// We have root privileges.
// We should be able to control data.
// The cynara (if integrated) should give us an access.
- uid_t USER_UID = 5102;
+ uid_t USER_ID = 5102;
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_ID)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID,
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_ID,
"simple-password")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_ID, "something")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_ID, "test-pass")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_ID)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")),
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_ID, "something")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_ID)),
"Error=" << CKM::APICodeToString(temp));
}
const AliasVector&,
bool);
-class UserEnv : public RemoveDataEnv<APP_UID>
+class UserEnv : public RemoveDataEnv<OWNER_USER_ID>
{
public:
void init(const std::string & str) {
- RemoveDataEnv<APP_UID>::init(str);
- unlock_user_data(APP_UID, TEST_PASS);
- m_ctx.reset(new ScopedAppContext(TEST_LABEL, APP_UID, APP_GID));
+ RemoveDataEnv<OWNER_USER_ID>::init(str);
+ unlock_user_data(OWNER_USER_ID, TEST_PASS);
+ m_ctx.reset(new ScopedAppContext(TEST_LABEL, OWNER_USER_ID, OWNER_GROUP_ID));
}
void finish() {
m_ctx.reset();
// lock is performed by remove_user_data() in RemoveDataEnv
- RemoveDataEnv<APP_UID>::finish();
+ RemoveDataEnv<OWNER_USER_ID>::finish();
}
std::unique_ptr<ScopedAppContext> m_ctx;
};
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
}
-RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
+RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<OWNER_USER_ID>)
{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+ ScopedDBUnlock dbu(OWNER_USER_ID, TEST_PASS);
// prepare: add data
std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
{
- ScopedAppContext ctx(TEST_LABEL, APP_UID, APP_GID);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, OWNER_GROUP_ID);
save_data(alias1.c_str(), TEST_DATA);
save_data(alias2.c_str(), TEST_DATA);
save_data(alias3.c_str(), TEST_DATA);
}
{
- ScopedAppContext ctx(TEST_LABEL_2, APP_UID, APP_GID);
+ ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID, OWNER_GROUP_ID);
test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
}
-RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
+RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<OWNER_USER_ID>)
{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+ ScopedDBUnlock dbu(OWNER_USER_ID, TEST_PASS);
// prepare: add data
std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
{
- ScopedAppContext ctx(TEST_LABEL, APP_UID, APP_GID);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, OWNER_GROUP_ID);
save_data(alias1.c_str(), TEST_DATA);
test_positive(&ManagerAsync::setPermission,
}
{
- ScopedAppContext ctx(TEST_LABEL_2, APP_UID, APP_GID);
+ ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID, OWNER_GROUP_ID);
test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
#include <ckm/ckm-type.h>
namespace {
-const int USER_ROOT = 0;
-const int APP_1 = 6000;
-const int GROUP_1 = 6000;
-const int APP_2 = 6200;
-const int GROUP_2 = 6200;
+const uid_t ROOT_USER_ID = 0;
+const uid_t USER_ID_1 = 6000;
+const gid_t GROUP_ID_1 = 6000;
+const uid_t USER_ID_2 = 6200;
+const gid_t GROUP_ID_2 = 6200;
const char * const APP_PASS_1 = "app-pass-1";
const char * const APP_PASS_2 = "app-pass-2";
const char* APP_LABEL_1 = TEST_LABEL;
// Manager
RUNNER_TEST(T3000_init)
{
- reset_user_data(APP_1, APP_PASS_1);
- reset_user_data(APP_2, APP_PASS_2);
+ reset_user_data(USER_ID_1, APP_PASS_1);
+ reset_user_data(USER_ID_2, APP_PASS_2);
}
// invalid arguments check
RUNNER_TEST(T3001_manager_allow_access_invalid)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
RUNNER_ASSERT(
CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
// invalid arguments check
RUNNER_TEST(T3002_manager_deny_access_invalid)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
// tries to allow access for non existing alias
RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access for non existing alias
RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access that does not exist in database
RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// tries to allow access to application own data
RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// verifies that alias can not contain forbidden characters
RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// verifies that label can not contain forbidden characters
RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// tries to access other application data without permission
-RUNNER_TEST(T3020_manager_access_not_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3020_manager_access_not_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_read_not_visible(TEST_ALIAS_adr.c_str());
}
// tries to access other application data with permission
-RUNNER_TEST(T3021_manager_access_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3021_manager_access_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3022_manager_access_allowed_with_remove, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3022_manager_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3023_manager_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3023_manager_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
// tries to remove other application data with permission
-RUNNER_TEST(T3025_manager_remove_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3025_manager_remove_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to access other application data after allow function was called twice with different
// rights
-RUNNER_TEST(T3026_manager_double_allow, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3026_manager_double_allow, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
// access should be overwritten
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
}
// tries to access application data with permission and after permission has been revoked
-RUNNER_TEST(T3027_manager_allow_deny, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3027_manager_allow_deny, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
// remove permission
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
deny_access(TEST_ALIAS, APP_LABEL_2);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
}
}
-RUNNER_TEST(T3028_manager_access_by_label, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3028_manager_access_by_label, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
const char *additional_data = "label-2-data";
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
// add data as app 2
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, additional_data);
allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
// test accessibility to app 2 from app 1
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
// test if can access label2 alias from label1 domain - should succeed
check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
}
// tries to modify another label's permission
-RUNNER_TEST(T3029_manager_access_modification_by_foreign_label, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3029_manager_access_modification_by_foreign_label, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
}
// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3030_manager_get_all_aliases, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3030_manager_get_all_aliases, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
size_t count;
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
save_data(TEST_ALIAS2, TEST_DATA);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
// remove permission
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
deny_access(TEST_ALIAS, APP_LABEL_2);
}
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
}
// tries to access other application data with permission
-RUNNER_TEST(T3031_manager_deprecated_access_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3031_manager_deprecated_access_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
}
// tries to remove other application data with permission
-RUNNER_TEST(T3034_manager_deprecated_remove_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3034_manager_deprecated_remove_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
// test accessibility from another label
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
// tries to get alias list and alias info list of other application data
// with permission for read or remove
-RUNNER_TEST(T3035_manager_gets_alias_info_list_with_read_or_remove, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3035_manager_gets_alias_info_list_with_read_or_remove, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_REMOVE);
// test getting alias from another label with read permission
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_alias_count(1);
}
// test getting and removing alias from another label with remove permission
{
- ScopedAppContext ctx(APP_LABEL_3, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_3, USER_ID_1, GROUP_ID_1);
check_alias_count(0);
remove_alias(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
RUNNER_TEST(T3100_init)
{
- reset_user_data(APP_1, APP_PASS_1);
- reset_user_data(APP_2, APP_PASS_2);
+ reset_user_data(USER_ID_1, APP_PASS_1);
+ reset_user_data(USER_ID_2, APP_PASS_2);
}
// invalid argument check
-RUNNER_TEST(T3101_control_allow_access_invalid, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3101_control_allow_access_invalid, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
int ret;
- ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(USER_ID_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(USER_ID_1, "owner alias", NULL, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
}
// invalid argument check
-RUNNER_TEST(T3102_control_deny_access_invalid, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3102_control_deny_access_invalid, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(),
+ "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("owner", TEST_ALIAS).c_str(),
+ NULL, CKMC_PERMISSION_NONE));
// double owner
std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner",
+ aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
RUNNER_TEST(T3103_control_allow_access_non_existing)
{
- reset_user_data(APP_1, APP_PASS_1);
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
+ reset_user_data(USER_ID_1, APP_PASS_1);
+ int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Allowing access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny access for non existing alias
RUNNER_TEST(T3104_control_deny_access_non_existing)
{
- reset_user_data(APP_1, APP_PASS_1);
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ reset_user_data(USER_ID_1, APP_PASS_1);
+ int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Denying access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny non existing access
-RUNNER_TEST(T3105_control_remove_non_existing_access, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3105_control_remove_non_existing_access, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(USER_ID_1,
+ aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
}
// tries to allow application to access its own data
-RUNNER_TEST(T3106_control_allow_access_to_myself, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3106_control_allow_access_to_myself, RemoveDataEnv<USER_ID_1>)
{
// prepare: add data
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
// test
}
// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3110_control_allow_access_as_user, RemoveDataEnv<APP_1>)
+RUNNER_CHILD_TEST(T3110_control_allow_access_as_user, RemoveDataEnv<USER_ID_1>)
{
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
// prepare: add data
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
// test
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
+ int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
"Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
}
// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_deny_access_as_user, RemoveDataEnv<APP_1>)
+RUNNER_CHILD_TEST(T3111_control_deny_access_as_user, RemoveDataEnv<USER_ID_1>)
{
RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
// prepare: add data
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
// test
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
"Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
}
// tries to read other application data with permission
-RUNNER_TEST(T3121_control_access_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3121_control_access_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3122_control_access_allowed_with_remove, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3122_control_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission to read
-RUNNER_TEST(T3122_control_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3122_control_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
-RUNNER_TEST(T3125_control_remove_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3125_control_remove_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
// tries to access other application data after allow function has been called twice with different
// rights
-RUNNER_TEST(T3126_control_double_allow, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3126_control_double_allow, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
// access should be overwritten
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
}
// tries to access other application data with permission and after permission has been revoked
-RUNNER_TEST(T3127_control_allow_deny, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3127_control_allow_deny, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
- deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
+ deny_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
}
// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3130_control_get_all_aliases, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3130_control_get_all_aliases, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
size_t count;
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
save_data(TEST_ALIAS2, TEST_DATA);
count = count_aliases(ALIAS_DATA);
}
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
check_alias_count(count - 1 + 1);
}
- deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
+ deny_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
}
// tries to add access to data in a database of invalid user
-RUNNER_TEST(T3140_control_allow_invalid_user, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3140_control_allow_invalid_user, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ int ret = ckmc_set_permission_by_adm(USER_ID_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+ "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
}
// tries to revoke access to data in a database of invalid user
-RUNNER_TEST(T3141_control_deny_invalid_user, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3141_control_deny_invalid_user, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(USER_ID_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+ "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
}
// tries to read other application data with permission
-RUNNER_TEST(T3142_control_deprecated_access_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3142_control_deprecated_access_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission to read
-RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
-RUNNER_TEST(T3145_control_deprecated_remove_allowed, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3145_control_deprecated_remove_allowed, RemoveDataEnv<USER_ID_1>)
{
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+
// prepare: add data
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
}
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+
{
- ScopedAppContext ctx(APP_LABEL_2, APP_1, GROUP_1);
+ ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
-RUNNER_TEST(utc_ckmc_get_data_alias_info_list_p2, RemoveDataEnv<APP_1>)
+RUNNER_TEST(utc_ckmc_get_data_alias_info_list_p2, RemoveDataEnv<USER_ID_1>)
{
- ScopedAppContext ctx(APP_LABEL_1, APP_1, GROUP_1);
+ ScopedDBUnlock unlock(USER_ID_1, APP_PASS_1);
+ ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
save_data(TEST_ALIAS, TEST_DATA);
ckmc_alias_info_list_s* ppalias_list = NULL;
namespace
{
-const uid_t USER_APP = 5070;
-const uid_t GROUP_APP = 5070;
-const char* APP_PASS = "user-pass";
+const uid_t USER_ID = 5070;
+const gid_t GROUP_ID = 5070;
+const char* APP_PASS = "user-pass";
const char *XML_1_okay = "XML_1_okay.xml";
std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
// [test2]
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(), XML_1_EXPECTED_KEY_1_PASSWD.c_str());
check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
// [test3]
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL_2, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL_2, USER_ID, GROUP_ID);
check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str(),
XML_1_EXPECTED_KEY_1_PASSWD.c_str());
#include <openssl/x509v3.h>
namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
-
-const int USER_APP_2 = 5020;
-const int USER_APP_3 = 5030;
+const gid_t GROUP_ID = 5000;
const char * const APP_PASS = "user-pass";
-const int USER_TEST = 5001;
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
RUNNER_TEST(T1510_init_unlock_key)
{
- reset_user_data(USER_TEST, APP_PASS);
+ reset_user_data(OWNER_USER_ID, APP_PASS);
}
RUNNER_TEST(T1511_insert_data)
CKM::Alias certeeAlias("CertEE");
CKM::Alias certimAlias("CertIM");
{
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_TEST, GROUP_APP);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, GROUP_ID);
auto manager = CKM::Manager::create();
RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
// actual test
{
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_TEST, GROUP_APP);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, GROUP_ID);
auto manager = CKM::Manager::create();
int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
RUNNER_TEST(T1519_deinit)
{
- remove_user_data(USER_TEST);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
RUNNER_TEST(T1701_init_unlock_key)
{
- unlock_user_data(USER_TEST+1, "t170-special-password");
+ unlock_user_data(OWNER_USER_ID+1, "t170-special-password");
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+1, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID);
}
RUNNER_CHILD_TEST(T1702_insert_data)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+1, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID);
auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
RUNNER_CHILD_TEST(T1704_data_test)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+1, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1705_deinit)
{
- remove_user_data(USER_TEST+1);
+ remove_user_data(OWNER_USER_ID+1);
}
RUNNER_TEST(T17101_init)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+2)),
"Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ CKM_API_SUCCESS == (tmp = control->removeUserData(OWNER_USER_ID+2)),
"Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+2, "t1706-special-password")),
"Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+3)),
"Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ CKM_API_SUCCESS == (tmp = control->removeUserData(OWNER_USER_ID+3)),
"Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+3, "t1706-special-password")),
"Error=" << CKM::APICodeToString(tmp));
}
RUNNER_CHILD_TEST(T17102_prep_data_01)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+2, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+2, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_CHILD_TEST(T17103_prep_data_02)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL_2, USER_TEST+2, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+2, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_CHILD_TEST(T17104_prep_data_03)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+3, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+3, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_CHILD_TEST(T17105_prep_data_04)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL_2, USER_TEST+3, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+3, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+3)),
"Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
RUNNER_CHILD_TEST(T17107_check_data_01)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+2, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+2, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_CHILD_TEST(T17108_check_data_02)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL_2, USER_TEST+2, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+2, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+3, "t1706-special-password")),
"Error=" << CKM::APICodeToString(tmp));
}
RUNNER_CHILD_TEST(T17110_check_data_03)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL, USER_TEST+3, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+3, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_CHILD_TEST(T17111_check_data_04)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL_2, USER_TEST+3, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+3, GROUP_ID);
CKM::AliasVector av;
auto manager = CKM::Manager::create();
RUNNER_TEST(T17112_deinit)
{
- remove_user_data(USER_TEST+2);
- remove_user_data(USER_TEST+3);
+ remove_user_data(OWNER_USER_ID+2);
+ remove_user_data(OWNER_USER_ID+3);
}
int main(int argc, char *argv[])
namespace
{
-const uid_t USER_SERVICE = 0;
-const uid_t USER_SERVICE_2 = 1234;
-const uid_t GROUP_SERVICE_2 = 1234;
-const uid_t USER_SERVICE_MAX = 4999;
-const uid_t GROUP_SERVICE_MAX = 4999;
-const uid_t USER_SERVICE_FAIL = 5000;
-const uid_t GROUP_SERVICE_FAIL = 5000;
-const uid_t USER_APP = 5050;
-const uid_t GROUP_APP = 5050;
-const char* APP_PASS = "user-pass";
-
-const char* TEST_ALIAS = "test-alias";
-const char* INVALID_LABEL = "coco-jumbo";
-const char* TEST_PASSWORD = "ckm-password";
-std::string TEST_SYSTEM_ALIAS = sharedDatabase(TEST_ALIAS);
-std::string TEST_SYSTEM_ALIAS_2 = sharedDatabase("test-alias-2");
+const uid_t SERVICE_USER_ID = 0;
+const uid_t SERVICE_USER_ID_2 = 1234;
+const gid_t SERVICE_GROUP_ID_2 = 1234;
+const uid_t SERVICE_USER_ID_MAX = 4999;
+const gid_t SERVICE_GROUP_ID_MAX = 4999;
+const uid_t SERVICE_USER_ID_FAIL = 5000;
+const gid_t SERVICE_GROUP_ID_FAIL = 5000;
+const uid_t USER_ID = 5050;
+const gid_t GROUP_ID = 5050;
+const char* APP_PASS = "user-pass";
+
+const char* TEST_ALIAS = "test-alias";
+const char* INVALID_LABEL = "coco-jumbo";
+const char* TEST_PASSWORD = "ckm-password";
+std::string TEST_SYSTEM_ALIAS = sharedDatabase(TEST_ALIAS);
+std::string TEST_SYSTEM_ALIAS_2 = sharedDatabase("test-alias-2");
const char* TEST_DATA =
"Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB);
-RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
+RUNNER_TEST(T5010_ACCESS_SYSTEM_DB, RemoveDataEnv<0>)
{
- RUNNER_IGNORED_MSG("This test is turn off because fix "
- "from tizen 2.4 that unlock db with empty password");
// [prepare]
// start as system service
// add resource to the system DB
// add permission to the resource to a user app
// [test]
- // switch to user app, leave DB locked
- // try to access system DB item - expect success
+ // switch to user app, lock user db
+ // try to access the item - expect fail (db is locked)
// [prepare]
- remove_user_data(USER_APP);
save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
{
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
}
+
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
+
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
}
RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB)
// try to get item from private DB - expect success
// [test]
- {
- remove_user_data(USER_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ remove_user_data(USER_ID);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
- }
+ ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
}
-RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM, RemoveDataEnv<0, USER_ID>)
{
// [test]
// switch to user app, unlock DB
// try to add item to system DB - expect fail
// [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
+ save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
-RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION, RemoveDataEnv<0, USER_ID>)
{
// [prepare]
// start as system service
allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
-RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION, RemoveDataEnv<0, USER_ID>)
{
// [prepare]
// start as system service
save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
-RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL, RemoveDataEnv<0, USER_ID>)
{
// [prepare]
// start as system service
save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+
// [test]
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
// [test2]
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
}
-RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS, RemoveDataEnv<0, USER_ID>)
{
// [test]
// switch to user app, unlock DB
// try to write to system DB - expect fail
// [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
+ ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
+ ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
-RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM, RemoveDataEnv<0, USER_ID>)
{
// [prepare]
// start as system service
allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
- }
+ check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
}
-RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS, RemoveDataEnv<0, USER_APP>)
+RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS, RemoveDataEnv<0, USER_ID>)
{
// [prepare]
// start as system service
check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()});
// [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
- ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
+ ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
- aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
- }
+ check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
+ aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
}
-RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB, RemoveDataEnv<USER_APP>)
+RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB, RemoveDataEnv<USER_ID>)
{
// [test]
// switch to user app, unlock DB
// try to generate a key in system DB - expect fail
// [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
-
- std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
- std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_PERMISSION_DENIED ==
- (temp = ckmc_create_key_pair_rsa(1024,
- private_key_alias.c_str(),
- public_key_alias.c_str(),
- policy_private_key,
- policy_public_key)),
- CKMCReadableError(temp));
- }
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
+
+ std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
+ std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_PERMISSION_DENIED ==
+ (temp = ckmc_create_key_pair_rsa(1024,
+ private_key_alias.c_str(),
+ public_key_alias.c_str(),
+ policy_private_key,
+ policy_public_key)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB, RemoveDataEnv<0,USER_APP>)
+RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB, RemoveDataEnv<0,USER_ID>)
{
// [prepare]
// start as system service
}
// [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
- private_key_alias.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
- }
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
+ private_key_alias.c_str(),
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS, RemoveDataEnv<0>)
save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
- {
- ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_2, GROUP_SERVICE_2);
+ ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_2, SERVICE_GROUP_ID_2);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB)
// try to access the item - expect success
// [prepare]
- {
- ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_2, GROUP_SERVICE_2);
+ ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_2, SERVICE_GROUP_ID_2);
- // [test]
- ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
+ // [test]
+ ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB, RemoveDataEnv<0>)
save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
- {
- ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_MAX, GROUP_SERVICE_MAX);
+ ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_MAX, SERVICE_GROUP_ID_MAX);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB, RemoveDataEnv<0>)
{
- RUNNER_IGNORED_MSG("This test is turn off because fix "
- "from tizen 2.4 that unlock db with empty password");
// [prepare]
// start as system service
// add resource to the system DB
save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
// [test]
- {
- ScopedAppContext ctx(TEST_LABEL_2, USER_SERVICE_FAIL, GROUP_SERVICE_FAIL);
+ ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_FAIL, SERVICE_GROUP_ID_FAIL);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
- }
+ check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
}
RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL, RemoveDataEnv<0>)
const AliasVector&,
bool);
-class UserEnv : public RemoveDataEnv<APP_UID>
+class UserEnv : public RemoveDataEnv<OWNER_USER_ID>
{
public:
void init(const std::string & str) {
- RemoveDataEnv<APP_UID>::init(str);
- unlock_user_data(APP_UID, TEST_PASS);
+ RemoveDataEnv<OWNER_USER_ID>::init(str);
+ unlock_user_data(OWNER_USER_ID, TEST_PASS);
}
void finish() {
// lock is performed by remove_user_data() in RemoveDataEnv
- RemoveDataEnv<APP_UID>::finish();
+ RemoveDataEnv<OWNER_USER_ID>::finish();
}
};
RUNNER_TEST(TA1820_allow_access, UserEnv)
{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+ ScopedDBUnlock dbu(OWNER_USER_ID, TEST_PASS);
// prepare: add data
const char *alias1 = "alias-1";
RUNNER_TEST(TA1920_deny_access, UserEnv)
{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+ ScopedDBUnlock dbu(OWNER_USER_ID, TEST_PASS);
// prepare: add data
const char *alias1 = "alias-1";
RUNNER_TEST(TCCH_0000_init)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
}
// old API
RUNNER_TEST(TCCH_0010_get_chain_old_api)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifierOld cv;
// old API
RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifierOld cv;
cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
// check invalid arguments
RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ckmc_cert_s* leaf = create_cert(TestData::TEST_LEAF);
ckmc_cert_s* ca = create_cert(TestData::TEST_IM_CA);
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifier cv;
cv.disableSystem();
*/
RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifier cv;
cv.disableSystem();
*/
RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifier cv;
cv.verifyPositive(TestData::OCSP_AVAILABLE_IM, 2); // including system cert
*/
RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifier cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
*/
RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifier cv;
cv.disableSystem();
*/
RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
ChainVerifier cv;
cv.disableSystem();
RUNNER_TEST(TCCH_9999_deinit)
{
- remove_user_data(APP_UID);
+ remove_user_data(OWNER_USER_ID);
}
#include <stdlib.h>
namespace {
-const int USER_APP = 5001;
const char* USER_PASS = "user-pass";
const char *const TEST_OBJECT1 = "OBJECT1";
} // namespace anonymous
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, "simple-password")),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, "simple-password")),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, "simple-password")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
+ CKMC_ERROR_NONE == (temp = ckmc_change_user_password(OWNER_USER_ID, "simple-password", "new-pass")),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
{
int temp;
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, USER_PASS)),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
{
int temp;
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, "simple-password")),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3041_init_C_API)
{
- reset_user_data(USER_APP, "simple-password");
+ reset_user_data(OWNER_USER_ID, "simple-password");
}
RUNNER_TEST(T3042_save_get_bin_data_C_API)
CKMCReadableError(temp));
}
-RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
+RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<OWNER_USER_ID>)
{
ckmc_backend_info_h info;
size_t big_size = 100000;
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, USER_PASS)),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3061_CAPI_init)
{
- reset_user_data(USER_APP, USER_PASS);
+ reset_user_data(OWNER_USER_ID, USER_PASS);
}
RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
RUNNER_TEST(T3065_CAPI_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
// TODO
RUNNER_TEST(T3071_CAPI_init)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
RUNNER_TEST(T3075_CAPI_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(OWNER_USER_ID, USER_PASS)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3089_CAPI_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T3091_CAPI_TYPE_init)
{
- reset_user_data(USER_APP, USER_PASS);
+ reset_user_data(OWNER_USER_ID, USER_PASS);
}
RUNNER_TEST(T3092_CAPI_TYPE_KEY)
{
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(OWNER_USER_ID)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T3201_CAPI_unlock_database)
{
- reset_user_data(USER_APP, USER_PASS);
+ reset_user_data(OWNER_USER_ID, USER_PASS);
}
RUNNER_TEST(T3202_CAPI_get_data_from_empty_database)
{
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, USER_PASS);
int temp;
CKM::Alias alias = "mykey";
RUNNER_TEST(T3203_CAPI_lock_database)
{
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, USER_PASS);
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(OWNER_USER_ID)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3204_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
#include <iostream>
#include <string>
+#include <sys/types.h>
#include <netdb.h>
#include <dpl/test/test_runner.h>
#include <openssl/x509v3.h>
namespace {
-const int USER_APP = 5001;
-
-const int USER_APP_2 = 5020;
-const int USER_APP_3 = 5030;
+const uid_t USER_ID_2 = 5020;
+const uid_t USER_ID_3 = 5030;
const char * const APP_PASS = "user-pass";
-const int USER_TEST = 5001;
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
auto control = CKM::Control::create();
control->removeUserData(0);
- control->removeUserData(USER_APP_2);
- control->removeUserData(USER_APP);
+ control->removeUserData(USER_ID_2);
+ control->removeUserData(OWNER_USER_ID);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(OWNER_USER_ID, "simple-password")),
"Error=" << CKM::APICodeToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(OWNER_USER_ID, "simple-password")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(OWNER_USER_ID)),
"Error=" << CKM::APICodeToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(OWNER_USER_ID, "simple-password")),
"Error=" << CKM::APICodeToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_ID_3)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_ID_3, "simple-password")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_ID_3, "something")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_ID_3, "test-pass")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_ID_3)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_ID_3, "something")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_ID_3)),
"Error=" << CKM::APICodeToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_ID_2, "test-pass")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_ID_2, "test-pass", "new-pass")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_ID_2)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_ID_2)),
"Error=" << CKM::APICodeToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_ID_2, "test-pass")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_ID_2, "test-pass", "new-pass")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_ID_2)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_ID_2, "incorrect-password")),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_ID_2)),
"Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1010_init)
{
- unlock_user_data(USER_APP, "user-pass");
+ unlock_user_data(OWNER_USER_ID, "user-pass");
}
RUNNER_TEST(T1011_key)
RUNNER_TEST(T1015_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(OWNER_USER_ID, "user-pass")),
"Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1024_app_user_save_keys_get_alias_pwd)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
int exitCode;
const int aliasNameCount = 10;
check_alias_info_list_helper(expected, actual, "/User ");
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1025_app_user_save_certificates_get_alias_pwd)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
int exitCode;
const int aliasNameCount = 10;
check_alias_info_list_helper(expected, actual, "/User ");
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1026_app_user_save_data_get_alias_pwd)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
int exitCode;
const int aliasNameCount = 10;
check_alias_info_list_helper(expected, actual, "/User ");
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1027_backend_info)
RUNNER_TEST(T1029_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
RUNNER_TEST(T1030_init)
{
- reset_user_data(USER_APP, APP_PASS);
+ reset_user_data(OWNER_USER_ID, APP_PASS);
}
RUNNER_TEST(T1032_app_user_save_bin_data)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1034_app_remove_bin_data)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1035_getData_wrong_password)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1036_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(OWNER_USER_ID, "user-pass")),
"Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1049_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1110_init)
{
- unlock_user_data(USER_APP, "user-pass");
+ unlock_user_data(OWNER_USER_ID, "user-pass");
}
RUNNER_TEST(T1111_CreateKeyPairRSA)
RUNNER_TEST(T1114_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
RUNNER_TEST(T12100_init)
{
- reset_user_data(USER_APP, APP_PASS);
+ reset_user_data(OWNER_USER_ID, APP_PASS);
}
RUNNER_TEST(T12101_key_exist)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12102_saveKey_empty_alias)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12103_saveKey_foreign_label)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12104_saveKey_empty_key)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias; //alias is not initialized
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
RUNNER_TEST(T12108_saveData_empty_alias)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12109_saveData_foreign_label)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12110_saveData_empty_data)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12113_getData_alias_not_exist)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
*/
RUNNER_TEST(T12114_RSA_key_damaged)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12115_RSA_key_too_short)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12116_DSA_key_too_short)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
+ ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
RUNNER_TEST(T12120_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
RUNNER_TEST(T1311_init)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
RUNNER_ASSERT_MSG(time(0) > 1405343457,
"Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
RUNNER_TEST(T1315_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
RUNNER_TEST(T1411_init)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1412_RSA_key_create_verify)
RUNNER_TEST(T1420_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
RUNNER_TEST(T14180_init)
{
int temp;
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
auto manager = CKM::Manager::create();
RUNNER_TEST(T14189_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1800_init)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
RUNNER_TEST(T1801_parse_PKCS12) {
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(OWNER_USER_ID)),
"Error=" << CKM::APICodeToString(temp));
}
}
RUNNER_TEST(T1901_init_unlock_key)
{
- reset_user_data(USER_APP, T190_PASSWD);
+ reset_user_data(OWNER_USER_ID, T190_PASSWD);
}
RUNNER_TEST(T1902_get_data)
{
- ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
+ ScopedDBUnlock unlock(OWNER_USER_ID, T190_PASSWD);
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
int tmp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID)),
"Error=" << CKM::APICodeToString(tmp));
}
RUNNER_TEST(T1905_deinit)
{
- remove_user_data(USER_APP);
+ remove_user_data(OWNER_USER_ID);
}
int main(int argc, char *argv[])
close(fd);
- int ret = chown(path.c_str(), APP_UID, APP_GID);
+ int ret = chown(path.c_str(), OWNER_USER_ID, OWNER_GROUP_ID);
RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
}
ret = symlink(realPath.c_str(), linkPath.c_str());
RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to create symlink");
- ret = lchown(linkPath.c_str(), APP_UID, APP_GID);
+ ret = lchown(linkPath.c_str(), OWNER_USER_ID, OWNER_GROUP_ID);
RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
}
* Dropping root privileges
* returns 0 on success, 1 on error
*/
-int drop_root_privileges(uid_t appUid, gid_t appGid)
+int drop_root_privileges(uid_t userId, gid_t groupId)
{
if (getuid() == 0) {
/* process is running as root, drop privileges */
- if (setgid(appGid) != 0)
+ if (setgid(groupId) != 0)
return 1;
- if (setuid(appUid) != 0)
+ if (setuid(userId) != 0)
return 1;
}
uid_t uid = getuid();
- if (uid == appUid)
+ if (uid == userId)
return 0;
return 1;
#include <tuple>
#include <string.h>
-const uid_t APP_UID = 5001;
-const gid_t APP_GID = 100;
+const uid_t OWNER_USER_ID = 5001;
+const gid_t OWNER_GROUP_ID = 100;
bool smack_check(void);
-int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
+int drop_root_privileges(uid_t userId = OWNER_USER_ID, gid_t groupId = OWNER_GROUP_ID);
std::string formatCstr(const char *cstr);
int files_compare(int fd1, int fd2);
void mktreeSafe(const std::string &path, mode_t mode);
projects / platform / core / test / security-tests.git / commitdiff