#include <tests_common.h>
#include <test-certs.h>
#include <ckm-common.h>
+#include <access_provider2.h>
using namespace CKM;
using namespace std;
namespace {
-const char* TEST_LABEL = "test_label";
+const char* TEST_LABEL = "test_label";
+const char* TEST_LABEL_2 = "test_label-2";
+
+const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+
const CertificateShPtrVector EMPTY_CERT_VECTOR;
const AliasVector EMPTY_ALIAS_VECTOR;
RUNNER_TEST(TA0000_init)
{
- int temp;
- ControlShPtr control = Control::create();
-
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
- "Error=" << ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)),
- "Error=" << ErrorToString(temp));
+ remove_user_data(0);
+ reset_user_data(APP_UID, TEST_PASS);
}
// saveKey
RUNNER_TEST(TA1820_allow_access)
{
- DBCleanup dbc;
- CharPtr top_label = get_label();
- test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
- test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
- test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias2"),
- TEST_LABEL,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias3"),
- TEST_LABEL,
- CKM::Permission::READ | CKM::Permission::REMOVE);
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
+ std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ gc.save(alias1.c_str(), TEST_DATA);
+ gc.save(alias2.c_str(), TEST_DATA);
+ gc.save(alias3.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL_2,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ }
{
- ScopedLabel label(TEST_LABEL);
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
// test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
// now test with appropriate addressing
- std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
- test_positive(&ManagerAsync::getData, full_alias2_address, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
+ test_positive(&ManagerAsync::getData, alias2, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
- std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
- test_positive(&ManagerAsync::getData, full_alias3_address, "");
- test_positive(&ManagerAsync::removeAlias, full_alias3_address);
+ test_positive(&ManagerAsync::getData, alias3, "");
+ test_positive(&ManagerAsync::removeAlias, alias3);
}
}
RUNNER_TEST(TA1920_deny_access)
{
- DBCleanup dbc;
- CharPtr top_label = get_label();
- test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
- test_positive(&ManagerAsync::setPermission,
- dbc.alias("alias"),
- TEST_LABEL,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ gc.save(alias1.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::NONE);
+ }
{
- ScopedLabel label(TEST_LABEL);
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
- std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
}
}
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- alias_PKCS_exportable,
+ sharedDatabase(alias_PKCS_exportable).c_str(),
pkcs,
exportable,
exportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- alias_PKCS_exportable,
+ sharedDatabase(alias_PKCS_exportable).c_str(),
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- alias_PKCS_not_exportable,
+ sharedDatabase(alias_PKCS_not_exportable).c_str(),
pkcs,
notExportable,
notExportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- alias_PKCS_not_exportable,
+ sharedDatabase(alias_PKCS_not_exportable).c_str(),
pkcs,
notExportable,
notExportable);
// fail - no entry
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- "i-do-not-exist",
+ sharedDatabase("i-do-not-exist").c_str(),
CKM::Password(),
CKM::Password());
// fail - not exportable
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_NOT_EXPORTABLE,
- dbc.alias(alias_PKCS_not_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
CKM::Password(),
CKM::Password());
// success - exportable
auto obs = test_positive(&ManagerAsync::getPKCS12,
- dbc.alias(alias_PKCS_exportable.c_str()),
+ dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
CKM::Password(),
CKM::Password());
RUNNER_TEST(TA9999_deinit)
{
- int temp;
- ControlShPtr control = Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)),
- "Error=" << ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
- "Error=" << ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << ErrorToString(temp));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << ErrorToString(temp));
+ remove_user_data(0);
+ remove_user_data(APP_UID);
}
#include <ckm/ckm-type.h>
namespace {
+const int USER_ROOT = 0;
+const int APP_1 = 6000;
+const int GROUP_1 = 6000;
+const int APP_2 = 6200;
+const int GROUP_2 = 6200;
+const char * const APP_PASS_1 = "app-pass-1";
+const char * const APP_PASS_2 = "app-pass-2";
+const char* APP_LABEL_1 = "APP_LABEL_1";
+const char* APP_LABEL_2 = "APP_LABEL_2";
+const char* APP_LABEL_3 = "APP_LABEL_3";
+const char* APP_LABEL_4 = "APP_LABEL_4";
-const uid_t USER_ROOT = 0;
-const char* APP_PASS = "user-pass";
-const char* ROOT_PASS = "test-pass";
const char* NO_ALIAS = "definitely-non-existent-alias";
const char* NO_OWNER = "definitely-non-existent-owner";
const char* TEST_ALIAS2 = "test-alias2";
const char* TEST_ALIAS3 = "test-alias3";
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL2 = "test-label2";
-const char* TEST_LABEL3 = "test-label3";
-const char* TEST_LABEL4 = "test-label4";
-
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-
void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
{
int ret = ckmc_allow_access(alias, accessor, accessRights);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
{
// data removal should revoke this access
- int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights);
+ int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
+void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
{
// data removal should revoke this access
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
+ int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
}
-void deny_access_by_adm(const char* alias, const char* accessor)
+void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
{
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
}
-int count_aliases()
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ret = ckmc_get_data_alias_list(&aliasList);
- if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
- return 0;
-
- RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret));
-
- ckmc_alias_list_s *plist = aliasList;
- int count = 0;
- while(plist)
- {
- plist = plist->next;
- count++;
- }
- ckmc_alias_list_all_free(aliasList);
- return count;
-}
-
-void check_alias_count(int expected)
+void check_alias_count(size_t expected)
{
- int count = count_aliases();
+ size_t count = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
}
} // namespace anonymous
-RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
+RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
/////////////////////////////////////////////////////////////////////////////
// Manager
RUNNER_TEST(T3000_init)
{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
+ reset_user_data(APP_1, APP_PASS_1);
+ reset_user_data(APP_2, APP_PASS_2);
}
// invalid arguments check
RUNNER_TEST(T3001_manager_allow_access_invalid)
{
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
RUNNER_ASSERT(
CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
RUNNER_ASSERT(
// invalid arguments check
RUNNER_TEST(T3002_manager_deny_access_invalid)
{
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access for non existing alias
RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
// tries to deny access that does not exist in database
RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// tries to allow access to application own data
RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// verifies that alias can not contain forbidden characters
RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
std::string test_alias_playground = std::string("AAA BBB CCC");
// control: expect success
check_read(TEST_ALIAS, 0, TEST_DATA);
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+ check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
}
// verifies that label can not contain forbidden characters
RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
{
- switch_to_storage_user(TEST_LABEL);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
// basic test
- std::string test_label_playground = std::string("AAA BBB CCC");
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// insert part of the separator in the middle
- test_label_playground = std::string(TEST_LABEL);
- test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator);
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ APP_LABEL_1_playground = std::string(APP_LABEL_1);
+ APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// prepend separator
- test_label_playground = std::string(TEST_LABEL);
- test_label_playground.insert(0, ckmc_label_name_separator);
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ APP_LABEL_1_playground = std::string(APP_LABEL_1);
+ APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// append separator
- test_label_playground = std::string(TEST_LABEL);
- test_label_playground.append(ckmc_label_name_separator);
- check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ APP_LABEL_1_playground = std::string(APP_LABEL_1);
+ APP_LABEL_1_playground.append(ckmc_label_name_separator);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// control: expect success
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+ check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
}
+
// tries to access other application data without permission
RUNNER_TEST(T3020_manager_access_not_allowed)
{
- CharPtr top_label = get_label();
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_read_not_visible(TEST_ALIAS_adr.c_str());
check_remove_not_visible(TEST_ALIAS_adr.c_str());
}
// tries to access other application data with permission
RUNNER_TEST(T3021_manager_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission for read/remove
RUNNER_TEST(T3022_manager_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission for reading only
RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
// tries to remove other application data with permission
RUNNER_TEST(T3025_manager_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// rights
RUNNER_TEST(T3026_manager_double_allow)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- // access should be overwritten
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // access should be overwritten
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
// tries to access application data with permission and after permission has been revoked
RUNNER_TEST(T3027_manager_allow_deny)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
- deny_access(TEST_ALIAS, TEST_LABEL2);
+ // remove permission
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
+ deny_access(TEST_ALIAS, APP_LABEL_2);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
RUNNER_TEST(T3028_manager_access_by_label)
{
- CharPtr top_label = get_label();
+ // prepare: add data
+ GarbageCollector gc;
const char *additional_data = "label-2-data";
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
+
+ // add data as app 2
{
- ScopedLabel sl(TEST_LABEL2);
- ScopedSaveData ssd(TEST_ALIAS, additional_data);
- allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+ save_data(TEST_ALIAS, additional_data);
+
+ allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
// test if accessing valid alias (of label2 domain)
check_read_allowed(TEST_ALIAS, additional_data);
-
- // this has to be done here - in the scope, otherwise
- // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
- {
- ScopedLabel sl(top_label.get());
-
- // test if can access label2 alias from label1 domain - should succeed
- check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
- }
}
- // test if accessing valid alias (of label1 domain)
- check_read_allowed(TEST_ALIAS, TEST_DATA);
+ // test accessibility to app 2 from app 1
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- // access should not be possible - already left the LABEL2 scope, object should be removed
- check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
+ // test if can access label2 alias from label1 domain - should succeed
+ check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
+ }
}
// tries to modify another label's permission
RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
{
- ScopedLabel sl(TEST_LABEL);
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
+ allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ }
+
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+
+ allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
+ deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
}
}
// checks if only aliases readable by given app are returned
RUNNER_TEST(T3030_manager_get_all_aliases)
{
- ScopedSaveData ssd1(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ size_t count;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ gc.save(TEST_ALIAS2, TEST_DATA);
- int count = count_aliases();
+ count = count_aliases(ALIAS_DATA);
+ allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+ }
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
check_alias_count(count - 1 + 1);
}
- deny_access(TEST_ALIAS, TEST_LABEL2);
+ // remove permission
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ deny_access(TEST_ALIAS, APP_LABEL_2);
+ }
+
+ // test accessibility from another label
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
// tries to access other application data with permission
RUNNER_TEST(T3031_manager_deprecated_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission for read/remove
RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ }
+
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission for reading only
RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+ }
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
// tries to remove other application data with permission
RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ }
- allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ // test accessibility from another label
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
-
/////////////////////////////////////////////////////////////////////////////
// Control
+RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
+
+RUNNER_TEST(T3100_init)
+{
+ reset_user_data(APP_1, APP_PASS_1);
+ reset_user_data(APP_2, APP_PASS_2);
+}
+
// invalid argument check
RUNNER_TEST(T3101_control_allow_access_invalid)
{
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
+
int ret;
- ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
}
// invalid argument check
RUNNER_TEST(T3102_control_deny_access_invalid)
{
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
+
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
// double owner
std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
+ ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
RUNNER_TEST(T3103_control_allow_access_non_existing)
{
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Allowing access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny access for non existing alias
RUNNER_TEST(T3104_control_deny_access_non_existing)
{
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"Denying access for non existing alias returned " << CKMCErrorToString(ret));
}
// tries to deny non existing access
RUNNER_TEST(T3105_control_deny_access_non_existing_access)
{
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- CharPtr label = get_label();
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- // deny non existing access to existing alias
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
+ "Denying non existing access returned: " << CKMCErrorToString(ret));
}
// tries to allow application to access its own data
RUNNER_TEST(T3106_control_allow_access_to_myself)
{
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
- CharPtr label = get_label();
- int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
+ // test
+ int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
+ "Trying to allow myself returned: " << CKMCErrorToString(ret));
}
// tries to use admin API as a user
RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
{
- switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
+ // prepare: add data
+ GarbageCollector gc;
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ // test
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+ "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
}
// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
+RUNNER_CHILD_TEST(T3111_control_deny_access_as_user)
{
- switch_to_storage_user(TEST_LABEL);
- int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
+ // prepare: add data
+ GarbageCollector gc;
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+
+ // test
+ int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+ "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
}
// tries to read other application data with permission
RUNNER_TEST(T3121_control_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission to read/remove
RUNNER_TEST(T3122_control_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission to read
RUNNER_TEST(T3122_control_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3125_control_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// rights
RUNNER_TEST(T3126_control_double_allow)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
// access should be overwritten
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
// tries to access other application data with permission and after permission has been revoked
RUNNER_TEST(T3127_control_allow_deny)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_denied(TEST_ALIAS_adr.c_str());
check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
}
- CharPtr label = get_label();
- deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+
+ deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
check_remove_not_visible(TEST_ALIAS_adr.c_str());
check_read_not_visible(TEST_ALIAS_adr.c_str());
// checks if only aliases readable by given app are returned
RUNNER_TEST(T3130_control_get_all_aliases)
{
- ScopedSaveData ssd1(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ size_t count;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ gc.save(TEST_ALIAS2, TEST_DATA);
- int count = count_aliases();
+ count = count_aliases(ALIAS_DATA);
+ }
- allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+ allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can access other aliases when it has permission
check_alias_count(count - 1);
- ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
+ ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA);
// check that app can access its own aliases
check_alias_count(count - 1 + 1);
}
- deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+ deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
// check that app can't access other aliases for which permission has been revoked
check_alias_count(count - 2);
// tries to add access to data in a database of invalid user
RUNNER_TEST(T3140_control_allow_invalid_user)
{
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- int ret = ckmc_set_permission_by_adm(
- APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+ int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+ "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
}
// tries to revoke access to data in a database of invalid user
RUNNER_TEST(T3141_control_deny_invalid_user)
{
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+ "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
}
// tries to read other application data with permission
RUNNER_TEST(T3142_control_deprecated_access_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to read other application data with permission to read/remove
RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
}
}
// tries to remove other application data with permission to read
RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+ // prepare: add data
+ GarbageCollector gc;
+ {
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
+ }
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
{
- ScopedLabel sl(TEST_LABEL2);
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3145_control_deprecated_remove_allowed)
{
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+ // prepare: add data
+ GarbageCollector gc;
{
- ScopedLabel sl(TEST_LABEL2);
-
- check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+ ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+ gc.save(TEST_ALIAS, TEST_DATA);
}
-}
+ allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+ {
+ ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-RUNNER_TEST(T3999_deinit)
-{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ }
}
namespace {
-const char *CHAINS_PASSWD = "chains-pass";
-
typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
addCert(m_trustedCerts, cert);
std::stringstream ss;
- ss << "TRUSTED_CERT_ALIAS_" << size;
+ ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
save_cert(cert, ss.str().c_str());
addAlias(m_trustedAliases, ss.str().c_str());
}
addCert(m_untrustedCerts, cert);
std::stringstream ss;
- ss << "UNTRUSTED_CERT_ALIAS_" << size;
+ ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
save_cert(cert, ss.str().c_str());
addAlias(m_untrustedAliases, ss.str().c_str());
}
RUNNER_TEST(TCCH_0000_init)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
}
// old API
RUNNER_TEST(TCCH_0010_get_chain_old_api)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<ChainApiOld> cv;
cv.verifyNegative(TestData::GOOGLE_COM);
// old API
RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<ChainApiOld> cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
// check invalid arguments
RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
// alias
ca1 = create_cert(TestData::GEOTRUST);
- save_cert(ca1, "GEOTRUST");
- AliasListPtr untrusted_a = create_alias_list("GEOTRUST", NULL);
+ save_cert(ca1, sharedDatabase("GEOTRUST").c_str());
+ AliasListPtr untrusted_a = create_alias_list(sharedDatabase("GEOTRUST").c_str(), NULL);
assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
NULL_CERT,
// check invalid arguments
RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_list_s* chain = NULL;
- AliasListPtr non_existing = create_alias_list("NON_EXISTING_ALIAS", NULL);
+ AliasListPtr non_existing = create_alias_list(sharedDatabase("NON_EXISTING_ALIAS").c_str(), NULL);
assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
ckmc_get_cert_chain_with_trustedcert_alias,
ca2,
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
*/
RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.addUntrusted(TestData::GIAG2);
*/
RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(false);
RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
{
- reset_user_data(0, CHAINS_PASSWD);
+ remove_user_data(0);
ChainVerifier<> cv;
cv.enableSystem(true);
#include <stddef.h>
#include <stdlib.h>
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-
namespace {
-
-typedef enum {
- ALIAS_KEY,
- ALIAS_CERT,
- ALIAS_DATA
-} alias_type_;
-
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
const char* USER_PASS = "user-pass";
+const char* TEST_LABEL = "test_label";
+const char* TEST_SYSTEM_ALIAS = "system-alias-1";
+const char* TEST_DATA = "ABCD";
+} // namespace anonymous
-int count_aliases(alias_type_ type, int minimum_initial_element_count = 0)
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ec;
- switch(type)
- {
- case ALIAS_KEY:
- ec = ckmc_get_key_alias_list(&aliasList);
- break;
- case ALIAS_CERT:
- ec = ckmc_get_cert_alias_list(&aliasList);
- break;
+RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
- case ALIAS_DATA:
- ec = ckmc_get_data_alias_list(&aliasList);
- break;
- }
- if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
- return 0;
- else if(ec==0)
- {
- ckmc_alias_list_s *plist = aliasList;
- int return_count = 0;
- while(plist)
- {
- plist = plist->next;
- return_count ++;
- }
- ckmc_alias_list_all_free(aliasList);
+RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
+{
+ int temp;
- RUNNER_ASSERT_MSG(
- return_count >= minimum_initial_element_count,
- "Error: alias list failed, current element count: " << return_count <<
- " while expected minimal count of " << minimum_initial_element_count <<
- " elements");
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
+ CKMCReadableError(temp));
- return return_count;
- }
- else
- {
- // error - fail
- RUNNER_ASSERT_MSG(
- ec >= 0,
- "Error: alias list failed, ec: " << CKMCErrorToString(ec));
- }
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
+ CKMCReadableError(temp));
- return ec;
+ remove_user_data(5000);
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
+ CKMCReadableError(temp));
}
-} // namespace anonymous
-
-
-RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
-
RUNNER_TEST(T3011_Control_C_API)
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
}
RUNNER_TEST(T3014_Control_C_API)
{
int temp;
- const uid_t UNIQUE_USER = 15;
-
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
- // unlock with default password
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
- CKMCReadableError(temp));
+ const uid_t UNIQUE_USER = 6500;
+
+ // clean up environment
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+ CKMCReadableError(temp));
+ // unlock with empty password
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
+ CKMCReadableError(temp));
// reset password (NULL, "simple-password")
RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
CKMCReadableError(temp));
// try to reset password when db locked
RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
CKMCReadableError(temp));
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
+ // clean up environment
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3015_Control_C_API)
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
+ CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
}
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
+}
+
+RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
+{
+ save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
+
+ // [test] - expect success
+ check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA);
+
+ // remove user data - expect to map to the system DB
+ int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
CKMCReadableError(temp));
+
+ // [test] - expect fail
+ check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
ckmc_policy_s test_policy;
char* password = NULL;
- const char *alias = "mykey";
+ CKM::Alias alias = sharedDatabase("mykey");
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
test_key2 = &test_key;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
CKMCReadableError(temp));
}
ckmc_cert_s *cert2;
ckmc_cert_s cert;
- const char *alias = "test-cert-1-RSA";
+ CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
ckmc_policy_s test_policy;
test_policy.password = password;
cert.data_format = CKMC_FORM_PEM;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
char* password = NULL;
ckmc_cert_s *cert2;
- const char *alias = "test-cert-1-RSA";
+ CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
}
cert.cert_size = certPem.length();
cert.data_format = CKMC_FORM_PEM;
- int current_aliases_num = count_aliases(ALIAS_CERT);
+ size_t current_aliases_num = count_aliases(ALIAS_CERT);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_CERT);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_CERT)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
cert.cert_size = certPem.length();
cert.data_format = CKMC_FORM_PEM;
- const char *alias = "test-cert-1-DSA";
+ CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
test_policy3.password = password;
test_policy3.extractable = 0;
- int current_aliases_num = count_aliases(ALIAS_KEY);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
ckmc_key_s *test_key2;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+ CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_TEST(T3041_init_C_API)
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
test_policy3.password = password;
test_policy3.extractable = 0;
- int current_aliases_num = count_aliases(ALIAS_DATA);
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
ckmc_raw_buffer_s *testData4;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
CKMCReadableError(temp));
int compareResult;
std::string binData = "My bin data";
- int current_aliases_num = count_aliases(ALIAS_DATA);
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+ (current_aliases_num+3) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
RUNNER_TEST(T3044_remove_bin_data_C_API)
{
int temp;
- int current_aliases_num = count_aliases(ALIAS_DATA, 2);
+ size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- (current_aliases_num-2) == (temp = count_aliases(ALIAS_DATA)),
- "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << temp);
+ (current_aliases_num-2) == actual_cnt,
+ "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
char* password = NULL;
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
CKMCReadableError(temp));
int compareResult;
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
CKMCReadableError(temp));
}
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
policy_public_key.extractable = 1;
- int current_aliases_num = count_aliases(ALIAS_KEY);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+ (current_aliases_num+2) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
ckmc_key_s *privateKey;
RUNNER_ASSERT_MSG(
policy_public_key.password = NULL;
policy_public_key.extractable = 1;
- int current_aliases_num = count_aliases(ALIAS_KEY);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
CKMCReadableError(temp));
+ size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+ (current_aliases_num+2) == actual_cnt,
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
ckmc_key_s *privateKey = 0;
RUNNER_ASSERT_MSG(
RUNNER_TEST(T3061_CAPI_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, USER_PASS);
}
RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
int temp;
size_t size = 1024;
- const char *private_key_alias = "rsa-test-1";
- const char *public_key_alias = "rsa-test-2";
+ CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
+ CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
policy_public_key.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
// on next attempt to generate keys with the same alias, expect fail (alias exists)
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
}
int temp;
size_t size = 1024;
- const char *private_key_alias = "dsa-test-1";
- const char *public_key_alias = "dsa-test-2";
+ CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
+ CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
policy_public_key.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
}
int temp;
ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- const char *private_key_alias = "ecdsa-test-1";
- const char *public_key_alias = "ecdsa-test-2";
+ CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
+ CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
policy_public_key.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3065_CAPI_deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
// TODO
RUNNER_TEST(T3071_CAPI_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
+ std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
ckmc_cert_s c_cert;
c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
ckmc_cert_list_s *cert_chain_list;
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
- ckmc_ocsp_status_e ocsp_status;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
+ ckmc_ocsp_status_e ocsp_status;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
}
RUNNER_TEST(T3075_CAPI_deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
+ CKM::Alias pub_alias = sharedDatabase("pub1");
+ CKM::Alias pri_alias = sharedDatabase("prv1");
const char *key_passwd = "1234";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
int temp;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
- const char *pub_alias = "pub1";
- const char *pri_alias = "prv1";
+ CKM::Alias pub_alias = sharedDatabase("pub1");
+ CKM::Alias pri_alias = sharedDatabase("prv1");
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
"-----END PUBLIC KEY-----\n";
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pri_alias = "ecprv2";
- const char *pub_alias = "ecpub2";
+ CKM::Alias pri_alias = sharedDatabase("ecprv2");
+ CKM::Alias pub_alias = sharedDatabase("ecpub2");
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
pripolicy.extractable = 0;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pri_alias = "prv3";
- const char *pub_alias = "pub3";
+ CKM::Alias pri_alias = sharedDatabase("prv3");
+ CKM::Alias pub_alias = sharedDatabase("pub3");
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
pripolicy.extractable = 0;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pub_alias = "dsa-pub1";
- const char *pri_alias = "dsa-prv1";
+ CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
+ CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
// positive test
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
invalid_msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pub_alias = "dsa-pub2";
- const char *pri_alias = "dsa-prv2";
+ CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
+ CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias, pub_alias, policy_private_key, policy_public_key)),
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
"Error=" << temp);
char *pri_passwd = NULL;
ckmc_key_s *pubkey = NULL;
ckmc_key_s *prikey = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias, 0, &prikey)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias, 0, &pubkey)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
// positive test
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
invalid_msg_buff,
*signature,
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- const char *pri_alias = "prv4";
- const char *pub_alias = "pub4";
+ CKM::Alias pri_alias = sharedDatabase("prv4");
+ CKM::Alias pub_alias = sharedDatabase("pub4");
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias,
+ pri_alias.c_str(),
pri_passwd,
msg_buff,
hash_algo,
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_ASSERT_MSG(
CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias,
+ pub_alias.c_str(),
pub_passwd,
msg_buff,
*signature,
RUNNER_TEST(T3089_CAPI__deinit)
{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3091_CAPI_TYPE_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, USER_PASS);
}
RUNNER_TEST(T3092_CAPI_TYPE_KEY)
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
unsigned int size = certPem.size();
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
- CKMCReadableError(ret));
+ CKMCReadableError(ret));
RUNNER_ASSERT_MSG(
pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
- const char *lcert_alias = "lcert_alias";
+ CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
ckmc_policy_s policy;
policy.password = NULL;
policy.extractable = 1;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
+ CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
CKMCReadableError(ret));
remove(file_name);
policy.extractable = 1;
- const char *pkey_alias = "pkey_alias";
+ CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
CKMCReadableError(temp));
- const char *cert_alias = "cert_alias";
+ CKM::Alias cert_alias = sharedDatabase("cert_alias");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
CKMCReadableError(temp));
- std::string caCertAlias = "ca_cert_alias_";
+ std::string caCertAlias = sharedDatabase("ca_cert_alias_");
const char *idx = "0";
int cnt = 0;
ckmc_cert_list_s *tmpList = ca_cert_list;
}
RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
- const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
- const char *password = "password";
+ const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+ const char *password = "password";
- int temp;
+ int temp;
- ckmc_pkcs12_s *ppkcs12 = NULL;
+ ckmc_pkcs12_s *ppkcs12 = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
+ RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
+ RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
- const char *pkey_alias = "pkey_alias2";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)),
- CKMCReadableError(temp));
+ CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
+ CKMCReadableError(temp));
- const char *cert_alias = "cert_alias2";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)),
- CKMCReadableError(temp));
- std::string caCertAlias = "ca_cert_alias_2_";
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- CKMCReadableError(temp));
- tmpList = tmpList->next;
- cnt ++;
- }
+ CKM::Alias cert_alias = sharedDatabase("cert_alias2");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
+ CKMCReadableError(temp));
+ std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
+ const char *idx = "0";
+ int cnt = 0;
+ ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
+ while(tmpList != NULL) {
+ caCertAlias.append(idx);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
+ CKMCReadableError(temp));
+ tmpList = tmpList->next;
+ cnt ++;
+ }
- RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
+ RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
- ckmc_pkcs12_free(ppkcs12);
+ ckmc_pkcs12_free(ppkcs12);
}
RUNNER_TEST(T3098_CAPI_TYPE_deinit)
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
CKMCReadableError(temp));
namespace
{
-const char* alias_PKCS_exportable = "CAPI-test-PKCS-export";
-const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
{
- const char *wrong_passwd = "wrong";
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
- CKMCReadableError(temp));
+ const char *wrong_passwd = "wrong";
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
{
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
-
- // save to the CKM
- ckmc_policy_s exportable;
- exportable.password = NULL;
- exportable.extractable = 1;
- ckmc_policy_s notExportable;
- notExportable.password = NULL;
- notExportable.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
-
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
+
+ // save to the CKM
+ ckmc_policy_s exportable;
+ exportable.password = NULL;
+ exportable.extractable = 1;
+ ckmc_policy_s notExportable;
+ notExportable.password = NULL;
+ notExportable.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
+ CKMCReadableError(temp));
+
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
+
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
{
- int temp;
- ckmc_pkcs12_s *pkcs = NULL;
-
- // fail - no entry
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // fail - not exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // success - exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
- size_t cntr = 0;
- ckmc_cert_list_s *iter = pkcs->ca_chain;
- do {
- cntr ++;
- iter = iter->next;
- } while(iter);
- RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
-
- ckmc_pkcs12_free(pkcs);
+ int temp;
+ ckmc_pkcs12_s *pkcs = NULL;
+
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+ size_t cntr = 0;
+ ckmc_cert_list_s *iter = pkcs->ca_chain;
+ do {
+ cntr ++;
+ iter = iter->next;
+ } while(iter);
+ RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+ ckmc_pkcs12_free(pkcs);
}
RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
{
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- int temp;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- alias_PKCS_exportable,
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- alias_PKCS_exportable,
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ int temp;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ alias_PKCS_exportable.c_str(),
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ alias_PKCS_exportable.c_str(),
+ NULL,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
{
- int tmp;
-
- // remove the whole PKCS12 bundles
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)),
- CKMCReadableError(tmp));
-
- // expect lookup fails due to unknown alias
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
+ int tmp;
+
+ // remove the whole PKCS12 bundles
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())),
+ CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())),
+ CKMCReadableError(tmp));
+
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
+
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T3201_CAPI_unlock_database)
{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
- CKMCReadableError(temp));
+ reset_user_data(USER_APP, USER_PASS);
}
RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, USER_PASS);
+
int temp;
- char alias[10] = "mykey";
+ CKM::Alias alias = "mykey";
char *password = NULL;
ckmc_key_s *test_key = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
"Error=" << temp);
RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, USER_PASS);
+
int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
}
RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
int temp;
- char alias[10] = "mykey";
+ CKM::Alias alias = "mykey";
char *password = NULL;
ckmc_key_s *test_key = NULL;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
+ CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
RUNNER_TEST(T3204_deinit)
{
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
+ remove_user_data(USER_APP);
}
const char* const USER_LABEL = "User";
const char* const CKM_LOCK = "/var/run/key-manager.pid";
-const char* const CC_PASSWD = "t200-special-password";
-
// Wrapper for mdpp state that restores the original value upon destruction
class MdppState
{
-Alias rsa_pri_alias("rsa-private-T2002");
-Alias rsa_pub_alias("rsa-public-T2002");
-Alias ecdsa_pri_alias("ecdsa-private-T2002");
-Alias ecdsa_pub_alias("ecdsa-public-T2002");
+Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002");
+Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
+Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
+Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
void save_keys()
{
RUNNER_TEST(TCC_0000_init)
{
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
}
// updatedCCMode should succeed regardless of mdpp setting
stop_service(LISTENER);
MdppState mdpp;
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
mdpp.set(NULL);
{
// restart listener without vconf callback
stop_service(LISTENER);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
MdppState mdpp;
mdpp.set(NULL);
update_cc_mode();
update_cc_mode();
start_service(LISTENER);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
{
restart_ckm(DISABLED);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(ENABLED);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(ENFORCING);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(READY);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_SUCCESS);
}
{
restart_ckm("whatever");
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_SUCCESS);
}
{
restart_ckm(NULL);
- reset_user_data(0, CC_PASSWD);
+ remove_user_data(0);
save_keys();
read_keys(CKM_API_SUCCESS);
}
void change_label(const char* label)
{
int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self. Error: " << ret);
+ RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
}
ScopedLabel::ScopedLabel(const char* label) : m_original_label(get_label())
RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
<< CKMCErrorToString(ret) << " while expected: "
<< CKMCErrorToString(expected_err));
+
}
ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id)
{
int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(user_id)), CKMCErrorToString(temp));
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(user_id, passwd)), CKMCErrorToString(temp));
}
ScopedDBUnlock::~ScopedDBUnlock()
{
int temp;
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(m_uid)), CKMCErrorToString(temp));
}
void check_remove_allowed(const char* alias)
void remove_user_data(uid_t user_id)
{
- int ret;
auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->lockUserKey(user_id)),
- "Error=" << CKM::ErrorToString(ret));
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)),
- "Remove user data failed with error: " << CKM::ErrorToString(ret));
+ control->lockUserKey(user_id);
+ control->removeUserData(user_id);
}
void reset_user_data(uid_t user_id, const char *passwd)
RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
}
+
+size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
+{
+ ckmc_alias_list_s *aliasList = NULL;
+ int ec;
+ switch(type)
+ {
+ case ALIAS_KEY:
+ ec = ckmc_get_key_alias_list(&aliasList);
+ break;
+
+ case ALIAS_CERT:
+ ec = ckmc_get_cert_alias_list(&aliasList);
+ break;
+
+ case ALIAS_DATA:
+ ec = ckmc_get_data_alias_list(&aliasList);
+ break;
+ }
+ if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
+ return 0;
+ else if(ec==0)
+ {
+ ckmc_alias_list_s *plist = aliasList;
+ size_t return_count = 0;
+ while(plist)
+ {
+ plist = plist->next;
+ return_count ++;
+ }
+ ckmc_alias_list_all_free(aliasList);
+
+ RUNNER_ASSERT_MSG(
+ return_count >= minimum_initial_element_count,
+ "Error: alias list failed, current element count: " << return_count <<
+ " while expected minimal count of " << minimum_initial_element_count <<
+ " elements");
+
+ return return_count;
+ }
+ else
+ {
+ // error - fail
+ RUNNER_ASSERT_MSG(
+ ec >= 0,
+ "Error: alias list failed, ec: " << CKMCErrorToString(ec));
+ }
+
+ return 0;
+}
+
+std::string sharedDatabase(const CKM::Alias & alias)
+{
+ return aliasWithLabel(ckmc_label_shared_owner, alias.c_str());
+}
ckmc_raw_buffer_s prepare_message_buffer(const char * input);
void check_alias_list(const CKM::AliasVector& expected);
+
+typedef enum {
+ ALIAS_KEY,
+ ALIAS_CERT,
+ ALIAS_DATA
+} alias_type_;
+size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0);
+std::string sharedDatabase(const CKM::Alias & alias);
namespace {
const int USER_APP = 5000;
const int GROUP_APP = 5000;
+
+const int USER_APP_2 = 5020;
+const int USER_APP_3 = 5030;
+
+const char * const APP_PASS = "user-pass";
const int USER_TEST = 5001;
+const char* TEST_LABEL = "test_label";
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
auto control = CKM::Control::create();
control->removeUserData(0);
- control->removeUserData(20);
+ control->removeUserData(USER_APP_2);
control->removeUserData(USER_APP);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+ CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
"Error=" << CKM::ErrorToString(temp));
}
RUNNER_TEST(T1010_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ unlock_user_data(USER_APP, "user-pass");
}
RUNNER_TEST(T1011_key)
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
+ CKM::Alias alias = sharedDatabase("mykey");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::CertificateShPtr cert2;
- CKM::Alias alias = "myCert";
+ CKM::Alias alias = sharedDatabase("myCert");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
RUNNER_TEST(T1014_save_with_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1015_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
{
int temp;
auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
"Error=" << CKM::ErrorToString(temp));
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
+ CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
RUNNER_TEST(T1029_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-
RUNNER_TEST(T1030_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
+ reset_user_data(USER_APP, APP_PASS);
}
RUNNER_TEST(T1031_save_get_bin_data)
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
"The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
}
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 3,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == (current_aliases_num+3),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
RUNNER_TEST(T1033_remove_bin_data)
CKM::AliasVector labelAliasVector;
- std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
+ std::string invalid_address = sharedDatabase("i-do-not-exist");
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- labelAliasVector.size() == 1,
- "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == (current_aliases_num-2),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1034_getData_wrong_password)
+RUNNER_TEST(T1034_app_remove_bin_data)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int temp;
auto manager = CKM::Manager::create();
- std::string binData1 = "My bin data4";
+ std::string binData2 = "My bin data";
+ CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+ CKM::AliasVector labelAliasVector;
+ size_t current_aliases_num = count_aliases(ALIAS_DATA);
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
"Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ labelAliasVector.size() == (current_aliases_num-2),
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- buffer == buffer1,
+ buffer == buffer2,
"Data corrupted");
-
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1035_deinit)
+RUNNER_TEST(T1035_getData_wrong_password)
{
int temp;
- auto control = CKM::Control::create();
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data4";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
"Error=" << CKM::ErrorToString(temp));
+
+ CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ buffer == buffer1,
+ "Data corrupted");
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
"Error=" << CKM::ErrorToString(temp));
}
+RUNNER_TEST(T1036_deinit)
+{
+ remove_user_data(0);
+ remove_user_data(USER_APP);
+}
+
RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
RUNNER_TEST(T1040_init)
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- 2 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 2");
+ (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- 2 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 2");
+ (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
RUNNER_TEST(T1049_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1110_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ unlock_user_data(USER_APP, "user-pass");
}
RUNNER_TEST(T1111_CreateKeyPairRSA)
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1("rsa-test-1");
- CKM::Alias a2("rsa-test-2");
+ CKM::Alias a1 = sharedDatabase("rsa-test-1");
+ CKM::Alias a2 = sharedDatabase("rsa-test-2");
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1("dsa-test-1");
- CKM::Alias a2("dsa-test-2");
+ CKM::Alias a1 = sharedDatabase("dsa-test-1");
+ CKM::Alias a2 = sharedDatabase("dsa-test-2");
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1("ecdsa-test-1");
- CKM::Alias a2("ecdsa-test-2");
+ CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
+ CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1114_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
RUNNER_TEST(T12100_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ reset_user_data(USER_APP, APP_PASS);
}
RUNNER_TEST(T12101_key_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12102_saveKey_empty_alias)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
RUNNER_TEST(T12103_saveKey_foreign_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
RUNNER_TEST(T12104_saveKey_empty_key)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias; //alias is not initialized
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
RUNNER_TEST(T12108_saveData_empty_alias)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
CKM::Alias alias;
RUNNER_TEST(T12109_saveData_foreign_label)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12110_saveData_empty_data)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12113_getData_alias_not_exist)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int temp;
auto manager = CKM::Manager::create();
CKM::RawBuffer buffer;
*/
RUNNER_TEST(T12114_rsa_key_damaged)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12115_rsa_key_too_short)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12116_dsa_key_too_short)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
{
+ ScopedAccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
{
RUNNER_TEST(T12119_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
RUNNER_TEST(T1311_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
RUNNER_ASSERT_MSG(time(0) > 1405343457,
"Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
- CKM::Alias alias("imcert");
- CharPtr top_label = get_label();
- std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+ CKM::Alias alias = sharedDatabase("imcert");
int tmp;
auto manager = CKM::Manager::create();
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(full_address);
+ aliasVector.push_back(alias);
tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_TEST(T1315_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
RUNNER_TEST(T1411_init)
{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST(T1412_rsa_key_create_verify)
std::string message = "message test";
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
+ CKM::Alias aliasPub = sharedDatabase("pub1");
+ CKM::Alias aliasPrv = sharedDatabase("prv1");
CKM::Password password = "1234";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = "pub2";
- CKM::Alias aliasPrv = "prv2";
+ CKM::Alias aliasPub = sharedDatabase("pub2");
+ CKM::Alias aliasPrv = sharedDatabase("prv2");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = "ecpub2";
- CKM::Alias aliasPrv = "ecprv2";
+ CKM::Alias aliasPub = sharedDatabase("ecpub2");
+ CKM::Alias aliasPrv = sharedDatabase("ecprv2");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
+ CKM::Alias aliasPub = sharedDatabase("pub1");
+ CKM::Alias aliasPrv = sharedDatabase("prv1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub2";
- CKM::Alias aliasPrv = "prv2";
+ CKM::Alias aliasPub = sharedDatabase("pub2");
+ CKM::Alias aliasPrv = sharedDatabase("prv2");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = "pub1-cert";
- CKM::Alias aliasPrv = "prv1-cert";
+ CKM::Alias aliasPub = sharedDatabase("pub1-cert");
+ CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = "pub2-cert";
- CKM::Alias aliasPrv = "prv2-cert";
+ CKM::Alias aliasPub = sharedDatabase("pub2-cert");
+ CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = "pub3";
- CKM::Alias aliasPrv = "prv3";
+ CKM::Alias aliasPub = sharedDatabase("pub3");
+ CKM::Alias aliasPrv = sharedDatabase("prv3");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
RUNNER_TEST(T1420_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
RUNNER_TEST(T14180_init)
{
int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
auto manager = CKM::Manager::create();
"zQIDAQAB\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::Password password = "1234";
auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
"05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasEcPub = "ecpub_nohash1";
- CKM::Alias aliasEcPrv = "ecprv_nohash1";
+ CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
+ CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
- CKM::Alias aliasPub = "pub_nohash1";
- CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = "ecpub_nohash1";
- CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
int msgSize = 1024*1024;
char big_msg[msgSize];
for(int i =0; i<msgSize-1; i++) {
- big_msg[i] = 'a';
+ big_msg[i] = 'a';
}
big_msg[msgSize-1]=0x00;
std::string message(big_msg);
- CKM::Alias aliasPub = "ecpub_nohash1";
- CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+ CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
CKM::RawBuffer signature;
RUNNER_TEST(T14189_deinit)
{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
+ remove_user_data(0);
}
RUNNER_CHILD_TEST(T1510_init_unlock_key)
{
- int tmp;
ScopedAccessProvider ap("my-label");
ap.allowAPI("key-manager::api-control", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ unlock_user_data(USER_TEST, "strong-password");
}
RUNNER_CHILD_TEST(T1511_insert_data)
RUNNER_TEST(T1701_init_unlock_key)
{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ ScopedAccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ unlock_user_data(USER_TEST+1, "t170-special-password");
}
RUNNER_CHILD_TEST(T1702_insert_data)
auto certee = TestData::getTestCertificate(TestData::MBANK);
auto manager = CKM::Manager::create();
+ size_t current_aliases_num = count_aliases(ALIAS_CERT);
int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
+ (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
}
RUNNER_TEST(T1703_removeApplicationData)
RUNNER_TEST(T1705_deinit)
{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_TEST+1);
}
RUNNER_TEST(T17101_init)
RUNNER_TEST(T17112_deinit)
{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_TEST+2);
+ remove_user_data(USER_TEST+3);
}
RUNNER_TEST_GROUP_INIT(T180_PKCS12);
namespace
{
-CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
-CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
-CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
-CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
-CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
-const char *PKCS_PASSWD = "PKCS-pass";
+CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
+CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
+CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
+CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
}
RUNNER_TEST(T1800_init)
{
- reset_user_data(0, PKCS_PASSWD);
+ remove_user_data(0);
}
RUNNER_TEST(T1801_parse_PKCS12) {
// fail - no entry
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
"Error=" << CKM::ErrorToString(temp));
// fail - not exportable
RUNNER_TEST(T1812_get_pkcs12_password_tests)
{
- CKM::Alias alias = "t1812alias1";
+ CKM::Alias alias = sharedDatabase("t1812alias1");
auto manager = CKM::Manager::create();
std::ifstream is("/usr/share/ckm-test/pkcs.p12");
}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-
+namespace {
+const char * const T190_PASSWD = "t190-special-password";
+}
RUNNER_TEST(T1901_init_unlock_key)
{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ reset_user_data(USER_APP, T190_PASSWD);
}
RUNNER_TEST(T1902_get_data)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
+
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
int tmp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
"Error=" << CKM::ErrorToString(tmp));
}
RUNNER_TEST(T1904_get_data_from_locked_database)
{
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
RUNNER_TEST(T1905_deinit)
{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
+ remove_user_data(USER_APP);
}
int main(int argc, char *argv[])
// add permission to the resource to a user app
// [test]
// switch to user app, leave DB locked
- // try to access system DB item - expect fail
+ // try to access system DB item - expect success
// [prepare]
GarbageCollector gc;
cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64));
}
- // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015
+ // GOOGLE_COM, *.google.com - signed by GIAG2, expires 21 Jul 2015
{
std::string raw_base64 = std::string(
"-----BEGIN CERTIFICATE-----\n"
- "MIIGxTCCBa2gAwIBAgIIBIsVw6gw3hgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "MIIGxTCCBa2gAwIBAgIIF4oWRtoEsZgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjExMTI0NzAyWhcNMTUwNTEyMDAwMDAw\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNDIyMTM0NzM5WhcNMTUwNzIxMDAwMDAw\n"
"WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
"TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n"
- "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmokK6sw/osw7yrkc\n"
- "rSJZk5FAod6yrCptxyq7AssrJbcTCpuxGbG9Ip6/jR8QP4109kZxadoaZ/0ICOh5\n"
- "bHx44qOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
+ "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeI/HfDmnVdpQ4JNA\n"
+ "9z7aYLzV30SZp0EFfrC5iV4l4AVNRfnCjOdYrdx387n9mhVPghWVWDkb05JtRZqr\n"
+ "9vgwMqOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
"A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n"
"ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n"
"YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n"
"YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n"
"B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n"
"ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n"
- "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBShZRhQFOqlCCt51oEJBD94sL7K4zAMBgNV\n"
+ "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTgUFAZJ8fMjqEj8KpwMspvje7cSzAMBgNV\n"
"HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1Ud\n"
"IAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtp\n"
- "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBOQBrolcUp\n"
- "UFh/5O369pXbuxDZajpSKAjX4Zu6L5LxS9NQRuWqheWNsNcZMRzZ6dP6xpeqf522\n"
- "zUjzUEzDCOaxCbccakucnXUvg3/m5qgYhxUmLdZjXZ53mTCy4tHbswQrwnxZH+t+\n"
- "Y4rlJFr4bzPNPx7ucB7wRvxFGCjWXflK1JpgXmUcjFFu8/xrlqJdCwmrjEOJaVRq\n"
- "urh11t2o4N/DjdboKWBdv+reuijPjzJTKmTbjuZU/bty6COIqtu8vWD39xRCK2y+\n"
- "W6und7oGKIEvisrLIoHRRgBPfiFBxuzLbvOg/mGbz34pSuBJEzMxrAbkOnGWEQOm\n"
- "B3KPgoV0lPFo\n"
+ "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQA2YKaE9hJu\n"
+ "96a81VC53Qrk1JbhMeVRL+uLsidRNK2uBCzJs4zkKT8QTp2m0w792djprAMDuzKx\n"
+ "GUaVj9TyAX5b1ObcRh2cvom1bzakjWpr1sLW+71vPIeRK8XZvbkVpvgbUF5pQFda\n"
+ "xZmS49iTG4+8yH6jSnlC/GLSFBihIYmKhU4HSOvzhRBbMNc6ldfvyomE0DtGJXDs\n"
+ "qOQqfwpyUopGZIIiETLw3PQrdrXSxhoTaVdvL0V9+SGS4Dp7D+WsNl23a7nhxUv3\n"
+ "PSl6FTRcANKzXflSpdbu9BsuD78KQNnK2cl0mlcE8PETflMFjogi7OhEEQitwp3S\n"
+ "043LZ7LBy0m5\n"
"-----END CERTIFICATE-----\n");
cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64));
}
SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018
EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018
- GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015
+ GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 21 Jul 2015
// footer - last element in the set
NO_CERT
#include <errno.h>
#include <string.h>
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
+const uid_t APP_UID = 5000;
+const gid_t APP_GID = 5000;
+const uid_t APP_UID_2 = 5200;
+const gid_t APP_GID_2 = 5200;
const uid_t DB_ALARM_UID = 6001;
const gid_t DB_ALARM_GID = 6001;
const std::string TMP_DIR("/tmp");