);
- test_label_playground.append(ckmc_label_name_separator);
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ APP_LABEL_1_playground = std::string(APP_LABEL_1);
+ APP_LABEL_1_playground.append(ckmc_label_name_separator);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// control: expect success
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+ check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
}
+
// tries to access other application data without permission
RUNNER_TEST(T3020_manager_access_not_allowed)
{
- CharPtr top_label = get_label();
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- ScopedSaveData ssd(TEST_ALIAS);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_read_not_visible(TEST_ALIAS_adr.c_str());
check_remove_not_visible(TEST_ALIAS_adr.c_str());
}
// tries to access other application data with permission
RUNNER_TEST(T3021_manager_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission for read/remove
RUNNER_TEST(T3022_manager_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission for reading only
RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3025_manager_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// rights
RUNNER_TEST(T3026_manager_double_allow)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- // access should be overwritten
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // access should be overwritten
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
}
// tries to access application data with permission and after permission has been revoked
RUNNER_TEST(T3027_manager_allow_deny)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ }
+
+ // remove permission
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
+ deny_access(TEST_ALIAS, APP_LABEL_2);
}
- deny_access(TEST_ALIAS, TEST_LABEL2);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
RUNNER_TEST(T3028_manager_access_by_label)
{
- CharPtr top_label = get_label();
+ // prepare: add data
+ GarbageCollector gc;
const char *additional_data = "label-2-data";
- ScopedSaveData ssd(TEST_ALIAS);
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
+
+ // add data as app 2
{
- ScopedLabel sl(TEST_LABEL2);
- ScopedSaveData ssd(TEST_ALIAS, additional_data);
- allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ save_data(TEST_ALIAS, additional_data);
+
+ allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
// test if accessing valid alias (of label2 domain)
check_read_allowed(TEST_ALIAS, additional_data);
-
- // this has to be done here - in the scope, otherwise
- // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
- {
- ScopedLabel sl(top_label.get());
-
- // test if can access label2 alias from label1 domain - should succeed
- check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
- }
}
- // test if accessing valid alias (of label1 domain)
- check_read_allowed(TEST_ALIAS);
+ // test accessibility to app 2 from app 1
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- // access should not be possible - already left the LABEL2 scope, object should be removed
- check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
+ // test if can access label2 alias from label1 domain - should succeed
+ check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
+ }
}
// tries to modify another label's permission
RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
{
- ScopedLabel sl(TEST_LABEL);
- ScopedSaveData ssd(TEST_ALIAS);
- allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
+ allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
+ deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
}
}
// checks if only aliases readable by given app are returned
RUNNER_TEST(T3030_manager_get_all_aliases)
{
- ScopedSaveData ssd1(TEST_ALIAS);
- ScopedSaveData ssd2(TEST_ALIAS2);
+ // prepare: add data
+ GarbageCollector gc;
+ size_t count;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ gc.save(TEST_ALIAS2, TEST_DATA);
- int count = count_aliases();
+ count = count_aliases(ALIAS_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
- ScopedSaveData ssd3(TEST_ALIAS3);
+ ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
// check that app can access its own aliases
check_alias_count(count - 1 + 1);
}
- deny_access(TEST_ALIAS, TEST_LABEL2);
+ // remove permission
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ deny_access(TEST_ALIAS, APP_LABEL_2);
+ }
+
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
// tries to access other application data with permission
RUNNER_TEST(T3031_manager_deprecated_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission for read/remove
RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission for reading only
RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ }
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
-
/////////////////////////////////////////////////////////////////////////////
// Control
+RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
+
+RUNNER_TEST(T3100_init)
+{
+ reset_user_data(APP_1, APP_PASS_1);
+ reset_user_data(APP_2, APP_PASS_2);
+}
+
// invalid argument check
RUNNER_TEST(T3101_control_allow_access_invalid)
{
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
+
int ret;
- ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
}
// invalid argument check
RUNNER_TEST(T3102_control_deny_access_invalid)
{
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
+
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
// double owner
std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
RUNNER_TEST(T3103_control_allow_access_non_existing)
{
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Allowing access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny access for non existing alias
RUNNER_TEST(T3104_control_deny_access_non_existing)
{
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Denying access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny non existing access
RUNNER_TEST(T3105_control_deny_access_non_existing_access)
{
- ScopedSaveData ssd(TEST_ALIAS);
-
- CharPtr label = get_label();
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- // deny non existing access to existing alias
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
}
// tries to allow application to access its own data
RUNNER_TEST(T3106_control_allow_access_to_myself)
{
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- CharPtr label = get_label();
- int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
+ // test
+ int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
+ "Trying to allow myself returned: " << CKMCErrorToString(ret));
}
// tries to use admin API as a user
{
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
- switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
+ // prepare: add data
+ GarbageCollector gc;
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ // test
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+ "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
}
// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
+RUNNER_CHILD_TEST(T3111_control_deny_access_as_user)
{
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
- switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
+ // prepare: add data
+ GarbageCollector gc;
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ // test
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+ "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
}
// tries to read other application data with permission
RUNNER_TEST(T3121_control_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission to read/remove
RUNNER_TEST(T3122_control_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission to read
RUNNER_TEST(T3122_control_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3125_control_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// rights
RUNNER_TEST(T3126_control_double_allow)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
// access should be overwritten
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
}
// tries to access other application data with permission and after permission has been revoked
RUNNER_TEST(T3127_control_allow_deny)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
- CharPtr label = get_label();
- deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+
+ deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
// checks if only aliases readable by given app are returned
RUNNER_TEST(T3130_control_get_all_aliases)
{
- ScopedSaveData ssd1(TEST_ALIAS);
- ScopedSaveData ssd2(TEST_ALIAS2);
+ // prepare: add data
+ GarbageCollector gc;
+ size_t count;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ gc.save(TEST_ALIAS2, TEST_DATA);
- int count = count_aliases();
+ count = count_aliases(ALIAS_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
- ScopedSaveData ssd3(TEST_ALIAS3);
+ ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA);
// check that app can access its own aliases
check_alias_count(count - 1 + 1);
}
- deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+ deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
// tries to add access to data in a database of invalid user
RUNNER_TEST(T3140_control_allow_invalid_user)
{
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- int ret = ckmc_set_permission_by_adm(
- APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+ "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
}
// tries to revoke access to data in a database of invalid user
RUNNER_TEST(T3141_control_deny_invalid_user)
{
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+ "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
}
// tries to read other application data with permission
RUNNER_TEST(T3142_control_deprecated_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission to read/remove
RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission to read
RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3145_control_deprecated_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
-
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
}
-}
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-RUNNER_TEST(T3999_deinit)
-{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ }
}
namespace {
-const char *CHAINS_PASSWD = "chains-pass";
-
typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
addCert(m_trustedCerts, cert);
std::stringstream ss;
- ss << "TRUSTED_CERT_ALIAS_" << size;
+ ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
save_cert(cert, ss.str().c_str());
addAlias(m_trustedAliases, ss.str().c_str());
}
addCert(m_untrustedCerts, cert);
std::stringstream ss;
- ss << "UNTRUSTED_CERT_ALIAS_" << size;
+ ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
save_cert(cert, ss.str().c_str());
addAlias(m_untrustedAliases, ss.str().c_str());
}
RUNNER_TEST(TCCH_0000_init)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
}
// old API
RUNNER_TEST(TCCH_0010_get_chain_old_api)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<ChainApiOld> cv;
cv.verifyNegative(TestData::GOOGLE_COM);
// old API
RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<ChainApiOld> cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
// check invalid arguments
RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
// alias
ca1 = create_cert(TestData::GEOTRUST);
- save_cert(ca1, "GEOTRUST");
- AliasListPtr untrusted_a = create_alias_list("GEOTRUST", NULL);
+ save_cert(ca1, sharedDatabase("GEOTRUST").c_str());
+ AliasListPtr untrusted_a = create_alias_list(sharedDatabase("GEOTRUST").c_str(), NULL);
assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
NULL_CERT,
// check invalid arguments
RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_list_s* chain = NULL;
- AliasListPtr non_existing = create_alias_list("NON_EXISTING_ALIAS", NULL);
+ AliasListPtr non_existing = create_alias_list(sharedDatabase("NON_EXISTING_ALIAS").c_str(), NULL);
assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
ckmc_get_cert_chain_with_trustedcert_alias,
ca2,
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
*/
RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.addUntrusted(TestData::GIAG2);
*/
RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(true);
#include <ckm-common.h>
#include <string>
+#include <fstream>
#include <string.h>
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-
namespace {
-
-typedef enum {
- ALIAS_KEY,
- ALIAS_CERT,
- ALIAS_DATA
-} alias_type_;
-
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
const char* USER_PASS = "user-pass";
+const char* TEST_LABEL = "test_label";
+const char *const TEST_OBJECT1 = "OBJECT1";
+const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
+const char* TEST_SYSTEM_ALIAS = "system-alias-1";
+const char* TEST_DATA = "ABCD";
+} // namespace anonymous
-int count_aliases(alias_type_ type, int minimum_initial_element_count = 0)
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ec;
- switch(type)
- {
- case ALIAS_KEY:
- ec = ckmc_get_key_alias_list(&aliasList);
- break;
-
- case ALIAS_CERT:
- ec = ckmc_get_cert_alias_list(&aliasList);
- break;
-
- case ALIAS_DATA:
- ec = ckmc_get_data_alias_list(&aliasList);
- break;
- }
- if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
- return 0;
- else if(ec==0)
- {
- ckmc_alias_list_s *plist = aliasList;
- int return_count = 0;
- while(plist)
- {
- plist = plist->next;
- return_count ++;
- }
- ckmc_alias_list_all_free(aliasList);
-
- RUNNER_ASSERT_MSG(
- return_count >= minimum_initial_element_count,
- "Error: alias list failed, current element count: " << return_count <<
- " while expected minimal count of " << minimum_initial_element_count <<
- " elements");
-
- return return_count;
- }
- else
- {
- // error - fail
- RUNNER_ASSERT_MSG(
- ec >= 0,
- "Error: alias list failed, ec: " << CKMCErrorToString(ec));
- }
- return ec;
-}
+RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
-ckmc_raw_buffer_s prepare_message_buffer(const char * input)
+RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
{
- ckmc_raw_buffer_s retval;
- retval.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(input));
- retval.size = strlen(input);
- return retval;
-}
+ int temp;
-} // namespace anonymous
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
+ CKMCReadableError(temp));
-RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
+ remove_user_data(5000);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
+ CKMCReadableError(temp));
+}
RUNNER_TEST(T3011_Control_C_API)
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
}
RUNNER_TEST(T3014_Control_C_API)
{
int temp;
- const uid_t UNIQUE_USER = 15;
-
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
- // unlock with default password
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
- CKMCReadableError(temp));
+ const uid_t UNIQUE_USER = 6500;
+
+ // clean up environment
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+ CKMCReadableError(temp));
+ // unlock with empty password
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
+ CKMCReadableError(temp));
// reset password (NULL, "simple-password")
RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
CKMCReadableError(temp));
// try to reset password when db locked
RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
CKMCReadableError(temp));
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
+ // clean up environment
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3015_Control_C_API)
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
+ CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
+}
+
+RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
+{
+ save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
+
+ // [test] - expect success
+ check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA);
+
+ // remove user data - expect to map to the system DB
+ int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
CKMCReadableError(temp));
+
+ // [test] - expect fail
+ check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
ckmc_policy_s test_policy;
char* password = NULL;
- const char *alias = "mykey";
+ CKM::Alias alias = sharedDatabase("mykey");
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
test_key2 = &test_key;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
CKMCReadableError(temp));
}
ckmc_cert_s *cert2;
ckmc_cert_s cert;
- const char *alias = "test-cert-1-RSA";
+ CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
ckmc_policy_s test_policy;
test_policy.password = password;
cert.data_format = CKMC_FORM_PEM;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
char* password = NULL;
ckmc_cert_s *cert2;
- const char *alias = "test-cert-1-RSA";
+ CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
}
cert.cert_size = certPem.length();
cert.data_format = CKMC_FORM_PEM;
- int current_aliases_num = count_aliases(ALIAS_CERT);
+ size_t current_aliases_num = count_aliases(ALIAS_CERT);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_CERT);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_CERT)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
cert.cert_size = certPem.length();
cert.data_format = CKMC_FORM_PEM;
- const char *alias = "test-cert-1-DSA";
+ CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
test_policy3.password = password;
test_policy3.extractable = 0;
- int current_aliases_num = count_aliases(ALIAS_KEY);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
ckmc_key_s *test_key2;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_TEST(T3041_init_C_API)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, "simple-password");
}
RUNNER_TEST(T3042_save_get_bin_data_C_API)
test_policy3.password = password;
test_policy3.extractable = 0;
- int current_aliases_num = count_aliases(ALIAS_DATA);
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
ckmc_raw_buffer_s *testData4;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
CKMCReadableError(temp));
int compareResult;
RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string binData = "My bin data";
- int current_aliases_num = count_aliases(ALIAS_DATA);
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
RUNNER_TEST(T3044_remove_bin_data_C_API)
{
int temp;
- int current_aliases_num = count_aliases(ALIAS_DATA, 2);
+ size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- (current_aliases_num-2) == (temp = count_aliases(ALIAS_DATA)),
- "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << temp);
+ (current_aliases_num-2) == actual_cnt,
+ "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
char* password = NULL;
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
CKMCReadableError(temp));
int compareResult;
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
CKMCReadableError(temp));
}
-RUNNER_TEST(T3045_deinit_C_API)
+RUNNER_TEST(T3045_save_big_data_C_API)
+{
+ GarbageCollector gc;
+ const size_t BIG_SIZE = 5000000; // can't go much further because of stack size limit
+ ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
+
+ char big_data[BIG_SIZE];
+ std::ifstream is("/dev/urandom", std::ifstream::binary);
+ if(is)
+ is.read(big_data, BIG_SIZE);
+
+ RUNNER_ASSERT_MSG(is,
+ "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
+
+ gc.save(TEST_ALIAS1.c_str(), big_data, BIG_SIZE, CKMC_ERROR_NONE);
+
+ check_read(TEST_OBJECT1, TEST_LABEL, big_data, BIG_SIZE, CKMC_ERROR_NONE);
+}
+
+RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
{
int temp;
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
policy_public_key.extractable = 1;
- int current_aliases_num = count_aliases(ALIAS_KEY);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+ (current_aliases_num+2) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
ckmc_key_s *privateKey;
RUNNER_ASSERT_MSG(
policy_public_key.password = NULL;
policy_public_key.extractable = 1;
- int current_aliases_num = count_aliases(ALIAS_KEY);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+ (current_aliases_num+2) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
ckmc_key_s *privateKey = 0;
RUNNER_ASSERT_MSG(
RUNNER_TEST(T3061_CAPI_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, USER_PASS);
}
RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
int temp;
size_t size = 1024;
- const char *private_key_alias = "rsa-test-1";
- const char *public_key_alias = "rsa-test-2";
+ CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
+ CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
policy_public_key.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
// on next attempt to generate keys with the same alias, expect fail (alias exists)
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
}
int temp;
size_t size = 1024;
- const char *private_key_alias = "dsa-test-1";
- const char *public_key_alias = "dsa-test-2";
+ CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
+ CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
policy_public_key.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
}
int temp;
ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- const char *private_key_alias = "ecdsa-test-1";
- const char *public_key_alias = "ecdsa-test-2";
+ CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
+ CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
policy_public_key.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3065_CAPI_deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
// TODO
RUNNER_TEST(T3071_CAPI_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
+ std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
ckmc_cert_s c_cert;
c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
ckmc_cert_list_s *cert_chain_list;
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
- ckmc_ocsp_status_e ocsp_status;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
+ ckmc_ocsp_status_e ocsp_status;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
}
RUNNER_TEST(T3075_CAPI_deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
+ CKM::Alias pub_alias = sharedDatabase("pub1");
+ CKM::Alias pri_alias = sharedDatabase("prv1");
const char *key_passwd = "1234";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
int temp;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
+ CKM::Alias pub_alias = sharedDatabase("pub1");
+ CKM::Alias pri_alias = sharedDatabase("prv1");
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
"-----END PUBLIC KEY-----\n";
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pri_alias = "ecprv2";
- const char *pub_alias = "ecpub2";
+ CKM::Alias pri_alias = sharedDatabase("ecprv2");
+ CKM::Alias pub_alias = sharedDatabase("ecpub2");
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
pripolicy.extractable = 0;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pri_alias = "prv3";
- const char *pub_alias = "pub3";
+ CKM::Alias pri_alias = sharedDatabase("prv3");
+ CKM::Alias pub_alias = sharedDatabase("pub3");
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
pripolicy.extractable = 0;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pub_alias = "dsa-pub1";
- const char *pri_alias = "dsa-prv1";
+ CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
+ CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
// positive test
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
invalid_msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pub_alias = "dsa-pub2";
- const char *pri_alias = "dsa-prv2";
+ CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
+ CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias, pub_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
"Error=" << temp);
char *pri_passwd = NULL;
ckmc_key_s *pubkey = NULL;
ckmc_key_s *prikey = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias, 0, &prikey)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias, 0, &pubkey)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
// positive test
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
invalid_msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pri_alias = "prv4";
- const char *pub_alias = "pub4";
+ CKM::Alias pri_alias = sharedDatabase("prv4");
+ CKM::Alias pub_alias = sharedDatabase("pub4");
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_TEST(T3089_CAPI__deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3091_CAPI_TYPE_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, USER_PASS);
}
RUNNER_TEST(T3092_CAPI_TYPE_KEY)
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
unsigned int size = certPem.size();
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
- CKMCReadableError(ret));
+ CKMCReadableError(ret));
RUNNER_ASSERT_MSG(
pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
- const char *lcert_alias = "lcert_alias";
+ CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
ckmc_policy_s policy;
policy.password = NULL;
policy.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
+ CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
CKMCReadableError(ret));
remove(file_name);
policy.extractable = 1;
- const char *pkey_alias = "pkey_alias";
+ CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
CKMCReadableError(temp));
- const char *cert_alias = "cert_alias";
+ CKM::Alias cert_alias = sharedDatabase("cert_alias");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
CKMCReadableError(temp));
- std::string caCertAlias = "ca_cert_alias_";
+ std::string caCertAlias = sharedDatabase("ca_cert_alias_");
const char *idx = "0";
int cnt = 0;
ckmc_cert_list_s *tmpList = ca_cert_list;
}
RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
- const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
- const char *password = "password";
+ const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+ const char *password = "password";
- int temp;
+ int temp;
- ckmc_pkcs12_s *ppkcs12 = NULL;
+ ckmc_pkcs12_s *ppkcs12 = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
+ RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
+ RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
- const char *pkey_alias = "pkey_alias2";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)),
- CKMCReadableError(temp));
+ CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
+ CKMCReadableError(temp));
- const char *cert_alias = "cert_alias2";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)),
- CKMCReadableError(temp));
- std::string caCertAlias = "ca_cert_alias_2_";
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- CKMCReadableError(temp));
- tmpList = tmpList->next;
- cnt ++;
- }
+ CKM::Alias cert_alias = sharedDatabase("cert_alias2");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
+ CKMCReadableError(temp));
+ std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
+ const char *idx = "0";
+ int cnt = 0;
+ ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
+ while(tmpList != NULL) {
+ caCertAlias.append(idx);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
+ CKMCReadableError(temp));
+ tmpList = tmpList->next;
+ cnt ++;
+ }
- RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
+ RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
- ckmc_pkcs12_free(ppkcs12);
+ ckmc_pkcs12_free(ppkcs12);
}
RUNNER_TEST(T3098_CAPI_TYPE_deinit)
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
}
namespace
{
-const char* alias_PKCS_exportable = "CAPI-test-PKCS-export";
-const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
{
- const char *wrong_passwd = "wrong";
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
- CKMCReadableError(temp));
+ const char *wrong_passwd = "wrong";
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
{
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
-
- // save to the CKM
- ckmc_policy_s exportable;
- exportable.password = NULL;
- exportable.extractable = 1;
- ckmc_policy_s notExportable;
- notExportable.password = NULL;
- notExportable.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
-
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
+
+ // save to the CKM
+ ckmc_policy_s exportable;
+ exportable.password = NULL;
+ exportable.extractable = 1;
+ ckmc_policy_s notExportable;
+ notExportable.password = NULL;
+ notExportable.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
+ CKMCReadableError(temp));
+
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
+
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
{
- int temp;
- ckmc_pkcs12_s *pkcs = NULL;
-
- // fail - no entry
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // fail - not exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // success - exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
- size_t cntr = 0;
- ckmc_cert_list_s *iter = pkcs->ca_chain;
- do {
- cntr ++;
- iter = iter->next;
- } while(iter);
- RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
-
- ckmc_pkcs12_free(pkcs);
+ int temp;
+ ckmc_pkcs12_s *pkcs = NULL;
+
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+ size_t cntr = 0;
+ ckmc_cert_list_s *iter = pkcs->ca_chain;
+ do {
+ cntr ++;
+ iter = iter->next;
+ } while(iter);
+ RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+ ckmc_pkcs12_free(pkcs);
}
RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
{
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- int temp;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- alias_PKCS_exportable,
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- alias_PKCS_exportable,
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ int temp;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ alias_PKCS_exportable.c_str(),
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ alias_PKCS_exportable.c_str(),
+ NULL,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
{
- int tmp;
-
- // remove the whole PKCS12 bundles
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)),
- CKMCReadableError(tmp));
-
- // expect lookup fails due to unknown alias
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
+ int tmp;
+
+ // remove the whole PKCS12 bundles
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())),
+ CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())),
+ CKMCReadableError(tmp));
+
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
+
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3201_CAPI_unlock_database)
{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- CKMCReadableError(temp));
+ reset_user_data(USER_APP, USER_PASS);
}
RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, USER_PASS);
+
int temp;
- char alias[10] = "mykey";
+ CKM::Alias alias = "mykey";
char *password = NULL;
ckmc_key_s *test_key = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
"Error=" << temp);
RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, USER_PASS);
+
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
}
RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
int temp;
- char alias[10] = "mykey";
+ CKM::Alias alias = "mykey";
char *password = NULL;
ckmc_key_s *test_key = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
+ CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
RUNNER_TEST(T3204_deinit)
{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(USER_APP);
}
const char* const USER_LABEL = "User";
const char* const CKM_LOCK = "/var/run/key-manager.pid";
-const char* const CC_PASSWD = "t200-special-password";
-
// Wrapper for mdpp state that restores the original value upon destruction
class MdppState
{
-Alias rsa_pri_alias("rsa-private-T2002");
-Alias rsa_pub_alias("rsa-public-T2002");
-Alias ecdsa_pri_alias("ecdsa-private-T2002");
-Alias ecdsa_pub_alias("ecdsa-public-T2002");
+Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002");
+Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
+Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
+Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
void save_keys()
{
RUNNER_TEST(TCC_0000_init)
{
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
}
// updatedCCMode should succeed regardless of mdpp setting
stop_service(LISTENER);
MdppState mdpp;
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
mdpp.set(NULL);
{
// restart listener without vconf callback
stop_service(LISTENER);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
MdppState mdpp;
mdpp.set(NULL);
update_cc_mode();
update_cc_mode();
start_service(LISTENER);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
{
restart_ckm(DISABLED);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(ENABLED);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(ENFORCING);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(READY);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_SUCCESS);
}
{
restart_ckm("whatever");
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_SUCCESS);
}
{
restart_ckm(NULL);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_SUCCESS);
}
#include <ckmc/ckmc-control.h>
#include <ckmc/ckmc-manager.h>
#include <service_manager.h>
+#include <unistd.h>
const char* SERVICE[] = {
"central-key-manager-listener.service",
void change_label(const char* label)
{
int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self. Error: " << ret);
+ RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
}
ScopedLabel::ScopedLabel(const char* label) : m_original_label(get_label())
return output;
}
+void save_data(const char* alias, const char *data, int expected_err)
+{
+ save_data(alias, data, strlen(data), expected_err);
+}
+
+void save_data(const char* alias, const char *data, size_t len, int expected_err = CKMC_ERROR_NONE)
+{
+ RUNNER_ASSERT(alias);
+ RUNNER_ASSERT(data);
+
+ ckmc_raw_buffer_s buffer;
+ buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
+ buffer.size = len;
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = true;
+
+ int ret = ckmc_save_data(alias, buffer, policy);
+ RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
+ << CKMCErrorToString(ret) << " while expected: "
+ << CKMCErrorToString(expected_err));
+
+}
+
+ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
+{
+ save_data(alias, data, expected_err);
+}
+
+ScopedSaveData::~ScopedSaveData()
+{
+ /*
+ * Let it throw. If we can't remove data then remaining tests results will be
+ * unreliable anyway.
+ */
+ check_remove_allowed(m_alias.c_str());
+}
+
+void GarbageCollector::add(const char* alias)
+{
+ save_item item;
+ item.item_alias = std::string(alias);
+ item.owner_label = std::string(get_label().get());
+ item.owner_uid = geteuid();
+ item.owner_gid = getegid();
+ m_garbage.push_back(item);
+}
+
+void GarbageCollector::save(const char* alias, const char *data, int expected_err)
+{
+ save(alias, data, strlen(data), expected_err);
+}
+
+void GarbageCollector::save(const char* alias, const char *data, size_t len, int expected_err)
+{
+ save_data(alias, data, len, expected_err);
+
+ if(CKMC_ERROR_NONE == expected_err)
+ add(alias);
+}
+
+GarbageCollector::~GarbageCollector()
+{
+ for(auto & item : m_garbage)
+ {
+ ScopedAccessProvider ap(item.owner_label, item.owner_uid, item.owner_gid);
+ check_remove_allowed(item.item_alias.c_str());
+ }
+}
+
+ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(user_id, passwd)), CKMCErrorToString(temp));
+}
+ScopedDBUnlock::~ScopedDBUnlock()
+{
+ int temp;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp));
+}
+
+void check_remove_allowed(const char* alias)
+{
+ int ret = ckmc_remove_alias(alias);
+ // remove, but ignore non existing
+ RUNNER_ASSERT_MSG((CKMC_ERROR_NONE == ret) || (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret),
+ "Removing data failed: " << CKMCErrorToString(ret));
+}
+
+void check_remove_denied(const char* alias)
+{
+ int ret = ckmc_remove_alias(alias);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_PERMISSION_DENIED == ret,
+ "App with different label shouldn't have rights to remove this data. "
+ << CKMCReadableError(ret));
+}
+
+void check_remove_not_visible(const char* alias)
+{
+ int ret = ckmc_remove_alias(alias);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "App with different label shouldn't have rights to see this data. "
+ << CKMCReadableError(ret));
+}
+
+void check_read(const char* alias,
+ const char *label,
+ const char *test_data,
+ size_t len,
+ int expected_code)
+{
+ ckmc_raw_buffer_s* buffer = NULL;
+ int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
+ RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. "
+ "Expected " << CKMCErrorToString(expected_code) << ", "
+ "while result " << CKMCErrorToString(ret));
+
+ if(expected_code == CKMC_ERROR_NONE)
+ {
+ // compare data with expected
+ RUNNER_ASSERT_MSG(
+ buffer->size == len,
+ "Extracted data length do not match expected data length (encrypted?):" <<
+ buffer->size << "!=" << len);
+
+ RUNNER_ASSERT_MSG(
+ memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)),
+ test_data, buffer->size) == 0,
+ "Extracted data do not match expected data (encrypted?).");
+
+ ckmc_buffer_free(buffer);
+ }
+}
+
+void check_read(const char* alias, const char *label, const char *test_data, int expected_code)
+{
+ check_read(alias, label, test_data, strlen(test_data), expected_code);
+}
+
+void check_read_allowed(const char* alias, const char *data)
+{
+ // try to read previously saved data - label taken implicitly
+ check_read(alias, NULL, data);
+}
+
+void check_read_not_visible(const char* alias)
+{
+ // try to read previously saved data - label taken implicitly
+ {
+ ckmc_raw_buffer_s* buffer = NULL;
+ int ret = ckmc_get_data(alias, NULL, &buffer);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "App with different label shouldn't have rights to see this data. " << CKMCErrorToString(ret));
+ ckmc_buffer_free(buffer);
+ }
+}
+
+void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type)
+{
+ ckmc_key_s *test_key = NULL;
+ int temp = ckmc_get_key(alias, 0, &test_key);
+ RUNNER_ASSERT_MSG(
+ expected_error == temp,
+ "received: " << CKMCReadableError(temp) << " while expected: " << CKMCReadableError(expected_error));
+ if(expected_type != CKMC_KEY_NONE)
+ {
+ RUNNER_ASSERT_MSG(
+ test_key->key_type == expected_type,
+ "received type: " << test_key->key_type << " while expected type: " << expected_type);
+ }
+ ckmc_key_free(test_key);
+}
+void check_key_allowed(const char *alias, ckmc_key_type_e expected_type)
+{
+ check_key(alias, CKMC_ERROR_NONE, expected_type);
+}
+void check_key_not_visible(const char *alias)
+{
+ check_key(alias, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+}
+void check_cert_allowed(const char *alias)
+{
+ ckmc_cert_s *test_cert = NULL;
+ int temp = ckmc_get_cert(alias, 0, &test_cert);
+ ckmc_cert_free(test_cert);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp));
+
+}
+void check_cert_not_visible(const char *alias)
+{
+ ckmc_cert_s *test_cert = NULL;
+ int temp = ckmc_get_cert(alias, 0, &test_cert);
+ ckmc_cert_free(test_cert);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == temp,
+ "App with different label shouldn't have rights to see this cert. " << CKMCErrorToString(temp));
+}
+
+void allow_access(const char* alias, const char* accessor, int permissionMask)
+{
+ // data removal should revoke this access
+ int ret = ckmc_set_permission(alias, accessor, permissionMask);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: "
+ << CKMCErrorToString(ret));
+}
+
+void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
+{
+ // data removal should revoke this access
+ int ret = ckmc_set_permission(alias, accessor, permissionMask);
+ RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned "
+ << CKMCErrorToString(ret) << ", while expected: "
+ << CKMCErrorToString(expectedCode));
+}
+
+void deny_access(const char* alias, const char* accessor)
+{
+ int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: "
+ << CKMCErrorToString(ret));
+}
+
+void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
+{
+ int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. "
+ << CKMCErrorToString(ret) << ", while expected: "
+ << CKMCErrorToString(expectedCode));
+}
+
void unlock_user_data(uid_t user_id, const char *passwd)
{
int ret;
void remove_user_data(uid_t user_id)
{
- int ret;
auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->lockUserKey(user_id)),
- "Error=" << CKM::ErrorToString(ret));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)),
- "Remove user data failed with error: " << CKM::ErrorToString(ret));
+ control->lockUserKey(user_id);
+ control->removeUserData(user_id);
}
void reset_user_data(uid_t user_id, const char *passwd)
remove_user_data(user_id);
unlock_user_data(user_id, passwd);
}
+
+ckmc_raw_buffer_s prepare_message_buffer(const char * input)
+{
+ ckmc_raw_buffer_s retval;
+ retval.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(input));
+ retval.size = strlen(input);
+ return retval;
+}
+
+void check_alias_list(const CKM::AliasVector& expected)
+{
+ ckmc_alias_list_s *aliasList = NULL;
+ int ret = ckmc_get_data_alias_list(&aliasList);
+ RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << ret << " / " << CKMCErrorToString(ret));
+
+ CKM::AliasVector actual;
+ ckmc_alias_list_s *plist = aliasList;
+ while(plist)
+ {
+ actual.push_back(plist->alias);
+ plist = plist->next;
+ }
+ ckmc_alias_list_all_free(aliasList);
+
+ RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
+}
+
+size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
+{
+ ckmc_alias_list_s *aliasList = NULL;
+ int ec;
+ switch(type)
+ {
+ case ALIAS_KEY:
+ ec = ckmc_get_key_alias_list(&aliasList);
+ break;
+
+ case ALIAS_CERT:
+ ec = ckmc_get_cert_alias_list(&aliasList);
+ break;
+
+ case ALIAS_DATA:
+ ec = ckmc_get_data_alias_list(&aliasList);
+ break;
+ default:
+ RUNNER_ASSERT_MSG(false, "Unsupported value ALIAS_KEY == " << (int)type);
+ }
+
+ if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
+ return 0;
+
+ RUNNER_ASSERT_MSG(ec == CKMC_ERROR_NONE,
+ "Error: alias list failed, ec: " << CKMCErrorToString(ec));
+
+ ckmc_alias_list_s *plist = aliasList;
+ size_t return_count = 0;
+ while(plist)
+ {
+ plist = plist->next;
+ return_count ++;
+ }
+ ckmc_alias_list_all_free(aliasList);
+
+ RUNNER_ASSERT_MSG(
+ return_count >= minimum_initial_element_count,
+ "Error: alias list failed, current element count: " << return_count <<
+ " while expected minimal count of " << minimum_initial_element_count <<
+ " elements");
+
+ return return_count;
+}
+
+std::string sharedDatabase(const CKM::Alias & alias)
+{
+ return aliasWithLabel(ckmc_label_shared_owner, alias.c_str());
+}
#pragma once
+#include <string>
#include <unordered_set>
#include <memory>
#include <ckm/ckm-type.h>
+#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
#include <tests_common.h>
+#include <sys/types.h>
void switch_to_storage_user(const char* label);
void switch_to_storage_ocsp_user(const char* label);
CharPtr m_original_label;
};
+void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
+void save_data(const char* alias, const char *data, size_t len, int expected_err);
+class ScopedSaveData
+{
+public:
+ ScopedSaveData(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
+ virtual ~ScopedSaveData();
+
+private:
+ std::string m_alias;
+};
+
+class GarbageCollector
+{
+public:
+ void save(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
+ void save(const char* alias, const char *data, size_t len, int expected_err);
+ void add(const char* alias);
+ virtual ~GarbageCollector();
+
+private:
+ struct save_item {
+ std::string item_alias;
+ std::string owner_label;
+ uid_t owner_uid;
+ gid_t owner_gid;
+ };
+ std::vector<save_item> m_garbage;
+};
+
+class ScopedDBUnlock
+{
+public:
+ ScopedDBUnlock(uid_t user_id, const char* passwd);
+ virtual ~ScopedDBUnlock();
+
+private:
+ uid_t m_uid;
+};
+
+void check_remove_allowed(const char* alias);
+void check_remove_denied(const char* alias);
+void check_remove_not_visible(const char* alias);
+void check_read(const char* alias,
+ const char *label,
+ const char *test_data,
+ size_t len,
+ int expected_code = CKMC_ERROR_NONE);
+void check_read(const char* alias,
+ const char *label,
+ const char *test_data,
+ int expected_code = CKMC_ERROR_NONE);
+void check_read_allowed(const char* alias, const char *data);
+void check_read_not_visible(const char* alias);
+void check_key(const char *alias,
+ int expected_error = CKMC_ERROR_NONE,
+ ckmc_key_type_e expected_type = CKMC_KEY_NONE);
+void check_key_allowed(const char *alias, ckmc_key_type_e expected_type = CKMC_KEY_NONE);
+void check_key_not_visible(const char *alias);
+void check_cert_allowed(const char *alias);
+void check_cert_not_visible(const char *alias);
+void allow_access(const char* alias, const char* accessor, int permissionMask);
+void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode);
+void deny_access(const char* alias, const char* accessor);
+void deny_access_negative(const char* alias, const char* accessor, int expectedCode);
+
void unlock_user_data(uid_t user_id, const char *passwd);
void remove_user_data(uid_t user_id);
void reset_user_data(uid_t user_id, const char *passwd);
+
+ckmc_raw_buffer_s prepare_message_buffer(const char * input);
+void check_alias_list(const CKM::AliasVector& expected);
+
+typedef enum {
+ ALIAS_KEY,
+ ALIAS_CERT,
+ ALIAS_DATA
+} alias_type_;
+size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0);
+std::string sharedDatabase(const CKM::Alias & alias);
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * @file system-db.cpp
+ * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
+ * @version 1.0
+ */
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/log/log.h>
+#include <tests_common.h>
+#include <ckm-common.h>
+#include <ckm/ckm-control.h>
+#include <ckmc/ckmc-manager.h>
+#include <access_provider2.h>
+#include <fstream>
+#include <ios>
+#include <unistd.h>
+
+namespace
+{
+const uid_t USER_APP = 5070;
+const uid_t GROUP_APP = 5070;
+const char* APP_PASS = "user-pass";
+const char* TEST_WEB_APP_1 = "web_app1";
+const char* TEST_WEB_APP_2 = "web_app2";
+
+const char *XML_1_okay = "XML_1_okay.xml";
+const char *XML_1_EXPECTED_KEY_1_RSA = "/ test-key1";
+const char *XML_1_EXPECTED_KEY_1_PASSWD = "123";
+const char *XML_1_EXPECTED_KEY_2_RSA = "/ test-key2";
+// uncomment when AES is supported (+ usage in the tests)
+//const char *XML_1_EXPECTED_KEY_3_AES = "/ test-aes1";
+const char *XML_1_EXPECTED_CERT_1 = "/ test-cert1";
+const char *XML_1_EXPECTED_DATA_1 = "/ test-data1";
+const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
+
+const char *XML_2_okay = "XML_2_okay.xml";
+const char *XML_2_EXPECTED_KEY_1_RSA = "/ test2-key1";
+const char *XML_2_EXPECTED_KEY_2_RSA = "/ test2-key2";
+// uncomment when AES is supported
+//const char *XML_2_EXPECTED_KEY_3_AES = "/ test2-aes1";
+const char *XML_2_EXPECTED_CERT_1 = "/ test2-cert1";
+const char *XML_2_EXPECTED_DATA_1 = "/ test2-data1";
+const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
+
+const char *XML_3_wrong = "XML_3_wrong.xml";
+const char *XML_3_EXPECTED_KEY_1_RSA = "/ test3-key1";
+const char *XML_3_EXPECTED_KEY_2_RSA = "/ test3-key2";
+// uncomment when AES is supported
+//const char *XML_2_EXPECTED_KEY_3_AES = "/ test3-aes1";
+const char *XML_3_EXPECTED_CERT_1 = "/ test3-cert1";
+const char *XML_3_EXPECTED_DATA_1 = "/ test3-data1";
+
+void feedGarbageCollector(GarbageCollector & gc)
+{
+ // [prepare]
+ gc.add(XML_1_EXPECTED_KEY_1_RSA);
+ gc.add(XML_1_EXPECTED_KEY_2_RSA);
+ //gc.add(XML_1_EXPECTED_KEY_3_AES);
+ gc.add(XML_1_EXPECTED_CERT_1);
+ gc.add(XML_1_EXPECTED_DATA_1);
+ gc.add(XML_2_EXPECTED_KEY_1_RSA);
+ gc.add(XML_2_EXPECTED_KEY_2_RSA);
+ //gc.add(XML_2_EXPECTED_KEY_3_AES);
+ gc.add(XML_2_EXPECTED_CERT_1);
+ gc.add(XML_2_EXPECTED_DATA_1);
+}
+
+std::string format_src_path(const char *file)
+{
+ return std::string("/usr/share/ckm-test/") + std::string(file);
+}
+
+std::string format_dest_path(const char *file)
+{
+ return std::string("/opt/data/ckm/initial_values/") + std::string(file);
+}
+
+void copy_file(const std::string &from, const std::string &to)
+{
+ std::ifstream infile(from, std::ios_base::binary);
+ std::ofstream outfile(to, std::ios_base::binary);
+ outfile << infile.rdbuf();
+}
+
+void restart_key_manager()
+{
+ stop_service(MANAGER);
+ start_service(MANAGER);
+}
+
+void test_exists(const std::string& name, bool expected) {
+ bool file_exists = (access( name.c_str(), F_OK ) != -1);
+ RUNNER_ASSERT_MSG(file_exists == expected,
+ "File " << name << " status: " << file_exists <<
+ " while expected: " << expected);
+}
+
+}
+
+
+RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
+
+RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
+{
+ // [prepare]
+ // remove database 0
+ // copy to the initial-values folder
+ // [test0]
+ // check XML file exists
+ // restart the key-manager
+ // check XML file exists - should fail
+ // [test1]
+ // check items existence as system service
+ // [test2]
+ // check items existence as web_app1
+ // [test3]
+ // check items existence as web_app2
+
+
+ // [prepare]
+ GarbageCollector gc;
+ feedGarbageCollector(gc);
+
+ remove_user_data(0);
+ copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+
+ // [test0]
+ test_exists(format_dest_path(XML_1_okay), true);
+ restart_key_manager();
+ test_exists(format_dest_path(XML_1_okay), false);
+
+ // [test1]
+ check_key(XML_1_EXPECTED_KEY_1_RSA, CKMC_ERROR_NOT_EXPORTABLE);
+ check_key_allowed(XML_1_EXPECTED_KEY_2_RSA, CKMC_KEY_RSA_PRIVATE);
+ //check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+ check_cert_allowed(XML_1_EXPECTED_CERT_1);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
+
+ // [test2]
+ {
+ ScopedAccessProvider ap(TEST_WEB_APP_1);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_key(XML_1_EXPECTED_KEY_1_RSA, CKMC_ERROR_NOT_EXPORTABLE);
+ check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA);
+ // check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+ check_cert_not_visible(XML_1_EXPECTED_CERT_1);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
+ }
+
+ // [test3]
+ {
+ ScopedAccessProvider ap(TEST_WEB_APP_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA);
+ check_key_allowed(XML_1_EXPECTED_KEY_2_RSA, CKMC_KEY_RSA_PRIVATE);
+ // check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+ check_cert_allowed(XML_1_EXPECTED_CERT_1);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
+ }
+}
+
+RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
+{
+ // [prepare]
+ // remove database 0
+ // copy two files to the initial-values folder
+ // [test0]
+ // check XML files exist
+ // restart the key-manager
+ // check XML files exist - should fail
+ // [test1]
+ // check items existence as system service
+
+ // [prepare]
+ GarbageCollector gc;
+ feedGarbageCollector(gc);
+
+ remove_user_data(0);
+ copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+ copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
+
+ // [test0]
+ test_exists(format_dest_path(XML_1_okay), true);
+ test_exists(format_dest_path(XML_1_okay), true);
+ restart_key_manager();
+ test_exists(format_dest_path(XML_2_okay), false);
+ test_exists(format_dest_path(XML_2_okay), false);
+
+ // [test1]
+ check_key(XML_1_EXPECTED_KEY_1_RSA, CKMC_ERROR_NOT_EXPORTABLE);
+ check_key(XML_2_EXPECTED_KEY_1_RSA, CKMC_ERROR_NOT_EXPORTABLE);
+ check_key_allowed(XML_1_EXPECTED_KEY_2_RSA, CKMC_KEY_RSA_PRIVATE);
+ check_key_allowed(XML_2_EXPECTED_KEY_2_RSA, CKMC_KEY_RSA_PRIVATE);
+ //check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+ //check_key_allowed(XML_2_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+ check_cert_allowed(XML_1_EXPECTED_CERT_1);
+ check_cert_allowed(XML_2_EXPECTED_CERT_1);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
+ check_read_allowed(XML_2_EXPECTED_DATA_1, XML_2_EXPECTED_DATA_1_DATA);
+}
+
+RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
+{
+ // [prepare]
+ // remove database 0
+ // copy failing XML file to the initial-values folder
+ // [test0]
+ // check XML files exist
+ // restart the key-manager
+ // check XML files exist - should fail
+ // [test1]
+ // check items existence as system service - nothing should be available
+
+ // [prepare]
+ remove_user_data(0);
+ copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
+
+ // [test0]
+ test_exists(format_dest_path(XML_3_wrong), true);
+ restart_key_manager();
+ test_exists(format_dest_path(XML_3_wrong), false);
+
+ // [test1]
+ check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA);
+ check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA);
+ //check_key_not_visible(XML_3_EXPECTED_KEY_3_AES);
+ check_cert_not_visible(XML_3_EXPECTED_CERT_1);
+ check_read_not_visible(XML_3_EXPECTED_DATA_1);
+}
+
+RUNNER_TEST(T6040_CHECK_KEYS_VALID)
+{
+ // [prepare]
+ // remove database 0
+ // copy to the initial-values folder
+ // restart the key-manager
+ // [test]
+ // check if key can create & verify signature
+
+ // [prepare]
+ GarbageCollector gc;
+ feedGarbageCollector(gc);
+ remove_user_data(0);
+ copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+ restart_key_manager();
+
+ // [test]
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ XML_1_EXPECTED_KEY_2_RSA,
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // invalid password
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
+ XML_1_EXPECTED_KEY_1_RSA,
+ NULL,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ // correct password
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ XML_1_EXPECTED_KEY_1_RSA,
+ XML_1_EXPECTED_KEY_1_PASSWD,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
namespace {
const int USER_APP = 5000;
const int GROUP_APP = 5000;
+
+const int USER_APP_2 = 5020;
+const int USER_APP_3 = 5030;
+
+const char * const APP_PASS = "user-pass";
const int USER_TEST = 5001;
+const char* TEST_LABEL = "test_label";
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
auto control = CKM::Control::create();
control->removeUserData(0);
- control->removeUserData(20);
+ control->removeUserData(USER_APP_2);
control->removeUserData(USER_APP);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
}
RUNNER_TEST(T1010_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ unlock_user_data(USER_APP, "user-pass");
}
RUNNER_TEST(T1011_key)
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
+ CKM::Alias alias = sharedDatabase("mykey");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::CertificateShPtr cert2;
- CKM::Alias alias = "myCert";
+ CKM::Alias alias = sharedDatabase("myCert");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
RUNNER_CHILD_TEST(T1013_user_app_save_key)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T1014_save_with_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1015_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
"Error=" << CKM::ErrorToString(temp));
}
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
+ CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T1029_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-
RUNNER_TEST(T1030_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, APP_PASS);
}
RUNNER_TEST(T1031_save_get_bin_data)
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
"The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
}
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
- AccessProvider ap("mylabel");
+ ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
RUNNER_TEST(T1033_remove_bin_data)
CKM::AliasVector labelAliasVector;
- std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
+ std::string invalid_address = sharedDatabase("i-do-not-exist");
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 1,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == (current_aliases_num-2),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1034_getData_wrong_password)
+RUNNER_TEST(T1034_app_remove_bin_data)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int temp;
auto manager = CKM::Manager::create();
- std::string binData1 = "My bin data4";
+ std::string binData2 = "My bin data";
+ CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+ CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
"Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ labelAliasVector.size() == (current_aliases_num-2),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- buffer == buffer1,
+ buffer == buffer2,
"Data corrupted");
-
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1035_deinit)
+RUNNER_TEST(T1035_getData_wrong_password)
{
int temp;
- auto control = CKM::Control::create();
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data4";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
"Error=" << CKM::ErrorToString(temp));
+
+ CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ buffer == buffer1,
+ "Data corrupted");
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
"Error=" << CKM::ErrorToString(temp));
}
+RUNNER_TEST(T1036_deinit)
+{
+ remove_user_data(0);
+ remove_user_data(USER_APP);
+}
+
RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
RUNNER_TEST(T1040_init)
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- AccessProvider ap("mylabel-rsa");
+ ScopedAccessProvider ap("mylabel-rsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- 2 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 2");
+ (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- AccessProvider ap("mylabel-rsa");
+ ScopedAccessProvider ap("mylabel-rsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- AccessProvider ap("mylabel-dsa");
+ ScopedAccessProvider ap("mylabel-dsa");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- 2 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 2");
+ (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
RUNNER_TEST(T1049_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1110_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ unlock_user_data(USER_APP, "user-pass");
}
RUNNER_TEST(T1111_CreateKeyPairRSA)
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1("rsa-test-1");
- CKM::Alias a2("rsa-test-2");
+ CKM::Alias a1 = sharedDatabase("rsa-test-1");
+ CKM::Alias a2 = sharedDatabase("rsa-test-2");
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1("dsa-test-1");
- CKM::Alias a2("dsa-test-2");
+ CKM::Alias a1 = sharedDatabase("dsa-test-1");
+ CKM::Alias a2 = sharedDatabase("dsa-test-2");
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1("ecdsa-test-1");
- CKM::Alias a2("ecdsa-test-2");
+ CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
+ CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1114_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
RUNNER_TEST(T12100_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ reset_user_data(USER_APP, APP_PASS);
}
RUNNER_TEST(T12101_key_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12102_saveKey_empty_alias)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
RUNNER_TEST(T12103_saveKey_foreign_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
RUNNER_TEST(T12104_saveKey_empty_key)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias; //alias is not initialized
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
RUNNER_TEST(T12108_saveData_empty_alias)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
CKM::Alias alias;
RUNNER_TEST(T12109_saveData_foreign_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12110_saveData_empty_data)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12113_getData_alias_not_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int temp;
auto manager = CKM::Manager::create();
CKM::RawBuffer buffer;
*/
RUNNER_TEST(T12114_rsa_key_damaged)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12115_rsa_key_too_short)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12116_dsa_key_too_short)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
{
RUNNER_TEST(T12119_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
RUNNER_TEST(T1311_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(time(0) > 1405343457,
"Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
- CKM::Alias alias("imcert");
- CharPtr top_label = get_label();
- std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+ CKM::Alias alias = sharedDatabase("imcert");
int tmp;
auto manager = CKM::Manager::create();
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(full_address);
+ aliasVector.push_back(alias);
tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_TEST(T1315_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
RUNNER_TEST(T1411_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T1412_rsa_key_create_verify)
std::string message = "message test";
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
+ CKM::Alias aliasPub = sharedDatabase("pub1");
+ CKM::Alias aliasPrv = sharedDatabase("prv1");
CKM::Password password = "1234";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = "pub2";
- CKM::Alias aliasPrv = "prv2";
+ CKM::Alias aliasPub = sharedDatabase("pub2");
+ CKM::Alias aliasPrv = sharedDatabase("prv2");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = "ecpub2";
- CKM::Alias aliasPrv = "ecprv2";
+ CKM::Alias aliasPub = sharedDatabase("ecpub2");
+ CKM::Alias aliasPrv = sharedDatabase("ecprv2");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
+ CKM::Alias aliasPub = sharedDatabase("pub1");
+ CKM::Alias aliasPrv = sharedDatabase("prv1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub2";
- CKM::Alias aliasPrv = "prv2";
+ CKM::Alias aliasPub = sharedDatabase("pub2");
+ CKM::Alias aliasPrv = sharedDatabase("prv2");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = "pub1-cert";
- CKM::Alias aliasPrv = "prv1-cert";
+ CKM::Alias aliasPub = sharedDatabase("pub1-cert");
+ CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = "pub2-cert";
- CKM::Alias aliasPrv = "prv2-cert";
+ CKM::Alias aliasPub = sharedDatabase("pub2-cert");
+ CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = "pub3";
- CKM::Alias aliasPrv = "prv3";
+ CKM::Alias aliasPub = sharedDatabase("pub3");
+ CKM::Alias aliasPrv = sharedDatabase("prv3");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
RUNNER_TEST(T1420_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
RUNNER_TEST(T14180_init)
{
int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
auto manager = CKM::Manager::create();
"zQIDAQAB\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::Password password = "1234";
auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
"05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasEcPub = "ecpub_nohash1";
- CKM::Alias aliasEcPrv = "ecprv_nohash1";
+ CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
+ CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = "ecpub_nohash1";
- CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
int msgSize = 1024*1024;
char big_msg[msgSize];
for(int i =0; i<msgSize-1; i++) {
- big_msg[i] = 'a';
+ big_msg[i] = 'a';
}
big_msg[msgSize-1]=0x00;
std::string message(big_msg);
- CKM::Alias aliasPub = "ecpub_nohash1";
- CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
CKM::RawBuffer signature;
RUNNER_TEST(T14189_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-namespace {
-CKM::Alias certeeAlias("CertEE");
-CKM::Alias certimAlias("CertIM");
-}
-RUNNER_CHILD_TEST(T1510_init_unlock_key)
+RUNNER_TEST(T1510_init_unlock_key)
{
- reset_user_data(USER_TEST, "strong-password");
-
- // initial DB feed
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+ reset_user_data(USER_TEST, APP_PASS);
+}
- auto manager = CKM::Manager::create();
+RUNNER_TEST(T1511_insert_data)
+{
auto certee = TestData::getTestCertificate(TestData::MBANK);
auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
-}
+ CKM::Alias certeeAlias("CertEE");
+ CKM::Alias certimAlias("CertIM");
+ {
+ ScopedAccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
+ }
-RUNNER_TEST(T1511_restart_CKM)
-{
// restart CKM
stop_service(MANAGER);
start_service(MANAGER);
- unlock_user_data(USER_TEST, "strong-password");
-}
-RUNNER_CHILD_TEST(T1512_check_data_exists)
-{
// actual test
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- auto certee = TestData::getTestCertificate(TestData::MBANK);
- auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+ {
+ ScopedAccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
+ int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+ "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+ "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+ }
}
RUNNER_TEST(T1519_deinit)
remove_user_data(USER_TEST);
}
-
RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
RUNNER_TEST(T1701_init_unlock_key)
{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ ScopedAccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ unlock_user_data(USER_TEST+1, "t170-special-password");
}
RUNNER_CHILD_TEST(T1702_insert_data)
{
int temp;
- AccessProvider ap("t170-special-label");
+ ScopedAccessProvider ap("t170-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
auto certee = TestData::getTestCertificate(TestData::MBANK);
auto manager = CKM::Manager::create();
+ size_t current_aliases_num = count_aliases(ALIAS_CERT);
int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
+ (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
}
RUNNER_TEST(T1703_removeApplicationData)
RUNNER_CHILD_TEST(T1704_data_test)
{
int temp;
- AccessProvider ap("t170-special-label");
+ ScopedAccessProvider ap("t170-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
RUNNER_TEST(T1705_deinit)
{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_TEST+1);
}
RUNNER_TEST(T17101_init)
RUNNER_CHILD_TEST(T17102_prep_data_01)
{
int temp;
- AccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17103_prep_data_02)
{
int temp;
- AccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17104_prep_data_03)
{
int temp;
- AccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17105_prep_data_04)
{
int temp;
- AccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17107_check_data_01)
{
int temp;
- AccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17108_check_data_02)
{
int temp;
- AccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17110_check_data_03)
{
int temp;
- AccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap("t1706-special-label");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17111_check_data_04)
{
int temp;
- AccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap("t1706-special-label2");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_TEST(T17112_deinit)
{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_TEST+2);
+ remove_user_data(USER_TEST+3);
}
RUNNER_TEST_GROUP_INIT(T180_PKCS12);
namespace
{
-CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
-CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
-CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
-CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
-CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
-const char *PKCS_PASSWD = "PKCS-pass";
+CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
+CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
+CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
+CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
}
RUNNER_TEST(T1800_init)
{
- reset_user_data(0, PKCS_PASSWD);
+ remove_user_data(0);
}
RUNNER_TEST(T1801_parse_PKCS12) {
// fail - no entry
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
"Error=" << CKM::ErrorToString(temp));
// fail - not exportable
RUNNER_TEST(T1812_get_pkcs12_password_tests)
{
- CKM::Alias alias = "t1812alias1";
+ CKM::Alias alias = sharedDatabase("t1812alias1");
auto manager = CKM::Manager::create();
std::ifstream is("/usr/share/ckm-test/pkcs.p12");
}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-
+namespace {
+const char * const T190_PASSWD = "t190-special-password";
+}
RUNNER_TEST(T1901_init_unlock_key)
{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ reset_user_data(USER_APP, T190_PASSWD);
}
RUNNER_TEST(T1902_get_data)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
+
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
int tmp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
"Error=" << CKM::ErrorToString(tmp));
}
RUNNER_TEST(T1904_get_data_from_locked_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
RUNNER_TEST(T1905_deinit)
{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_APP);
}
int main(int argc, char *argv[])
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * @file system-db.cpp
+ * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
+ * @version 1.0
+ */
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/log/log.h>
+#include <tests_common.h>
+#include <ckm-common.h>
+#include <ckm/ckm-control.h>
+#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-type.h>
+#include <access_provider2.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+namespace
+{
+const uid_t USER_SERVICE = 0;
+const uid_t USER_SERVICE_2 = 1234;
+const uid_t GROUP_SERVICE_2 = 1234;
+const uid_t USER_SERVICE_MAX = 4999;
+const uid_t GROUP_SERVICE_MAX = 4999;
+const uid_t USER_SERVICE_FAIL = 5000;
+const uid_t GROUP_SERVICE_FAIL = 5000;
+const uid_t USER_APP = 5050;
+const uid_t GROUP_APP = 5050;
+const char* APP_PASS = "user-pass";
+
+const char* TEST_ALIAS = "test-alias";
+const char* SYSTEM_LABEL = "/";
+const char* TEST_SYSTEM_ALIAS = "/ test-alias";
+const char* TEST_SYSTEM_ALIAS_2 = "/ test-alias-2";
+const char* TEST_LABEL = "test-label";
+const char* TEST_LABEL_2 = "test-label-2";
+
+const char* TEST_DATA =
+ "Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
+ "qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores "
+ "et quas molestias excepturi sint occaecati cupiditate non provident, "
+ "similique sunt in culpa qui officia deserunt mollitia animi, id est "
+ "laborum et dolorum fuga. ";
+}
+
+
+RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB);
+
+RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // add permission to the resource to a user app
+ // [test]
+ // switch to user app, leave DB locked
+ // try to access system DB item - expect success
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
+ }
+}
+
+RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB)
+{
+ // [test]
+ // switch to user app, unlock DB
+ // when accessing private DB - owner==me
+ // try to write to private DB - expect success
+ // try to get item from private DB - expect success
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+ }
+}
+
+RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // add permission to the resource to a user app
+ // [test]
+ // switch to user app, unlock DB
+ // try to access the system item - expect success
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+ }
+}
+
+RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // [test]
+ // switch to user app, unlock DB
+ // try to access the system item - expect fail
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ }
+}
+
+RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // add permission to the resource to a user app
+ // [test]
+ // switch to user app, unlock DB
+ // try to access the system item - expect success
+ // [prepare2]
+ // as system service, remove the item (expecting to remove permission)
+ // add item again, do not add permission
+ // [test2]
+ // switch to user app, unlock DB
+ // try to access the system item - expect fail
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+ }
+
+ // [prepare2]
+ check_remove_allowed(TEST_SYSTEM_ALIAS);
+
+ // [test2]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ }
+}
+
+RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS)
+{
+ // [test]
+ // switch to user app, unlock DB
+ // try to write to private DB - expect success
+ // try to write to system DB - expect fail
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
+ ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS, TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ }
+}
+
+RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // add permission to the resource to a user app
+ // [test]
+ // switch to user app, unlock DB
+ // try to remove item from system DB - expect fail
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ check_remove_denied(TEST_SYSTEM_ALIAS);
+ }
+}
+
+RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS)
+{
+ // [prepare]
+ // start as system service
+ // add data A to the system DB
+ // add data B to the system DB
+ // add permission to data A to a user app
+ // [test]
+ // system service list items - expect both items to appear
+ // [test2]
+ // switch to user app, unlock DB
+ // add data as user
+ // user lists items - expect system item A and private item
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+ gc.save(TEST_SYSTEM_ALIAS_2, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
+
+ // [test]
+ check_alias_list({TEST_SYSTEM_ALIAS, TEST_SYSTEM_ALIAS_2});
+
+ // [test2]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
+
+ check_alias_list({TEST_SYSTEM_ALIAS,
+ aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
+ }
+}
+
+RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB)
+{
+ // [test]
+ // switch to user app, unlock DB
+ // try to generate a key in system DB - expect fail
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ const char *private_key_alias = "/ sys-db-priv";
+ const char *public_key_alias = "/ sys-db-pub";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_PERMISSION_DENIED ==
+ (temp = ckmc_create_key_pair_rsa(1024,
+ private_key_alias,
+ public_key_alias,
+ policy_private_key,
+ policy_public_key)),
+ CKMCReadableError(temp));
+ }
+}
+
+RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB)
+{
+ // [prepare]
+ // start as system service
+ // generate RSA key in system DB
+ // [test]
+ // try to create and verify signature in system DB - expect success
+ // [test2]
+ // switch to user app, unlock DB
+ // try to create signature in system DB - expect fail
+
+ // [prepare]
+ GarbageCollector gc;
+ const char *private_key_alias = "/ sys-db-priv";
+ const char *public_key_alias = "/ sys-db-pub";
+ gc.add(private_key_alias);
+ gc.add(public_key_alias);
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE ==
+ (temp = ckmc_create_key_pair_rsa(1024,
+ private_key_alias,
+ public_key_alias,
+ policy_private_key,
+ policy_public_key)),
+ CKMCReadableError(temp));
+
+ // [test]
+ {
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ private_key_alias,
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ public_key_alias,
+ NULL,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+ }
+
+ // [test2]
+ {
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
+ private_key_alias,
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+ }
+}
+
+RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // [test]
+ // add remove permission to a user app - expect fail
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+
+ // [test]
+ allow_access_negative(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
+}
+
+RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // [test]
+ // try to access the item - expect success
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+
+ // [test]
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+}
+
+RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // [test]
+ // switch to another system service
+ // try to access the item - expect success
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+ }
+}
+
+RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB)
+{
+ // [prepare]
+ // start as system service 1234
+ // add resource to the system DB
+ // [test]
+ // switch to another system service
+ // try to access the item - expect success
+
+ // [prepare]
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
+
+ // [test]
+ ScopedSaveData ssd(TEST_SYSTEM_ALIAS, TEST_DATA);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+ }
+}
+
+RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // [test]
+ // switch to system service having uid maximum for system svcs
+ // try to access the item - expect success
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_SERVICE_MAX, GROUP_SERVICE_MAX);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
+ }
+}
+
+RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB)
+{
+ // [prepare]
+ // start as system service
+ // add resource to the system DB
+ // [test]
+ // switch to another, faulty system service with user-land uid==5000
+ // try to access the item - expect fail (no system service)
+
+ // [prepare]
+ GarbageCollector gc;
+ gc.save(TEST_SYSTEM_ALIAS, TEST_DATA);
+
+ // [test]
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_SERVICE_FAIL, GROUP_SERVICE_FAIL);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
+ }
+}
#include <errno.h>
#include <string.h>
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
+const uid_t APP_UID = 5000;
+const gid_t APP_GID = 5000;
+const uid_t APP_UID_2 = 5200;
+const gid_t APP_GID_2 = 5200;
const uid_t DB_ALARM_UID = 6001;
const gid_t DB_ALARM_GID = 6001;
const std::string TMP_DIR("/tmp");
{
std::string ret;
+ // Try to become root again so gdb and unlink is possible
+ setegid(0);
+ seteuid(0);
pid_t childPid = fork();
switch (childPid) {
case -1:
projects / platform / core / test / security-tests.git / commitdiff