############################# Targets names ###################################
-# No target defined so far
+SET(TARGET_CKM_TESTS "ckm-tests")
+SET(COMMON_TARGET_TEST "tests-common")
############################# subdirectories ##################################
BuildRequires: cynara-devel
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: boost-devel
+BuildRequires: pkgconfig(vconf)
Requires(post): gum-utils
Requires(postun): gum-utils
Requires(postun): %{_bindir}/id
-DDPL_LOG="ON" \
-DVERSION=%{version} \
-DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:DEBUG} \
+%if "%{sec_product_feature_security_mdfpp_enable}" == "1"
+ -DSECURITY_MDFPP_STATE_ENABLE=1 \
+%endif
-DCMAKE_VERBOSE_MAKEFILE=ON \
-DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
-DAPP_USER=security-tests-app
# Load permissions templates
api_feature_loader --verbose
+# Set vconf key for cc-mode testing if vconf key isn't there.
+%if "%{sec_product_feature_security_mdfpp_enable}" != "1"
+ echo "Install vconf key (file/security_mdpp/security_mdpp_state) for testing key-manager"
+ vconftool set -t string file/security_mdpp/security_mdpp_state "Unset"
+%endif
+
echo "security-tests postinst done ..."
%postun
-# Copyright (c) 2011-2015 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
INCLUDE(FindPkgConfig)
+# mdpp flag
+IF (DEFINED SECURITY_MDFPP_STATE_ENABLED)
+ MESSAGE("SECURITY_MDFPP_STATE_ENABLE ENABLED !")
+ ADD_DEFINITIONS("-DSECURITY_MDFPP_STATE_ENABLE")
+ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLE)
+ MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !")
+ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLE)
+
# Dependencies
PKG_CHECK_MODULES(CKM_DEP
libsmack
key-manager
- dlog
+ dbus-1
+ vconf
REQUIRED)
# Targets definition
-SET(TARGET_CKM_TESTS "ckm-tests")
-
SET(CKM_SOURCES
+ ${PROJECT_SOURCE_DIR}/src/ckm/access_provider2.cpp
${PROJECT_SOURCE_DIR}/src/ckm/main.cpp
${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/capi-certificate-chains.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/capi-access_control.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
+# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/clean-env.cpp
+ ${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
)
INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm/ )
ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} tests-common)
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
# Installation
INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
-INSTALL(FILES test1801.pkcs12 DESTINATION /usr/share/ckm-test)
+INSTALL(FILES
+ test1801.pkcs12
+ pkcs.p12
+ capi-t3096.p12
+ DESTINATION /usr/share/ckm-test
+ )
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file access_provider.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/smack.h>
+
+#include <access_provider2.h>
+
+#include <tests_common.h>
+
+AccessProvider::AccessProvider(const std::string &mySubject)
+ : m_mySubject(mySubject)
+{}
+
+void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
+ m_smackAccess.add(m_mySubject, api, rule);
+}
+
+void AccessProvider::apply() {
+ m_smackAccess.apply();
+}
+
+void AccessProvider::applyAndSwithToUser(int uid, int gid) {
+ RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
+ "Error in smack_revoke_subject(" << m_mySubject << ")");
+ apply();
+ RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
+ "Error in smack_set_label_for_self.");
+ RUNNER_ASSERT_MSG(0 == setgid(gid),
+ "Error in setgid.");
+ RUNNER_ASSERT_MSG(0 == setuid(uid),
+ "Error in setuid.");
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file access_provider.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Common functions and macros used in security-tests package.
+ */
+#ifndef _ACCESS_FOR_DUMMIES_H_
+#define _ACCESS_FOR_DUMMIES_H_
+
+#include <string>
+
+#include <smack_access.h>
+
+class AccessProvider {
+public:
+ AccessProvider(const std::string &mySubject);
+
+ AccessProvider(const AccessProvider &second) = delete;
+ AccessProvider& operator=(const AccessProvider &second) = delete;
+
+ void allowAPI(const std::string &api, const std::string &rules);
+ void apply();
+ void applyAndSwithToUser(int uid, int gid);
+
+ virtual ~AccessProvider(){}
+private:
+ std::string m_mySubject;
+ SmackAccess m_smackAccess;
+};
+
+#endif // _ACCESS_FOR_DUMMIES_H_
+
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file async-api.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <mutex>
+#include <utility>
+#include <condition_variable>
+#include <cassert>
+
+#include <ckmc/ckmc-type.h>
+#include <ckm/ckm-manager-async.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-raw-buffer.h>
+
+#include <fstream>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/log/log.h>
+
+#include <tests_common.h>
+#include <test-certs.h>
+#include <ckm-common.h>
+
+using namespace CKM;
+using namespace std;
+using namespace TestData;
+
+namespace {
+
+const char* TEST_LABEL = "test_label";
+const CertificateShPtrVector EMPTY_CERT_VECTOR;
+const AliasVector EMPTY_ALIAS_VECTOR;
+
+class MyObserver: public ManagerAsync::Observer
+{
+public:
+ MyObserver() :
+ m_finished(false), m_error(0)
+ {
+ }
+
+ void ReceivedError(int error)
+ {
+ LogError("Received error: " << error);
+ m_finished = true;
+ m_error = error;
+ m_cv.notify_one();
+ }
+
+ void ReceivedSaveKey() { Succeeded(); }
+ void ReceivedSaveCertificate() { Succeeded(); }
+ void ReceivedSaveData() { Succeeded(); }
+ void ReceivedSavePKCS12() { Succeeded(); }
+
+ void ReceivedRemovedAlias() { Succeeded(); }
+
+ void ReceivedKey(Key &&) { Succeeded(); }
+ void ReceivedCertificate(Certificate &&) { Succeeded(); }
+ void ReceivedData(RawBuffer &&) { Succeeded(); }
+ void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
+
+ void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+
+ void ReceivedCreateKeyPairRSA() { Succeeded(); }
+ void ReceivedCreateKeyPairDSA() { Succeeded(); }
+ void ReceivedCreateKeyPairECDSA() { Succeeded(); }
+
+ void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
+ { m_certChain = move(chain); Succeeded(); }
+
+ void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
+ void ReceivedVerifySignature() { Succeeded(); }
+
+ void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
+
+ void ReceivedSetPermission() { Succeeded(); }
+
+ void WaitForResponse()
+ {
+ unique_lock < mutex > lock(m_mutex);
+
+ m_cv.wait(lock, [this] {return m_finished;});
+ }
+
+ bool m_finished;
+ int m_error;
+ AliasVector m_aliases;
+ CertificateShPtrVector m_certChain;
+ PKCS12ShPtr m_pkcs;
+ RawBuffer m_signed;
+ int m_ocspStatus;
+
+protected:
+ void Succeeded()
+ {
+ LogDebug("Succeeded");
+ m_finished = true;
+ m_cv.notify_one();
+ }
+
+ mutex m_mutex;
+ condition_variable m_cv;
+};
+
+typedef shared_ptr<MyObserver> MyObserverPtr;
+
+const char* TEST_PASS = "test-pass";
+
+enum Type {
+ RSA,
+ DSA,
+ ECDSA
+};
+
+struct KeyPair
+{
+ KeyPair(const std::string& prv_pem, const std::string& pub_pem) {
+ RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
+ prv = Key::create(buffer_prv);
+ assert(prv);
+
+ RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
+ pub = Key::create(buffer_pub);
+ assert(pub);
+ }
+
+ KeyShPtr prv;
+ KeyShPtr pub;
+};
+
+typedef map<Type, vector<KeyPair> > KeyMap;
+
+
+KeyMap initializeKeys()
+{
+ KeyMap km;
+
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
+ "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
+ "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
+ "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
+ "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
+ "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
+ "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
+ "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
+ "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
+ "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
+ "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
+ "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
+ "-----END RSA PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
+ "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
+ "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
+ "3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "-----END PUBLIC KEY-----"
+ );
+ km[DSA].emplace_back(
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
+ "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
+ "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
+ "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
+ "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
+ "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
+ "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
+ "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
+ "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
+ "yAKPlW7WQzgV5jLLNUW7\n"
+ "-----END DSA PRIVATE KEY-----",
+
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
+ "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
+ "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
+ "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
+ "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
+ "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
+ "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
+ "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
+ "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
+ "yAKPlW7WQzgV5jLLNUW7\n"
+ "-----END DSA PRIVATE KEY-----"
+ );
+ km[ECDSA].emplace_back(
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
+ "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
+ "sQ==\n"
+ "-----END EC PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
+ "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
+ "-----END PUBLIC KEY-----"
+ );
+ return km;
+}
+
+KeyMap keys = initializeKeys();
+typedef vector<CertificateShPtr> CertVector;
+
+const RawBuffer raw_buffer(const char* buffer)
+{
+ return RawBuffer(buffer, buffer + strlen(buffer));
+}
+
+const RawBuffer test_buffer = raw_buffer("test_string");
+
+template <typename F, typename... Args>
+void test_negative(F&& func, int expected, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
+
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
+ obs->WaitForResponse();
+
+ RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
+ RUNNER_ASSERT_MSG(
+ obs->m_error == expected,
+ "Expected " << expected << "/" << ErrorToString(expected) <<
+ " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
+}
+
+template <typename F, typename... Args>
+void test_invalid_param(F&& func, Args... args)
+{
+ test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
+}
+
+template <typename F, typename... Args>
+void test_no_observer(F&& func, Args... args)
+{
+ ManagerAsync::ObserverPtr obs;
+ ManagerAsync mgr;
+
+ try {
+ (mgr.*func)(obs, args...);
+ RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
+ } catch (const invalid_argument& e) {
+ RUNNER_ASSERT(true);
+ } catch (...) {
+ RUNNER_ASSERT_MSG(false, "Unexpected exception");
+ }
+}
+
+template <typename F, typename... Args>
+MyObserverPtr test_positive(F&& func, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
+
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
+ obs->WaitForResponse();
+
+ RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
+ RUNNER_ASSERT_MSG(obs->m_error == 0,
+ "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
+ return obs;
+}
+
+template <typename F, typename... Args>
+void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
+}
+
+template <typename F, typename... Args>
+void test_check_cert_chain(F&& func, size_t expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(
+ obs->m_certChain.size() == expected,
+ "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
+}
+
+typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const CertificateShPtrVector&,
+ const CertificateShPtrVector&,
+ bool);
+
+typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const AliasVector&,
+ const AliasVector&,
+ bool);
+} // namespace anonymous
+
+
+RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+
+RUNNER_TEST(TA0000_init)
+{
+ int temp;
+ ControlShPtr control = Control::create();
+
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
+ "Error=" << ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)),
+ "Error=" << ErrorToString(temp));
+}
+
+// saveKey
+RUNNER_CHILD_TEST(TA0010_save_key_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
+ test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
+ test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
+}
+
+RUNNER_CHILD_TEST(TA0020_save_key_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
+ test_negative(&ManagerAsync::saveKey,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ dbc.alias("alias"),
+ keys[RSA][0].prv,
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA0050_save_key_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
+}
+
+
+// saveCertificate
+RUNNER_CHILD_TEST(TA0110_save_cert_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
+ test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
+ test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
+ test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
+}
+
+RUNNER_CHILD_TEST(TA0120_save_cert_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
+ test_negative(&ManagerAsync::saveCertificate,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ dbc.alias("alias"),
+ getTestCertificate(MBANK),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA0150_save_cert_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
+}
+
+
+// saveData
+RUNNER_CHILD_TEST(TA0210_save_data_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
+ test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
+ test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
+}
+
+RUNNER_CHILD_TEST(TA0220_save_data_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_negative(&ManagerAsync::saveData,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ dbc.alias("alias"),
+ test_buffer,
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA0250_save_data_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+}
+
+
+// removeKey
+RUNNER_CHILD_TEST(TA0310_remove_alias_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::removeAlias, "alias");
+ test_invalid_param(&ManagerAsync::removeAlias, "");
+}
+
+RUNNER_CHILD_TEST(TA0330_remove_alias_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
+}
+
+RUNNER_CHILD_TEST(TA0350_remove_key_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
+}
+
+
+RUNNER_CHILD_TEST(TA0450_remove_cert_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
+}
+
+
+RUNNER_CHILD_TEST(TA0550_remove_data_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
+}
+
+
+// getKey
+RUNNER_CHILD_TEST(TA0610_get_key_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getKey, "alias", "");
+ test_invalid_param(&ManagerAsync::getKey, "", "");
+}
+
+RUNNER_CHILD_TEST(TA0630_get_key_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
+}
+
+RUNNER_CHILD_TEST(TA0640_get_key_wrong_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_negative(&ManagerAsync::getKey,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias"),
+ "wrong-password");
+}
+
+RUNNER_CHILD_TEST(TA0650_get_key_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::getKey, dbc.alias("alias"), "password");
+}
+
+
+// getCertificate
+RUNNER_CHILD_TEST(TA0710_get_cert_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getCertificate, "alias", "");
+ test_invalid_param(&ManagerAsync::getCertificate, "", "");
+}
+
+RUNNER_CHILD_TEST(TA0730_get_cert_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getCertificate,
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN,
+ "non-existing-alias",
+ "");
+}
+
+RUNNER_CHILD_TEST(TA0740_get_cert_wrong_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate,
+ dbc.alias("alias"),
+ getTestCertificate(MBANK),
+ Policy("password"));
+ test_negative(&ManagerAsync::getCertificate,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias"),
+ "wrong-password");
+}
+
+RUNNER_CHILD_TEST(TA0750_get_cert_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy("password"));
+ test_positive(&ManagerAsync::getCertificate, dbc.alias("alias"), "password");
+}
+
+
+// getData
+RUNNER_CHILD_TEST(TA0810_get_data_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getData, "alias", "");
+ test_invalid_param(&ManagerAsync::getData, "", "");
+}
+
+RUNNER_CHILD_TEST(TA0830_get_data_unknown_alias)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
+}
+
+RUNNER_CHILD_TEST(TA0840_get_data_wrong_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
+ test_negative(&ManagerAsync::getData,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias"),
+ "wrong-password");
+}
+
+RUNNER_CHILD_TEST(TA0850_get_data_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
+ test_positive(&ManagerAsync::getData, dbc.alias("alias"), "password");
+}
+
+
+// getKeyAliasVector
+RUNNER_CHILD_TEST(TA0910_get_key_alias_vector_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getKeyAliasVector);
+}
+
+RUNNER_CHILD_TEST(TA0950_get_key_alias_vector_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias1"), keys[RSA][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
+
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias2"), keys[DSA][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+}
+
+
+// getCertificateAliasVector
+RUNNER_CHILD_TEST(TA1010_get_cert_alias_vector_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getCertificateAliasVector);
+}
+
+RUNNER_CHILD_TEST(TA1050_get_cert_alias_vector_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias1"), getTestCertificate(MBANK), Policy());
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
+
+ test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias2"), getTestCertificate(SYMANTEC), Policy());
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+}
+
+
+// getDataAliasVector
+RUNNER_CHILD_TEST(TA1110_get_data_alias_vector_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::getDataAliasVector);
+}
+
+RUNNER_CHILD_TEST(TA1150_get_data_alias_vector_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias1"), test_buffer, Policy());
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
+
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+
+ test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
+}
+
+
+// createKeyPairRSA
+RUNNER_CHILD_TEST(TA1210_create_key_pair_rsa_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createKeyPairRSA,
+ 1024,
+ "alias_prv",
+ "alias_pub",
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1220_create_key_pair_rsa_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyPairRSA,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1250_create_key_pair_rsa_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::createKeyPairRSA,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
+}
+
+// createKeyPairDSA
+RUNNER_CHILD_TEST(TA1270_create_key_pair_dsa_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createKeyPairDSA,
+ 1024,
+ "alias_prv",
+ "alias_pub",
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1280_create_key_pair_dsa_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[DSA][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyPairDSA,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1290_create_key_pair_dsa_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::createKeyPairDSA,
+ 1024,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
+}
+
+// createKeyPairECDSA
+RUNNER_CHILD_TEST(TA1310_create_key_pair_ecdsa_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createKeyPairECDSA,
+ ElipticCurve::prime192v1,
+ "alias_prv",
+ "alias_pub",
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1320_create_key_pair_ecdsa_already_exists)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[ECDSA][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyPairECDSA,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ ElipticCurve::prime192v1,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+}
+
+RUNNER_CHILD_TEST(TA1350_create_key_pair_ecdsa_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::createKeyPairECDSA,
+ ElipticCurve::prime192v1,
+ dbc.alias("alias_prv"),
+ dbc.alias("alias_pub"),
+ Policy(),
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
+ aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
+}
+
+
+// getCertificateChain
+RUNNER_CHILD_TEST(TA1410_get_certificate_chain_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ CertificateShPtr cert = getTestCertificate(MBANK);
+ CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
+ test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+ test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
+ CertificateShPtr(),
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+
+ Alias alias = "alias";
+ AliasVector aliasv = { alias };
+ test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
+ cert,
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+ test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
+ CertificateShPtr(),
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+}
+
+RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtr cert = getTestCertificate(MBANK);
+ CertificateShPtrVector certv = { getTestCertificate(MBANK) };
+ test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true);
+ test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+ AliasVector aliasv = { dbc.alias("alias") };
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
+ test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ EMPTY_ALIAS_VECTOR,
+ EMPTY_ALIAS_VECTOR,
+ true);
+ test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ cert,
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+}
+
+RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtr cert = getTestCertificate(MBANK);
+ CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
+ test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
+ 3,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+
+ AliasVector aliasv = { dbc.alias("alias") };
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
+ test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
+ 3,
+ cert,
+ aliasv,
+ EMPTY_ALIAS_VECTOR,
+ true);
+}
+
+
+// createSignature
+RUNNER_CHILD_TEST(TA1510_create_signature_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::createSignature,
+ "alias",
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+ test_invalid_param(&ManagerAsync::createSignature,
+ "",
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+ test_invalid_param(&ManagerAsync::createSignature,
+ "alias",
+ "",
+ RawBuffer(),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1520_create_signature_invalid_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_negative(&ManagerAsync::createSignature,
+ CKM_API_ERROR_INPUT_PARAM,
+ dbc.alias("alias"),
+ "wrong-password",
+ RawBuffer(),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1550_create_signature_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias"),
+ "password",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+
+// verifySignature
+RUNNER_CHILD_TEST(TA1610_verify_signature_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::verifySignature,
+ "",
+ "",
+ RawBuffer(),
+ RawBuffer(),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+ test_invalid_param(&ManagerAsync::verifySignature,
+ "",
+ "",
+ test_buffer,
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1620_verify_signature_invalid_password)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "pass1",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ dbc.alias("alias_pub"),
+ "wrong-password",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1630_verify_signature_invalid_message)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
+
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub"),
+ "",
+ raw_buffer("invalid-unsigned-mesage"),
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1640_verify_signature_invalid_signature)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_VERIFICATION_FAILED,
+ dbc.alias("alias_pub"),
+ "",
+ test_buffer,
+ raw_buffer("invalid-signature"),
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1650_verify_signature_wrong_key)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_negative(&ManagerAsync::verifySignature,
+ CKM_API_ERROR_SERVER_ERROR,
+ dbc.alias("alias_prv"),
+ "",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+RUNNER_CHILD_TEST(TA1660_verify_signature_positive)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
+ test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
+ auto obs = test_positive(&ManagerAsync::createSignature,
+ dbc.alias("alias_prv"),
+ "pass1",
+ test_buffer,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+
+ test_positive(&ManagerAsync::verifySignature,
+ dbc.alias("alias_pub"),
+ "pass2",
+ test_buffer,
+ obs->m_signed,
+ HashAlgorithm::SHA1,
+ RSAPaddingAlgorithm::PKCS1);
+}
+
+
+// ocspCheck
+RUNNER_CHILD_TEST(TA1710_ocsp_check_invalid_param)
+{
+ test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
+ test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
+}
+
+RUNNER_CHILD_TEST(TA1720_ocsp_check_negative)
+{
+ switch_to_storage_ocsp_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
+
+ auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
+ RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
+ "Verification should fail. Got: " << obs->m_ocspStatus);
+}
+
+RUNNER_CHILD_TEST(TA1750_ocsp_check_positive)
+{
+ switch_to_storage_ocsp_user(TEST_LABEL);
+
+ DBCleanup dbc;
+ CertificateShPtr cert = getTestCertificate(MBANK);
+ CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
+ auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
+ cert,
+ certv,
+ EMPTY_CERT_VECTOR,
+ true);
+
+ auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
+ RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
+ "Verification failed. Error: " << obs->m_ocspStatus);
+}
+
+// setPermission
+RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
+}
+
+RUNNER_TEST(TA1820_allow_access)
+{
+ DBCleanup dbc;
+ CharPtr top_label = get_label();
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
+ test_positive(&ManagerAsync::setPermission,
+ dbc.alias("alias2"),
+ TEST_LABEL,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ dbc.alias("alias3"),
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+
+ {
+ ScopedLabel label(TEST_LABEL);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
+
+ // test from allowed label, but without properly addressing alias (coming from default label)
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
+
+ // now test with appropriate addressing
+ std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
+ test_positive(&ManagerAsync::getData, full_alias2_address, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
+
+ std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
+ test_positive(&ManagerAsync::getData, full_alias3_address, "");
+ test_positive(&ManagerAsync::removeAlias, full_alias3_address);
+ }
+}
+
+// denyAccess
+RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
+}
+
+RUNNER_TEST(TA1920_deny_access)
+{
+ DBCleanup dbc;
+ CharPtr top_label = get_label();
+ test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
+ test_positive(&ManagerAsync::setPermission,
+ dbc.alias("alias"),
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
+
+ {
+ ScopedLabel label(TEST_LABEL);
+
+ std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
+ }
+}
+
+namespace
+{
+CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
+}
+
+RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs)
+{
+ DBCleanup dbc;
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ test_positive(&ManagerAsync::savePKCS12,
+ alias_PKCS_exportable,
+ pkcs,
+ exportable,
+ exportable);
+ test_negative(&ManagerAsync::savePKCS12,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ alias_PKCS_exportable,
+ pkcs,
+ exportable,
+ exportable);
+
+ test_positive(&ManagerAsync::savePKCS12,
+ alias_PKCS_not_exportable,
+ pkcs,
+ notExportable,
+ notExportable);
+ test_negative(&ManagerAsync::savePKCS12,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ alias_PKCS_not_exportable,
+ pkcs,
+ notExportable,
+ notExportable);
+}
+
+RUNNER_TEST(TA2010_PKCS_get)
+{
+ DBCleanup dbc;
+ auto manager = CKM::Manager::create();
+
+ // fail - no entry
+ test_negative(&ManagerAsync::getPKCS12,
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN,
+ "i-do-not-exist",
+ CKM::Password(),
+ CKM::Password());
+
+
+ // fail - not exportable
+ test_negative(&ManagerAsync::getPKCS12,
+ CKM_API_ERROR_NOT_EXPORTABLE,
+ dbc.alias(alias_PKCS_not_exportable.c_str()),
+ CKM::Password(),
+ CKM::Password());
+
+ // success - exportable
+ auto obs = test_positive(&ManagerAsync::getPKCS12,
+ dbc.alias(alias_PKCS_exportable.c_str()),
+ CKM::Password(),
+ CKM::Password());
+
+ auto cert = obs->m_pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = obs->m_pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(TA9999_deinit)
+{
+ int temp;
+ ControlShPtr control = Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)),
+ "Error=" << ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
+ "Error=" << ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << ErrorToString(temp));
+}
--- /dev/null
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <ckm-common.h>
+#include <access_provider2.h>
+
+#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-control.h>
+#include <ckmc/ckmc-type.h>
+#include <ckmc/ckmc-error.h>
+
+#include <ckm/ckm-type.h>
+
+namespace {
+
+const uid_t USER_ROOT = 0;
+const char* APP_PASS = "user-pass";
+const char* ROOT_PASS = "test-pass";
+
+const char* NO_ALIAS = "definitely-non-existent-alias";
+const char* NO_OWNER = "definitely-non-existent-owner";
+
+const char* TEST_ALIAS = "test-alias";
+const char* TEST_ALIAS2 = "test-alias2";
+const char* TEST_ALIAS3 = "test-alias3";
+
+const char* TEST_LABEL = "test-label";
+const char* TEST_LABEL2 = "test-label2";
+const char* TEST_LABEL3 = "test-label3";
+const char* TEST_LABEL4 = "test-label4";
+
+const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+
+void save_data(const char* alias, const char *data)
+{
+ ckmc_raw_buffer_s buffer;
+ buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
+ buffer.size = strlen(data);
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = true;
+
+ int ret = ckmc_save_data(alias, buffer, policy);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
+}
+
+void save_data(const char* alias)
+{
+ save_data(alias, TEST_DATA);
+}
+
+void check_remove_allowed(const char* alias)
+{
+ int ret = ckmc_remove_alias(alias);
+ // remove, but ignore non existing
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret || CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ "Removing data failed: " << CKMCErrorToString(ret));
+}
+
+void check_remove_denied(const char* alias)
+{
+ int ret = ckmc_remove_alias(alias);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_PERMISSION_DENIED == ret,
+ "App with different label shouldn't have rights to remove this data. Error: " << ret);
+}
+
+void check_remove_not_visible(const char* alias)
+{
+ int ret = ckmc_remove_alias(alias);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "App with different label shouldn't have rights to see this data. Error: " << ret);
+}
+
+void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE)
+{
+ ckmc_raw_buffer_s* buffer = NULL;
+ int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
+ RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result: " << CKMCErrorToString(ret));
+
+ if(expected_code == CKMC_ERROR_NONE)
+ {
+ // compare data with expected
+ RUNNER_ASSERT_MSG(
+ buffer->size == strlen(test_data),
+ "Extracted data length do not match expected data length (encrypted?).");
+
+ RUNNER_ASSERT_MSG(
+ memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), test_data, buffer->size) == 0,
+ "Extracted data do not match expected data (encrypted?).");
+
+ ckmc_buffer_free(buffer);
+ }
+}
+
+void check_read_allowed(const char* alias, const char *data)
+{
+ // try to read previously saved data - label taken implicitly
+ check_read(alias, 0, data);
+}
+void check_read_allowed(const char* alias)
+{
+ check_read_allowed(alias, TEST_DATA);
+}
+
+void check_read_not_visible(const char* alias)
+{
+ // try to read previously saved data - label taken implicitly
+ {
+ ckmc_raw_buffer_s* buffer = NULL;
+ int ret = ckmc_get_data(alias, NULL, &buffer);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "App with different label shouldn't have rights to see this data." << CKMCErrorToString(ret));
+ ckmc_buffer_free(buffer);
+ }
+}
+
+void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+{
+ int ret = ckmc_allow_access(alias, accessor, accessRights);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+}
+
+void allow_access(const char* alias, const char* accessor, int permissionMask)
+{
+ // data removal should revoke this access
+ int ret = ckmc_set_permission(alias, accessor, permissionMask);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+}
+
+void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
+{
+ // data removal should revoke this access
+ int ret = ckmc_set_permission(alias, accessor, permissionMask);
+ RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode));
+}
+
+void deny_access(const char* alias, const char* accessor)
+{
+ int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " << CKMCErrorToString(ret));
+}
+
+void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
+{
+ int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. " << CKMCErrorToString(ret) << ", while expected: " << CKMCErrorToString(expectedCode));
+}
+
+void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+{
+ // data removal should revoke this access
+ int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+}
+
+void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
+{
+ // data removal should revoke this access
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
+}
+
+void deny_access_by_adm(const char* alias, const char* accessor)
+{
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
+}
+
+int count_aliases()
+{
+ ckmc_alias_list_s *aliasList = NULL;
+ int ret = ckmc_get_data_alias_list(&aliasList);
+ if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
+ return 0;
+
+ RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret));
+
+ ckmc_alias_list_s *plist = aliasList;
+ int count = 0;
+ while(plist)
+ {
+ plist = plist->next;
+ count++;
+ }
+ ckmc_alias_list_all_free(aliasList);
+ return count;
+}
+
+void check_alias_count(int expected)
+{
+ int count = count_aliases();
+ RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
+}
+
+// saves data upon construction and deletes it upon destruction
+class ScopedSaveData
+{
+public:
+ ScopedSaveData(const char* alias) : m_alias(alias)
+ {
+ save_data(alias);
+ }
+ ScopedSaveData(const char* alias, const char *data) : m_alias(alias)
+ {
+ save_data(alias, data);
+ }
+
+ ~ScopedSaveData()
+ {
+ /*
+ * Let it throw. If we can't remove data then remaining tests results will be
+ * unreliable anyway.
+ */
+ check_remove_allowed(m_alias);
+ }
+private:
+ const char* m_alias;
+};
+
+} // namespace anonymous
+
+RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
+
+
+/////////////////////////////////////////////////////////////////////////////
+// Manager
+RUNNER_TEST(T3000_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
+}
+
+// invalid arguments check
+RUNNER_TEST(T3001_manager_allow_access_invalid)
+{
+ RUNNER_ASSERT(
+ CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
+ RUNNER_ASSERT(
+ CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
+}
+
+// invalid arguments check
+RUNNER_TEST(T3002_manager_deny_access_invalid)
+{
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
+}
+
+// tries to allow access for non existing alias
+RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
+}
+
+// tries to deny access for non existing alias
+RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Denying access for non existing alias returned " << CKMCErrorToString(ret));
+}
+
+// tries to deny access that does not exist in database
+RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ // deny non existing access to existing alias
+ int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
+}
+
+// tries to allow access to application own data
+RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
+{
+ switch_to_storage_user(TEST_LABEL);
+
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ CharPtr label = get_label();
+ int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ "Trying to allow myself returned: " << CKMCErrorToString(ret));
+}
+
+// verifies that alias can not contain forbidden characters
+RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
+{
+ switch_to_storage_user(TEST_LABEL);
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ std::string test_alias_playground = std::string("AAA BBB CCC");
+ check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // control: expect success
+ check_read(TEST_ALIAS, 0, TEST_DATA);
+ check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+}
+
+// verifies that label can not contain forbidden characters
+RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
+{
+ switch_to_storage_user(TEST_LABEL);
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ // basic test
+ std::string test_label_playground = std::string("AAA BBB CCC");
+ check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // insert part of the separator in the middle
+ test_label_playground = std::string(TEST_LABEL);
+ test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // prepend separator
+ test_label_playground = std::string(TEST_LABEL);
+ test_label_playground.insert(0, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // append separator
+ test_label_playground = std::string(TEST_LABEL);
+ test_label_playground.append(ckmc_label_name_separator);
+ check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // control: expect success
+ check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+}
+
+// tries to access other application data without permission
+RUNNER_TEST(T3020_manager_access_not_allowed)
+{
+ CharPtr top_label = get_label();
+
+ ScopedSaveData ssd(TEST_ALIAS);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_read_not_visible(TEST_ALIAS_adr.c_str());
+ check_remove_not_visible(TEST_ALIAS_adr.c_str());
+ }
+}
+
+// tries to access other application data with permission
+RUNNER_TEST(T3021_manager_access_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to read other application data with permission for read/remove
+RUNNER_TEST(T3022_manager_access_allowed_with_remove)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to remove other application data with permission for reading only
+RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
+ }
+}
+
+// tries to remove other application data with permission
+RUNNER_TEST(T3025_manager_remove_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to access other application data after allow function was called twice with different
+// rights
+RUNNER_TEST(T3026_manager_double_allow)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ // access should be overwritten
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
+ }
+}
+
+// tries to access application data with permission and after permission has been revoked
+RUNNER_TEST(T3027_manager_allow_deny)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
+ }
+
+ deny_access(TEST_ALIAS, TEST_LABEL2);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_not_visible(TEST_ALIAS_adr.c_str());
+ check_read_not_visible(TEST_ALIAS_adr.c_str());
+ }
+}
+
+RUNNER_TEST(T3028_manager_access_by_label)
+{
+ CharPtr top_label = get_label();
+ const char *additional_data = "label-2-data";
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+ ScopedSaveData ssd(TEST_ALIAS, additional_data);
+ allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
+
+ // test if accessing valid alias (of label2 domain)
+ check_read_allowed(TEST_ALIAS, additional_data);
+
+ // this has to be done here - in the scope, otherwise
+ // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
+ {
+ ScopedLabel sl(top_label.get());
+
+ // test if can access label2 alias from label1 domain - should succeed
+ check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
+ }
+ }
+
+ // test if accessing valid alias (of label1 domain)
+ check_read_allowed(TEST_ALIAS);
+
+ // access should not be possible - already left the LABEL2 scope, object should be removed
+ check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
+}
+
+// tries to modify another label's permission
+RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
+{
+ ScopedLabel sl(TEST_LABEL);
+ ScopedSaveData ssd(TEST_ALIAS);
+ allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
+ deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
+ }
+}
+
+// checks if only aliases readable by given app are returned
+RUNNER_TEST(T3030_manager_get_all_aliases)
+{
+ ScopedSaveData ssd1(TEST_ALIAS);
+ ScopedSaveData ssd2(TEST_ALIAS2);
+
+ int count = count_aliases();
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ // check that app can access other aliases when it has permission
+ check_alias_count(count - 1);
+
+ ScopedSaveData ssd3(TEST_ALIAS3);
+
+ // check that app can access its own aliases
+ check_alias_count(count - 1 + 1);
+ }
+
+ deny_access(TEST_ALIAS, TEST_LABEL2);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ // check that app can't access other aliases for which permission has been revoked
+ check_alias_count(count - 2);
+ }
+}
+
+// tries to access other application data with permission
+RUNNER_TEST(T3031_manager_deprecated_access_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to read other application data with permission for read/remove
+RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to remove other application data with permission for reading only
+RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
+ }
+}
+
+// tries to remove other application data with permission
+RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+
+/////////////////////////////////////////////////////////////////////////////
+// Control
+
+// invalid argument check
+RUNNER_TEST(T3101_control_allow_access_invalid)
+{
+ int ret;
+ ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
+ ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
+
+ // double owner
+ std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
+ ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
+}
+
+// invalid argument check
+RUNNER_TEST(T3102_control_deny_access_invalid)
+{
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
+ ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
+ ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
+
+ // double owner
+ std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
+ RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
+ ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
+}
+
+// tries to allow access for non existing alias
+RUNNER_TEST(T3103_control_allow_access_non_existing)
+{
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
+}
+
+// tries to deny access for non existing alias
+RUNNER_TEST(T3104_control_deny_access_non_existing)
+{
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Denying access for non existing alias returned " << CKMCErrorToString(ret));
+}
+
+// tries to deny non existing access
+RUNNER_TEST(T3105_control_deny_access_non_existing_access)
+{
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ CharPtr label = get_label();
+
+ // deny non existing access to existing alias
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
+}
+
+// tries to allow application to access its own data
+RUNNER_TEST(T3106_control_allow_access_to_myself)
+{
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ CharPtr label = get_label();
+ int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ "Trying to allow myself returned: " << CKMCErrorToString(ret));
+}
+
+// tries to use admin API as a user
+RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
+{
+ switch_to_storage_user(TEST_LABEL);
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
+ "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+}
+
+// tries to use admin API as a user
+RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
+{
+ switch_to_storage_user(TEST_LABEL);
+ int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
+ "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+}
+
+// tries to read other application data with permission
+RUNNER_TEST(T3121_control_access_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to read other application data with permission to read/remove
+RUNNER_TEST(T3122_control_access_allowed_with_remove)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to remove other application data with permission to read
+RUNNER_TEST(T3122_control_access_allowed_remove_denied)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to remove other application data with permission
+RUNNER_TEST(T3125_control_remove_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to access other application data after allow function has been called twice with different
+// rights
+RUNNER_TEST(T3126_control_double_allow)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ // access should be overwritten
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
+ }
+}
+
+// tries to access other application data with permission and after permission has been revoked
+RUNNER_TEST(T3127_control_allow_deny)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
+ }
+ CharPtr label = get_label();
+ deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_not_visible(TEST_ALIAS_adr.c_str());
+ check_read_not_visible(TEST_ALIAS_adr.c_str());
+ }
+}
+
+// checks if only aliases readable by given app are returned
+RUNNER_TEST(T3130_control_get_all_aliases)
+{
+ ScopedSaveData ssd1(TEST_ALIAS);
+ ScopedSaveData ssd2(TEST_ALIAS2);
+
+ int count = count_aliases();
+
+ allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ // check that app can access other aliases when it has permission
+ check_alias_count(count - 1);
+
+ ScopedSaveData ssd3(TEST_ALIAS3);
+
+ // check that app can access its own aliases
+ check_alias_count(count - 1 + 1);
+ }
+
+ deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ // check that app can't access other aliases for which permission has been revoked
+ check_alias_count(count - 2);
+ }
+}
+
+// tries to add access to data in a database of invalid user
+RUNNER_TEST(T3140_control_allow_invalid_user)
+{
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ int ret = ckmc_set_permission_by_adm(
+ APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+}
+
+// tries to revoke access to data in a database of invalid user
+RUNNER_TEST(T3141_control_deny_invalid_user)
+{
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+}
+
+// tries to read other application data with permission
+RUNNER_TEST(T3142_control_deprecated_access_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to read other application data with permission to read/remove
+RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to remove other application data with permission to read
+RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+// tries to remove other application data with permission
+RUNNER_TEST(T3145_control_deprecated_remove_allowed)
+{
+ CharPtr top_label = get_label();
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+
+ check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ }
+}
+
+
+RUNNER_TEST(T3999_deinit)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file capi-certificate-chains.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <stdarg.h>
+
+#include <string>
+#include <memory>
+
+#include <dpl/test/test_runner.h>
+
+#include <tests_common.h>
+#include <test-certs.h>
+#include <ckm-common.h>
+
+#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-control.h>
+#include <ckmc/ckmc-type.h>
+#include <ckmc/ckmc-error.h>
+
+namespace {
+
+const char *CHAINS_PASSWD = "chains-pass";
+
+typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
+typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
+typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
+
+ckmc_cert_s* create_cert(TestData::certificateID idx) {
+
+ std::string cert_raw = TestData::getTestCertificateBase64(idx);
+
+ ckmc_cert_s* cert = NULL;
+ assert_positive(ckmc_cert_new,
+ reinterpret_cast<unsigned char*>(const_cast<char*>(cert_raw.c_str())),
+ cert_raw.size(),
+ CKMC_FORM_PEM,
+ &cert);
+
+ RUNNER_ASSERT_MSG(cert != NULL, "Cert is NULL");
+ return cert;
+}
+
+void save_cert(const ckmc_cert_s* cert, const char* alias) {
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
+
+ assert_positive(ckmc_save_cert, alias, *cert, policy);
+}
+
+// list gets copies of aliases
+AliasListPtr create_alias_list(const char* alias, ...) {
+ AliasListPtr aliasList(NULL, ckmc_alias_list_all_free);
+
+ va_list ap;
+
+ va_start(ap, alias);
+ ckmc_alias_list_s* last = NULL;
+ for (const char* a = alias; a != NULL; a = va_arg(ap, const char*)) {
+ if (aliasList == NULL) {
+ ckmc_alias_list_s* tmp = NULL;
+ assert_positive(ckmc_alias_list_new, strdup(a), &tmp);
+ aliasList = AliasListPtr(tmp, ckmc_alias_list_all_free);
+ RUNNER_ASSERT_MSG(!!aliasList, "Alias list is NULL");
+ last = aliasList.get();
+ } else {
+ assert_positive(ckmc_alias_list_add, last, strdup(a), &last);
+ RUNNER_ASSERT_MSG(last != NULL, "Last alias on the list is NULL");
+ }
+ }
+ va_end(ap);
+
+ return aliasList;
+}
+
+// list takes ownership of provided certificates
+CertListPtr create_cert_list(ckmc_cert_s* cert, ...) {
+ CertListPtr certList(NULL, ckmc_cert_list_all_free);
+
+ va_list ap;
+
+ va_start(ap, cert);
+ ckmc_cert_list_s* last = NULL;
+ for (ckmc_cert_s* c = cert; c!=NULL; c = va_arg(ap, ckmc_cert_s*)) {
+ if (!certList) {
+ ckmc_cert_list_s* tmp = NULL;
+ assert_positive(ckmc_cert_list_new, c, &tmp);
+ certList = CertListPtr(tmp, ckmc_cert_list_all_free);
+ RUNNER_ASSERT_MSG(!!certList, "Cert list is NULL");
+ last = certList.get();
+ } else {
+ assert_positive(ckmc_cert_list_add, last, c, &last);
+ RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL");
+ }
+ }
+ va_end(ap);
+
+ return certList;
+}
+
+const ckmc_alias_list_s* NULL_ALIASES = NULL;
+const ckmc_cert_s* NULL_CERT = NULL;
+ckmc_cert_list_s** NULL_CHAIN = NULL;
+
+// old api wrapper
+class ChainApiOld {
+public:
+ static int createChain(const ckmc_cert_s *cert,
+ const ckmc_cert_list_s *untrustedcerts,
+ const ckmc_cert_list_s* /*trustedcerts*/,
+ const bool /*use_trustedsystemcerts*/,
+ ckmc_cert_list_s **ppcert_chain_list)
+ {
+ return ckmc_get_cert_chain(cert, untrustedcerts, ppcert_chain_list);
+ }
+
+ static int createChainWithAlias(const ckmc_cert_s *cert,
+ const ckmc_alias_list_s *untrustedcerts,
+ const ckmc_alias_list_s* /*trustedcerts*/,
+ const bool /*use_trustedsystemcerts*/,
+ ckmc_cert_list_s **ppcert_chain_list)
+ {
+ return ckmc_get_cert_chain_with_alias(cert, untrustedcerts, ppcert_chain_list);
+ }
+};
+
+// new api wrapper
+class ChainApiNew {
+public:
+ static int createChain(const ckmc_cert_s *cert,
+ const ckmc_cert_list_s *untrustedcerts,
+ const ckmc_cert_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list)
+ {
+ return ckmc_get_cert_chain_with_trustedcert(cert,
+ untrustedcerts,
+ trustedcerts,
+ use_trustedsystemcerts,
+ ppcert_chain_list);
+ }
+
+ static int createChainWithAlias(const ckmc_cert_s *cert,
+ const ckmc_alias_list_s *untrustedcerts,
+ const ckmc_alias_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list)
+ {
+ return ckmc_get_cert_chain_with_trustedcert_alias(cert,
+ untrustedcerts,
+ trustedcerts,
+ use_trustedsystemcerts,
+ ppcert_chain_list);
+ }
+};
+
+/*
+ * Helper class for certificate verification
+ */
+template <typename T=ChainApiNew>
+class ChainVerifier
+{
+public:
+ ChainVerifier();
+ ~ChainVerifier();
+
+ void addTrusted(TestData::certificateID idx);
+ void addUntrusted(TestData::certificateID idx);
+ void enableSystem(bool enable);
+
+ void verifyPositive(TestData::certificateID idx, size_t expected);
+ void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+
+private:
+ void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert);
+ void addAlias(ckmc_alias_list_s*& list, const char* alias);
+
+ ckmc_cert_list_s* m_trustedCerts;
+ ckmc_alias_list_s* m_trustedAliases;
+
+ ckmc_cert_list_s* m_untrustedCerts;
+ ckmc_alias_list_s* m_untrustedAliases;
+
+ bool m_system;
+};
+
+template <typename T>
+ChainVerifier<T>::ChainVerifier() :
+ m_trustedCerts(NULL),
+ m_trustedAliases(NULL),
+ m_untrustedCerts(NULL),
+ m_untrustedAliases(NULL),
+ m_system(true)
+{
+}
+
+template <typename T>
+ChainVerifier<T>::~ChainVerifier()
+{
+ ckmc_cert_list_all_free(m_trustedCerts);
+ ckmc_cert_list_all_free(m_untrustedCerts);
+ ckmc_alias_list_all_free(m_trustedAliases);
+ ckmc_alias_list_all_free(m_untrustedAliases);
+}
+
+template <typename T>
+void ChainVerifier<T>::addTrusted(TestData::certificateID idx)
+{
+ size_t size = list_size(m_trustedCerts);
+ ckmc_cert_s* cert = create_cert(idx);
+ addCert(m_trustedCerts, cert);
+
+ std::stringstream ss;
+ ss << "TRUSTED_CERT_ALIAS_" << size;
+ save_cert(cert, ss.str().c_str());
+ addAlias(m_trustedAliases, ss.str().c_str());
+}
+
+template <typename T>
+void ChainVerifier<T>::addUntrusted(TestData::certificateID idx)
+{
+ size_t size = list_size(m_untrustedCerts);
+ ckmc_cert_s* cert = create_cert(idx);
+ addCert(m_untrustedCerts, cert);
+
+ std::stringstream ss;
+ ss << "UNTRUSTED_CERT_ALIAS_" << size;
+ save_cert(cert, ss.str().c_str());
+ addAlias(m_untrustedAliases, ss.str().c_str());
+}
+
+template <typename T>
+void ChainVerifier<T>::enableSystem(bool enable)
+{
+ m_system = enable;
+}
+
+template <typename T>
+void ChainVerifier<T>::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
+{
+ if (!list) {
+ ckmc_cert_list_s* tmp = NULL;
+ assert_positive(ckmc_cert_list_new, cert, &tmp);
+ RUNNER_ASSERT_MSG(!!tmp, "Cert list is NULL");
+ list = tmp;
+ } else {
+ ckmc_cert_list_s* last = list;
+ while(last->next)
+ last = last->next;
+ assert_positive(ckmc_cert_list_add, last, cert, &last);
+ RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL");
+ }
+}
+
+template <typename T>
+void ChainVerifier<T>::addAlias(ckmc_alias_list_s*& list, const char* alias)
+{
+ if (!list) {
+ ckmc_alias_list_s* tmp = NULL;
+ assert_positive(ckmc_alias_list_new, strdup(alias), &tmp);
+ RUNNER_ASSERT_MSG(!!tmp, "Alias list is NULL");
+ list = tmp;
+ } else {
+ ckmc_alias_list_s* last = list;
+ while(last->next)
+ last = last->next;
+ assert_positive(ckmc_alias_list_add, last, strdup(alias), &last);
+ RUNNER_ASSERT_MSG(last != NULL, "Last alias on the list is NULL");
+ }
+}
+
+template <typename T>
+void ChainVerifier<T>::verifyPositive(TestData::certificateID idx, size_t expected)
+{
+ ckmc_cert_s* cert = create_cert(idx);
+
+ ckmc_cert_list_s* chain = NULL;
+
+ assert_positive(T::createChain,
+ cert,
+ m_untrustedCerts,
+ m_trustedCerts,
+ m_system,
+ &chain);
+
+ size_t size = list_size(chain);
+ ckmc_cert_list_all_free(chain);
+ chain = NULL;
+ RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
+
+ assert_positive(T::createChainWithAlias,
+ cert,
+ m_untrustedAliases,
+ m_trustedAliases,
+ m_system,
+ &chain);
+
+ size = list_size(chain);
+ ckmc_cert_list_all_free(chain);
+ chain = NULL;
+ RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
+ ckmc_cert_free(cert);
+}
+
+template <typename T>
+void ChainVerifier<T>::verifyNegative(TestData::certificateID idx, int error)
+{
+ ckmc_cert_s* cert = create_cert(idx);
+
+ ckmc_cert_list_s* chain = NULL;
+
+ assert_result(error,
+ T::createChain,
+ cert,
+ m_untrustedCerts,
+ m_trustedCerts,
+ m_system,
+ &chain);
+ RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
+
+ assert_result(error,
+ T::createChainWithAlias,
+ cert,
+ m_untrustedAliases,
+ m_trustedAliases,
+ m_system,
+ &chain);
+
+ RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
+ ckmc_cert_free(cert);
+}
+} // namespace anonymous
+
+RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
+
+RUNNER_TEST(TCCH_0000_init)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+}
+
+// old API
+RUNNER_TEST(TCCH_0010_get_chain_old_api)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<ChainApiOld> cv;
+ cv.verifyNegative(TestData::GOOGLE_COM);
+
+ cv.addUntrusted(TestData::GIAG2);
+ cv.verifyPositive(TestData::GOOGLE_COM, 3); // including system cert
+ cv.verifyNegative(TestData::TEST_LEAF);
+}
+
+// old API
+RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<ChainApiOld> cv;
+ cv.verifyPositive(TestData::GIAG2, 2); // including system cert
+}
+
+// check invalid arguments
+RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
+ ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
+ ckmc_cert_list_s* chain = NULL;
+
+ // cert
+ CertListPtr untrusted_c = create_cert_list(ca1, NULL);
+ ca1 = NULL;
+
+ assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
+ NULL_CERT,
+ untrusted_c.get(),
+ untrusted_c.get(),
+ true,
+ &chain);
+
+ assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
+ ca2,
+ untrusted_c.get(),
+ untrusted_c.get(),
+ true,
+ NULL_CHAIN);
+
+ // alias
+ ca1 = create_cert(TestData::GEOTRUST);
+ save_cert(ca1, "GEOTRUST");
+ AliasListPtr untrusted_a = create_alias_list("GEOTRUST", NULL);
+
+ assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
+ NULL_CERT,
+ untrusted_a.get(),
+ untrusted_a.get(),
+ true,
+ &chain);
+
+ assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
+ ca2,
+ untrusted_a.get(),
+ untrusted_a.get(),
+ true,
+ NULL_CHAIN);
+
+ ckmc_cert_free(ca2);
+}
+
+// check invalid arguments
+RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
+ ckmc_cert_list_s* chain = NULL;
+
+ AliasListPtr non_existing = create_alias_list("NON_EXISTING_ALIAS", NULL);
+ assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ ckmc_get_cert_chain_with_trustedcert_alias,
+ ca2,
+ non_existing.get(),
+ NULL_ALIASES,
+ true,
+ &chain);
+
+ assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
+ ckmc_get_cert_chain_with_trustedcert_alias,
+ ca2,
+ NULL_ALIASES,
+ non_existing.get(),
+ true,
+ &chain);
+ ckmc_cert_free(ca2);
+}
+
+/*
+ * This test verifies that chain of trust won't be successfully built unless system or trusted
+ * certificates are used even if real trusted root ca certs are used as untrusted.
+ */
+RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.enableSystem(false);
+ cv.verifyNegative(TestData::EQUIFAX);
+
+ cv.addUntrusted(TestData::GIAG2);
+ cv.verifyNegative(TestData::GOOGLE_COM);
+}
+
+/*
+ * This test verifies that it's possible to build a chain of trust with single trusted certificate
+ * and no system certificates.
+ */
+RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.enableSystem(false);
+ cv.addTrusted(TestData::TEST_ROOT_CA);
+ cv.verifyPositive(TestData::TEST_IM_CA, 2);
+ cv.verifyNegative(TestData::TEST_LEAF);
+}
+
+/*
+ * This test verifies that it's possible to build a chain of trust with system certificates only
+ */
+RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.verifyPositive(TestData::GIAG2, 2); // including system cert
+ cv.verifyNegative(TestData::GOOGLE_COM);
+}
+
+/*
+ * Verifies that chain of trust can be built without untrusted certificates.
+ */
+RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.addTrusted(TestData::TEST_ROOT_CA);
+ cv.verifyPositive(TestData::TEST_IM_CA, 2);// signed by trusted cert (TEST_ROOT_CA)
+ cv.verifyPositive(TestData::GIAG2, 2); // signed by system cert (GEOTRUST)
+ cv.verifyNegative(TestData::GOOGLE_COM);
+}
+
+RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.addUntrusted(TestData::GIAG2);
+ cv.verifyPositive(TestData::GOOGLE_COM,3); // including system cert
+ cv.verifyNegative(TestData::TEST_LEAF);
+}
+
+/*
+ * Check if its possible to build a chain of trust without system certs.
+ */
+RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.enableSystem(false);
+ cv.addTrusted(TestData::TEST_ROOT_CA);
+ cv.addUntrusted(TestData::TEST_IM_CA);
+ cv.verifyPositive(TestData::TEST_LEAF, 3);
+ cv.verifyNegative(TestData::GOOGLE_COM);
+}
+
+/*
+ * Check if its possible to build a chain of trust with intermediate ca cert in trusted list.
+ */
+RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.enableSystem(false);
+ cv.addTrusted(TestData::TEST_ROOT_CA);
+ cv.addTrusted(TestData::TEST_IM_CA);
+ cv.verifyPositive(TestData::TEST_LEAF, 3);
+ cv.verifyNegative(TestData::GOOGLE_COM);
+}
+
+RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
+{
+ reset_user_data(0, CHAINS_PASSWD);
+
+ ChainVerifier<> cv;
+ cv.enableSystem(true);
+ cv.addTrusted(TestData::TEST_ROOT_CA);
+ cv.addUntrusted(TestData::GEOTRUST);
+ cv.addUntrusted(TestData::GIAG2);
+ /*
+ * In combat conditions this may as well be 3. Because of 2 existing GeoTrust certificates with
+ * same Subject and Public key one being root ca and the other not there are 2 possible chains
+ * of trust for this certificate.
+ */
+ cv.verifyPositive(TestData::GOOGLE_COM,4);
+ cv.verifyNegative(TestData::TEST_LEAF);
+}
+
+RUNNER_TEST(TCCH_9999_deinit)
+{
+ remove_user_data(0);
+}
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <test-certs.h>
+#include <ckm-common.h>
+#include <access_provider2.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
+#include <ckm-common.h>
+
#include <string>
#include <string.h>
#include <stdio.h>
static const int USER_APP = 5000;
static const int GROUP_APP = 5000;
-RUNNER_TEST_GROUP_INIT (T201_CKMC_CONTROL_C_API);
+namespace {
-RUNNER_TEST(T2011_Control_C_API)
-{
- int temp;
+typedef enum {
+ ALIAS_KEY,
+ ALIAS_CERT,
+ ALIAS_DATA
+} alias_type_;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
+const char* USER_PASS = "user-pass";
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
+int count_aliases(alias_type_ type, int minimum_initial_element_count = 0)
+{
+ ckmc_alias_list_s *aliasList = NULL;
+ int ec;
+ switch(type)
+ {
+ case ALIAS_KEY:
+ ec = ckmc_get_key_alias_list(&aliasList);
+ break;
+
+ case ALIAS_CERT:
+ ec = ckmc_get_cert_alias_list(&aliasList);
+ break;
+
+ case ALIAS_DATA:
+ ec = ckmc_get_data_alias_list(&aliasList);
+ break;
+ }
+ if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
+ return 0;
+ else if(ec==0)
+ {
+ ckmc_alias_list_s *plist = aliasList;
+ int return_count = 0;
+ while(plist)
+ {
+ plist = plist->next;
+ return_count ++;
+ }
+ ckmc_alias_list_all_free(aliasList);
+
+ RUNNER_ASSERT_MSG(
+ return_count >= minimum_initial_element_count,
+ "Error: alias list failed, current element count: " << return_count <<
+ " while expected minimal count of " << minimum_initial_element_count <<
+ " elements");
+
+ return return_count;
+ }
+ else
+ {
+ // error - fail
+ RUNNER_ASSERT_MSG(
+ ec >= 0,
+ "Error: alias list failed, ec: " << CKMCErrorToString(ec));
+ }
+
+ return ec;
}
-RUNNER_TEST(T2012_Control_C_API)
+ckmc_raw_buffer_s prepare_message_buffer(const char * input)
{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
+ ckmc_raw_buffer_s retval;
+ retval.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(input));
+ retval.size = strlen(input);
+ return retval;
}
-RUNNER_TEST(T2013_Control_C_API)
-{
- int temp;
+} // namespace anonymous
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
-}
-RUNNER_TEST(T2014_Control_C_API)
+RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
+
+RUNNER_TEST(T3011_Control_C_API)
{
- int temp;
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(14, "simple-password")),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2015_Control_C_API)
+RUNNER_TEST(T3012_Control_C_API)
{
- int temp;
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(TT2016_Control_C_API)
+RUNNER_TEST(T3013_Control_C_API)
{
- int temp;
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ CKMCReadableError(temp));
}
-RUNNER_TEST_GROUP_INIT (T202_CKMC_QUICK_SET_GET_TESTS_C_API);
+RUNNER_TEST(T3014_Control_C_API)
+{
+ int temp;
+ const uid_t UNIQUE_USER = 15;
+
+ // clean up environment
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+ CKMCReadableError(temp));
+ // unlock with default password
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
+ CKMCReadableError(temp));
+ // reset password (NULL, "simple-password")
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
+ CKMCReadableError(temp));
+ // get rid of NULL DKEK
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")),
+ CKMCReadableError(temp));
+ // lock db
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)),
+ CKMCReadableError(temp));
+ // try to reset password when db locked
+ RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
+ CKMCReadableError(temp));
+ // clean up environment
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+ CKMCReadableError(temp));
+}
-RUNNER_TEST(T2021_init_C_API)
+RUNNER_TEST(T3015_Control_C_API)
{
- int temp;
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ CKMCReadableError(temp));
+}
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
+RUNNER_TEST(T3016_Control_C_API)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2022_key_C_API)
+RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
+
+RUNNER_TEST(T3021_init_C_API)
{
- int temp;
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMCReadableError(temp));
+}
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
+RUNNER_TEST(T3022_key_C_API)
+{
+ int temp;
- char* password = NULL;
- char alias[10] = "mykey";
+ ckmc_key_s test_key, *test_key2;
+ ckmc_policy_s test_policy;
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ char* password = NULL;
+ const char *alias = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
+ char* char_keypem = new char[keyPem.length() + 1];
- test_policy.password = password;
- test_policy.extractable = 1;
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
- test_key2 = &test_key;
+ test_policy.password = password;
+ test_policy.extractable = 1;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
+ test_key2 = &test_key;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ CKMCReadableError(temp));
- // int compareResult;
- // compareResult = (strcmp((const char *)test_key.raw_key, (const char *)test_key2->raw_key));
- // printf("compare !! %s \n compare 2 !! = %s\n",test_key.raw_key, test_key2->raw_key);
- //
- // RUNNER_ASSERT_MSG(
- // compareResult == 0,
- // "Key modified");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2023_certificate_C_API)
+RUNNER_TEST(T3023_certificate_C_API)
{
- int temp;
+ int temp;
- std::string certPem = "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- char alias[10] = "myCert";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
- "Error=" << temp);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
- "Error=" << temp);
+ char* password = NULL;
+ ckmc_cert_s *cert2;
+ ckmc_cert_s cert;
- // int compareResult;
- // printf("compare !! %s \n compare 2 !!\n\n %s",cert.raw_cert, cert2->raw_cert);
- // compareResult = (strcmp((const char *)cert.raw_cert, (const char *)cert2->raw_cert));
- //
- // RUNNER_ASSERT_MSG(
- // compareResult == 0,
- // "Cert modified");
-}
+ const char *alias = "test-cert-1-RSA";
-RUNNER_TEST(T2024_certificate_remove_C_API)
-{
- int temp;
+ ckmc_policy_s test_policy;
+ test_policy.password = password;
+ test_policy.extractable = 1;
- char* password = NULL;
- ckmc_cert_s *cert2;
- char alias[10] = "myCert";
+ char* char_certPem = new char[certPem.length() + 1];
+ std::strcpy(char_certPem, certPem.c_str());
+ cert.raw_cert = (unsigned char *)char_certPem;
+ cert.cert_size = certPem.length();
+ cert.data_format = CKMC_FORM_PEM;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
- "Error=" << temp);
+ ckmc_cert_free(cert2);
}
-RUNNER_TEST(T2025_certificate_list_C_API)
+RUNNER_TEST(T3024_certificate_remove_C_API)
{
- int temp;
+ int temp;
- std::string certPem = "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- char* password = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
+ char* password = NULL;
+ ckmc_cert_s *cert2;
+ const char *alias = "test-cert-1-RSA";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert2);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMCReadableError(temp));
+}
- ckmc_alias_list_s *aliasList;
+RUNNER_TEST(T3025_certificate_list_C_API)
+{
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert_alias_list(&aliasList)),
- "Error=" << temp);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
+ char* password = NULL;
+ ckmc_cert_s cert;
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
+ ckmc_policy_s test_policy;
+ test_policy.password = password;
+ test_policy.extractable = 1;
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
-}
+ char* char_certPem = new char[certPem.length() + 1];
+ std::strcpy(char_certPem, certPem.c_str());
+ cert.raw_cert = (unsigned char *)char_certPem;
+ cert.cert_size = certPem.length();
+ cert.data_format = CKMC_FORM_PEM;
+ int current_aliases_num = count_aliases(ALIAS_CERT);
-RUNNER_CHILD_TEST(T2026_user_app_save_key_C_API)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
+ CKMCReadableError(temp));
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
+ CKMCReadableError(temp));
- int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
+ CKMCReadableError(temp));
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+3) == (temp = count_aliases(ALIAS_CERT)),
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+}
- char* password = NULL;
- char passwordPolicy[3] = "x";
- char alias[10] = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
+RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
+{
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ int temp;
+
+ ckmc_key_s test_key, *test_key2;
+ ckmc_policy_s test_policy;
+
+ char* password = NULL;
+ const char *passwordPolicy = "x";
+ const char *alias = "mykey";
+ char* char_keypem = new char[keyPem.length() + 1];
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = const_cast<char *>(passwordPolicy);
+ test_policy.extractable = 1;
+
+ test_key2 = &test_key;
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
+ CKMCReadableError(temp));
+
+ // RUNNER_ASSERT_MSG(
+ // key.getDER() == key2.getDER(), "Key value has been changed by service");
+}
- test_policy.password = passwordPolicy;
- test_policy.extractable = 1;
+RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
+{
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ ckmc_policy_s test_policy;
+ ckmc_key_s test_key, *test_key2;
+ char* char_keypem = new char[keyPem.length() + 1];
+ char* password = NULL;
+
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
+
+ test_policy.password = password;
+ test_policy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
+ CKMCReadableError(temp));
+}
- test_key2 = &test_key;
+RUNNER_TEST(T3028_certificate_with_DSA_key_C_API)
+{
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
- "Error=" << temp);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
- // RUNNER_ASSERT_MSG(
- // key.getDER() == key2.getDER(), "Key value has been changed by service");
-}
+ char* password = NULL;
+ ckmc_cert_s *cert2 = NULL;
+ ckmc_cert_s cert;
-RUNNER_CHILD_TEST(T2027_app_user_save_keys_exportable_flag)
-{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ckmc_policy_s test_policy;
+ test_policy.password = password;
+ test_policy.extractable = 1;
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- ckmc_policy_s test_policy;
- ckmc_key_s test_key, *test_key2;
- char* char_keypem = new char[keyPem.length() + 1];
- char* password = NULL;
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 0;
+ char* char_certPem = new char[certPem.length() + 1];
+ std::strcpy(char_certPem, certPem.c_str());
+ cert.raw_cert = (unsigned char *)char_certPem;
+ cert.cert_size = certPem.length();
+ cert.data_format = CKMC_FORM_PEM;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
- "Error=" << temp);
+ const char *alias = "test-cert-1-DSA";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMCReadableError(temp));
+
+ ckmc_cert_free(cert2);
}
-RUNNER_TEST(T2028_deinit_C_API)
+RUNNER_TEST(T3029_deinit_C_API)
{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST_GROUP_INIT (T2030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
+RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
-RUNNER_TEST(T2031_init_C_API)
+RUNNER_TEST(T3031_init_C_API)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- "Error=" << temp);
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2032_save_keys_get_alias_C_API)
+RUNNER_TEST(T3032_save_keys_get_alias_C_API)
{
- int temp;
+ int temp;
- char* password = NULL;
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
- ckmc_key_s test_key;
+ char* password = NULL;
+ ckmc_policy_s test_policy1, test_policy2, test_policy3;
+ ckmc_key_s test_key;
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
- char* char_keypem = new char[keyPem.length() + 1];
+ char* char_keypem = new char[keyPem.length() + 1];
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
- ckmc_alias_list_s *aliasList;
+ std::strcpy(char_keypem, keyPem.c_str());
+ test_key.raw_key = (unsigned char *)char_keypem;
+ test_key.key_size = keyPem.length();
+ test_key.key_type = CKMC_KEY_RSA_PUBLIC;
+ test_key.password = password;
- test_policy1.password = password;
- test_policy1.extractable = 1;
+ test_policy1.password = password;
+ test_policy1.extractable = 1;
- test_policy2.password = password;
- test_policy2.extractable = 0;
+ test_policy2.password = password;
+ test_policy2.extractable = 0;
- test_policy3.password = password;
- test_policy3.extractable = 0;
+ test_policy3.password = password;
+ test_policy3.extractable = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
- "Error=" << temp);
+ int current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key_alias_list(&aliasList)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
+ CKMCReadableError(temp));
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
}
-RUNNER_TEST(T2033_remove_key_C_API)
+RUNNER_TEST(T3033_remove_key_C_API)
{
- int temp;
+ int temp;
- char* password = NULL;
+ char* password = NULL;
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ ckmc_key_s *test_key2;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ CKMCReadableError(temp));
- char* char_keypem = new char[keyPem.length() + 1];
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
+ CKMCReadableError(temp));
- std::strcpy(char_keypem, keyPem.c_str());
- ckmc_key_s *test_key2;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2034_deinit_C_API)
+RUNNER_TEST(T3034_deinit_C_API)
{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
+ int temp;
+
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST_GROUP_INIT (T2040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
+RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
-RUNNER_TEST(T2041_init_C_API)
+RUNNER_TEST(T3041_init_C_API)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- "Error=" << temp);
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2042_save_get_bin_data_C_API)
+RUNNER_TEST(T3042_save_get_bin_data_C_API)
{
- int temp;
-
- ckmc_raw_buffer_s testData1, testData2, testData3;
- char* password = NULL;
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
- char* char_binData1 = new char[binData1.length() + 1];
- char* char_binData2 = new char[binData2.length() + 1];
- char* char_binData3 = new char[binData3.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- std::strcpy(char_binData2, binData2.c_str());
- std::strcpy(char_binData3, binData3.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData2.data = (unsigned char *) char_binData2;
- testData3.data = (unsigned char *) char_binData3;
- testData1.size = binData1.length()+1;
- testData2.size = binData2.length()+1;
- testData3.size = binData3.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
- test_policy2.password = password;
- test_policy2.extractable = 1;
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- ckmc_alias_list_s *aliasList;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
-
- ckmc_raw_buffer_s *testData4;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
- "Error=" << temp);
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
+ int temp;
+
+ ckmc_raw_buffer_s testData1, testData2, testData3;
+ char* password = NULL;
+
+ std::string binData1 = "My bin data1";
+ std::string binData2 = "My bin data2";
+ std::string binData3 = "My bin data3";
+ char* char_binData1 = new char[binData1.length() + 1];
+ char* char_binData2 = new char[binData2.length() + 1];
+ char* char_binData3 = new char[binData3.length() + 1];
+ std::strcpy(char_binData1, binData1.c_str());
+ std::strcpy(char_binData2, binData2.c_str());
+ std::strcpy(char_binData3, binData3.c_str());
+ testData1.data = (unsigned char *) char_binData1;
+ testData2.data = (unsigned char *) char_binData2;
+ testData3.data = (unsigned char *) char_binData3;
+ testData1.size = binData1.length()+1;
+ testData2.size = binData2.length()+1;
+ testData3.size = binData3.length()+1;
+
+ ckmc_policy_s test_policy1, test_policy2, test_policy3;
+
+ test_policy1.password = password;
+ test_policy1.extractable = 1;
+ test_policy2.password = password;
+ test_policy2.extractable = 1;
+ test_policy3.password = password;
+ test_policy3.extractable = 0;
+
+ int current_aliases_num = count_aliases(ALIAS_DATA);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+
+ ckmc_raw_buffer_s *testData4;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
+ CKMCReadableError(temp));
+
+ int compareResult;
+ compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
+ RUNNER_ASSERT_MSG( compareResult == 0,
+ "Data corrupted");
}
-RUNNER_CHILD_TEST(T2043_app_user_save_bin_data_C_API)
+RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- ckmc_raw_buffer_s testData1;
- char* password = NULL;
- std::string binData1 = "My bin data";
- char* char_binData1 = new char[binData1.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData1.size = binData1.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 1;
-
- std::string binData = "My bin data";
-
- ckmc_alias_list_s *aliasList;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
- "Error=" << temp);
-
- ckmc_alias_list_s *plist = aliasList;
-
- int count_list;
- count_list = 1;
-
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
-
- RUNNER_ASSERT_MSG( count_list == 3,
- "Wrong size of list: " << count_list << " Expected: 3");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ ckmc_raw_buffer_s testData1;
+ char* password = NULL;
+ std::string binData1 = "My bin data";
+ char* char_binData1 = new char[binData1.length() + 1];
+ std::strcpy(char_binData1, binData1.c_str());
+ testData1.data = (unsigned char *) char_binData1;
+ testData1.size = binData1.length()+1;
+
+ ckmc_policy_s test_policy1, test_policy2;
+
+ test_policy1.password = password;
+ test_policy1.extractable = 1;
+
+ test_policy2.password = password;
+ test_policy2.extractable = 1;
+
+ std::string binData = "My bin data";
+
+ int current_aliases_num = count_aliases(ALIAS_DATA);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
}
-RUNNER_TEST(T2044_remove_bin_data_C_API)
+RUNNER_TEST(T3044_remove_bin_data_C_API)
{
- int temp;
+ int temp;
- ckmc_alias_list_s *aliasList;
+ int current_aliases_num = count_aliases(ALIAS_DATA, 2);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data_alias_list(&aliasList)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
+ CKMCReadableError(temp));
- ckmc_alias_list_s *plist = aliasList;
- int count_list;
- count_list = 1;
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num-2) == (temp = count_aliases(ALIAS_DATA)),
+ "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << temp);
- while(plist && plist->next!=NULL) {
- plist = plist->next;
- count_list +=1;
- }
+ char* password = NULL;
- RUNNER_ASSERT_MSG(
- count_list == 1,
- "Wrong size of list: " << count_list << " Expected: 1");
- char* password = NULL;
+ ckmc_raw_buffer_s *testData1, testData2;
- ckmc_raw_buffer_s *testData1, testData2;
+ std::string testStr = "My bin data2";
+ char* char_testData2 = new char[testStr.length() + 1];
+ std::strcpy(char_testData2, testStr.c_str());
+ testData2.data = (unsigned char *) char_testData2;
+ testData2.size = testStr.length()+1;
- std::string testStr = "My bin data2";
- char* char_testData2 = new char[testStr.length() + 1];
- std::strcpy(char_testData2, testStr.c_str());
- testData2.data = (unsigned char *) char_testData2;
- testData2.size = testStr.length()+1;
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
+ CKMCReadableError(temp));
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
- "Error=" << temp);
+ int compareResult;
+ compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
+ RUNNER_ASSERT_MSG( compareResult == 0,
+ "Data corrupted");
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2045_deinit_C_API)
+RUNNER_TEST(T3045_deinit_C_API)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST_GROUP_INIT(T205_CKMC_QUICK_CREATE_PAIR_CAPI);
+RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI);
-RUNNER_TEST(T2051_CAPI_init)
+RUNNER_TEST(T3051_CAPI_init)
{
- int temp;
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T2052_CAPI_create_rsa_key)
+RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key)
{
- int temp;
-
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t size = 2048;
- const char *private_key_alias = "PRV_KEY1";
- const char *public_key_alias = "PUB_KEY1";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
+ int temp;
+
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ size_t size = 1024;
+ const char *private_key_alias = "RSA-test-1-priv";
+ const char *public_key_alias = "RSA-test-1-pub";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+
+ ckmc_key_s *privateKey;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
+ "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
+ RUNNER_ASSERT_MSG(
+ privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
+ "Private key is broken.");
+
+ ckmc_key_s *publicKey;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
+ "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
+ RUNNER_ASSERT_MSG(
+ publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
+ "Public key is broken.");
+
+ // on next attempt to generate keys with the same alias, expect fail (alias exists)
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
+}
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
+RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
+{
+ int temp;
+
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ size_t size = 1024;
+ const char *private_key_alias = "DSA-test-2-priv";
+ const char *public_key_alias = "DSA-test-2-pub";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+
+ ckmc_key_s *privateKey = 0;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
+ "Private key is broken.");
+ RUNNER_ASSERT_MSG(
+ privateKey->key_type == CKMC_KEY_DSA_PRIVATE,
+ "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
+ ckmc_key_free(privateKey);
+
+ ckmc_key_s *pubKey = 0;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL,
+ "Public key is broken.");
+ RUNNER_ASSERT_MSG(
+ pubKey->key_type == CKMC_KEY_DSA_PUBLIC,
+ "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast<int>(pubKey->key_type));
+ ckmc_key_free(pubKey);
+
+ // on next attempt to generate keys with the same alias, expect fail (alias exists)
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
+}
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp);
+RUNNER_TEST(T3054_CAPI_deinit)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
+}
- ckmc_key_s *privateKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
- RUNNER_ASSERT_MSG(
- privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
- "Error=" << temp);
- ckmc_key_s *publicKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
- RUNNER_ASSERT_MSG(
- publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
- "Error=" << temp);
+RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
- ckmc_alias_list_s *alias_list;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key_alias_list(&alias_list)),
- "Error=" << temp);
- int cnt = 0;
- ckmc_alias_list_s *current;
- ckmc_alias_list_s *next =alias_list;
- do{
- current = next;
- next = current->next;
- cnt ++;
- }while(next != NULL);
- RUNNER_ASSERT_MSG(cnt == 2, "Error=Invalid Key Number");
+RUNNER_TEST(T3061_CAPI_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2053_CAPI_deinit)
+RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
{
- int temp;
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
-}
+ size_t size = 1024;
+ const char *private_key_alias = "rsa-test-1";
+ const char *public_key_alias = "rsa-test-2";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+ policy_private_key.password = const_cast<char *>("privatepassword");
+ policy_private_key.extractable = 0;
-RUNNER_TEST_GROUP_INIT(T206_CKMC_CAPI_CreateKeyPairRSA);
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
-RUNNER_TEST(T2061_CAPI_init)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
+
+ // on next attempt to generate keys with the same alias, expect fail (alias exists)
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2062_CAPI_CreateKeyPairRSA)
+RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
{
- int temp;
+ int temp;
- size_t size = 1024;
- const char *private_key_alias = "rsa-test-1";
- const char *public_key_alias = "rsa-test-2";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
+ size_t size = 1024;
+ const char *private_key_alias = "dsa-test-1";
+ const char *public_key_alias = "dsa-test-2";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
+ policy_private_key.password = const_cast<char *>("privatepassword");
+ policy_private_key.extractable = 0;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp);
-
- sleep(1);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp << ", ret=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2063_CAPI_CreateKeyPairECDSA)
+RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
{
- int temp;
+ int temp;
- ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- const char *private_key_alias = "ecdsa-test-1";
- const char *public_key_alias = "ecdsa-test-2";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
+ ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
+ const char *private_key_alias = "ecdsa-test-1";
+ const char *public_key_alias = "ecdsa-test-2";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
+ policy_private_key.password = const_cast<char *>("privatepassword");
+ policy_private_key.extractable = 0;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2064_CAPI_deinit)
+RUNNER_TEST(T3065_CAPI_deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
}
// TODO
-RUNNER_TEST_GROUP_INIT(T207_CKMC_CAPI_QUICK_SET_GET_TESTS);
+RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
-RUNNER_TEST(T2071_CAPI_init)
+RUNNER_TEST(T3071_CAPI_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2072_CAPI_get_chain)
-{
- std::string ee =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
-
- ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
- c_cert.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
- ckmc_cert_list_s *cert_chain_list;
-
- int tmp;
-
- tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- int cnt = 0;
- ckmc_cert_list_s *current;
- ckmc_cert_list_s *next =cert_chain_list;
- do{
- current = next;
- next = current->next;
- cnt ++;
- }while(next != NULL);
- RUNNER_ASSERT_MSG(cnt == 3, "Wrong size of certificate chain.");
-
- ckmc_cert_list_s *cert_chain_list2 = NULL;
- ckmc_cert_list_s *untrustedcerts2 = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (tmp = ckmc_get_cert_chain(&c_cert, untrustedcerts2, &cert_chain_list2)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- cert_chain_list2 == NULL,
- "Wrong size of certificate chain.");
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2073_CAPI_deinit)
+RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- int temp;
+ std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
+ ckmc_cert_s c_cert;
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
+ c_cert.cert_size = ee.size();
+ c_cert.data_format = CKMC_FORM_PEM;
+ ckmc_cert_s c_cert1;
+ c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
+ c_cert1.cert_size = im.size();
+ c_cert1.data_format = CKMC_FORM_PEM;
-RUNNER_TEST_GROUP_INIT(T208_CAPI_CREATE_AND_VERIFY_SIGNATURE);
+ ckmc_cert_list_s untrustedcerts;
+ untrustedcerts.cert = &c_cert1;
+ untrustedcerts.next = NULL;
-RUNNER_TEST(T2081_CAPI__init)
-{
- int temp;
+ ckmc_cert_list_s *cert_chain_list;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
+ int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
+ ckmc_ocsp_status_e ocsp_status;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
}
-RUNNER_TEST(T2082_CAPI__rsa_key_create_verify)
+RUNNER_TEST(T3075_CAPI_deinit)
{
- int temp;
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
- char *key_passwd = (char *) "1234";
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 0;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 1;
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+}
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
+RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
+RUNNER_TEST(T3081_CAPI__init)
+{
+ int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2083_CAPI__rsa_key_create_verify_negative)
+RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
{
- int temp;
- std::string message = "message asdfaslkdfjlksadjf test";
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
+ int temp;
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
+ "\n"
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----\n";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ const char *pub_alias = "pub1";
+ const char *pri_alias = "prv1";
+ const char *key_passwd = "1234";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 0;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = const_cast<char *>(key_passwd);
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2084_CAPI__ec_key_create_verify)
+RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
{
- int temp;
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pri_alias = "ecprv2";
- const char *pub_alias = "ecpub2";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = (char *)pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
+ int temp;
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
+ const char *pub_alias = "pub1";
+ const char *pri_alias = "prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2085_CAPI__rsa_cert_create_verify_signature)
+RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
{
- int temp;
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pri_alias = "prv3";
- const char *pub_alias = "pub3";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
+ int temp;
+
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
+ "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
+ "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
+ "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END PUBLIC KEY-----\n";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+ const char *pri_alias = "ecprv2";
+ const char *pub_alias = "ecpub2";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST(T2086_CAPI__ecdsa_cert_create_verify_signature)
+RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
{
- int temp;
+ int temp;
+
+ std::string prv =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
+ "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
+ "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
+ "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
+ "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
+ "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
+ "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
+ "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
+ "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
+ "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
+ "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
+ "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
+ "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
+ "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
+ "-----END CERTIFICATE-----\n";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ const char *pri_alias = "prv3";
+ const char *pub_alias = "pub3";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_cert_s cert;
+ cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.cert_size = pub.size();
+ cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_policy_s certpolicy;
+ certpolicy.password = pub_passwd;
+ certpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+}
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
-
- ckmc_raw_buffer_s msg_buff;
- msg_buff.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(message.c_str()));
- msg_buff.size = message.size();
-
- const char *pri_alias = "prv4";
- const char *pub_alias = "pub4";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
+RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
+{
+ int temp;
+
+ const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
+ "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
+ "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
+ "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
+ "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
+ "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
+ "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
+ "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
+ "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
+ "YMYCBhubtrVaLmc=\n"
+ "-----END PUBLIC KEY-----";
+
+ const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
+ "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
+ "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
+ "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
+ "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
+ "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
+ "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
+ "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
+ "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
+ "u1roOuaPY+Hl19BlTE2qdw==\n"
+ "-----END DSA PRIVATE KEY-----";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ const char *pub_alias = "dsa-pub1";
+ const char *pri_alias = "dsa-prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 0;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
+ prikey.key_size = priv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = NULL;
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // positive test
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ // negative test
+ ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ invalid_msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
+RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
+{
+ int temp;
+
+ size_t size = 1024;
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = 1;
+
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = 1;
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ const char *pub_alias = "dsa-pub2";
+ const char *pri_alias = "dsa-prv2";
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias, pub_alias, policy_private_key, policy_public_key)),
+ "Error=" << temp);
+
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_key_s *pubkey = NULL;
+ ckmc_key_s *prikey = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias, 0, &prikey)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias, 0, &pubkey)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // positive test
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ // negative test
+ ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ invalid_msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ ckmc_key_free(prikey);
+ ckmc_key_free(pubkey);
+ ckmc_buffer_free(signature);
+}
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
+RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
+{
+ int temp;
+
+ std::string prv =
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
+ "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
+ "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
+ "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
+ "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
+ "ELyhe7yPCAuOoLZlTLgf\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
+ "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
+ "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
+ "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
+ "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
+ "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
+ "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
+ "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
+ "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
+ "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
+ "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
+ "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
+ "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
+ "Q1oBry6NEc+lLFmWMDesAA==\n"
+ "-----END CERTIFICATE-----\n";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ const char *pri_alias = "prv4";
+ const char *pub_alias = "pub4";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_cert_s cert;
+ cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.cert_size = pub.size();
+ cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_policy_s certpolicy;
+ certpolicy.password = pub_passwd;
+ certpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias,
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias,
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+}
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
+RUNNER_TEST(T3089_CAPI__deinit)
+{
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+}
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
+//#######################################################################################
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
- "Error=" << temp);
+void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
+{
+ RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
+ RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
+
+ if(key->password != NULL && password != NULL) {
+ RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
+ }else if(key->password == NULL && password == NULL) {
+ RUNNER_ASSERT_MSG(true, "Password Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "Password Error" );
+ }
+
+ if(key->raw_key != NULL && raw_key != NULL) {
+ for(unsigned int i=0; i<key_size; i++) {
+ RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
+ }
+ }else if(key->raw_key == NULL && raw_key == NULL) {
+ RUNNER_ASSERT_MSG(true, "Raw Key Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "Raw Key Error" );
+ }
+}
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- "Error=" << temp);
+RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
+RUNNER_TEST(T3091_CAPI_TYPE_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
+ CKMCReadableError(temp));
+}
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
+RUNNER_TEST(T3092_CAPI_TYPE_KEY)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned int key_size = keyPem.size();
+ ckmc_key_type_e key_type = CKMC_KEY_NONE;
+ char *password = const_cast< char *>("");
+
+ ckmc_key_s *key;
+ ckmc_key_new(raw_key, key_size, key_type, password, &key);
+
+ _assertKey(key, raw_key, key_size, key_type, password);
+ ckmc_key_free(key);
+
+ char *passwordNull = NULL;
+ ckmc_key_s *key2;
+ ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
+ ckmc_key_free(key2);
+}
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- "Error=" << temp);
+RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned int size = keyPem.size();
+
+ ckmc_raw_buffer_s *buff;
+ ckmc_buffer_new(data, size, &buff);
+
+ RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
+
+ if(buff->data != NULL && data != NULL) {
+ for(unsigned int i=0; i<size; i++) {
+ RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
+ }
+ }else if(buff->data == NULL && data == NULL) {
+ RUNNER_ASSERT_MSG(true, "Raw data Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "Raw data Error" );
+ }
+
+ ckmc_buffer_free(buff);
}
-RUNNER_TEST(T2087_CAPI__deinit)
+RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- int temp;
+ std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
-}
+ unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
+ unsigned int size = certPem.size();
+ ckmc_data_format_e form = CKMC_FORM_PEM;
+ ckmc_cert_s *ckmCert;
+ ckmc_cert_new(raw_cert, size, form, &ckmCert);
-//#######################################################################################
+ RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
-void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
-{
- RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
- RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
+ if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
+ for(unsigned int i=0; i<size; i++) {
+ RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
+ }
+ }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
+ RUNNER_ASSERT_MSG(true, "raw_cert Error" );
+ }else {
+ RUNNER_ASSERT_MSG(false, "raw_cert Error" );
+ }
- if(key->password != NULL && password != NULL) {
- RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
- }else if(key->password == NULL && password == NULL) {
- RUNNER_ASSERT_MSG(true, "Password Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Password Error" );
- }
+ RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
- if(key->raw_key != NULL && raw_key != NULL) {
- for(unsigned int i=0; i<key_size; i++) {
- RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
- }
- }else if(key->raw_key == NULL && raw_key == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw Key Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw Key Error" );
- }
+ ckmc_cert_free(ckmCert);
}
-RUNNER_TEST_GROUP_INIT(T209_CKMC_CAPI_TYPES);
-RUNNER_TEST(T2091_CAPI_TYPE_init)
+RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
- "Error=" << temp);
-}
-
-RUNNER_TEST(T2092_CAPI_TYPE_KEY)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int key_size = keyPem.size();
- ckmc_key_type_e key_type = CKMC_KEY_NONE;
- char *password = const_cast< char *>("");
-
- ckmc_key_s *key;
- ckmc_key_new(raw_key, key_size, key_type, password, &key);
-
- _assertKey(key, raw_key, key_size, key_type, password);
- ckmc_key_free(key);
-
- char *passwordNull = NULL;
- ckmc_key_s *key2;
- ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
- ckmc_key_free(key2);
-}
-
-RUNNER_TEST(T2093_CAPI_TYPE_BUFFER)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int size = keyPem.size();
-
- ckmc_raw_buffer_s *buff;
- ckmc_buffer_new(data, size, &buff);
-
- RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
-
- if(buff->data != NULL && data != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
- }
- }else if(buff->data == NULL && data == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw data Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw data Error" );
- }
+ int ret;
- ckmc_buffer_free(buff);
-}
-
-RUNNER_TEST(T2094_CAPI_TYPE_CERT)
-{
- std::string certPem =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
- unsigned int size = certPem.size();
- ckmc_data_format_e form = CKMC_FORM_PEM;
-
- ckmc_cert_s *ckmCert;
- ckmc_cert_new(raw_cert, size, form, &ckmCert);
-
- RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
-
- if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
- }
- }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
- RUNNER_ASSERT_MSG(true, "raw_cert Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "raw_cert Error" );
- }
+ std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
- RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
-
- ckmc_cert_free(ckmCert);
-}
-
-
-RUNNER_TEST(T2095_CAPI_TYPE_load_cert_file)
-{
- int ret;
-
- std::string certStr =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- const char *file_name = "/tmp/ckmc_test_cert.pem";
- remove(file_name);
-
- FILE* cert_file;
- cert_file = fopen(file_name, "w");
- fprintf(cert_file, "%s",certStr.c_str());
- fclose(cert_file);
-
- ckmc_cert_s *pcert;
+ const char *file_name = "/tmp/ckmc_test_cert.pem";
+ remove(file_name);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
- "Error=" << CKM::ErrorToString(ret));
+ FILE* cert_file;
+ cert_file = fopen(file_name, "w");
+ fprintf(cert_file, "%s",certStr.c_str());
+ fclose(cert_file);
- RUNNER_ASSERT_MSG(
- pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
+ ckmc_cert_s *pcert;
- const char *lcert_alias = "lcert_alias";
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
+ CKMCReadableError(ret));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
- "Error=" << CKM::ErrorToString(ret));
-
- remove(file_name);
-}
-
-RUNNER_TEST(T2096_CAPI_TYPE_load_p12_file) {
- std::string p12Base64 =
- "MIINaQIBAzCCDS8GCSqGSIb3DQEHAaCCDSAEgg0cMIINGDCCChcGCSqGSIb3DQEH\n"
- "BqCCCggwggoEAgEAMIIJ/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIvO01\n"
- "D2ODdkYCAggAgIIJ0NscvWq3hmXai5DQcleOgELPbu2c97d+KJnRGCK7K3eRb0/v\n"
- "4F3f3LFSFFT9OAK0/OS1ZYCiO+IuZ6Rpc8Baqe89xVcOHrQ0dQ7sIvbq10dnp5nY\n"
- "fEcrt7qPXcRa3IdOX4PFo4aCOFq5bHv5M3quHldKRh4itosjsAGuF/xtnVnO6lU5\n"
- "UlPhtAdr2Mpr4SHh+oBbJknLvyd6n/4xZ2elEA8ui4Qt5GfiHwWs2J7KO3Z8M1vW\n"
- "yukuyVTaZ6RNkj8dkq/RttvVinlgATYLoosjCsH7VVcd+/z9JqD37QQ89pzdjvJg\n"
- "CtXFVbqsOIbjPMkQMYtMdaPsLDDzw6l+q7BJreGIoJmTHbhTtNOJo03XPEnlVXUq\n"
- "Q+224ibNKzLAvpSWOo8BUHK7ZDc1oaLODDZ+WAA6jfgHkuhhWYr9dxce6UdhMghJ\n"
- "M7ixWwa350psdACREdGxNQzxmucmueprbDumVPAnnJfnKfgRXdKpTDFWS4TaYRc/\n"
- "TE4lKSBZpFFduy/gdpLGCHdklTs33aWZ/mEVZJnk2PggKyvSKH9oL3DxkZIFkGdQ\n"
- "wcy8gAuLBirdWB/q4JWqW7sH8kMfEwXACEm1z4SzCik8afamQNJEbovA3Pvrhw/P\n"
- "1HE5KPNvKMaIr9kk5rTnGGTSNrSMqUCnBl4MjVS4HacrZvvt60y0D3RFB8IqlFMt\n"
- "od2FagxojPyO/wP8jDERnySo2Irz0x0WUjWARtcLLH2FOK7ROkX1/WjRZmDV0jtv\n"
- "yL8r97XZf/NddVU13Jt13dBJCjxZRvfJZgNI8RybkPQ3Y9J5LIOLVFPU3ZKIi7W7\n"
- "KtCw/FCUfEdNarLQMWG0Z9bux7vu/eK1+KpF9pfzD3Q1V0sj2M158Q5W2gy9q/u0\n"
- "gOOuybiZB2AL9kxBv0rqb8h7SF5ZIRoy85PrwtnX7w4Xq+4I7RA68bcEGyqgTWWb\n"
- "XZxcY65F2slqekXddKeDSTizQk/APgWva/TwgaUeXR9YBCO4o71pla//FNqJ6pRm\n"
- "tZjEY9ALBCc083gsImc7+LAeubEcYzjhhgRPQwGJfJTMqgC/NOa9wFhvNO4QcFjf\n"
- "XQxxIFxlQJ64qU316FyeuyxLYGd02uakrLLgYtAGG7nPZCYNkUKvCwICKJYI+wAg\n"
- "CX0FVwXsR1f33kVuV6sd4YConz80Lk9ayvNJVeCzEOBvhthbMcP3mIn22X+GT3jU\n"
- "O5Z0bkXAU0C8XTfLQMk2m6Ag3mctrn4iJBPwQ7j12GnlSLko+e7IssRd4Qj4vBZd\n"
- "KXUIoRcOsXqWoQgXJAtdLJEHVo0SUyxVojXsXqUZ3yYOkVUykvXZUcBnS6xwtaUt\n"
- "EzdFsEO3NQSLOju5Tpp12lKbrgIToV75zyA3CULEdimEUWD/wA+pDaIS39shNyeE\n"
- "edtAp3WF3mDkHQFyKG52IVx7hJU8jXXunvY21tshTAx/Gda0X1CtgSU7Q00ROr+L\n"
- "TaehRiKsSgxQa6/jyJY5KY1hIDzwaem5Y7gDnxotmQuPhIX8MeD5Qdv6AVovfScN\n"
- "07QuWyUBgFsZzbp79AsnPRLzoiAMQljMn7TXDDLq+uF922OU47BQkzlPfKAuHbyu\n"
- "R+uZwtDfMD71FqWjCAHMPyENinsnUehCwX2pVxa6KSs61IsTfb3oUPY1TRxfZnfd\n"
- "8SAUfPjKVss9Eyahuv+kzenPUDZn5LV9E0G0DGNxIf493A5Z29scNkQcCBjTJJvx\n"
- "4BBJCES6SgkTQl7eFoBGOIqqytpYP9QZW5jy7ramgz/gF2kMKjAfikhbd5vB4Fwd\n"
- "QlExMlbW+wL/ffr4AGlwenlDzXBFKQM0mYZNKLuB9LrRzw35fVFZ9XY06VCxhbMa\n"
- "wI9gN4rKA3bNG3DCWTsr1TZ6CvrqFJjlfK4KF/+eNfnkIY8uVYxnPlRRkmPw4dpE\n"
- "KdaXUiu5WJvZupeYqqNsWdxs+v2KS1E/PcM9BgUFKFD4lW84WbWUHPxvxXoZhSCs\n"
- "nQ0hsPd53NKBBdEOao5HAAf+T5yFnJzZ3rVkYBEC67gHyWgXB1Zy283yAIihvUXw\n"
- "DOEVppNHnIqAjQpncQcDpV0/zYCvqOEfU+JPpmepgo737Tq2MlUKLTByhg1mQhKm\n"
- "2pI63BFiw2/2igImFbmhzJjilWkaM4kwM1uGKOKgjacXI/VSVEajuYAfo37quBxF\n"
- "ZWyWJoFXBvQ7jolTKXUVbCqnSSaItosZrS3vcDdGUegRm0rf6IzCRPdSIsfCDdZG\n"
- "9UeChoznNezoLENgmqQJTV3wDo3uSZbztlctoERvZpn457MLZEn8hXEwMLPXx2Ur\n"
- "HQ5fYAdTBzBpoLiy8ujzFxFJDzW9ytnb7aFF7YVivfj42eVGnCANvVcwkp2/E3MW\n"
- "Img0OyqKRQHaGGI7iGNO5KYpTk0CdSyErQarH52ZRvr0t2CK6J6vDgrhJnzd5Ayr\n"
- "6t+coAZBw8eIJqiM5WzAm4mlZRSHL+JcaKkrqoYOo+kewj7wgW2Kk/7S8re38RvP\n"
- "+V9nqpfr18gIV72G2yZ60C21eRqOFPgl1CYbmWHqYKXatuT4o+kgBmJpez5uvIHz\n"
- "LSd88An02ow+WQ+KP8YGV38ZtuA6D4FPA3fsMdhNOqjtwWiPei+ILaXD5PsOfDGH\n"
- "2fZgOWXivFYqq9Cm3B3ffFX/oD/7sFMs+/AWeZOh8XqU8ro73L1HNRXx4HdyRUY/\n"
- "pInwA0mWaFNGgBRPbNW0A6cZ2dY0Hn8sRRsF+5tIs0hOelpT1y/ZEVyGImTQgEbK\n"
- "KeggQGT9h9rhrrUK+hE27MorcRi6tVteKlNyGQsCJko0ZoqqctM4o7wT5ce4nWtb\n"
- "ixzp5xDkDmcP6eldHiVm8TsZn0hkmNDu0xpgIVtb4VDRmWP687EOaGHYhjOBw6X1\n"
- "GD1d1yyg/VxlUr0lKmbsFVC2mDiWbnWd49+FGsrySc2RO8DlC9xkXLaG+ubjmLpK\n"
- "lwagiI2P1MzkHuZiz7WlIjFefuYh0yrYvDA5UDiQTDdoZWFuR5r93QWdsUcHlvdF\n"
- "rYmhQ93F6I4gaT9HSVEDJfisIjIUmIwhh20tdGnf3FC5VyqBYS5GQObq3VnC8stU\n"
- "b7byCEMlKr5bWslEem6gRGTB9xektKgrsFgS7nb3Geegq9K+mWIBC/iBOInVqFYx\n"
- "Uw8+s6ywApXPLPEIrVZumkwo7Rl8lJfCTDNni/68XHhhVHY70N0PSdfnCAvV9G41\n"
- "3wuTZHqLOeQG3Sm8I1JJXkWSuuk0QI7DVKZpmz+x4aFBd+rncfvWOEbN9G0ZqbUT\n"
- "lGkfxtUWY6pWX/XJpyBzOlv2+fCPi/Yd0csb45IEuFHNG1svgqGMJw5BmFu5v0Qs\n"
- "0i1zKBrNA/Acd6+uL0UqDZStB6lyPn6+uifh3sMwggL5BgkqhkiG9w0BBwGgggLq\n"
- "BIIC5jCCAuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMw\n"
- "DgQIBJuBj07uHGACAggABIICgJBfOlC99JJjEUBibYLXIJPe53Cy7eDXCtVaPbhX\n"
- "VHPCsBrUd7+6Ul7Vh/JHMlJL1VA3WvGnX93f0p5FICgZZA3sIZjpxBoeVkZ0Zx6r\n"
- "ZMnBPIN4GaHYufCGPyAlPXgEGjlBr3g6Sxr8j50vsWtfspwiILsyte+nQ3kE1nV4\n"
- "TjNBnayXmCMnEkf4kKu+dlLFbd1OY/fQJbiT+f9YtMfcfp2IR+7bXb23UIv8Wt1I\n"
- "XyqsYTcUjIvnByKSDrvVu941x1EN5DF1964qQbAZb/z5ueTl8tCpaCFlGbZcXz7X\n"
- "7L3k0YWdymx1J+szd6heQJrzqMjcHK3XWC7YlDytWB59j0eNMx42XEFP0pAO+gt9\n"
- "Iny2XL+sxJC/xzf6apYMmmGwEXrZkkudsSVMgLCtYyin4zM7PFzLAPK9ryEhsxaP\n"
- "g077MJ/aIaZ7PLi7cABz/g+gQ1dSXakNOof6EjRUADHpav9UKeKwWdR8ycB/8AQV\n"
- "XxQTpEsFJ7izdNZDNC/ZeOhc/ohnei169rfH0shVeeckjf++c8zlh/Y5UWIi3V6i\n"
- "5c7RlIJLMtHrvpB5UxRpZgWSdXvCuTCBEzlZAeWJ11I4DAeioqJ1V3h2KcUjNKf1\n"
- "z8mTJrzAycuhm8npaC0Gj6JU7jiYPZLvj+cK/e/gjadWggHFYsjAKhACDbAtG64N\n"
- "Gu9PWJszvhSO8ga7TOVEzdbe2jm4oWtqPe3gb6eYl2Ma6GTfj/PUEDpNAOnr99qV\n"
- "g3uKIXMBp2115bfUf5sbfPdMbnH12XILXR9Va+JjeQHexa64QWlsiRgtXEAXxoEb\n"
- "D2aTlfdsJpgilyj31Y45xOdN7FI+Ltfhudxt1kABPdmKwRMxJTAjBgkqhkiG9w0B\n"
- "CRUxFgQUMvxYuPi3XpEeXbzAkXaNbAw7P5gwMTAhMAkGBSsOAwIaBQAEFOBC4ppE\n"
- "AXO+xdzSBKimvjBBTLbEBAjlaWiC5IVtmAICCAA=\n";
-
- // write file
- const char *p12base64file = "/tmp/ckmc_test_p12.p12.b64";
- const char *p12file = "/tmp/ckmc_test_p12.p12";
- const char *password = "password";
+ RUNNER_ASSERT_MSG(
+ pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
+
+ const char *lcert_alias = "lcert_alias";
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
+ CKMCReadableError(ret));
- remove(p12base64file);
- remove(p12file);
+ remove(file_name);
+}
- FILE* b64_file;
- b64_file = fopen(p12base64file, "w");
- fprintf(b64_file, "%s",p12Base64.c_str());
- fclose(b64_file);
+RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
+ const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+ const char *password = "password";
+
+ int temp;
+
+ ckmc_key_s *private_key = NULL;
+ ckmc_cert_s *cert = NULL;
+ ckmc_cert_list_s *ca_cert_list = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
+ &private_key, &cert, &ca_cert_list)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
+ RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
+ RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
+
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
+
+
+ const char *pkey_alias = "pkey_alias";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
+ CKMCReadableError(temp));
+
+ const char *cert_alias = "cert_alias";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
+ CKMCReadableError(temp));
+ std::string caCertAlias = "ca_cert_alias_";
+ const char *idx = "0";
+ int cnt = 0;
+ ckmc_cert_list_s *tmpList = ca_cert_list;
+ while(tmpList != NULL) {
+ caCertAlias.append(idx);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
+ CKMCReadableError(temp));
+ tmpList = tmpList->next;
+ cnt ++;
+ }
+
+ RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
+
+ ckmc_key_free(private_key);
+ ckmc_cert_free(cert);
+ ckmc_cert_list_all_free(ca_cert_list);
+}
- std::string cmd("openssl base64 -d -in ");
- cmd.append(p12base64file);
- cmd.append(" -out ");
- cmd.append(p12file);
- system(cmd.c_str());
+RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
+ const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+ const char *password = "password";
int temp;
- ckmc_key_s *private_key = NULL;
- ckmc_cert_s *cert = NULL;
- ckmc_cert_list_s *ca_cert_list = NULL;
+ ckmc_pkcs12_s *ppkcs12 = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
- &private_key, &cert, &ca_cert_list)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
+ RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
+ RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
ckmc_policy_s policy;
policy.password = NULL;
policy.extractable = 1;
- const char *pkey_alias = "pkey_alias";
+ const char *pkey_alias = "pkey_alias2";
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
- "Error=" << temp);
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)),
+ CKMCReadableError(temp));
- const char *cert_alias = "cert_alias";
+ const char *cert_alias = "cert_alias2";
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
- "Error=" << temp);
- std::string caCertAlias = "ca_cert_alias_";
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)),
+ CKMCReadableError(temp));
+ std::string caCertAlias = "ca_cert_alias_2_";
const char *idx = "0";
int cnt = 0;
- ckmc_cert_list_s *tmpList = ca_cert_list;
+ ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
while(tmpList != NULL) {
caCertAlias.append(idx);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- "Error=" << temp);
+ CKMCReadableError(temp));
tmpList = tmpList->next;
cnt ++;
}
- RUNNER_ASSERT_MSG(cnt == 2,"Invalid CA Cert Count");
+ RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
- ckmc_key_free(private_key);
- ckmc_cert_free(cert);
- ckmc_cert_list_all_free(ca_cert_list);
+ ckmc_pkcs12_free(ppkcs12);
+}
- remove(p12base64file);
- remove(p12file);
+RUNNER_TEST(T3098_CAPI_TYPE_deinit)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMCReadableError(temp));
}
+RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
+
+namespace
+{
+const char* alias_PKCS_exportable = "CAPI-test-PKCS-export";
+const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+}
-RUNNER_TEST(T2098_CAPI_TYPE_deinit)
+RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
+ CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")),
+ CKMCReadableError(temp));
}
-
-RUNNER_TEST_GROUP_INIT(T2000_CAPI_LOCKTYPE_TESTS);
-
-RUNNER_CHILD_TEST(T2101_CAPI_init_lock_key)
+RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- char *null_password = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,"user-pass",null_password)),
- "Error=" << CKM::ErrorToString(tmp));
+ const char *wrong_passwd = "wrong";
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
+ CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T2102_CAPI_unlock_default_passwd)
+RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
+ ckmc_pkcs12_s *ppkcs12 = NULL;
int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
+ CKMCReadableError(temp));
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char alias[20] = "mykey_defpasswd";
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
- test_policy.password = password;
- test_policy.extractable = 1;
+ // save to the CKM
+ ckmc_policy_s exportable;
+ exportable.password = NULL;
+ exportable.extractable = 1;
+ ckmc_policy_s notExportable;
+ notExportable.password = NULL;
+ notExportable.extractable = 0;
- test_key2 = &test_key;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
+ CKMCReadableError(temp));
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
- "Error=" << temp);
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(alias)),
- "Error=" << temp);
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
}
-RUNNER_CHILD_TEST(T2103_CAPI_init_change_user_password)
+RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ int temp;
+ ckmc_pkcs12_s *pkcs = NULL;
- char *null_password = NULL;
+ // fail - no entry
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,null_password,"user-pass")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // fail - not exportable
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
-RUNNER_CHILD_TEST(T2104_CAPI_unlock_default_passwd_negative)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
- int temp;
+ RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+ size_t cntr = 0;
+ ckmc_cert_list_s *iter = pkcs->ca_chain;
+ do {
+ cntr ++;
+ iter = iter->next;
+ } while(iter);
+ RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
+ ckmc_pkcs12_free(pkcs);
+}
- char* password = NULL;
- char alias[20] = "mykey_defpasswd";
+RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
+{
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ int temp;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
- char* char_keypem = new char[keyPem.length() + 1];
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ alias_PKCS_exportable,
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ alias_PKCS_exportable,
+ NULL,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+}
- test_policy.password = password;
- test_policy.extractable = 1;
+RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
+{
+ int tmp;
- test_key2 = &test_key;
+ // remove the whole PKCS12 bundles
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)),
+ CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)),
+ CKMCReadableError(tmp));
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key2)),
- "Error=" << temp);
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
}
-RUNNER_CHILD_TEST(T2109_CAPI_deinit)
+RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ int temp;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
}
-RUNNER_TEST_GROUP_INIT(T220_CAPI_EMPTY_DATABASE);
-RUNNER_TEST(T2201_CAPI_unlock_database)
+RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
+
+RUNNER_TEST(T3201_CAPI_unlock_database)
{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- "Error=" << temp);
+ int temp;
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T2202_CAPI_get_data_from_empty_database)
+RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
{
- int temp;
- char alias[10] = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
+ int temp;
+ char alias[10] = "mykey";
+ char *password = NULL;
+ ckmc_key_s *test_key = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
+ "Error=" << temp);
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
+ RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
}
-RUNNER_CHILD_TEST(T2203_CAPI_deinit_lock_database)
+RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- "Error=" << temp);
+ int temp;
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T2204_CAPI_get_data_from_locked_database)
+RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
{
- int temp;
- char alias[10] = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
+ int temp;
+ char alias[10] = "mykey";
+ char *password = NULL;
+ ckmc_key_s *test_key = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
- "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
+ CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
+ RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
}
+
+RUNNER_TEST(T3204_deinit)
+{
+ int temp;
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file cc-mode.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <string>
+
+#include <vconf/vconf.h>
+
+#include <dpl/test/test_runner.h>
+#include <tests_common.h>
+#include <ckm-common.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+
+using namespace CKM;
+using namespace std;
+
+#ifndef VCONFKEY_SECURITY_MDPP_STATE
+#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
+#endif
+
+namespace {
+
+const useconds_t SLEEP = 100*1000;
+
+const size_t MAX_RETRIES = 50;
+
+const char* const ENABLED = "Enabled";
+const char* const ENFORCING = "Enforcing";
+const char* const DISABLED = "Disabled";
+const char* const READY = "Ready";
+const char* const UNSET = "Unset"; // Meaningless value for unset.
+
+const char* const USER_LABEL = "User";
+const char* const CKM_LOCK = "/var/run/key-manager.pid";
+
+const char* const CC_PASSWD = "t200-special-password";
+
+// Wrapper for mdpp state that restores the original value upon destruction
+class MdppState
+{
+public:
+ MdppState();
+ ~MdppState();
+
+ // pass NULL to unset
+ void set(const char* const value);
+
+private:
+ char* m_original;
+};
+
+MdppState::MdppState()
+{
+ ScopedLabel sl(USER_LABEL);
+ m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
+}
+
+MdppState::~MdppState()
+{
+ ScopedLabel sl(USER_LABEL);
+ if (!m_original)
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
+ else {
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
+ }
+}
+
+void MdppState::set(const char* const value)
+{
+ ScopedLabel sl(USER_LABEL);
+ if (value)
+ {
+ int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
+ RUNNER_ASSERT_MSG(0 == ret,
+ "vconf_set() failed, ec: " << ret);
+ }
+ else
+ vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
+}
+
+
+
+Alias rsa_pri_alias("rsa-private-T2002");
+Alias rsa_pub_alias("rsa-public-T2002");
+Alias ecdsa_pri_alias("ecdsa-private-T2002");
+Alias ecdsa_pub_alias("ecdsa-public-T2002");
+
+void save_keys()
+{
+ int temp;
+ auto manager = Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
+ 1024,
+ rsa_pri_alias,
+ rsa_pub_alias,
+ Policy(Password(), true),
+ Policy(Password(), true))),
+ "Error=" << ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
+ ElipticCurve::prime192v1,
+ ecdsa_pri_alias,
+ ecdsa_pub_alias,
+ Policy(Password(), true),
+ Policy(Password(), true))),
+ "Error=" << ErrorToString(temp));
+}
+
+void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
+ KeyShPtr key;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ expected == (temp = manager->getKey(alias, Password(), key)),
+ "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
+ ErrorToString(temp));
+}
+
+void read_keys(int expected)
+{
+// if mdpp is disabled at compilation time we expect that read_key always succeeds
+#ifndef DSECURITY_MDFPP_STATE_ENABLE
+ expected = CKM_API_SUCCESS;
+#endif
+ auto manager = Manager::create();
+
+ read_key(manager, rsa_pri_alias, expected);
+ read_key(manager, ecdsa_pri_alias, expected);
+}
+
+void update_cc_mode()
+{
+ auto control = Control::create();
+ int ret;
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
+ "Error=" << ErrorToString(ret));
+}
+
+void restart_ckm(const char* const mdpp_setting)
+{
+ stop_service(MANAGER);
+ MdppState mdpp;
+ mdpp.set(mdpp_setting);
+ start_service(MANAGER);
+}
+} // namespace anonymous
+
+RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
+
+RUNNER_TEST(TCC_0000_init)
+{
+ reset_user_data(0, CC_PASSWD);
+}
+
+// updatedCCMode should succeed regardless of mdpp setting
+RUNNER_TEST(TCC_0010_updateCCMode)
+{
+ MdppState mdpp;
+
+ mdpp.set(NULL);
+ update_cc_mode();
+
+ mdpp.set(ENABLED);
+ update_cc_mode();
+
+ mdpp.set(ENFORCING);
+ update_cc_mode();
+
+ mdpp.set(DISABLED);
+ update_cc_mode();
+
+ mdpp.set(READY);
+ update_cc_mode();
+
+ mdpp.set("whatever");
+ update_cc_mode();
+}
+
+// tests without listener (ckm only)
+RUNNER_TEST(TCC_0020_noListener)
+{
+ stop_service(LISTENER);
+ MdppState mdpp;
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+
+ mdpp.set(NULL);
+ update_cc_mode();
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(DISABLED);
+ update_cc_mode();
+ // MJK, it's counter-intuitive: Disabled does not mean
+ // that CC mode is disabled, but that device
+ // self-test failed "device DISABLED"
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set("whatever");
+ update_cc_mode();
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(ENABLED);
+ update_cc_mode();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set(ENFORCING);
+ update_cc_mode();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set(READY);
+ update_cc_mode();
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set("whatever");
+ update_cc_mode();
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(DISABLED);
+ update_cc_mode();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+}
+
+// when listener is started with mdpp key unset it should not update mdpp status in ckm
+RUNNER_TEST(TCC_0030_noCallbackRegistered)
+{
+ // restart listener without vconf callback
+ stop_service(LISTENER);
+ reset_user_data(0, CC_PASSWD);
+ MdppState mdpp;
+ mdpp.set(NULL);
+ update_cc_mode();
+ start_service(LISTENER);
+
+ // save and read
+ save_keys();
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(ENABLED);
+ usleep(SLEEP); // give some time for notification to reach ckm
+
+ read_keys(CKM_API_SUCCESS);
+}
+
+// when listener is started with mdpp key set it should update mdpp status in ckm
+RUNNER_TEST(TCC_0040_callbackRegistered)
+{
+ // restart listener with vconf callback
+ stop_service(LISTENER);
+ MdppState mdpp;
+ mdpp.set(DISABLED);
+ update_cc_mode();
+ start_service(LISTENER);
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set("whatever");
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(ENABLED);
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set(DISABLED);
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set(READY);
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_SUCCESS);
+
+ mdpp.set(ENFORCING);
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+
+ mdpp.set(NULL);
+ usleep(SLEEP); // give some time for notification to reach ckm
+ read_keys(CKM_API_SUCCESS);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0050_manualCkmDisabled)
+{
+ restart_ckm(DISABLED);
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0060_manualCkmEnabled)
+{
+ restart_ckm(ENABLED);
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0070_manualCkmEnforcing)
+{
+ restart_ckm(ENFORCING);
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_ERROR_BAD_REQUEST);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0075_manualCkmReady)
+{
+ restart_ckm(READY);
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_SUCCESS);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0080_manualCkmWhatever)
+{
+ restart_ckm("whatever");
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_SUCCESS);
+}
+
+// run ckm manually and see if it properly loads mdpp setting
+RUNNER_TEST(TCC_0090_manualCkmUnset)
+{
+ restart_ckm(NULL);
+
+ reset_user_data(0, CC_PASSWD);
+ save_keys();
+ read_keys(CKM_API_SUCCESS);
+}
+
+// make sure listener won't activate ckm to update mdpp
+RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
+{
+ stop_service(MANAGER);
+ stop_service(LISTENER);
+
+ MdppState mdpp;
+ mdpp.set(ENABLED);
+
+ start_service(LISTENER);
+
+ usleep(1000*1000); // by that time ckm would be already started
+
+ int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
+ RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
+
+ int ret = lockf(lock, F_TEST, 0);
+ close(lock);
+ RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
+}
+
+RUNNER_TEST(TCC_9999_deinit)
+{
+ remove_user_data(0);
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ckm-common.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+#include <string>
+
+#include <sys/smack.h>
+#include <ckmc/ckmc-type.h>
+#include <ckm-common.h>
+#include <tests_common.h>
+#include <access_provider2.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-manager.h>
+#include <ckmc/ckmc-control.h>
+#include <ckmc/ckmc-manager.h>
+#include <service_manager.h>
+
+const char* SERVICE[] = {
+ "central-key-manager-listener.service",
+ "central-key-manager.service" };
+
+void start_service(ServiceIdx idx)
+{
+ ServiceManager sm(SERVICE[idx]);
+ sm.startService();
+}
+
+void stop_service(ServiceIdx idx)
+{
+ ServiceManager sm(SERVICE[idx]);
+ sm.stopService();
+}
+
+
+void switch_to_storage_user(const char* label)
+{
+ AccessProvider ap(label);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(APP_UID, APP_GID);
+}
+
+void switch_to_storage_ocsp_user(const char* label)
+{
+ AccessProvider ap(label);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.allowAPI("key-manager::api-ocsp", "rw");
+ ap.applyAndSwithToUser(APP_UID, APP_GID);
+}
+
+DBCleanup::~DBCleanup()
+{
+ // Let it throw. If db can't be cleared further tests are unreliable
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ for(const auto& it:m_aliases)
+ mgr->removeAlias(it);
+ m_aliases.clear();
+}
+
+// returns process label
+CharPtr get_label()
+{
+ int ret;
+ char* my_label = NULL;
+ RUNNER_ASSERT_MSG(0 <= (ret = smack_new_label_from_self(&my_label)),
+ "Failed to get smack label for self. Error: " << ret);
+
+ return CharPtr(my_label, free);
+}
+
+std::string aliasWithLabel(const char *label, const char *alias)
+{
+ if(label)
+ {
+ std::stringstream ss;
+ ss << label << std::string(ckmc_label_name_separator) << alias;
+ return ss.str();
+ }
+ return std::string(alias);
+}
+
+// changes process label
+void change_label(const char* label)
+{
+ int ret = smack_set_label_for_self(label);
+ RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self. Error: " << ret);
+}
+
+ScopedLabel::ScopedLabel(const char* label) : m_original_label(get_label())
+{
+ change_label(label);
+}
+
+ScopedLabel::~ScopedLabel()
+{
+ /*
+ * Let it throw. If we can't restore label then remaining tests results will be
+ * unreliable anyway.
+ */
+ change_label(m_original_label.get());
+}
+
+const char * CKMCErrorToString(int error) {
+#define ERRORDESCRIBE(name) case name: return #name
+ switch(error) {
+ ERRORDESCRIBE(CKMC_ERROR_NONE);
+ ERRORDESCRIBE(CKMC_ERROR_INVALID_PARAMETER);
+ ERRORDESCRIBE(CKMC_ERROR_OUT_OF_MEMORY);
+ ERRORDESCRIBE(CKMC_ERROR_PERMISSION_DENIED);
+ ERRORDESCRIBE(CKMC_ERROR_SOCKET);
+ ERRORDESCRIBE(CKMC_ERROR_BAD_REQUEST);
+ ERRORDESCRIBE(CKMC_ERROR_BAD_RESPONSE);
+ ERRORDESCRIBE(CKMC_ERROR_SEND_FAILED);
+ ERRORDESCRIBE(CKMC_ERROR_RECV_FAILED);
+ ERRORDESCRIBE(CKMC_ERROR_AUTHENTICATION_FAILED);
+ ERRORDESCRIBE(CKMC_ERROR_BUFFER_TOO_SMALL);
+ ERRORDESCRIBE(CKMC_ERROR_SERVER_ERROR);
+ ERRORDESCRIBE(CKMC_ERROR_DB_LOCKED);
+ ERRORDESCRIBE(CKMC_ERROR_DB_ERROR);
+ ERRORDESCRIBE(CKMC_ERROR_DB_ALIAS_EXISTS);
+ ERRORDESCRIBE(CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ ERRORDESCRIBE(CKMC_ERROR_VERIFICATION_FAILED);
+ ERRORDESCRIBE(CKMC_ERROR_INVALID_FORMAT);
+ ERRORDESCRIBE(CKMC_ERROR_FILE_ACCESS_DENIED);
+ ERRORDESCRIBE(CKMC_ERROR_NOT_EXPORTABLE);
+ ERRORDESCRIBE(CKMC_ERROR_FILE_SYSTEM);
+ ERRORDESCRIBE(CKMC_ERROR_UNKNOWN);
+ default: return "Error not defined";
+ }
+#undef ERRORDESCRIBE
+}
+
+std::string CKMCReadableError(int error) {
+ std::string output("Error: ");
+ output += std::to_string(error);
+ output += " Description: ";
+ output += CKMCErrorToString(error);
+ return output;
+}
+
+void unlock_user_data(uid_t user_id, const char *passwd)
+{
+ int ret;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+void remove_user_data(uid_t user_id)
+{
+ int ret;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->lockUserKey(user_id)),
+ "Error=" << CKM::ErrorToString(ret));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)),
+ "Remove user data failed with error: " << CKM::ErrorToString(ret));
+}
+
+void reset_user_data(uid_t user_id, const char *passwd)
+{
+ remove_user_data(user_id);
+ unlock_user_data(user_id, passwd);
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ckm-common.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#pragma once
+
+#include <unordered_set>
+#include <memory>
+#include <ckm/ckm-type.h>
+#include <ckmc/ckmc-error.h>
+#include <tests_common.h>
+
+void switch_to_storage_user(const char* label);
+void switch_to_storage_ocsp_user(const char* label);
+
+
+// RUNNER_ASSERT wrappers
+template <typename F, typename... Args>
+void assert_result(int expected, F&& func, Args... args)
+{
+ int ret = func(args...);
+ RUNNER_ASSERT_MSG(ret == expected, "Expected " << expected << " got: " << ret);
+}
+
+template <typename F, typename... Args>
+void assert_positive(F&& func, Args... args)
+{
+ assert_result(CKMC_ERROR_NONE, std::move(func), args...);
+}
+
+template <typename F, typename... Args>
+void assert_invalid_param(F&& func, Args... args)
+{
+ assert_result(CKMC_ERROR_INVALID_PARAMETER, std::move(func), args...);
+}
+
+
+// list operations
+template <typename T>
+size_t list_size(const T* list)
+{
+ size_t size = 0;
+ while(list) {
+ list = list->next;
+ size++;
+ }
+ return size;
+}
+
+
+// service lifecycle management
+enum ServiceIdx {
+ LISTENER,
+ MANAGER
+};
+void start_service(ServiceIdx idx);
+void stop_service(ServiceIdx idx);
+
+// support for error printing
+const char * CKMCErrorToString(int error);
+std::string CKMCReadableError(int error);
+
+// Class responsible for db cleanup after positive tests. Will remove all used aliases in destructor
+class DBCleanup
+{
+public:
+ DBCleanup() {}
+
+ const char* alias(const char* alias)
+ {
+ return m_aliases.insert(CKM::Alias(alias)).first->c_str();
+ }
+
+ ~DBCleanup();
+
+private:
+ std::unordered_set<CKM::Alias> m_aliases;
+};
+
+// scoped free
+typedef std::unique_ptr<char, void (*)(void *)> CharPtr;
+
+// returns process label
+CharPtr get_label();
+
+std::string aliasWithLabel(const char *label, const char *alias);
+
+// changes process label
+void change_label(const char* label);
+
+// changes process label upon construction and restores it upon destruction
+class ScopedLabel
+{
+public:
+ ScopedLabel(const char* label);
+ ~ScopedLabel();
+
+private:
+ CharPtr m_original_label;
+};
+
+void unlock_user_data(uid_t user_id, const char *passwd);
+void remove_user_data(uid_t user_id);
+void reset_user_data(uid_t user_id, const char *passwd);
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_clean_env.cpp
+ * @author Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief Functions to prepare clean env for tests.
+ *
+ */
+
+#include <ftw.h>
+#include <unistd.h>
+
+#include <ckm/ckm-control.h>
+
+#include <service_manager.h>
+#include <clean-env.h>
+
+int restart_security_server() {
+ ServiceManager sm("security-server.service");
+ sm.restartService();
+
+ return 0;
+}
+
+static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
+ int tflag, struct FTW *ftwbuf)
+{
+ if (tflag == FTW_F)
+ unlink(fpath);
+ else if (tflag == FTW_DP && ftwbuf->level != 0)
+ rmdir(fpath);
+
+ return 0;
+}
+
+/**
+ * This function should be called at the begining of every SS test, so all the tests
+ * are independent of each other.
+ */
+int reset_security_server()
+{
+ const char* path = "/opt/data/security-server/";
+ const int max_descriptors = 10; //max number of open file descriptors by nftw function
+
+ // Clear /opt/data/security-server/ directory
+ if (access(path, F_OK) == 0) {
+ if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
+ return 1;
+ }
+ sync();
+ }
+
+ restart_security_server();
+ auto control = CKM::Control::create();
+
+ if (!!control) {
+ control->lockUserKey(5000);
+ control->removeUserData(5000);
+ control->unlockUserKey(5000, "");
+ }
+
+ return 0;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file security_server_tests_clean_env.cpp
+ * @author Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief Functions to prepare clean env for tests.
+ *
+ */
+#pragma once
+
+#include <ftw.h>
+#include <unistd.h>
+
+#include <ckm/ckm-control.h>
+
+int restart_security_server();
+int reset_security_server();
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx
+EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl
+c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx
+MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
+DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w
+HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j
+L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7
+nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc
+UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT
+thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6
+XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E
+FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/
+HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97
+Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v
+vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc
+4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB
+pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8
+SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm
+F2obL5qJSTN/RQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqTCCAZECAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHzAdBgNVBAMMFlRlc3Qg
+SU0gQ0EgY2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDOYEXvyoKWCgp+csCdwxdnBnXhNb7mRqCzX5AJh6DdzuMv35G8PEhpfa0p/Wy6
+QlzBB9ipSVCTC37nwsw5vY5G2SmPw6vpYJYJnQHOd5Py6DufElPib35uiEwXQmgq
+OMHYfgo0wdqYsjBTFEq3qfJ+TzWRWEk6La/PPF35QI+Lo9xQBsk0fjx42A4iDnmf
+IWi9XNiPwYij/0a8cmPzc89r8qUln5nWpkBJln9ViiumVVO2Gwdcp96OEXLlgn23
+uf+/IBCzIGxqBmy9fX3GcfjV9thccp/xRtcbbes1pmVyGzpclUtB3M6mPdZOP+UK
+hxUeotpkhIuE1DdojuRQFR2LAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAOERz
+vFL+n7sPG3KdkWJFdIYKZvPHCOaJ6mdrNatAF1rHeRayeSgM6PYwQF4DwwKcPLyo
+IUi2B2sxabvKCCBZ9EjIrhG2fC2ocv7VawuQecB9QET6X4sbUcchcBCkGwL7evrZ
+LzWSs9lBr8wwkPdHwvujup5VTZ7+VYs1lVt38CrFERrAlY03v5VDwN1B1JUCqcDf
+wh69OJNPDgx7Y09GJLoRBfdXSpSVGznDmSB+VRCGb/JsiWAB+qtse1cN4Iwihx8I
++hhfRFLsxBKo/iYncuovPY0riRYBJsop6g/hLqn6kXIhzNnaApKhpwxpmN1cO5N6
+hnsAlvR2v9u2bFMILQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7jL9+R
+vDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7nxJT
+4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6PcUAbJ
+NH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVTthsH
+XKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6XJVL
+QdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABAoIBAQCLidy/vZV+DVv7
+E2vZP8fbCSs7EzP4T1jo73xcdS/3yaMjA29ubvQnH6qt8YRKjARbIAsGq2OniOZN
+nhCoGdrRXJQVeKAMNBo+dcJ6769BVnS5oZLGT8yUv+Ny9punsKig0NflxA0hoZm7
+EsVSWb50WOpHVAJvK+Trok2H8nccWn6q3od9xSoDszexhGFgo1Q9qFVP/YUfT1Qg
+8ZwRu04JTZEHa9DXIRir10rkvhHTHJ0nb+9FeWd6CsCkOtdWRig3a+Vq+4MK/Yt3
+dstf0D1MQXG2WPaHxPB/DpJBOoU7jj4FxrIaJGPM7qVFnpHwRh0iCKtkGQfarKR6
+JjshtU7BAoGBAPywan5o9ZOD+NnfazglPlFrkBansXG329GP/2ag8+PWOadgin+0
+oyMqB81lBr6yI4ZmM+DgvXkb4yjHb9hGNoWjgttbtjU9eVaXzOg5laOd8nZIhmki
+aH/1yPa0sqmlsAlipUq3nqHKOSeG6pE2dg/R5Yu4TYFj6WV57AbLhxPXAoGBANEU
+guet7XZMAiAJKmEy3pRs22Qs0YcEywX44h09ShPz2OoNYpuSWzS2RgxRbSgs0f25
+ks94lYMNOnm6RMWawRgMPv0Z2Pbwpki6CR72ratvZKqYOoZkCg+UM9pMpvmOd4W3
+ZybxLa/4tJMdpVU4unhJ4v1ZIt2lThnC8d369k1tAoGAVF6rEA4HgPudiVF5wUNe
+LV1WvNm8+5VCBhSoWCIBjN8oXOR1GfK8Ta9o74F94QolpmhVhg5D9T4EeMcuZu36
+omBX/tn+WoRuESWaOyeO+RRxsmDA0DW24pK0SPtIdDBoOJoBSpNImgilULdRdq7S
+eLHCjQY6iqtLcKBm2FX4gf0CgYAW9qfCBmpUWdjJ5/fNoSatKp+WCw4gRDiAOWus
+RnUCZ//lBP9VkueNjI94/uB8Tx/pPB6Rxu607BkGEZ1IDs0ydPXeGp6n0JqS1kv2
+KKW+dIeb7QhQhmBMgbyIN28HbcxW1WPw9QBNmYVLuy/Tgl2IpKTXqpiXu3YugijK
+dqviqQKBgF+L6GJPZkVIA1YSy6E3ph2F6K1kxSamTuSA+48352PJ0QFapes8blVg
+vtnlku41CO383G3qk0zZIpgalE2SeF1p5UO/pT6M9mAmJJMY0iF8jTQkvJa9WUwD
+zxWFEfIgTFlU9PtOnPQZlZELS0nwlRXsGYsWJiwEcMbBrXCQNXXV
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD
+VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw
+HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET
+MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz
+dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC
+9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da
+eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W
+rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo
+5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs
+BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw
+TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk
+zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
+AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX
+ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus
+9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS
+Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV
+qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
+kOg11TpPdNDkhb1J4ZCh2gupDg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr12w+a9jd0
+s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+
+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzP
+GFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrG
+iiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAO
+cnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABAoIBAQDNI3YvrrRdfHfJ
+ZG9jp6q/dp/h2nGpeJBZ3XmtMbMpO/7tZwTKhkVXeIaRVJXxhBrCQQ6+KnaQBA9n
+2nbCnmXwqhBKaZy1whBYewbW2er/VPGijB5pG3zwUWPEBcqxPtSluM54ZcDUfKqg
+2kgWorCSnyLRwxzKz4G74qRG+XWsFncEaGSk7upv49LPrNMBrSQaiEy/HsNvR4gd
+viQ7E1RY3Tj9T0DFruv4RU9gIvXagCs+lole1fZDGupD3QBschJWGoNyyes4yjMS
+fWbGWquWMXfsrSi7CuwIrFoOVIErAjlU1m1CJqB+mZMubTOdmOnJMjNQOqXgvhN7
+0z/aKh6xAoGBAPyKYeVZUVC+wbIl3t0QEDtXaPaOnN6IJfMkHGQ+kCw2GjiUl628
+hqdR3eKZgu0nC9o9erlvOm3ItfKWMHrTtwE66ON1uFmGY1IzEEbgmHmiVtFdgk/C
+QVxIVz7ht66raqZ3ES0FMaFJvvQw3fT3pa7hCr0XA5xyfOBd99ylRhnlAoGBANMc
+peBk2HO29JPw+vcUeLJv4g4/EoE1gEWzUy8BKnqqP4vvh7hCMUuo+1U7IOy2MKXd
+TuXJ5tcuGSIfi02ID2darSlE2jZcYwahn4RTvYttfKksBw2ulf52g62Ig8vG4nkf
+sAOs9EOdRCyCVDomXxt4Oi+NFd0Wks5Rec9T3PwlAoGAexLpwL81rNc6SJrCMRP6
+BSGFStuXwa+yZvtLRuNimdlIEBkCjq4ZJYP1UdCkiPUFhrd9js+RNx2g5nehasqx
+Hk1aYDfnvuGKl+3A2fns9SJTkzcyIbK27cVnl4KjZOGvWS8f1MP6OvNYt2L1WMQ0
+H7UW6a5EmUMGbsX83LBDKK0CgYBXKgXm/1xLcqfLCX1lVMN80SshvLL0PFXI8YCP
+8MhMO0zfhzefQV0/Ivcaur4eXh757MUtpU41XCguaZ3Hljzd7JeAaZg7R6vvSf4l
+0bl5/uuwoagL4yC1HtPBa5MXKPfLEOVIrzlvTVifk/QYyk0Md3h2t6bmUPKuUv+b
+NcIRLQKBgQCQ56ygXw/DgrTk+QC+prA11UVUy5EYWSifhQZGRRZ/IOxjzVZ9NQf6
+lKxLg9QHQ3/FOk01pk3m2K8wz+bucCxJgXf38wIpJp9t9DWgnjrJqB2xw4tMzFvL
+AnBVXNYND8vdi51tIaziFuOgW81SroZFoX5XBv8wPv/HZT2KqxAMmg==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx
+HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0
+WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T
+dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV
+VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl
+z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq
+QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc
+bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E
+4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk
+4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp
+UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj
+CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/
+i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9
+HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF
+Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz
+6ON7PVe0ABN/AlwVQiFE
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqDCCAZACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHjAcBgNVBAMMFVRlc3Qg
+bGVhZiBjZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM03QyGtrQ5kcRZyIIhvpgc/BqElTg7NCJjUBm6o/qS4QThUR/H7GoeCZc+WBfSs
+ITFS5J5xxhSxPzW+wHN+ZBM4TEDKU0caIVvN6McN3mfMzfxQaCqoOKh0akEfJEtd
+GF04KwUdHsf1afjlChMOoe8i9q+E6b65/f6h8LMbS8almwyFX9TvW9S33G5ZWDHZ
+leROtsjebXMKwz/ILx4xZ1Xi86xvME6XPRUfdP9CZH6eYwCXAKzgS609BOFUarPu
+B7sE/IwMBQJjZ3OyGF+ako7UlpJph3u9yv5cwfjoiNCRHP93llE1qsE0pOLTQokB
+gSid/S1z0wQSXc5sVR+wlA0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAI0DmU
+6E9XSs42wVqzKghvjuGwXH+SHIxSTQVaoXzMbFnsCPrt9F9FGTKjRq2IRBHb2yq/
+S+kW3ptSteKrqLzABxaQ8aCt//Xm/hYnpeJZV4WuDr2TWpEfT0U955iGRAOqpOzi
+E19J9h7F/+cX1FzVdP86mHhwQERTPWGg8jiwEPuApe3APmNBYlu7K4zMa2IB/LKh
+cItzpqi8sJ0wmGQrdRVHgNyBc7TC2IkyCVl5eJiD+gmQEOuy6agAVggWM9yQQlNg
+5WkqBDegPG/pLOxFvDtaV2SlxSuFAXKDoyRPeRC21w6pYEtc7aXzpgBWgcv2R0pT
+NrWNXibZ7aLImIhW
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH
+8fsah4Jlz5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBo
+Kqg4qHRqQR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf
+1O9b1LfcbllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcA
+rOBLrT0E4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eW
+UTWqwTSk4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABAoIBAQCTBhmhglVu70Ua
+KK/oL91KabwtLZXsArc7DwSAubCegKexXKii1B0goqqge8JOlhe9x76lSav5XTeF
+IOGunQnDv1zaOlpJoY3uwOoZ2nTR9yhIsa6/iP/2qFkLyOzu1YbEGp6vrjpEVi4T
+NLzwBFa+BlWoUFhK3eP8TzcsiszSRr8/vbvlRFzDyq4+YqLsAHpGsvaIZHScU3iG
+AjtCCCpV9HNW3TAAhGq9j/x3YPqt6edrsK1taR+dbLIeGoMnmMReaxgaKd7wWZCr
+dbvngGtpgyEXjONkXVpAcZrD2AaWoGWHjoik+14T4K2QU4OW8jQ2h2uljQa2JXDu
++LMaTKCBAoGBAP6MPqMfcMmf4bYAhrgeZMwSq1F7ubBPu/YyOYiCF6J259jcdxjY
+HfdwtDeoNGKCwE8S8BMXMs33tlL8/AcVdYwbIMVmk6ZXmyFDAyUGB/fGq+QkFCwJ
+yVHb75uuiPpn8euIwg+Y9NBDQYt59oJI9TyCjNPy6Xd612u6AXBcFU1hAoGBAM5i
++HM6lSuqNdp77awbDIzuuu/zTRzgF4bbodjGSxwn1cx7xb2iCPWiykiD5EU3XWWv
+68i15yud6ooIFjxGYP6oYjFIpfjRU7n+/UJpbnkTjMUbUqc4IpiP+ruU9hoMZZ3S
+ey+bLSYQfy6Jf8YnCLkroKtGsgFF30gi0EL6qjotAoGAFTPzZ70PtQvHTlS+5AlM
+Fh+b+56VuhT6MCjA2BkWBOdoqoy6suwVmu3dZSFys532jN+j9cMh7TwsCL+f8qsb
+7n63/RltRRbZCi09ztCwyzfWS5uhvoVWKqZqUAp6yHjuEtOCbrAr/EkN5aNUIEgZ
+fV/WgTUjs1sdJJEK26Qf9iECgYB2HmabbDfbmbrgpHTOP1zbe/Y5RkIn+Ij+gc0L
+R9HM92+BbIUrlwURsG2dOv72Lk2h2SFU6ea4K9UD0sUHEjCJDs3D7xQuZ39HwAwq
+ajTzzqCOXqjbU2FZd23E1ehT2CyAOuqNwH4CfwaLF96tBcIUWEfIPtm5qMe1fVc8
+PkIWsQKBgQCiwgARCIHhzXUoAY8U0k4Ng8cTj2ykISTf9HKXyKoInhBbuHRDvYsU
+oCPi8eYvz4Vwmwcf938CdtLAd5XHCMmTQ+96Xjt/QgJrkA3n04hWsgTMQM2E9QMv
+cxv8UfypFUzhMkUfj4b3EsaTHOxJVS3Ml5m8+YJdncKoZnz8lBKALA==
+-----END RSA PRIVATE KEY-----
#include <netdb.h>
-#include <dpl/log/log.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <test-certs.h>
+#include <access_provider2.h>
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-password.h>
#include <fstream>
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-static const int USER_TEST = 5001;
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include <dpl/log/log.h>
+
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
/*
* How to numerate tests:
* D - subtest.
*/
+RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
+RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // all further tests will start with newly started service,
+ // OpenSSL on the service side will have to be properly initialized too
+ stop_service(MANAGER);
+ start_service(MANAGER);
+}
-RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL);
+RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
-RUNNER_TEST(T0010_Control)
+RUNNER_TEST(T0011_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0020_Control)
+RUNNER_TEST(T0012_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0030_Control)
+RUNNER_TEST(T0013_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0040_Control)
+RUNNER_TEST(T0014_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0015_Control)
{
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(20)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0050_Control)
+RUNNER_TEST(T0016_Control_negative_wrong_password)
{
int temp;
auto control = CKM::Control::create();
CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(20)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
int temp;
auto manager = CKM::Manager::create();
- std::string certPem =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- CKM::RawBuffer buffer(certPem.begin(), certPem.end());
- auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+ auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::CertificateShPtr cert2;
CKM::Alias alias = "myCert";
RUNNER_CHILD_TEST(T1013_user_app_save_key)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
key->getDER() == key2->getDER(), "Key value has been changed by service");
}
+RUNNER_TEST(T1014_save_with_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key_name, key_full_addr;
+ CKM::Alias alias = "mykey-2";
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // lookup by name
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_name->getDER(),
+ "Key value has been changed by service");
+
+ // lookup by full address
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_full_addr->getDER(),
+ "Key value has been changed by service");
+}
-RUNNER_TEST(T1014_deinit)
+RUNNER_TEST(T1015_deinit)
{
int temp;
auto control = CKM::Control::create();
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+ "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
}
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::RawBuffer buffer(binData.begin(), binData.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_TEST(T1033_remove_bin_data)
std::string binData2 = "My bin data2";
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data1")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data3")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 1,
- "Wrong size of list: " << aliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == 1,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1039_deinit)
+RUNNER_TEST(T1034_getData_wrong_password)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data4";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ buffer == buffer1,
+ "Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1035_deinit)
{
int temp;
auto control = CKM::Control::create();
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel-rsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 2 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 2");
+}
+
+RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-rsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1043_create_dsa_key)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-dsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1"), CKM::Alias("PUB_KEY1"), CKM::Policy(), CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
}
-RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPairRSA);
+RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
RUNNER_TEST(T1110_init)
{
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1112_CreateKeyPairECDSA)
+RUNNER_TEST(T1112_CreateKeyPairDSA)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::Alias a1("dsa-test-1");
+ CKM::Alias a2("dsa-test-2");
+ CKM::Policy p1;
+ CKM::Policy p2;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1113_CreateKeyPairECDSA)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1113_deinit)
+RUNNER_TEST(T1114_deinit)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12103_saveKey_empty_key)
+RUNNER_TEST(T12103_saveKey_foreign_label)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int ret;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12104_saveKey_empty_key)
{
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12104_saveCertificate_empty_alias)
-{
- std::string certPem =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
- "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
- "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
- "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
- "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
- "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
- "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
- "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
- "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
- "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
- "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
- "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
- "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
- "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
- "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
- "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
- "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
- "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
- "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
- "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
- "rHva8A==\n"
- "-----END CERTIFICATE-----\n";
-
- CKM::RawBuffer buffer(certPem.begin(), certPem.end());
- auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+RUNNER_TEST(T12105_saveCertificate_empty_alias)
+{
+ auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias; //alias is not initialized
int temp;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12105_saveCertificate_empty_cert)
+RUNNER_TEST(T12106_saveCertificate_foreign_label)
+{
+ auto cert = TestData::getTestCertificate(TestData::GIAG2);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12106_saveData_empty_alias)
+RUNNER_TEST(T12108_saveData_empty_alias)
{
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12107_saveData_empty_data)
+RUNNER_TEST(T12109_saveData_foreign_label)
+{
+ std::string testData = "test data test data test data";
+ CKM::RawBuffer buffer(testData.begin(), testData.end());
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12110_saveData_empty_data)
{
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
* These test cases tests API when trying to get data from not existing alias
*/
-RUNNER_TEST(T12108_getKey_alias_not_exist)
+RUNNER_TEST(T12111_getKey_alias_not_exist)
{
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12109_getCertificate_alias_not_exist)
+RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12110_getData_alias_not_exist)
+RUNNER_TEST(T12113_getData_alias_not_exist)
{
int temp;
auto manager = CKM::Manager::create();
/*
* These test cases tests API when damaged keys are used
*/
-RUNNER_TEST(T12111_rsa_key_damaged)
+RUNNER_TEST(T12114_rsa_key_damaged)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12112_rsa_key_too_short)
+RUNNER_TEST(T12115_rsa_key_too_short)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12113_deinit)
+RUNNER_TEST(T12116_dsa_key_too_short)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ const std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
+ "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
+ //"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
+ "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
+ //"AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
+ "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
+ "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
+ "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
+ "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
+ "YMYCBhubtrVaLmc=\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "short-dsa";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+
+/*
+ * These test cases tests CKM service if malicious data is provided over the socket.
+ */
+
+RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ // fake the client - let the service detect the problem
+ class WrongKeyImpl : public CKM::Key
+ {
+ public:
+ WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ }
+
+ virtual bool empty() const {
+ return false;
+ }
+
+ virtual CKM::KeyType getType() const {
+ return CKM::KeyType::KEY_RSA_PUBLIC;
+ }
+ virtual int getSize() const {
+ return 1024;
+ }
+ virtual CKM::ElipticCurve getCurve() const {
+ return CKM::ElipticCurve::prime192v1;
+ }
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+ virtual ~WrongKeyImpl() {}
+ private:
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Berta\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto key = std::make_shared<WrongKeyImpl>(buffer);
+ CKM::Alias alias = "damaged-rsa";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
+{
+ // fake the client - let the service detect the problem
+ class WrongCertImpl : public CKM::Certificate
+ {
+ public:
+ WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ m_x509 = X509_new();
+ }
+
+ bool empty() const {
+ return false;
+ }
+
+ virtual X509 *getX509() const {
+ return m_x509;
+ }
+
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+
+ virtual ~WrongCertImpl() {
+ X509_free(m_x509);
+ }
+ private:
+ X509* m_x509;
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Stefan\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto cert = std::make_shared<WrongCertImpl>(buffer);
+ CKM::Alias alias = "damaged-cert";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12119_deinit)
{
int temp;
auto control = CKM::Control::create();
RUNNER_TEST(T1312_get_chain)
{
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
+ auto cert = TestData::getTestCertificate(TestData::MBANK);
+ auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
- auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
RUNNER_TEST(T1313_get_chain_with_alias)
{
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
+ auto cert = TestData::getTestCertificate(TestData::MBANK);
+ auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
- auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
CKM::Alias alias("imcert");
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(alias);
+ aliasVector.push_back(full_address);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
RUNNER_TEST(T1314_ocsp_check)
{
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
+ RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
- auto cert = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto cert1 = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ auto cert = TestData::getTestCertificate(TestData::MBANK);
+ auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1413_rsa_key_create_verify_negative)
+RUNNER_TEST(T1413_dsa_key_create_verify)
{
int temp;
auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
+ std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
+ "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
+ "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
+ "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
+ "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
+ "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
+ "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
+ "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
+ "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
+ "u1roOuaPY+Hl19BlTE2qdw==\n"
+ "-----END DSA PRIVATE KEY-----";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
+ "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
+ "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
+ "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
+ "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
+ "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
+ "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
+ "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
+ "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
+ "YMYCBhubtrVaLmc=\n"
+ "-----END PUBLIC KEY-----";
+
+ std::string message = "message test";
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
aliasPrv,
hash,
padd)),
"Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
}
+
RUNNER_TEST(T1414_ec_key_create_verify)
{
int temp;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1415_rsa_cert_create_verify_signature)
+RUNNER_TEST(T1415_rsa_key_create_verify_negative)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1416_dsa_key_create_verify_negative)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
std::string message = "message test";
- CKM::Alias aliasPub = "pub3";
- CKM::Alias aliasPrv = "prv3";
+ CKM::Alias aliasPub = "pub1-cert";
+ CKM::Alias aliasPrv = "prv1-cert";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ const std::string pub = "-----BEGIN CERTIFICATE-----\n"
+ "MIIDUzCCAxECCQCer/fKcXtJgTALBglghkgBZQMEAwIwgYsxCzAJBgNVBAYTAlBM\n"
+ "MQ8wDQYDVQQIDAZQb2xhbmQxDzANBgNVBAcMBldhcnNhdzEQMA4GA1UECgwHU2Ft\n"
+ "c3VuZzEMMAoGA1UECwwDS1NGMRMwEQYDVQQDDAptLmthcnBpdWsyMSUwIwYJKoZI\n"
+ "hvcNAQkBFhZtLmthcnBpdWsyQHNhbXN1bmcuY29tMCAXDTE0MDkyNjEzNTQwN1oY\n"
+ "DzIxNDAwOTA1MTM1NDA3WjCBizELMAkGA1UEBhMCUEwxDzANBgNVBAgMBlBvbGFu\n"
+ "ZDEPMA0GA1UEBwwGV2Fyc2F3MRAwDgYDVQQKDAdTYW1zdW5nMQwwCgYDVQQLDANL\n"
+ "U0YxEzARBgNVBAMMCm0ua2FycGl1azIxJTAjBgkqhkiG9w0BCQEWFm0ua2FycGl1\n"
+ "azJAc2Ftc3VuZy5jb20wggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA9Bhh7ZA4onkY\n"
+ "uDNQbYR4EwkJ6RpD505hB0GF6yppUNp2LanvNcQXcyXY88MB6OdP7Rikbu1H2zP4\n"
+ "gONCtdxKW58Za7h9bFzYjxcObZsS52F9DP7sv3C4sX4xNWApfhUgbfzKaRCJOkOs\n"
+ "06tV7teu3G/v26PdI8dlykIuQXQZmH8CFQCHsIV0njb2yC3ggfKz+exH+g5jAQKB\n"
+ "gBVLYfVCMjUz5XJH+xYU3A8W8rpSLqZKIK2d9mbXqhpz8QK1bvNQUlSRZo+o1ZYV\n"
+ "mJn3Mx2YuiifHZNKdBNweCqe5a+HV2RSl1Yv/TV9famZKlogGslsmPHUOJMlSIdh\n"
+ "MfMwVny4/rNtjEtEFE1WnaTr1W6MKH1EBbizVo8fmWFrA4GFAAKBgQCaPjrlkAyX\n"
+ "kBitWo+w0xZN4OSk13SsCzZ/PG+5zOgMRaFm2XbiC04YsGCi4NFOd9kaiP7w1CsP\n"
+ "iqG6Vwv0T/VcoxBl/hp6jEqTDSrM6z0ungjDO9wGOdI+jZS0UjVahgC4ZLDHhrOa\n"
+ "CjfxcHruO3e416b/Rm2CjhOzjKdoSFUWVzALBglghkgBZQMEAwIDLwAwLAIUHa+A\n"
+ "5xo8O/tPuH9gXkr1mee6kRYCFGNycJ1xkc3nIJaEQOtGfDe7S71A\n"
+ "-----END CERTIFICATE-----\n";
+
+ const std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQD0GGHtkDiieRi4M1BthHgTCQnpGkPnTmEHQYXrKmlQ2nYtqe81\n"
+ "xBdzJdjzwwHo50/tGKRu7UfbM/iA40K13EpbnxlruH1sXNiPFw5tmxLnYX0M/uy/\n"
+ "cLixfjE1YCl+FSBt/MppEIk6Q6zTq1Xu167cb+/bo90jx2XKQi5BdBmYfwIVAIew\n"
+ "hXSeNvbILeCB8rP57Ef6DmMBAoGAFUth9UIyNTPlckf7FhTcDxbyulIupkogrZ32\n"
+ "ZteqGnPxArVu81BSVJFmj6jVlhWYmfczHZi6KJ8dk0p0E3B4Kp7lr4dXZFKXVi/9\n"
+ "NX19qZkqWiAayWyY8dQ4kyVIh2Ex8zBWfLj+s22MS0QUTVadpOvVbowofUQFuLNW\n"
+ "jx+ZYWsCgYEAmj465ZAMl5AYrVqPsNMWTeDkpNd0rAs2fzxvuczoDEWhZtl24gtO\n"
+ "GLBgouDRTnfZGoj+8NQrD4qhulcL9E/1XKMQZf4aeoxKkw0qzOs9Lp4IwzvcBjnS\n"
+ "Po2UtFI1WoYAuGSwx4azmgo38XB67jt3uNem/0Ztgo4Ts4ynaEhVFlcCFGMH+Z9l\n"
+ "vonbjii3BYe4AIdkzOvp\n"
+ "-----END DSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "pub2-cert";
+ CKM::Alias aliasPrv = "prv2-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1416_ecdsa_cert_create_verify_signature)
+RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
std::string message = "message test";
- CKM::Alias aliasPub = "pub4";
- CKM::Alias aliasPrv = "prv4";
+ CKM::Alias aliasPub = "pub3";
+ CKM::Alias aliasPrv = "prv3";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1417_deinit)
+RUNNER_TEST(T1420_deinit)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
-RUNNER_CHILD_TEST(T1510_init_unlock_key)
+RUNNER_TEST(T14180_init)
{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
+ int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
-RUNNER_CHILD_TEST(T1511_init_insert_data)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+ auto manager = CKM::Manager::create();
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
+ // Prepare RSA Key Pair
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
+ "\n"
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
+ "-----END RSA PRIVATE KEY-----\n";
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----\n";
- auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto certim = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Password password = "1234";
- int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
- int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // Prepare ECDSA Key Pair
+ std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
+ "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
+ "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string ecpub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
+ "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END PUBLIC KEY-----\n";
+
+ CKM::Alias aliasEcPub = "ecpub_nohash1";
+ CKM::Alias aliasEcPrv = "ecprv_nohash1";
+
+ auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
+ auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14181_rsa_create_signatue_nohash)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14184_ec_create_signatue_nohash)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ int msgSize = 1024*1024;
+ char big_msg[msgSize];
+ for(int i =0; i<msgSize-1; i++) {
+ big_msg[i] = 'a';
+ }
+ big_msg[msgSize-1]=0x00;
+ std::string message(big_msg);
+
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14189_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_CHILD_TEST(T1510_init_unlock_key)
+{
+ int tmp;
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1511_insert_data)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto certee = TestData::getTestCertificate(TestData::MBANK);
+ auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
+
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
+ int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
RUNNER_CHILD_TEST(T1519_deinit)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- auto control = CKM::Control::create();
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1701_init_unlock_key)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1702_insert_data)
+{
+ int temp;
+ AccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ auto certee = TestData::getTestCertificate(TestData::MBANK);
+
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+
+ CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T1703_removeApplicationData)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1704_data_test)
+{
+ int temp;
+ AccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_TEST(T1705_deinit)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T17101_init)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17102_prep_data_01)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17103_prep_data_02)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17104_prep_data_03)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17105_prep_data_04)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T17106_remove_application)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17107_check_data_01)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17108_check_data_02)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17109_unlock_user2)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17110_check_data_03)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17111_check_data_04)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17112_deinit)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST_GROUP_INIT(T180_PKCS12);
+
+namespace
+{
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
+const char *PKCS_PASSWD = "PKCS-pass";
+}
+
+RUNNER_TEST(T1800_init)
+{
+ reset_user_data(0, PKCS_PASSWD);
+}
+
+RUNNER_TEST(T1801_parse_PKCS12) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 0 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(T1802_negative_wrong_password) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "error");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1803_negative_broken_buffer) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
+ buffer[4]=0;
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
+{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // save private key
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
+{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
+ int tmp;
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T1806_get_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ CKM::PKCS12ShPtr pkcs;
+
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
- "Error=" << CKM::ErrorToString(tmp));
+ 2 == caVector.size(),
+ "Wrong size of vector");
}
+RUNNER_TEST(T1807_create_and_verify_signature)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
-RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS);
+ std::string message = "message test";
-RUNNER_CHILD_TEST(T1610_init_lock_key)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
+RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
+ "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
+ "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
+ "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
+ "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
+ "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
+ "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
+ "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
+ "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
+ "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
+ "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
+ "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
+ "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
+ "-----END RSA PRIVATE KEY-----";
+ std::string message = "message test";
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
- "Error=" << CKM::ErrorToString(temp));
-}
-RUNNER_CHILD_TEST(T1612_init_change_user_password)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_copy,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
+RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_wrong,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
"Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)),
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1619_deinit)
+RUNNER_TEST(T1810_verify_get_certificate_chain)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
+ // this certificate has been signed using PKCS chain
+ std::string im = "-----BEGIN CERTIFICATE-----\n"
+ "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+ "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
+ "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
+ "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
+ "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
+ "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
+ "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
+ "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
+ "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
+ "Qw==\n"
+ "-----END CERTIFICATE-----\n";
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector aliasVector;
-RUNNER_TEST(T1701_init_unlock_key)
-{
int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1702_init_insert_data)
-{
- int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_ALIAS_VECTOR,
+ EMPTY_ALIAS_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
- CKM::AliasVector av;
+ aliasVector.push_back(alias_PKCS_exportable);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
+ // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
+ 4 == certChain.size(),
+ "Wrong size of certificate chain: " << certChain.size());
}
-RUNNER_CHILD_TEST(T1704_data_test)
+RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
{
- int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
+ int tmp;
+
+ // remove the whole PKCS12 bundles
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
-RUNNER_TEST(T1705_deinit)
-{
- int tmp;
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
- auto control = CKM::Control::create();
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_TEST_GROUP_INIT(T180_PKCS12);
+RUNNER_TEST(T1812_get_pkcs12_password_tests)
+{
+ CKM::Alias alias = "t1812alias1";
-RUNNER_TEST(T1801) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
std::istreambuf_iterator<char> begin(is), end;
std::vector<char> buff(begin, end);
+ CKM::PKCS12ShPtr pkcs12;
+ CKM::Password pass1 = "easypass1";
+ CKM::Password pass2 = "easypass2";
+
CKM::RawBuffer buffer(buff.size());
memcpy(buffer.data(), buff.data(), buff.size());
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
RUNNER_ASSERT_MSG(
NULL != pkcs.get(),
"Error in PKCS12::create()");
- auto cert = pkcs->getCertificate();
+ int temp;
RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
+ CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
+ "Error=" << CKM::ErrorToString(temp));
- auto key = pkcs->getKey();
RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- auto caVector = pkcs->getCaCertificateShPtrVector();
RUNNER_ASSERT_MSG(
- 0 == caVector.size(),
- "Wrong size of vector");
-}
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
-RUNNER_TEST(T1802_negative_wrong_password) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- auto pkcs = CKM::PKCS12::create(buffer, "error");
RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
-RUNNER_TEST(T1803_negative_broken_buffer) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
+ CKM::CertificateShPtr cert;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
+ "Error=" << CKM::ErrorToString(temp));
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector certVect;
+ certVect.push_back(alias);
- RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
- buffer[4]=0;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1813_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
"Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
}
-RUNNER_TEST(T1903_deinit)
+RUNNER_TEST(T1903_lock_database)
{
int tmp;
-
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
"Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
}
RUNNER_TEST(T1904_get_data_from_locked_database)
"Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
}
+RUNNER_TEST(T1905_deinit)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
int main(int argc, char *argv[])
{
DPL::Log::LogSystemSingleton::Instance().SetTag("CKM_TESTS");
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * @file password-integration.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <vector>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/log/log.h>
+
+#include <tests_common.h>
+
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <security-server.h>
+
+#include <access_provider2.h>
+#include <clean-env.h>
+
+CKM::Alias CKM_ALIAS1 = "ALIAS1";
+CKM::Alias CKM_ALIAS2 = "ALIAS2";
+
+CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
+
+const char * PASSWORD1 = "LongPassword1";
+const char * PASSWORD2 = "LongerPassword2";
+
+static const int USER_APP = 5000;
+
+const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
+
+void dropPrivileges() {
+ static const std::string LABEL1 = "TestLabel1";
+ static const int GROUP_APP = 5000;
+
+ AccessProvider ap(LABEL1);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4010_INIT)
+{
+ reset_security_server();
+ unsigned int attempt, max_attempt, expire_sec;
+
+ int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4011_ADD_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+ RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4012_CLOSE_CKM_DB)
+{
+ auto ctl = CKM::Control::create();
+
+ int ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4013_GET_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+
+ // CKM will automaticly unlock with empty password
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+ unsigned int attempt, max_attempt, expire_sec;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4015_GET_DATA)
+{
+ dropPrivileges();
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
+}
+
+RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4020_INIT)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4021_ADD_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+ RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4022_CLOSE_CKM_DB)
+{
+ unsigned int attempt, max, expire;
+
+ auto ctl = CKM::Control::create();
+
+ int ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // login with current password to get rid of invalid "NULL" DKEK
+ ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+
+ ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+ unsigned int attempt, max, expire;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
+}
+
+RUNNER_CHILD_TEST(T4025_GET_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data missmatch");
+}
+
+RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4030_INIT)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4031_ADD_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+ RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4032_CLOSE_CKM_DB)
+{
+ unsigned int attempt, max, expire;
+
+ auto ctl = CKM::Control::create();
+
+ int ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // login with current password to get rid of invalid "NULL" DKEK
+ ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+
+ ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+}
+
+RUNNER_CHILD_TEST(T4035_GET_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
+}
+
+
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file test-certs.cpp
+ * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com)
+ * @version 1.0
+ */
+
+#include <map>
+#include <test-certs.h>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+using namespace std;
+
+namespace {
+typedef map<TestData::certificateID, pair<string, CKM::CertificateShPtr>> CertMap;
+
+CKM::CertificateShPtr createCert(const string& cert) {
+ CKM::RawBuffer buffer_cert(cert.begin(), cert.end());
+ CKM::CertificateShPtr cptr = CKM::Certificate::create(buffer_cert, CKM::DataFormat::FORM_PEM);
+ return cptr;
+}
+
+CertMap initializeTestCerts()
+{
+ CertMap cm;
+
+ // TEST_ROOT_CA, expires 2035
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n"
+ "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n"
+ "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n"
+ "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n"
+ "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n"
+ "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n"
+ "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n"
+ "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n"
+ "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n"
+ "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n"
+ "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n"
+ "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n"
+ "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n"
+ "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n"
+ "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n"
+ "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n"
+ "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n"
+ "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n"
+ "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n"
+ "kOg11TpPdNDkhb1J4ZCh2gupDg==\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::TEST_ROOT_CA] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx\n"
+ "EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl\n"
+ "c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx\n"
+ "MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI\n"
+ "DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w\n"
+ "HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF\n"
+ "AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j\n"
+ "L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7\n"
+ "nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc\n"
+ "UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT\n"
+ "thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6\n"
+ "XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E\n"
+ "FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/\n"
+ "HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97\n"
+ "Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v\n"
+ "vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc\n"
+ "4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB\n"
+ "pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8\n"
+ "SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm\n"
+ "F2obL5qJSTN/RQ==\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::TEST_IM_CA] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // TEST_LEAF, signed by TEST_IM_CA, expires 2035
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV\n"
+ "BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx\n"
+ "HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0\n"
+ "WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T\n"
+ "dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV\n"
+ "VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
+ "CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl\n"
+ "z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq\n"
+ "QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc\n"
+ "bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E\n"
+ "4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk\n"
+ "4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp\n"
+ "UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj\n"
+ "CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/\n"
+ "i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9\n"
+ "HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF\n"
+ "Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz\n"
+ "6ON7PVe0ABN/AlwVQiFE\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::TEST_LEAF] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n"
+ "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n"
+ "YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG\n"
+ "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy\n"
+ "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP\n"
+ "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv\n"
+ "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE\n"
+ "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ\n"
+ "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC\n"
+ "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7\n"
+ "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD\n"
+ "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig\n"
+ "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF\n"
+ "BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ\n"
+ "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE\n"
+ "+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6\n"
+ "8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS\n"
+ "etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i\n"
+ "vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP\n"
+ "WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8\n"
+ "VOBHBw==\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::GIAG2] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // MBANK, signed by SYMANTEC, expires 04 Feb 2016
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n"
+ "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n"
+ "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n"
+ "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n"
+ "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n"
+ "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n"
+ "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n"
+ "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n"
+ "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n"
+ "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n"
+ "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n"
+ "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n"
+ "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n"
+ "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n"
+ "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n"
+ "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n"
+ "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
+ "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n"
+ "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n"
+ "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n"
+ "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n"
+ "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n"
+ "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n"
+ "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n"
+ "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n"
+ "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n"
+ "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n"
+ "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n"
+ "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n"
+ "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n"
+ "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n"
+ "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n"
+ "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n"
+ "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::MBANK] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n"
+ "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n"
+ "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n"
+ "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n"
+ "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n"
+ "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n"
+ "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n"
+ "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n"
+ "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n"
+ "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n"
+ "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n"
+ "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n"
+ "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n"
+ "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n"
+ "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n"
+ "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n"
+ "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n"
+ "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n"
+ "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n"
+ "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n"
+ "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n"
+ "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::SYMANTEC] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // GEOTRUST, signed by EQUIFAX, expires 21 Aug 2018
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"
+ "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"
+ "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"
+ "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"
+ "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
+ "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"
+ "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"
+ "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"
+ "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"
+ "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"
+ "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"
+ "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"
+ "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"
+ "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"
+ "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"
+ "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"
+ "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"
+ "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"
+ "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::GEOTRUST] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // EQUIFAX, (root CA), expires 22 Aug 2018
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n"
+ "UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n"
+ "dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n"
+ "MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n"
+ "dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n"
+ "AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n"
+ "BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n"
+ "cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n"
+ "AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n"
+ "MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n"
+ "aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n"
+ "ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n"
+ "IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n"
+ "MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n"
+ "A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n"
+ "7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n"
+ "1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015
+ {
+ std::string raw_base64 = std::string(
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIGxTCCBa2gAwIBAgIIBIsVw6gw3hgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjExMTI0NzAyWhcNMTUwNTEyMDAwMDAw\n"
+ "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n"
+ "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmokK6sw/osw7yrkc\n"
+ "rSJZk5FAod6yrCptxyq7AssrJbcTCpuxGbG9Ip6/jR8QP4109kZxadoaZ/0ICOh5\n"
+ "bHx44qOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
+ "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n"
+ "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n"
+ "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n"
+ "ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds\n"
+ "ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv\n"
+ "b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q\n"
+ "Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n\n"
+ "bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou\n"
+ "Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv\n"
+ "b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv\n"
+ "LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq\n"
+ "Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq\n"
+ "LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1\n"
+ "YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5k\n"
+ "cm9pZC5jb22CBGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv\n"
+ "b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUu\n"
+ "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n"
+ "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n"
+ "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n"
+ "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBShZRhQFOqlCCt51oEJBD94sL7K4zAMBgNV\n"
+ "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1Ud\n"
+ "IAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtp\n"
+ "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBOQBrolcUp\n"
+ "UFh/5O369pXbuxDZajpSKAjX4Zu6L5LxS9NQRuWqheWNsNcZMRzZ6dP6xpeqf522\n"
+ "zUjzUEzDCOaxCbccakucnXUvg3/m5qgYhxUmLdZjXZ53mTCy4tHbswQrwnxZH+t+\n"
+ "Y4rlJFr4bzPNPx7ucB7wRvxFGCjWXflK1JpgXmUcjFFu8/xrlqJdCwmrjEOJaVRq\n"
+ "urh11t2o4N/DjdboKWBdv+reuijPjzJTKmTbjuZU/bty6COIqtu8vWD39xRCK2y+\n"
+ "W6und7oGKIEvisrLIoHRRgBPfiFBxuzLbvOg/mGbz34pSuBJEzMxrAbkOnGWEQOm\n"
+ "B3KPgoV0lPFo\n"
+ "-----END CERTIFICATE-----\n");
+ cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64));
+ }
+
+ return cm;
+}
+
+CertMap TEST_CERTS = initializeTestCerts();
+}
+
+
+std::string TestData::getTestCertificateBase64(TestData::certificateID id)
+{
+ RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
+ RUNNER_ASSERT_MSG(TEST_CERTS[id].first.size()>0, "Certificate is empty (should never ever happen)!");
+
+ return TEST_CERTS[id].first;
+}
+
+CKM::CertificateShPtr TestData::getTestCertificate(certificateID id)
+{
+ RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
+ RUNNER_ASSERT_MSG(TEST_CERTS[id].second, "Certificate is empty (should never ever happen)!");
+
+ return TEST_CERTS[id].second;
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file test-certs.h
+ * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com)
+ * @version 1.0
+ */
+
+#pragma once
+
+#include <string>
+#include <ckm/ckm-certificate.h>
+
+namespace TestData
+{
+
+enum certificateID {
+ // test certificates
+ TEST_ROOT_CA = 0, // TEST_ROOT_CA, expires 2035
+ TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
+ TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
+
+ // third party
+ GIAG2, // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
+ MBANK, // MBANK, signed by SYMANTEC, expires 04 Feb 2016
+ SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
+ GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018
+ EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018
+ GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015
+
+ // footer - last element in the set
+ NO_CERT
+};
+
+std::string getTestCertificateBase64(certificateID id);
+CKM::CertificateShPtr getTestCertificate(certificateID id);
+}
INCLUDE(FindPkgConfig)
-SET(COMMON_TARGET_TEST "tests-common")
#dependencies
PKG_CHECK_MODULES(COMMON_TARGET_DEP
projects / platform / core / test / security-tests.git / commitdiff