Merge branch 'origin/tizen' into origin/ckm 44/40944/1
authorMaciej J. Karpiuk <m.karpiuk2@samsung.com>
Wed, 10 Jun 2015 09:21:27 +0000 (11:21 +0200)
committerMaciej J. Karpiuk <m.karpiuk2@samsung.com>
Wed, 10 Jun 2015 09:21:27 +0000 (11:21 +0200)
Change-Id: If8bc45345b05df4e09e39ec233371320ebcf070a

1  2 
src/ckm/async-api.cpp
src/ckm/capi-access_control.cpp
src/ckm/main.cpp
src/common/tests_common.h

index 56947aa422b7580ac913b1a8c1c3c9584f8dfa9f,1f678f251fbb608dadb34c2fb342367a7df60883..62b125a02542575d69d6bb1b589d8ae69c2bd4d3
@@@ -383,19 -314,62 +383,64 @@@ typedef void (ManagerAsync::*certChainF
                                             const AliasVector&,
                                             const AliasVector&,
                                             bool);
- } // namespace anonymous
  
 -        reset_user_data(0, TEST_PASS);
 -        reset_user_data(APP_UID, TEST_PASS);
+ class CKMAsyncAPIEnv
+ {
+ public:
+     void init(const std::string &) {
++        remove_user_data(0);
++        remove_user_data(APP_UID);
++        ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
++        unlock_user_data(APP_UID, TEST_PASS);
+     }
+     void finish() {
+         remove_user_data(APP_UID);
+         remove_user_data(0);
+     }
+ };
  
- RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+ CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
+ CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
  
RUNNER_TEST(TA0000_init)
CKM::PKCS12ShPtr loadPkcs()
  {
-     remove_user_data(0);
-     reset_user_data(APP_UID, TEST_PASS);
+     std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+     std::istreambuf_iterator<char> begin(is), end;
+     std::vector<char> buff(begin, end);
+     CKM::RawBuffer buffer(buff.size());
+     memcpy(buffer.data(), buff.data(), buff.size());
+     auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+     RUNNER_ASSERT_MSG(
+         NULL != pkcs.get(),
+         "Error in PKCS12::create()");
+     auto cert = pkcs->getCertificate();
+     RUNNER_ASSERT_MSG(
+         NULL != cert.get(),
+         "Error in PKCS12::getCertificate()");
+     auto key = pkcs->getKey();
+     RUNNER_ASSERT_MSG(
+         NULL != key.get(),
+         "Error in PKCS12::getKey()");
+     auto caVector = pkcs->getCaCertificateShPtrVector();
+     RUNNER_ASSERT_MSG(
+         2 == caVector.size(),
+         "Wrong size of vector");
+     return pkcs;
  }
  
+ } // namespace anonymous
+ RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
  // saveKey
- RUNNER_CHILD_TEST(TA0010_save_key_invalid_param)
+ RUNNER_CHILD_TEST(TA0010_save_key_invalid_param, CKMAsyncAPIEnv)
  {
      switch_to_storage_user(TEST_LABEL);
  
@@@ -1122,35 -1094,9 +1167,35 @@@ RUNNER_CHILD_TEST(TA1650_verify_signatu
                    obs->m_signed,
                    HashAlgorithm::SHA1,
                    RSAPaddingAlgorithm::PKCS1);
 +
 +    test_positive(&ManagerAsync::verifySignature,
 +                  dbc.alias("alias_pub"),
 +                  "",
 +                  test_buffer,
 +                  obs->m_signed,
 +                  HashAlgorithm::SHA1,
 +                  RSAPaddingAlgorithm::PKCS1);
 +
 +    test_negative(&ManagerAsync::verifySignature,
 +                  CKM_API_ERROR_VERIFICATION_FAILED,
 +                  dbc.alias("alias_pub2"),
 +                  "",
 +                  test_buffer,
 +                  obs->m_signed,
 +                  HashAlgorithm::SHA1,
 +                  RSAPaddingAlgorithm::PKCS1);
 +
 +    test_negative(&ManagerAsync::verifySignature,
 +                  CKM_API_ERROR_VERIFICATION_FAILED,
 +                  dbc.alias("alias_pub3"),
 +                  "",
 +                  test_buffer,
 +                  obs->m_signed,
 +                  HashAlgorithm::SHA1,
 +                  RSAPaddingAlgorithm::PKCS1);
  }
  
- RUNNER_CHILD_TEST(TA1660_verify_signature_positive)
+ RUNNER_CHILD_TEST(TA1660_verify_signature_positive, CKMAsyncAPIEnv)
  {
      switch_to_storage_user(TEST_LABEL);
  
@@@ -1221,44 -1167,39 +1266,44 @@@ RUNNER_CHILD_TEST(TA1810_allow_access_i
      test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
  }
  
- RUNNER_TEST(TA1820_allow_access)
+ RUNNER_TEST(TA1820_allow_access, CKMAsyncAPIEnv)
  {
 -    DBCleanup dbc;
 -    CharPtr top_label = get_label();
 -    test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
 -    test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
 -    test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
 -    test_positive(&ManagerAsync::setPermission,
 -                  dbc.alias("alias2"),
 -                  TEST_LABEL,
 -                  CKM::Permission::READ);
 -    test_positive(&ManagerAsync::setPermission,
 -                  dbc.alias("alias3"),
 -                  TEST_LABEL,
 -                  CKM::Permission::READ | CKM::Permission::REMOVE);
 +    // prepare: add data
 +    std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
 +    std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
 +    std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
 +    GarbageCollector gc;
 +    {
 +        ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
 +        gc.save(alias1.c_str(), TEST_DATA);
 +        gc.save(alias2.c_str(), TEST_DATA);
 +        gc.save(alias3.c_str(), TEST_DATA);
 +
 +        test_positive(&ManagerAsync::setPermission,
 +                      alias2,
 +                      TEST_LABEL_2,
 +                      CKM::Permission::READ);
 +        test_positive(&ManagerAsync::setPermission,
 +                      alias3,
 +                      TEST_LABEL_2,
 +                      CKM::Permission::READ | CKM::Permission::REMOVE);
 +    }
  
      {
 -        ScopedLabel label(TEST_LABEL);
 +        ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
  
 -        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
 -        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
 +        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
 +        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
  
          // test from allowed label, but without properly addressing alias (coming from default label)
 -        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
 +        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
  
          // now test with appropriate addressing
 -        std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
 -        test_positive(&ManagerAsync::getData, full_alias2_address, "");
 -        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
 +        test_positive(&ManagerAsync::getData, alias2, "");
 +        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
  
 -        std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
 -        test_positive(&ManagerAsync::getData, full_alias3_address, "");
 -        test_positive(&ManagerAsync::removeAlias, full_alias3_address);
 +        test_positive(&ManagerAsync::getData, alias3, "");
 +        test_positive(&ManagerAsync::removeAlias, alias3);
      }
  }
  
@@@ -1272,30 -1213,23 +1317,30 @@@ RUNNER_CHILD_TEST(TA1910_deny_access_in
      test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
  }
  
- RUNNER_TEST(TA1920_deny_access)
+ RUNNER_TEST(TA1920_deny_access, CKMAsyncAPIEnv)
  {
 -    DBCleanup dbc;
 -    CharPtr top_label = get_label();
 -    test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
 -    test_positive(&ManagerAsync::setPermission,
 -                  dbc.alias("alias"),
 -                  TEST_LABEL,
 -                  CKM::Permission::READ | CKM::Permission::REMOVE);
 -    test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
 +    // prepare: add data
 +    std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
 +    GarbageCollector gc;
 +    {
 +        ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
 +        gc.save(alias1.c_str(), TEST_DATA);
 +
 +        test_positive(&ManagerAsync::setPermission,
 +                      alias1,
 +                      TEST_LABEL_2,
 +                      CKM::Permission::READ | CKM::Permission::REMOVE);
 +        test_positive(&ManagerAsync::setPermission,
 +                      alias1,
 +                      TEST_LABEL_2,
 +                      CKM::Permission::NONE);
 +    }
  
      {
 -        ScopedLabel label(TEST_LABEL);
 +        ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
  
 -        std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
 -        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
 -        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
 +        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
 +        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
      }
  }
  
@@@ -1341,34 -1243,50 +1354,50 @@@ RUNNER_TEST(TA2000_PKCS_add_bundle_with
      CKM::Policy notExportable(CKM::Password(), false);
  
      test_positive(&ManagerAsync::savePKCS12,
-                   sharedDatabase(alias_PKCS_exportable).c_str(),
 -                  dbc.alias(alias_PKCS_exportable.c_str()),
++                  dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
                    pkcs,
                    exportable,
                    exportable);
      test_negative(&ManagerAsync::savePKCS12,
                    CKM_API_ERROR_DB_ALIAS_EXISTS,
-                   sharedDatabase(alias_PKCS_exportable).c_str(),
 -                  dbc.alias(alias_PKCS_exportable.c_str()),
++                  dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
                    pkcs,
                    exportable,
                    exportable);
  
      test_positive(&ManagerAsync::savePKCS12,
-                   sharedDatabase(alias_PKCS_not_exportable).c_str(),
 -                  dbc.alias(alias_PKCS_not_exportable.c_str()),
++                  dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
                    pkcs,
                    notExportable,
                    notExportable);
      test_negative(&ManagerAsync::savePKCS12,
                    CKM_API_ERROR_DB_ALIAS_EXISTS,
-                   sharedDatabase(alias_PKCS_not_exportable).c_str(),
 -                  dbc.alias(alias_PKCS_not_exportable.c_str()),
++                  dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
                    pkcs,
                    notExportable,
                    notExportable);
  }
  
- RUNNER_TEST(TA2010_PKCS_get)
+ RUNNER_TEST(TA2010_PKCS_get, CKMAsyncAPIEnv)
  {
      DBCleanup dbc;
-     auto manager = CKM::Manager::create();
+     auto pkcs = loadPkcs();
+     // save to the CKM
+     CKM::Policy exportable;
+     CKM::Policy notExportable(CKM::Password(), false);
+     test_positive(&ManagerAsync::savePKCS12,
 -                  dbc.alias(alias_PKCS_exportable.c_str()),
++                  dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
+                   pkcs,
+                   exportable,
+                   exportable);
+     test_positive(&ManagerAsync::savePKCS12,
 -                  dbc.alias(alias_PKCS_not_exportable.c_str()),
++                  dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
+                   pkcs,
+                   notExportable,
+                   notExportable);
  
      // fail - no entry
      test_negative(&ManagerAsync::getPKCS12,
index 1312b4ecc271fab02a98bdd8276439a7ccb22cb7,6d8b7d0c32ce3ca5c9685b538af7ed76bb9b4631..0da0bee28b231c868b0fda8c2652a9d9bc9e304b
@@@ -631,29 -671,23 +631,33 @@@ RUNNER_TEST(T3106_control_allow_access_
  // tries to use admin API as a user
  RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
  {
 -    switch_to_storage_user(TEST_LABEL);
 -    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
+     RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
 +    // prepare: add data
 +    GarbageCollector gc;
 +    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
 +    gc.save(TEST_ALIAS, TEST_DATA);
 +
 +    // test
 +    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
      RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
 -                         "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
 +                      "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
  }
  
  // tries to use admin API as a user
 -RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
 +RUNNER_CHILD_TEST(T3111_control_deny_access_as_user)
  {
 -    switch_to_storage_user(TEST_LABEL);
 -    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
+     RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
 +    // prepare: add data
 +    GarbageCollector gc;
 +    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
 +    gc.save(TEST_ALIAS, TEST_DATA);
 +
 +    // test
 +    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
 -                         "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
 +                      "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
  }
  
  // tries to read other application data with permission
index 2de1aa0f091c0d661ddca7ebc9501aab3377bb5c,9c4107784f4ef2a6d0e1bd7122984c094dde9748..fae27443611fc671291afe653633f5e77c32bc72
@@@ -2334,51 -2312,60 +2334,56 @@@ RUNNER_TEST(T14189_deinit
  
  RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
  
 -namespace {
 -CKM::Alias certeeAlias("CertEE");
 -CKM::Alias certimAlias("CertIM");
 -}
--RUNNER_CHILD_TEST(T1510_init_unlock_key)
++RUNNER_TEST(T1510_init_unlock_key)
  {
-     ScopedAccessProvider ap("my-label");
-     ap.allowAPI("key-manager::api-control", "rw");
-     ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
 -    reset_user_data(USER_TEST, "strong-password");
--
-     unlock_user_data(USER_TEST, "strong-password");
 -    // initial DB feed
 -    AccessProvider ap("my-label");
 -    ap.allowAPI("key-manager::api-storage", "rw");
 -    ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
++    reset_user_data(USER_TEST, APP_PASS);
 +}
  
- RUNNER_CHILD_TEST(T1511_insert_data)
 -    auto manager = CKM::Manager::create();
++RUNNER_TEST(T1511_insert_data)
 +{
-     ScopedAccessProvider ap("my-label");
-     ap.allowAPI("key-manager::api-storage", "rw");
-     ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
      auto certee = TestData::getTestCertificate(TestData::MBANK);
      auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
 -    RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
 -    RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
 -}
++    CKM::Alias certeeAlias("CertEE");
++    CKM::Alias certimAlias("CertIM");
++    {
++        ScopedAccessProvider ap("my-label");
++        ap.allowAPI("key-manager::api-storage", "rw");
++        ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
++        ScopedDBUnlock unlock(USER_TEST, APP_PASS);
++
++        auto manager = CKM::Manager::create();
++        RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
++        RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
++    }
  
-     auto manager = CKM::Manager::create();
-     int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
-     int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
-     RUNNER_ASSERT_MSG(
-         CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
-         "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
 -RUNNER_TEST(T1511_restart_CKM)
 -{
+     // restart CKM
+     stop_service(MANAGER);
+     start_service(MANAGER);
 -    unlock_user_data(USER_TEST, "strong-password");
 -}
  
-     RUNNER_ASSERT_MSG(
-         CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
-         "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
 -RUNNER_CHILD_TEST(T1512_check_data_exists)
 -{
+     // actual test
 -    AccessProvider ap("my-label");
 -    ap.allowAPI("key-manager::api-storage", "rw");
 -    ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
 -
 -    auto manager = CKM::Manager::create();
 -    auto certee = TestData::getTestCertificate(TestData::MBANK);
 -    auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
 -    int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
 -    int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
 -    RUNNER_ASSERT_MSG(
 -        CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
 -        "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
 -    RUNNER_ASSERT_MSG(
 -        CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
 -        "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
++    {
++        ScopedAccessProvider ap("my-label");
++        ap.allowAPI("key-manager::api-storage", "rw");
++        ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
++        ScopedDBUnlock unlock(USER_TEST, APP_PASS);
++
++        auto manager = CKM::Manager::create();
++        int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
++        int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
++        RUNNER_ASSERT_MSG(
++            CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
++            "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
++        RUNNER_ASSERT_MSG(
++            CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
++            "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
++    }
  }
  
- RUNNER_CHILD_TEST(T1519_deinit)
+ RUNNER_TEST(T1519_deinit)
  {
-     int tmp;
-     ScopedAccessProvider ap("my-label");
-     ap.allowAPI("key-manager::api-control", "rw");
-     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-     auto control = CKM::Control::create();
-     RUNNER_ASSERT_MSG(
-         CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
-         "Error=" << CKM::ErrorToString(tmp));
+     remove_user_data(USER_TEST);
  }
  
--
  RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
  
  RUNNER_TEST(T1701_init_unlock_key)
Simple merge