const AliasVector&,
const AliasVector&,
bool);
- } // namespace anonymous
- reset_user_data(0, TEST_PASS);
- reset_user_data(APP_UID, TEST_PASS);
+ class CKMAsyncAPIEnv
+ {
+ public:
+ void init(const std::string &) {
++ remove_user_data(0);
++ remove_user_data(APP_UID);
++ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
++ unlock_user_data(APP_UID, TEST_PASS);
+ }
+ void finish() {
+ remove_user_data(APP_UID);
+ remove_user_data(0);
+ }
+ };
- RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+ CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
+ CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
- RUNNER_TEST(TA0000_init)
+ CKM::PKCS12ShPtr loadPkcs()
{
- remove_user_data(0);
- reset_user_data(APP_UID, TEST_PASS);
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ return pkcs;
}
+ } // namespace anonymous
+
+
+ RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+
// saveKey
- RUNNER_CHILD_TEST(TA0010_save_key_invalid_param)
+ RUNNER_CHILD_TEST(TA0010_save_key_invalid_param, CKMAsyncAPIEnv)
{
switch_to_storage_user(TEST_LABEL);
obs->m_signed,
HashAlgorithm::SHA1,
RSAPaddingAlgorithm::PKCS1);
+
+ test_positive(&ManagerAsync::verifySignature,
+ dbc.alias("alias_pub"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub2"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub3"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
}
- RUNNER_CHILD_TEST(TA1660_verify_signature_positive)
+ RUNNER_CHILD_TEST(TA1660_verify_signature_positive, CKMAsyncAPIEnv)
{
switch_to_storage_user(TEST_LABEL);
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
}
- RUNNER_TEST(TA1820_allow_access)
+ RUNNER_TEST(TA1820_allow_access, CKMAsyncAPIEnv)
{
- DBCleanup dbc;
- CharPtr top_label = get_label();
- test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
- test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
- test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias2"),
- TEST_LABEL,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias3"),
- TEST_LABEL,
- CKM::Permission::READ | CKM::Permission::REMOVE);
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
+ std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ gc.save(alias1.c_str(), TEST_DATA);
+ gc.save(alias2.c_str(), TEST_DATA);
+ gc.save(alias3.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL_2,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ }
{
- ScopedLabel label(TEST_LABEL);
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
// test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
// now test with appropriate addressing
- std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
- test_positive(&ManagerAsync::getData, full_alias2_address, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
+ test_positive(&ManagerAsync::getData, alias2, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
- std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
- test_positive(&ManagerAsync::getData, full_alias3_address, "");
- test_positive(&ManagerAsync::removeAlias, full_alias3_address);
+ test_positive(&ManagerAsync::getData, alias3, "");
+ test_positive(&ManagerAsync::removeAlias, alias3);
}
}
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
}
- RUNNER_TEST(TA1920_deny_access)
+ RUNNER_TEST(TA1920_deny_access, CKMAsyncAPIEnv)
{
- DBCleanup dbc;
- CharPtr top_label = get_label();
- test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias"),
- TEST_LABEL,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ gc.save(alias1.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::NONE);
+ }
{
- ScopedLabel label(TEST_LABEL);
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
- std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
}
}
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable).c_str(),
- dbc.alias(alias_PKCS_exportable.c_str()),
++ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
pkcs,
exportable,
exportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_exportable).c_str(),
- dbc.alias(alias_PKCS_exportable.c_str()),
++ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable).c_str(),
- dbc.alias(alias_PKCS_not_exportable.c_str()),
++ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
pkcs,
notExportable,
notExportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_not_exportable).c_str(),
- dbc.alias(alias_PKCS_not_exportable.c_str()),
++ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
pkcs,
notExportable,
notExportable);
}
- RUNNER_TEST(TA2010_PKCS_get)
+ RUNNER_TEST(TA2010_PKCS_get, CKMAsyncAPIEnv)
{
DBCleanup dbc;
- auto manager = CKM::Manager::create();
+
+ auto pkcs = loadPkcs();
+
+ // save to the CKM
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ test_positive(&ManagerAsync::savePKCS12,
- dbc.alias(alias_PKCS_exportable.c_str()),
++ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
+ pkcs,
+ exportable,
+ exportable);
+ test_positive(&ManagerAsync::savePKCS12,
- dbc.alias(alias_PKCS_not_exportable.c_str()),
++ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
+ pkcs,
+ notExportable,
+ notExportable);
// fail - no entry
test_negative(&ManagerAsync::getPKCS12,
RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-namespace {
-CKM::Alias certeeAlias("CertEE");
-CKM::Alias certimAlias("CertIM");
-}
--RUNNER_CHILD_TEST(T1510_init_unlock_key)
++RUNNER_TEST(T1510_init_unlock_key)
{
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
- reset_user_data(USER_TEST, "strong-password");
--
- unlock_user_data(USER_TEST, "strong-password");
- // initial DB feed
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
++ reset_user_data(USER_TEST, APP_PASS);
+}
- RUNNER_CHILD_TEST(T1511_insert_data)
- auto manager = CKM::Manager::create();
++RUNNER_TEST(T1511_insert_data)
+{
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
auto certee = TestData::getTestCertificate(TestData::MBANK);
auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
-}
++ CKM::Alias certeeAlias("CertEE");
++ CKM::Alias certimAlias("CertIM");
++ {
++ ScopedAccessProvider ap("my-label");
++ ap.allowAPI("key-manager::api-storage", "rw");
++ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
++ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
++
++ auto manager = CKM::Manager::create();
++ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
++ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
++ }
- auto manager = CKM::Manager::create();
- int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
- int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
-RUNNER_TEST(T1511_restart_CKM)
-{
+ // restart CKM
+ stop_service(MANAGER);
+ start_service(MANAGER);
- unlock_user_data(USER_TEST, "strong-password");
-}
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
-RUNNER_CHILD_TEST(T1512_check_data_exists)
-{
+ // actual test
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- auto certee = TestData::getTestCertificate(TestData::MBANK);
- auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
++ {
++ ScopedAccessProvider ap("my-label");
++ ap.allowAPI("key-manager::api-storage", "rw");
++ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
++ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
++
++ auto manager = CKM::Manager::create();
++ int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
++ int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
++ RUNNER_ASSERT_MSG(
++ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
++ "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
++ RUNNER_ASSERT_MSG(
++ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
++ "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
++ }
}
- RUNNER_CHILD_TEST(T1519_deinit)
+ RUNNER_TEST(T1519_deinit)
{
- int tmp;
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_TEST);
}
--
RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
RUNNER_TEST(T1701_init_unlock_key)