CKM: re-factoring tests after adding system-DB support.

author Maciej J. Karpiuk <m.karpiuk2@samsung.com>

Wed, 22 Apr 2015 08:43:21 +0000 (10:43 +0200)

committer Maciej J. Karpiuk <m.karpiuk2@samsung.com>

Fri, 15 May 2015 07:56:19 +0000 (09:56 +0200)
author Maciej J. Karpiuk <m.karpiuk2@samsung.com>
Wed, 22 Apr 2015 08:43:21 +0000 (10:43 +0200)
committer Maciej J. Karpiuk <m.karpiuk2@samsung.com>
Fri, 15 May 2015 07:56:19 +0000 (09:56 +0200)
diff --git a/src/ckm/async-api.cpp b/src/ckm/async-api.cpp

index 27284c4..d659ba9 100644 (file)
--- a/src/ckm/async-api.cpp
+++ b/src/ckm/async-api.cpp
@@ -41,6 +41,7 @@
  #include <tests_common.h>
  #include <test-certs.h>
  #include <ckm-common.h>
+#include <access_provider2.h>
  
  using namespace CKM;
  using namespace std;
@@ -48,7 +49,11 @@ using namespace TestData;
  
  namespace {
  
-const char* TEST_LABEL = "test_label";
+const char* TEST_LABEL      = "test_label";
+const char* TEST_LABEL_2    = "test_label-2";
+
+const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+
  const CertificateShPtrVector EMPTY_CERT_VECTOR;
  const AliasVector EMPTY_ALIAS_VECTOR;
  
@@ -321,18 +326,8 @@ RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
  
  RUNNER_TEST(TA0000_init)
  {
-    int temp;
-    ControlShPtr control = Control::create();
-
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-                      "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)),
-                      "Error=" << CKM::ErrorToString(temp));
-
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
-                      "Error=" << ErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)),
-                      "Error=" << ErrorToString(temp));
+    remove_user_data(0);
+    reset_user_data(APP_UID, TEST_PASS);
  }
  
  // saveKey
@@ -1136,37 +1131,42 @@ RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param)
  
  RUNNER_TEST(TA1820_allow_access)
  {
-    DBCleanup dbc;
-    CharPtr top_label = get_label();
-    test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
-    test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
-    test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
-    test_positive(&ManagerAsync::setPermission,
-                  dbc.alias("alias2"),
-                  TEST_LABEL,
-                  CKM::Permission::READ);
-    test_positive(&ManagerAsync::setPermission,
-                  dbc.alias("alias3"),
-                  TEST_LABEL,
-                  CKM::Permission::READ | CKM::Permission::REMOVE);
+    // prepare: add data
+    std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+    std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
+    std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+        gc.save(alias1.c_str(), TEST_DATA);
+        gc.save(alias2.c_str(), TEST_DATA);
+        gc.save(alias3.c_str(), TEST_DATA);
+
+        test_positive(&ManagerAsync::setPermission,
+                      alias2,
+                      TEST_LABEL_2,
+                      CKM::Permission::READ);
+        test_positive(&ManagerAsync::setPermission,
+                      alias3,
+                      TEST_LABEL_2,
+                      CKM::Permission::READ | CKM::Permission::REMOVE);
+    }
  
      {
-        ScopedLabel label(TEST_LABEL);
+        ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
  
-        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
-        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
+        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
  
          // test from allowed label, but without properly addressing alias (coming from default label)
-        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
+        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
  
          // now test with appropriate addressing
-        std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
-        test_positive(&ManagerAsync::getData, full_alias2_address, "");
-        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
+        test_positive(&ManagerAsync::getData, alias2, "");
+        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
  
-        std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
-        test_positive(&ManagerAsync::getData, full_alias3_address, "");
-        test_positive(&ManagerAsync::removeAlias, full_alias3_address);
+        test_positive(&ManagerAsync::getData, alias3, "");
+        test_positive(&ManagerAsync::removeAlias, alias3);
      }
  }
  
@@ -1182,21 +1182,28 @@ RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param)
  
  RUNNER_TEST(TA1920_deny_access)
  {
-    DBCleanup dbc;
-    CharPtr top_label = get_label();
-    test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
-    test_positive(&ManagerAsync::setPermission,
-                  dbc.alias("alias"),
-                  TEST_LABEL,
-                  CKM::Permission::READ | CKM::Permission::REMOVE);
-    test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
+    // prepare: add data
+    std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+        gc.save(alias1.c_str(), TEST_DATA);
+
+        test_positive(&ManagerAsync::setPermission,
+                      alias1,
+                      TEST_LABEL_2,
+                      CKM::Permission::READ | CKM::Permission::REMOVE);
+        test_positive(&ManagerAsync::setPermission,
+                      alias1,
+                      TEST_LABEL_2,
+                      CKM::Permission::NONE);
+    }
  
      {
-        ScopedLabel label(TEST_LABEL);
+        ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
  
-        std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
-        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
-        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
+        test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+        test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
      }
  }
  
@@ -1242,25 +1249,25 @@ RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs)
      CKM::Policy notExportable(CKM::Password(), false);
  
      test_positive(&ManagerAsync::savePKCS12,
-                  alias_PKCS_exportable,
+                  sharedDatabase(alias_PKCS_exportable).c_str(),
                    pkcs,
                    exportable,
                    exportable);
      test_negative(&ManagerAsync::savePKCS12,
                    CKM_API_ERROR_DB_ALIAS_EXISTS,
-                  alias_PKCS_exportable,
+                  sharedDatabase(alias_PKCS_exportable).c_str(),
                    pkcs,
                    exportable,
                    exportable);
  
      test_positive(&ManagerAsync::savePKCS12,
-                  alias_PKCS_not_exportable,
+                  sharedDatabase(alias_PKCS_not_exportable).c_str(),
                    pkcs,
                    notExportable,
                    notExportable);
      test_negative(&ManagerAsync::savePKCS12,
                    CKM_API_ERROR_DB_ALIAS_EXISTS,
-                  alias_PKCS_not_exportable,
+                  sharedDatabase(alias_PKCS_not_exportable).c_str(),
                    pkcs,
                    notExportable,
                    notExportable);
@@ -1274,7 +1281,7 @@ RUNNER_TEST(TA2010_PKCS_get)
      // fail - no entry
      test_negative(&ManagerAsync::getPKCS12,
                    CKM_API_ERROR_DB_ALIAS_UNKNOWN,
-                  "i-do-not-exist",
+                  sharedDatabase("i-do-not-exist").c_str(),
                    CKM::Password(),
                    CKM::Password());
  
@@ -1282,13 +1289,13 @@ RUNNER_TEST(TA2010_PKCS_get)
      // fail - not exportable
      test_negative(&ManagerAsync::getPKCS12,
                    CKM_API_ERROR_NOT_EXPORTABLE,
-                  dbc.alias(alias_PKCS_not_exportable.c_str()),
+                  dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()),
                    CKM::Password(),
                    CKM::Password());
  
      // success - exportable
      auto obs = test_positive(&ManagerAsync::getPKCS12,
-                             dbc.alias(alias_PKCS_exportable.c_str()),
+                             dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()),
                               CKM::Password(),
                               CKM::Password());
  
@@ -1310,15 +1317,6 @@ RUNNER_TEST(TA2010_PKCS_get)
  
  RUNNER_TEST(TA9999_deinit)
  {
-    int temp;
-    ControlShPtr control = Control::create();
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)),
-                         "Error=" << ErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
-                         "Error=" << ErrorToString(temp));
-
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-                         "Error=" << ErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-                         "Error=" << ErrorToString(temp));
+    remove_user_data(0);
+    remove_user_data(APP_UID);
  }
diff --git a/src/ckm/capi-access_control.cpp b/src/ckm/capi-access_control.cpp

index 0e1625b..1312b4e 100644 (file)
--- a/src/ckm/capi-access_control.cpp
+++ b/src/ckm/capi-access_control.cpp
@@ -16,10 +16,18 @@
  #include <ckm/ckm-type.h>
  
  namespace {
+const int USER_ROOT             = 0;
+const int APP_1                 = 6000;
+const int GROUP_1               = 6000;
+const int APP_2                 = 6200;
+const int GROUP_2               = 6200;
+const char * const APP_PASS_1   = "app-pass-1";
+const char * const APP_PASS_2   = "app-pass-2";
+const char* APP_LABEL_1         = "APP_LABEL_1";
+const char* APP_LABEL_2         = "APP_LABEL_2";
+const char* APP_LABEL_3         = "APP_LABEL_3";
+const char* APP_LABEL_4         = "APP_LABEL_4";
  
-const uid_t USER_ROOT = 0;
-const char* APP_PASS = "user-pass";
-const char* ROOT_PASS = "test-pass";
  
  const char* NO_ALIAS = "definitely-non-existent-alias";
  const char* NO_OWNER = "definitely-non-existent-owner";
@@ -28,85 +36,58 @@ const char* TEST_ALIAS = "test-alias";
  const char* TEST_ALIAS2 = "test-alias2";
  const char* TEST_ALIAS3 = "test-alias3";
  
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL2 = "test-label2";
-const char* TEST_LABEL3 = "test-label3";
-const char* TEST_LABEL4 = "test-label4";
-
  const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
  
-
  void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
  {
      int ret = ckmc_allow_access(alias, accessor, accessRights);
      RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
  }
  
-void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
+void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
  {
      // data removal should revoke this access
-    int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights);
+    int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
      RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
  }
  
-void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask)
+void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
  {
      // data removal should revoke this access
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask);
+    int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
      RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
  }
  
-void deny_access_by_adm(const char* alias, const char* accessor)
+void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
  {
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE);
+    int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
  }
  
-int count_aliases()
-{
-    ckmc_alias_list_s *aliasList = NULL;
-    int ret = ckmc_get_data_alias_list(&aliasList);
-    if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN)
-        return 0;
-
-    RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret));
-
-    ckmc_alias_list_s *plist = aliasList;
-    int count = 0;
-    while(plist)
-    {
-        plist = plist->next;
-        count++;
-    }
-    ckmc_alias_list_all_free(aliasList);
-    return count;
-}
-
-void check_alias_count(int expected)
+void check_alias_count(size_t expected)
  {
-    int count = count_aliases();
+    size_t count = count_aliases(ALIAS_DATA);
      RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
  }
  
  } // namespace anonymous
  
-RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API);
+RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
  
  
  /////////////////////////////////////////////////////////////////////////////
  // Manager
  RUNNER_TEST(T3000_init)
  {
-    int temp;
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
+    reset_user_data(APP_1, APP_PASS_1);
+    reset_user_data(APP_2, APP_PASS_2);
  }
  
  // invalid arguments check
  RUNNER_TEST(T3001_manager_allow_access_invalid)
  {
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
      RUNNER_ASSERT(
              CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
      RUNNER_ASSERT(
@@ -116,6 +97,8 @@ RUNNER_TEST(T3001_manager_allow_access_invalid)
  // invalid arguments check
  RUNNER_TEST(T3002_manager_deny_access_invalid)
  {
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
  }
@@ -123,7 +106,7 @@ RUNNER_TEST(T3002_manager_deny_access_invalid)
  // tries to allow access for non existing alias
  RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
  {
-    switch_to_storage_user(TEST_LABEL);
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
  
      int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
      RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
@@ -133,7 +116,7 @@ RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
  // tries to deny access for non existing alias
  RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
  {
-    switch_to_storage_user(TEST_LABEL);
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
  
      int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
@@ -143,7 +126,7 @@ RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
  // tries to deny access that does not exist in database
  RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
  {
-    switch_to_storage_user(TEST_LABEL);
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
  
      ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
  
@@ -156,7 +139,7 @@ RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
  // tries to allow access to application own data
  RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
  {
-    switch_to_storage_user(TEST_LABEL);
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
  
      ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
  
@@ -169,7 +152,8 @@ RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
  // verifies that alias can not contain forbidden characters
  RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
  {
-    switch_to_storage_user(TEST_LABEL);
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
      ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
  
      std::string test_alias_playground = std::string("AAA BBB CCC");
@@ -177,48 +161,55 @@ RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
  
      // control: expect success
      check_read(TEST_ALIAS, 0, TEST_DATA);
-    check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+    check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
  }
  
  // verifies that label can not contain forbidden characters
  RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
  {
-    switch_to_storage_user(TEST_LABEL);
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
      ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
  
      // basic test
-    std::string test_label_playground = std::string("AAA BBB CCC");
-    check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+    std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
+    check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
  
      // insert part of the separator in the middle
-    test_label_playground = std::string(TEST_LABEL);
-    test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator);
-    check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+    APP_LABEL_1_playground = std::string(APP_LABEL_1);
+    APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
+    check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
  
      // prepend separator
-    test_label_playground = std::string(TEST_LABEL);
-    test_label_playground.insert(0, ckmc_label_name_separator);
-    check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+    APP_LABEL_1_playground = std::string(APP_LABEL_1);
+    APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
+    check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
  
      // append separator
-    test_label_playground = std::string(TEST_LABEL);
-    test_label_playground.append(ckmc_label_name_separator);
-    check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+    APP_LABEL_1_playground = std::string(APP_LABEL_1);
+    APP_LABEL_1_playground.append(ckmc_label_name_separator);
+    check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
  
      // control: expect success
-    check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+    check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
  }
  
+
  // tries to access other application data without permission
  RUNNER_TEST(T3020_manager_access_not_allowed)
  {
-    CharPtr top_label = get_label();
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+        std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
          check_read_not_visible(TEST_ALIAS_adr.c_str());
          check_remove_not_visible(TEST_ALIAS_adr.c_str());
      }
@@ -227,42 +218,54 @@ RUNNER_TEST(T3020_manager_access_not_allowed)
  // tries to access other application data with permission
  RUNNER_TEST(T3021_manager_access_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    // prepare: add data
+    GarbageCollector gc;
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+    }
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+    // test accessibility from another label
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to read other application data with permission for read/remove
  RUNNER_TEST(T3022_manager_access_allowed_with_remove)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    // prepare: add data
+    GarbageCollector gc;
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    }
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+    // test accessibility from another label
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to remove other application data with permission for reading only
  RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    // prepare: add data
+    GarbageCollector gc;
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+    }
  
-        std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+    // test accessibility from another label
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+        std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
          check_remove_denied(TEST_ALIAS_adr.c_str());
          check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
      }
@@ -271,14 +274,18 @@ RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
  // tries to remove other application data with permission
  RUNNER_TEST(T3025_manager_remove_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    // prepare: add data
+    GarbageCollector gc;
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    }
  
-        check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    // test accessibility from another label
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+        check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
      }
  }
  
@@ -286,16 +293,22 @@ RUNNER_TEST(T3025_manager_remove_allowed)
  // rights
  RUNNER_TEST(T3026_manager_double_allow)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
  
-    // access should be overwritten
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+        // access should be overwritten
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+    }
+
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+        std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
          check_remove_denied(TEST_ALIAS_adr.c_str());
          check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
      }
@@ -304,22 +317,34 @@ RUNNER_TEST(T3026_manager_double_allow)
  // tries to access application data with permission and after permission has been revoked
  RUNNER_TEST(T3027_manager_allow_deny)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
  
-    std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+    }
  
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          check_remove_denied(TEST_ALIAS_adr.c_str());
          check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
      }
  
-    deny_access(TEST_ALIAS, TEST_LABEL2);
+    // remove permission
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+
+        deny_access(TEST_ALIAS, APP_LABEL_2);
+    }
+
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          check_remove_not_visible(TEST_ALIAS_adr.c_str());
          check_read_not_visible(TEST_ALIAS_adr.c_str());
@@ -328,61 +353,75 @@ RUNNER_TEST(T3027_manager_allow_deny)
  
  RUNNER_TEST(T3028_manager_access_by_label)
  {
-    CharPtr top_label = get_label();
+    // prepare: add data
+    GarbageCollector gc;
      const char *additional_data = "label-2-data";
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
  
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+    }
+
+    // add data as app 2
      {
-        ScopedLabel sl(TEST_LABEL2);
-        ScopedSaveData ssd(TEST_ALIAS, additional_data);
-        allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+        save_data(TEST_ALIAS, additional_data);
+
+        allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
  
          // test if accessing valid alias (of label2 domain)
          check_read_allowed(TEST_ALIAS, additional_data);
-
-        // this has to be done here - in the scope, otherwise
-        // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
-        {
-            ScopedLabel sl(top_label.get());
-
-            // test if can access label2 alias from label1 domain - should succeed
-            check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
-        }
      }
  
-    // test if accessing valid alias (of label1 domain)
-    check_read_allowed(TEST_ALIAS, TEST_DATA);
+    // test accessibility to app 2 from app 1
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
  
-    // access should not be possible - already left the LABEL2 scope, object should be removed
-    check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
+        // test if can access label2 alias from label1 domain - should succeed
+        check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
+    }
  }
  
  // tries to modify another label's permission
  RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
  {
-    ScopedLabel sl(TEST_LABEL);
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-    allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    // prepare: add data
+    GarbageCollector gc;
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
  
-        allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
-        deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED);
+        allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    }
+
+    // test accessibility from another label
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
+
+        allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
+        deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
      }
  }
  
  // checks if only aliases readable by given app are returned
  RUNNER_TEST(T3030_manager_get_all_aliases)
  {
-    ScopedSaveData ssd1(TEST_ALIAS, TEST_DATA);
-    ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    size_t count;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+        gc.save(TEST_ALIAS2, TEST_DATA);
  
-    int count = count_aliases();
+        count = count_aliases(ALIAS_DATA);
+        allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
+    }
  
-    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          // check that app can access other aliases when it has permission
          check_alias_count(count - 1);
@@ -393,9 +432,15 @@ RUNNER_TEST(T3030_manager_get_all_aliases)
          check_alias_count(count - 1 + 1);
      }
  
-    deny_access(TEST_ALIAS, TEST_LABEL2);
+    // remove permission
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        deny_access(TEST_ALIAS, APP_LABEL_2);
+    }
+
+    // test accessibility from another label
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          // check that app can't access other aliases for which permission has been revoked
          check_alias_count(count - 2);
@@ -405,42 +450,60 @@ RUNNER_TEST(T3030_manager_get_all_aliases)
  // tries to access other application data with permission
  RUNNER_TEST(T3031_manager_deprecated_access_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
  
-    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+        allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+    }
+
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to read other application data with permission for read/remove
  RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
  
-    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+        allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+    }
+
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to remove other application data with permission for reading only
  RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+
+        allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
+    }
  
-    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+        std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
          check_remove_denied(TEST_ALIAS_adr.c_str());
          check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
      }
@@ -449,54 +512,81 @@ RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
  // tries to remove other application data with permission
  RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+
+        allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+    }
  
-    allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    // test accessibility from another label
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+        check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
      }
  }
  
-
  /////////////////////////////////////////////////////////////////////////////
  // Control
  
+RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
+
+RUNNER_TEST(T3100_init)
+{
+    reset_user_data(APP_1, APP_PASS_1);
+    reset_user_data(APP_2, APP_PASS_2);
+}
+
  // invalid argument check
  RUNNER_TEST(T3101_control_allow_access_invalid)
  {
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
+
      int ret;
-    ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ);
+    ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
-    ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ);
+    ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
  
      // double owner
      std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
-    ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+    ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
  }
  
  // invalid argument check
  RUNNER_TEST(T3102_control_deny_access_invalid)
  {
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
+
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
-            ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE));
+            ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
-            ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE));
+            ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
  
      // double owner
      std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS);
      RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
-            ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE));
+            ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
  }
  
  // tries to allow access for non existing alias
  RUNNER_TEST(T3103_control_allow_access_non_existing)
  {
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
+    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
      RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
                           "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
  }
@@ -504,7 +594,7 @@ RUNNER_TEST(T3103_control_allow_access_non_existing)
  // tries to deny access for non existing alias
  RUNNER_TEST(T3104_control_deny_access_non_existing)
  {
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
                           "Denying access for non existing alias returned " << CKMCErrorToString(ret));
  }
@@ -512,98 +602,129 @@ RUNNER_TEST(T3104_control_deny_access_non_existing)
  // tries to deny non existing access
  RUNNER_TEST(T3105_control_deny_access_non_existing_access)
  {
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    CharPtr label = get_label();
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    // deny non existing access to existing alias
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
+    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
-                         "Denying non existing access returned: " << CKMCErrorToString(ret));
+                      "Denying non existing access returned: " << CKMCErrorToString(ret));
  }
  
  // tries to allow application to access its own data
  RUNNER_TEST(T3106_control_allow_access_to_myself)
  {
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+    gc.save(TEST_ALIAS, TEST_DATA);
  
-    CharPtr label = get_label();
-    int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ);
+    // test
+    int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
      RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
-                         "Trying to allow myself returned: " << CKMCErrorToString(ret));
+                      "Trying to allow myself returned: " << CKMCErrorToString(ret));
  }
  
  // tries to use admin API as a user
  RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
  {
-    switch_to_storage_user(TEST_LABEL);
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ);
+    // prepare: add data
+    GarbageCollector gc;
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+    gc.save(TEST_ALIAS, TEST_DATA);
+
+    // test
+    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
      RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
-                         "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+                      "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
  }
  
  // tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
+RUNNER_CHILD_TEST(T3111_control_deny_access_as_user)
  {
-    switch_to_storage_user(TEST_LABEL);
-    int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE);
+    // prepare: add data
+    GarbageCollector gc;
+    ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+    gc.save(TEST_ALIAS, TEST_DATA);
+
+    // test
+    int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
-                         "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
+                      "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
  }
  
  // tries to read other application data with permission
  RUNNER_TEST(T3121_control_access_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to read other application data with permission to read/remove
  RUNNER_TEST(T3122_control_access_allowed_with_remove)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to remove other application data with permission to read
  RUNNER_TEST(T3122_control_access_allowed_remove_denied)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+        check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
      }
  }
  
  // tries to remove other application data with permission
  RUNNER_TEST(T3125_control_remove_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+        check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
      }
  }
  
@@ -611,16 +732,20 @@ RUNNER_TEST(T3125_control_remove_allowed)
  // rights
  RUNNER_TEST(T3126_control_double_allow)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
      // access should be overwritten
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+        std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
          check_remove_denied(TEST_ALIAS_adr.c_str());
          check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
      }
@@ -629,22 +754,25 @@ RUNNER_TEST(T3126_control_double_allow)
  // tries to access other application data with permission and after permission has been revoked
  RUNNER_TEST(T3127_control_allow_deny)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          check_remove_denied(TEST_ALIAS_adr.c_str());
          check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
      }
-    CharPtr label = get_label();
-    deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+
+    deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          check_remove_not_visible(TEST_ALIAS_adr.c_str());
          check_read_not_visible(TEST_ALIAS_adr.c_str());
@@ -654,27 +782,33 @@ RUNNER_TEST(T3127_control_allow_deny)
  // checks if only aliases readable by given app are returned
  RUNNER_TEST(T3130_control_get_all_aliases)
  {
-    ScopedSaveData ssd1(TEST_ALIAS, TEST_DATA);
-    ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    size_t count;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+        gc.save(TEST_ALIAS2, TEST_DATA);
  
-    int count = count_aliases();
+        count = count_aliases(ALIAS_DATA);
+    }
  
-    allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
+    allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          // check that app can access other aliases when it has permission
          check_alias_count(count - 1);
  
-        ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
+        ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA);
  
          // check that app can access its own aliases
          check_alias_count(count - 1 + 1);
      }
  
-    deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
+    deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
          // check that app can't access other aliases for which permission has been revoked
          check_alias_count(count - 2);
@@ -684,86 +818,101 @@ RUNNER_TEST(T3130_control_get_all_aliases)
  // tries to add access to data in a database of invalid user
  RUNNER_TEST(T3140_control_allow_invalid_user)
  {
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    int ret = ckmc_set_permission_by_adm(
-            APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
+    int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
-                         "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
+                      "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
  }
  
  // tries to revoke access to data in a database of invalid user
  RUNNER_TEST(T3141_control_deny_invalid_user)
  {
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE);
+    int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
      RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
-                         "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
+                      "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
  }
  
  // tries to read other application data with permission
  RUNNER_TEST(T3142_control_deprecated_access_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to read other application data with permission to read/remove
  RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA);
+        check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
      }
  }
  
  // tries to remove other application data with permission to read
  RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
+    // prepare: add data
+    GarbageCollector gc;
+    {
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
+    }
  
-    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
      {
-        ScopedLabel sl(TEST_LABEL2);
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-        check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+        check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
      }
  }
  
  // tries to remove other application data with permission
  RUNNER_TEST(T3145_control_deprecated_remove_allowed)
  {
-    CharPtr top_label = get_label();
-    ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
-    allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
+    // prepare: add data
+    GarbageCollector gc;
      {
-        ScopedLabel sl(TEST_LABEL2);
-
-        check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+        ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
+        gc.save(TEST_ALIAS, TEST_DATA);
      }
-}
  
+    allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
+    {
+        ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
  
-RUNNER_TEST(T3999_deinit)
-{
-    int temp;
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
+        check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+    }
  }
diff --git a/src/ckm/capi-certificate-chains.cpp b/src/ckm/capi-certificate-chains.cpp

index 5050165..af97c92 100644 (file)
--- a/src/ckm/capi-certificate-chains.cpp
+++ b/src/ckm/capi-certificate-chains.cpp
@@ -37,8 +37,6 @@
  
  namespace {
  
-const char *CHAINS_PASSWD = "chains-pass";
-
  typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
  typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
  typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
@@ -229,7 +227,7 @@ void ChainVerifier<T>::addTrusted(TestData::certificateID idx)
      addCert(m_trustedCerts, cert);
  
      std::stringstream ss;
-    ss << "TRUSTED_CERT_ALIAS_" << size;
+    ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
      save_cert(cert, ss.str().c_str());
      addAlias(m_trustedAliases, ss.str().c_str());
  }
@@ -242,7 +240,7 @@ void ChainVerifier<T>::addUntrusted(TestData::certificateID idx)
      addCert(m_untrustedCerts, cert);
  
      std::stringstream ss;
-    ss << "UNTRUSTED_CERT_ALIAS_" << size;
+    ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
      save_cert(cert, ss.str().c_str());
      addAlias(m_untrustedAliases, ss.str().c_str());
  }
@@ -353,13 +351,13 @@ RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
  
  RUNNER_TEST(TCCH_0000_init)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  }
  
  // old API
  RUNNER_TEST(TCCH_0010_get_chain_old_api)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<ChainApiOld> cv;
      cv.verifyNegative(TestData::GOOGLE_COM);
@@ -372,7 +370,7 @@ RUNNER_TEST(TCCH_0010_get_chain_old_api)
  // old API
  RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<ChainApiOld> cv;
      cv.verifyPositive(TestData::GIAG2, 2); // including system cert
@@ -381,7 +379,7 @@ RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
  // check invalid arguments
  RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
      ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
@@ -407,8 +405,8 @@ RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
  
      // alias
      ca1 = create_cert(TestData::GEOTRUST);
-    save_cert(ca1, "GEOTRUST");
-    AliasListPtr untrusted_a = create_alias_list("GEOTRUST", NULL);
+    save_cert(ca1, sharedDatabase("GEOTRUST").c_str());
+    AliasListPtr untrusted_a = create_alias_list(sharedDatabase("GEOTRUST").c_str(), NULL);
  
      assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
                           NULL_CERT,
@@ -430,12 +428,12 @@ RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
  // check invalid arguments
  RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
      ckmc_cert_list_s* chain = NULL;
  
-    AliasListPtr non_existing = create_alias_list("NON_EXISTING_ALIAS", NULL);
+    AliasListPtr non_existing = create_alias_list(sharedDatabase("NON_EXISTING_ALIAS").c_str(), NULL);
      assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
                    ckmc_get_cert_chain_with_trustedcert_alias,
                    ca2,
@@ -460,7 +458,7 @@ RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
   */
  RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.enableSystem(false);
@@ -476,7 +474,7 @@ RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
   */
  RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.enableSystem(false);
@@ -490,7 +488,7 @@ RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
   */
  RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.verifyPositive(TestData::GIAG2, 2); // including system cert
@@ -502,7 +500,7 @@ RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
   */
  RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.addTrusted(TestData::TEST_ROOT_CA);
@@ -513,7 +511,7 @@ RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
  
  RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.addUntrusted(TestData::GIAG2);
@@ -526,7 +524,7 @@ RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
   */
  RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.enableSystem(false);
@@ -541,7 +539,7 @@ RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
   */
  RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.enableSystem(false);
@@ -553,7 +551,7 @@ RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
  
  RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
  {
-    reset_user_data(0, CHAINS_PASSWD);
+    remove_user_data(0);
  
      ChainVerifier<> cv;
      cv.enableSystem(true);
diff --git a/src/ckm/capi-testcases.cpp b/src/ckm/capi-testcases.cpp

index 269e7d6..8961ba6 100644 (file)
--- a/src/ckm/capi-testcases.cpp
+++ b/src/ckm/capi-testcases.cpp
@@ -23,82 +23,53 @@
  #include <stddef.h>
  #include <stdlib.h>
  
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-
  namespace {
-
-typedef enum {
-       ALIAS_KEY,
-       ALIAS_CERT,
-       ALIAS_DATA
-} alias_type_;
-
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
  const char* USER_PASS = "user-pass";
+const char* TEST_LABEL = "test_label";
+const char* TEST_SYSTEM_ALIAS = "system-alias-1";
+const char* TEST_DATA = "ABCD";
+} // namespace anonymous
  
-int count_aliases(alias_type_ type, int minimum_initial_element_count = 0)
-{
-       ckmc_alias_list_s *aliasList = NULL;
-       int ec;
-       switch(type)
-       {
-               case ALIAS_KEY:
-                       ec = ckmc_get_key_alias_list(&aliasList);
-                       break;
  
-               case ALIAS_CERT:
-                       ec = ckmc_get_cert_alias_list(&aliasList);
-                       break;
+RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
  
-               case ALIAS_DATA:
-                       ec = ckmc_get_data_alias_list(&aliasList);
-                       break;
-       }
-       if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
-               return 0;
-       else if(ec==0)
-       {
-               ckmc_alias_list_s *plist = aliasList;
-               int return_count = 0;
-               while(plist)
-               {
-                       plist = plist->next;
-                       return_count ++;
-               }
-               ckmc_alias_list_all_free(aliasList);
+RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
+{
+       int temp;
  
-               RUNNER_ASSERT_MSG(
-                               return_count >= minimum_initial_element_count,
-                               "Error: alias list failed, current element count: " << return_count <<
-                               " while expected minimal count of " << minimum_initial_element_count <<
-                               " elements");
+       RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
+                       CKMCReadableError(temp));
  
-               return return_count;
-       }
-       else
-       {
-               // error - fail
-               RUNNER_ASSERT_MSG(
-                               ec >= 0,
-                               "Error: alias list failed, ec: " << CKMCErrorToString(ec));
-       }
+       RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
+                       CKMCReadableError(temp));
  
-       return ec;
+       remove_user_data(5000);
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
+                       CKMCReadableError(temp));
  }
  
-} // namespace anonymous
-
-
-RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
-
  RUNNER_TEST(T3011_Control_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
  
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
                         CKMCReadableError(temp));
  }
  
@@ -106,9 +77,9 @@ RUNNER_TEST(T3012_Control_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
                         CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
  }
  
@@ -116,21 +87,21 @@ RUNNER_TEST(T3013_Control_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
                         CKMCReadableError(temp));
  }
  
  RUNNER_TEST(T3014_Control_C_API)
  {
         int temp;
-       const uid_t UNIQUE_USER = 15;
-
-    // clean up environment
-    RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
-            CKMCReadableError(temp));
-    // unlock with default password
-    RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
-            CKMCReadableError(temp));
+       const uid_t UNIQUE_USER = 6500;
+
+       // clean up environment
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+                       CKMCReadableError(temp));
+       // unlock with empty password
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
+                       CKMCReadableError(temp));
         // reset password (NULL, "simple-password")
         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
                         CKMCReadableError(temp));
@@ -143,9 +114,9 @@ RUNNER_TEST(T3014_Control_C_API)
         // try to reset password when db locked
         RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
                         CKMCReadableError(temp));
-    // clean up environment
-    RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
-            CKMCReadableError(temp));
+       // clean up environment
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
+                       CKMCReadableError(temp));
  }
  
  RUNNER_TEST(T3015_Control_C_API)
@@ -153,14 +124,14 @@ RUNNER_TEST(T3015_Control_C_API)
         int temp;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")),
+                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")),
+                       CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
                         CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
                         CKMCReadableError(temp));
  }
  
@@ -169,17 +140,28 @@ RUNNER_TEST(T3016_Control_C_API)
         int temp;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
+                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)),
+                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
                         CKMCReadableError(temp));
+}
+
+RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
+{
+       save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
+
+       // [test] - expect success
+       check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA);
+
+       // remove user data - expect to map to the system DB
+       int temp;
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)),
+                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
                         CKMCReadableError(temp));
+
+       // [test] - expect fail
+       check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
  }
  
  RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
@@ -188,9 +170,7 @@ RUNNER_TEST(T3021_init_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
                         CKMCReadableError(temp));
@@ -204,7 +184,7 @@ RUNNER_TEST(T3022_key_C_API)
         ckmc_policy_s test_policy;
  
         char* password = NULL;
-       const char *alias = "mykey";
+       CKM::Alias alias = sharedDatabase("mykey");
  
         std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
@@ -230,11 +210,11 @@ RUNNER_TEST(T3022_key_C_API)
         test_key2 = &test_key;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
                         CKMCReadableError(temp));
  }
  
@@ -248,7 +228,7 @@ RUNNER_TEST(T3023_certificate_C_API)
         ckmc_cert_s *cert2;
         ckmc_cert_s cert;
  
-       const char *alias = "test-cert-1-RSA";
+       CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
  
         ckmc_policy_s test_policy;
         test_policy.password = password;
@@ -261,11 +241,11 @@ RUNNER_TEST(T3023_certificate_C_API)
         cert.data_format = CKMC_FORM_PEM;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
                         CKMCReadableError(temp));
  
         ckmc_cert_free(cert2);
@@ -277,19 +257,19 @@ RUNNER_TEST(T3024_certificate_remove_C_API)
  
         char* password = NULL;
         ckmc_cert_s *cert2;
-       const char *alias = "test-cert-1-RSA";
+       CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
                         CKMCReadableError(temp));
         ckmc_cert_free(cert2);
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)),
+                       CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)),
+                       CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
                         CKMCReadableError(temp));
  }
  
@@ -312,23 +292,24 @@ RUNNER_TEST(T3025_certificate_list_C_API)
         cert.cert_size = certPem.length();
         cert.data_format = CKMC_FORM_PEM;
  
-       int current_aliases_num = count_aliases(ALIAS_CERT);
+       size_t current_aliases_num = count_aliases(ALIAS_CERT);
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_CERT);
         RUNNER_ASSERT_MSG(
-                       (current_aliases_num+3) == (temp = count_aliases(ALIAS_CERT)),
-                       "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+                       (current_aliases_num+3) == actual_cnt,
+                       "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
  }
  
  
@@ -444,13 +425,13 @@ RUNNER_TEST(T3028_certificate_with_DSA_key_C_API)
         cert.cert_size = certPem.length();
         cert.data_format = CKMC_FORM_PEM;
  
-       const char *alias = "test-cert-1-DSA";
+       CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
                         CKMCReadableError(temp));
  
         ckmc_cert_free(cert2);
@@ -460,10 +441,7 @@ RUNNER_TEST(T3029_deinit_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
@@ -479,9 +457,7 @@ RUNNER_TEST(T3031_init_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
                         CKMCReadableError(temp));
@@ -522,23 +498,24 @@ RUNNER_TEST(T3032_save_keys_get_alias_C_API)
         test_policy3.password = password;
         test_policy3.extractable = 0;
  
-       int current_aliases_num = count_aliases(ALIAS_KEY);
+       size_t current_aliases_num = count_aliases(ALIAS_KEY);
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_KEY);
         RUNNER_ASSERT_MSG(
-                       (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
-                       "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+                       (current_aliases_num+3) == actual_cnt,
+                       "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
  }
  
  
@@ -550,15 +527,15 @@ RUNNER_TEST(T3033_remove_key_C_API)
  
         ckmc_key_s *test_key2;
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
+                       CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
+                       CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
                         CKMCReadableError(temp));
  }
  
@@ -566,10 +543,7 @@ RUNNER_TEST(T3034_deinit_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
@@ -583,9 +557,7 @@ RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
  RUNNER_TEST(T3041_init_C_API)
  {
         int temp;
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
                         CKMCReadableError(temp));
@@ -623,31 +595,32 @@ RUNNER_TEST(T3042_save_get_bin_data_C_API)
         test_policy3.password = password;
         test_policy3.extractable = 0;
  
-       int current_aliases_num = count_aliases(ALIAS_DATA);
+       size_t current_aliases_num = count_aliases(ALIAS_DATA);
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
+                       CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
+                       CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
+                       CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_DATA);
         RUNNER_ASSERT_MSG(
-                       (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
-                       "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+                       (current_aliases_num+3) == actual_cnt,
+                       "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
  
         ckmc_raw_buffer_s *testData4;
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
                         CKMCReadableError(temp));
  
         int compareResult;
@@ -681,7 +654,7 @@ RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
  
         std::string binData = "My bin data";
  
-       int current_aliases_num = count_aliases(ALIAS_DATA);
+       size_t current_aliases_num = count_aliases(ALIAS_DATA);
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
@@ -693,27 +666,29 @@ RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
                         CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_DATA);
         RUNNER_ASSERT_MSG(
-                               (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)),
-                               "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+                               (current_aliases_num+3) == actual_cnt,
+                               "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
  }
  
  RUNNER_TEST(T3044_remove_bin_data_C_API)
  {
         int temp;
  
-       int current_aliases_num = count_aliases(ALIAS_DATA, 2);
+       size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
+                       CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
+                       CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_DATA);
         RUNNER_ASSERT_MSG(
-                               (current_aliases_num-2) == (temp = count_aliases(ALIAS_DATA)),
-                               "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << temp);
+                               (current_aliases_num-2) == actual_cnt,
+                               "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
  
         char* password = NULL;
  
@@ -727,7 +702,7 @@ RUNNER_TEST(T3044_remove_bin_data_C_API)
  
         CKM::RawBuffer buffer;
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
                         CKMCReadableError(temp));
  
         int compareResult;
@@ -736,7 +711,7 @@ RUNNER_TEST(T3044_remove_bin_data_C_API)
                         "Data corrupted");
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
                         CKMCReadableError(temp));
  }
  
@@ -744,12 +719,7 @@ RUNNER_TEST(T3045_deinit_C_API)
  {
         int temp;
  
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
@@ -794,15 +764,16 @@ RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key)
         policy_public_key.extractable = 1;
  
  
-       int current_aliases_num = count_aliases(ALIAS_KEY);
+       size_t current_aliases_num = count_aliases(ALIAS_KEY);
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_KEY);
         RUNNER_ASSERT_MSG(
-                       (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
-                       "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+                       (current_aliases_num+2) == actual_cnt,
+                       "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
  
         ckmc_key_s *privateKey;
         RUNNER_ASSERT_MSG(
@@ -852,15 +823,16 @@ RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
         policy_public_key.password = NULL;
         policy_public_key.extractable = 1;
  
-       int current_aliases_num = count_aliases(ALIAS_KEY);
+       size_t current_aliases_num = count_aliases(ALIAS_KEY);
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
                         CKMCReadableError(temp));
  
+       size_t actual_cnt = count_aliases(ALIAS_KEY);
         RUNNER_ASSERT_MSG(
-                       (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)),
-                       "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+                       (current_aliases_num+2) == actual_cnt,
+                       "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
  
         ckmc_key_s *privateKey = 0;
         RUNNER_ASSERT_MSG(
@@ -910,19 +882,8 @@ RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
  
  RUNNER_TEST(T3061_CAPI_init)
  {
-       int temp;
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
+       reset_user_data(USER_APP, USER_PASS);
  }
  
  RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
@@ -930,8 +891,8 @@ RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
         int temp;
  
         size_t size = 1024;
-       const char *private_key_alias = "rsa-test-1";
-       const char *public_key_alias = "rsa-test-2";
+       CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
+       CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
         ckmc_policy_s policy_private_key;
         ckmc_policy_s policy_public_key;
  
@@ -942,12 +903,12 @@ RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
         policy_public_key.extractable = 1;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
                         CKMCReadableError(temp));
  
         // on next attempt to generate keys with the same alias, expect fail (alias exists)
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+                       CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
                         CKMCReadableError(temp));
  }
  
@@ -956,8 +917,8 @@ RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
         int temp;
  
         size_t size = 1024;
-       const char *private_key_alias = "dsa-test-1";
-       const char *public_key_alias = "dsa-test-2";
+       CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
+       CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
         ckmc_policy_s policy_private_key;
         ckmc_policy_s policy_public_key;
  
@@ -968,7 +929,7 @@ RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
         policy_public_key.extractable = 1;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
                         CKMCReadableError(temp));
  }
  
@@ -977,8 +938,8 @@ RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
         int temp;
  
         ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
-       const char *private_key_alias = "ecdsa-test-1";
-       const char *public_key_alias = "ecdsa-test-2";
+       CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
+       CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
         ckmc_policy_s policy_private_key;
         ckmc_policy_s policy_public_key;
  
@@ -989,20 +950,13 @@ RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
         policy_public_key.extractable = 1;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
+                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
                         CKMCReadableError(temp));
  }
  
  RUNNER_TEST(T3065_CAPI_deinit)
  {
-       int temp;
-
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  // TODO
@@ -1014,16 +968,13 @@ RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
  
  RUNNER_TEST(T3071_CAPI_init)
  {
-       int temp;
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
  {
-    std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
-    std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
+       std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
+       std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
  
         ckmc_cert_s c_cert;
         c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
@@ -1041,27 +992,20 @@ RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
  
         ckmc_cert_list_s *cert_chain_list;
  
-    int        tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+       int     tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
  
         RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
  
-    ckmc_ocsp_status_e ocsp_status;
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
-    RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
+       ckmc_ocsp_status_e ocsp_status;
+       RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
+       RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
  }
  
  RUNNER_TEST(T3075_CAPI_deinit)
  {
-       int temp;
-
-       RUNNER_ASSERT_MSG(
-               CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-               CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-               CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-               CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  
@@ -1079,13 +1023,7 @@ RUNNER_TEST(T3081_CAPI__init)
                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
                         CKMCReadableError(temp));
  
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
-
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
@@ -1135,8 +1073,8 @@ RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
  
-       const char *pub_alias = "pub1";
-       const char *pri_alias = "prv1";
+       CKM::Alias pub_alias = sharedDatabase("pub1");
+       CKM::Alias pri_alias = sharedDatabase("prv1");
         const char *key_passwd = "1234";
         char *pri_passwd = NULL;
         char *pub_passwd = NULL;
@@ -1166,16 +1104,16 @@ RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
  
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1185,7 +1123,7 @@ RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1199,8 +1137,8 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
         int temp;
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
-       const char *pub_alias = "pub1";
-       const char *pri_alias = "prv1";
+       CKM::Alias pub_alias = sharedDatabase("pub1");
+       CKM::Alias pri_alias = sharedDatabase("prv1");
         char *pri_passwd = NULL;
         char *pub_passwd = NULL;
         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
@@ -1209,7 +1147,7 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1219,7 +1157,7 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1232,7 +1170,7 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1257,8 +1195,8 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
                 "-----END PUBLIC KEY-----\n";
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-       const char *pri_alias = "ecprv2";
-       const char *pub_alias = "ecpub2";
+       CKM::Alias pri_alias = sharedDatabase("ecprv2");
+       CKM::Alias pub_alias = sharedDatabase("ecpub2");
         char *key_passwd = NULL;
         char *pri_passwd = NULL;
         char *pub_passwd = NULL;
@@ -1287,15 +1225,15 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
         pripolicy.extractable = 0;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1305,7 +1243,7 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1318,7 +1256,7 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1368,8 +1306,8 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
  
-       const char *pri_alias = "prv3";
-       const char *pub_alias = "pub3";
+       CKM::Alias pri_alias = sharedDatabase("prv3");
+       CKM::Alias pub_alias = sharedDatabase("pub3");
         char *key_passwd = NULL;
         char *pri_passwd = NULL;
         char *pub_passwd = NULL;
@@ -1397,16 +1335,16 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
         pripolicy.extractable = 0;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
                         CKMCReadableError(temp));
  
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1416,7 +1354,7 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1429,7 +1367,7 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1470,8 +1408,8 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
  
-       const char *pub_alias = "dsa-pub1";
-       const char *pri_alias = "dsa-prv1";
+       CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
+       CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
         char *pri_passwd = NULL;
         char *pub_passwd = NULL;
         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
@@ -1500,16 +1438,16 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
  
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1520,7 +1458,7 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
         // positive test
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1532,7 +1470,7 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
         ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         invalid_msg_buff,
                                         *signature,
@@ -1559,11 +1497,11 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
  
-       const char *pub_alias = "dsa-pub2";
-       const char *pri_alias = "dsa-prv2";
+       CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
+       CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias, pub_alias, policy_private_key, policy_public_key)),
+                       CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
                         "Error=" << temp);
  
         char *pri_passwd = NULL;
@@ -1575,16 +1513,16 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
         ckmc_key_s *pubkey = NULL;
         ckmc_key_s *prikey = NULL;
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias, 0, &prikey)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias, 0, &pubkey)),
+                       CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1595,7 +1533,7 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
         // positive test
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1607,7 +1545,7 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
         ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         invalid_msg_buff,
                                         *signature,
@@ -1654,8 +1592,8 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
  
         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
  
-       const char *pri_alias = "prv4";
-       const char *pub_alias = "pub4";
+       CKM::Alias pri_alias = sharedDatabase("prv4");
+       CKM::Alias pub_alias = sharedDatabase("pub4");
         char *key_passwd = NULL;
         char *pri_passwd = NULL;
         char *pub_passwd = NULL;
@@ -1684,15 +1622,15 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
  
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
                         CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                                       pri_alias,
+                                       pri_alias.c_str(),
                                         pri_passwd,
                                         msg_buff,
                                         hash_algo,
@@ -1702,7 +1640,7 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1715,7 +1653,7 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
-                                       pub_alias,
+                                       pub_alias.c_str(),
                                         pub_passwd,
                                         msg_buff,
                                         *signature,
@@ -1726,14 +1664,7 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
  
  RUNNER_TEST(T3089_CAPI__deinit)
  {
-       int temp;
-
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  
@@ -1767,19 +1698,8 @@ RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
  
  RUNNER_TEST(T3091_CAPI_TYPE_init)
  {
-       int temp;
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
+       reset_user_data(USER_APP, USER_PASS);
  }
  
  RUNNER_TEST(T3092_CAPI_TYPE_KEY)
@@ -1846,7 +1766,7 @@ RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
  
  RUNNER_TEST(T3094_CAPI_TYPE_CERT)
  {
-    std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+       std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
  
         unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
         unsigned int size = certPem.size();
@@ -1877,7 +1797,7 @@ RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
  {
         int ret;
  
-    std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
+       std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
  
         const char *file_name = "/tmp/ckmc_test_cert.pem";
         remove(file_name);
@@ -1891,18 +1811,18 @@ RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
  
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
-            CKMCReadableError(ret));
+                       CKMCReadableError(ret));
  
         RUNNER_ASSERT_MSG(
                         pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
  
-       const char *lcert_alias = "lcert_alias";
+       CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
         ckmc_policy_s policy;
         policy.password = NULL;
         policy.extractable = 1;
  
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)),
+                       CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
                         CKMCReadableError(ret));
  
         remove(file_name);
@@ -1931,16 +1851,16 @@ RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
         policy.extractable = 1;
  
  
-       const char *pkey_alias = "pkey_alias";
+       CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
                         CKMCReadableError(temp));
  
-       const char *cert_alias = "cert_alias";
+       CKM::Alias cert_alias = sharedDatabase("cert_alias");
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)),
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
                         CKMCReadableError(temp));
-       std::string caCertAlias = "ca_cert_alias_";
+       std::string caCertAlias = sharedDatabase("ca_cert_alias_");
         const char *idx = "0";
         int cnt = 0;
         ckmc_cert_list_s *tmpList = ca_cert_list;
@@ -1961,65 +1881,60 @@ RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
  }
  
  RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
-    const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
-    const char *password = "password";
+       const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+       const char *password = "password";
  
-    int temp;
+       int temp;
  
-    ckmc_pkcs12_s *ppkcs12 = NULL;
+       ckmc_pkcs12_s *ppkcs12 = NULL;
  
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
-            CKMCReadableError(temp));
-    RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
-    RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
-    RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
+       RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
+       RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
  
-    ckmc_policy_s policy;
-    policy.password = NULL;
-    policy.extractable = 1;
+       ckmc_policy_s policy;
+       policy.password = NULL;
+       policy.extractable = 1;
  
  
-    const char *pkey_alias = "pkey_alias2";
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)),
-            CKMCReadableError(temp));
+       CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
+                       CKMCReadableError(temp));
  
-    const char *cert_alias = "cert_alias2";
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)),
-            CKMCReadableError(temp));
-    std::string caCertAlias = "ca_cert_alias_2_";
-    const char *idx = "0";
-    int cnt = 0;
-    ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
-    while(tmpList != NULL) {
-        caCertAlias.append(idx);
-        RUNNER_ASSERT_MSG(
-                CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
-                CKMCReadableError(temp));
-        tmpList = tmpList->next;
-        cnt ++;
-    }
+       CKM::Alias cert_alias = sharedDatabase("cert_alias2");
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
+                       CKMCReadableError(temp));
+       std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
+       const char *idx = "0";
+       int cnt = 0;
+       ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
+       while(tmpList != NULL) {
+               caCertAlias.append(idx);
+               RUNNER_ASSERT_MSG(
+                               CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
+                               CKMCReadableError(temp));
+               tmpList = tmpList->next;
+               cnt ++;
+       }
  
-    RUNNER_ASSERT_MSG(cnt ==  2, "Invalid CA Cert Count");
+       RUNNER_ASSERT_MSG(cnt ==  2, "Invalid CA Cert Count");
  
-    ckmc_pkcs12_free(ppkcs12);
+       ckmc_pkcs12_free(ppkcs12);
  }
  
  RUNNER_TEST(T3098_CAPI_TYPE_deinit)
  {
         int temp;
-       RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-                       CKMCReadableError(temp));
+       remove_user_data(0);
         RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                         CKMCReadableError(temp));
         RUNNER_ASSERT_MSG(
-                       CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-                       CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG(
                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
                         CKMCReadableError(temp));
  }
@@ -2028,202 +1943,192 @@ RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
  
  namespace
  {
-const char* alias_PKCS_exportable = "CAPI-test-PKCS-export";
-const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
  }
  
  RUNNER_TEST(T3101_CAPI_PKCS12_init)
  {
-    int temp;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-            CKMCReadableError(temp));
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")),
-            CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
  {
-    const char *wrong_passwd = "wrong";
-    ckmc_pkcs12_s *ppkcs12 = NULL;
-    int temp;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
-            CKMCReadableError(temp));
+       const char *wrong_passwd = "wrong";
+       ckmc_pkcs12_s *ppkcs12 = NULL;
+       int temp;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
+                       CKMCReadableError(temp));
  }
  
  RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
  {
-    ckmc_pkcs12_s *ppkcs12 = NULL;
-    int temp;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
-            CKMCReadableError(temp));
-
-    RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
-    RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
-    RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
-
-    // save to the CKM
-    ckmc_policy_s exportable;
-    exportable.password = NULL;
-    exportable.extractable = 1;
-    ckmc_policy_s notExportable;
-    notExportable.password = NULL;
-    notExportable.extractable = 0;
-
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
-            CKMCReadableError(temp));
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
-            CKMCReadableError(temp));
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
-            CKMCReadableError(temp));
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
-            CKMCReadableError(temp));
-
-    // try to lookup key
-    ckmc_key_s *key_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
-            CKMCReadableError(temp));
-    ckmc_key_free(key_lookup);
-    key_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)),
-            CKMCReadableError(temp));
-    ckmc_key_free(key_lookup);
-
-    // try to lookup certificate
-    ckmc_cert_s *cert_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
-            CKMCReadableError(temp));
-    ckmc_cert_free(cert_lookup);
-    cert_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
-            CKMCReadableError(temp));
-    ckmc_cert_free(cert_lookup);
+       ckmc_pkcs12_s *ppkcs12 = NULL;
+       int temp;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
+                       CKMCReadableError(temp));
+
+       RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
+       RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
+       RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
+
+       // save to the CKM
+       ckmc_policy_s exportable;
+       exportable.password = NULL;
+       exportable.extractable = 1;
+       ckmc_policy_s notExportable;
+       notExportable.password = NULL;
+       notExportable.extractable = 0;
+
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
+                       CKMCReadableError(temp));
+
+       // try to lookup key
+       ckmc_key_s *key_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
+                       CKMCReadableError(temp));
+       ckmc_key_free(key_lookup);
+       key_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
+                       CKMCReadableError(temp));
+       ckmc_key_free(key_lookup);
+
+       // try to lookup certificate
+       ckmc_cert_s *cert_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
+                       CKMCReadableError(temp));
+       ckmc_cert_free(cert_lookup);
+       cert_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
+                       CKMCReadableError(temp));
+       ckmc_cert_free(cert_lookup);
  }
  
  RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
  {
-    int temp;
-    ckmc_pkcs12_s *pkcs = NULL;
-
-    // fail - no entry
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
-            CKMCReadableError(temp));
-    ckmc_pkcs12_free(pkcs);
-    pkcs = NULL;
-
-    // fail - not exportable
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, NULL, NULL, &pkcs)),
-            CKMCReadableError(temp));
-    ckmc_pkcs12_free(pkcs);
-    pkcs = NULL;
-
-    // success - exportable
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, NULL, NULL, &pkcs)),
-            CKMCReadableError(temp));
-
-    RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
-    RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
-    RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
-    size_t cntr = 0;
-    ckmc_cert_list_s *iter = pkcs->ca_chain;
-    do {
-        cntr ++;
-        iter = iter->next;
-    } while(iter);
-    RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
-
-    ckmc_pkcs12_free(pkcs);
+       int temp;
+       ckmc_pkcs12_s *pkcs = NULL;
+
+       // fail - no entry
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
+                       CKMCReadableError(temp));
+       ckmc_pkcs12_free(pkcs);
+       pkcs = NULL;
+
+       // fail - not exportable
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
+                       CKMCReadableError(temp));
+       ckmc_pkcs12_free(pkcs);
+       pkcs = NULL;
+
+       // success - exportable
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
+                       CKMCReadableError(temp));
+
+       RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+       RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
+       RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+       size_t cntr = 0;
+       ckmc_cert_list_s *iter = pkcs->ca_chain;
+       do {
+               cntr ++;
+               iter = iter->next;
+       } while(iter);
+       RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+       ckmc_pkcs12_free(pkcs);
  }
  
  RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
  {
-    ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
-    int temp;
-    ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
-    ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
-    ckmc_raw_buffer_s *signature = NULL;
-
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_create_signature(
-                    alias_PKCS_exportable,
-                    NULL,
-                    msg_buff,
-                    hash_algo,
-                    pad_algo,
-                    &signature)),
-            CKMCReadableError(temp));
-
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
-                    alias_PKCS_exportable,
-                    NULL,
-                    msg_buff,
-                    *signature,
-                    hash_algo,
-                    pad_algo)),
-            CKMCReadableError(temp));
+       ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+       int temp;
+       ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+       ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+       ckmc_raw_buffer_s *signature = NULL;
+
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+                                       alias_PKCS_exportable.c_str(),
+                                       NULL,
+                                       msg_buff,
+                                       hash_algo,
+                                       pad_algo,
+                                       &signature)),
+                       CKMCReadableError(temp));
+
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+                                       alias_PKCS_exportable.c_str(),
+                                       NULL,
+                                       msg_buff,
+                                       *signature,
+                                       hash_algo,
+                                       pad_algo)),
+                       CKMCReadableError(temp));
  }
  
  RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
  {
-    int tmp;
-
-    // remove the whole PKCS12 bundles
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)),
-            CKMCReadableError(tmp));
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)),
-            CKMCReadableError(tmp));
-
-    // expect lookup fails due to unknown alias
-    // try to lookup key
-    ckmc_key_s *key_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
-            CKMCReadableError(tmp));
-    ckmc_key_free(key_lookup);
-    key_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)),
-            CKMCReadableError(tmp));
-    ckmc_key_free(key_lookup);
-
-    // try to lookup certificate
-    ckmc_cert_s *cert_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
-            CKMCReadableError(tmp));
-    ckmc_cert_free(cert_lookup);
-    cert_lookup = NULL;
-    RUNNER_ASSERT_MSG(
-            CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
-            CKMCReadableError(tmp));
-    ckmc_cert_free(cert_lookup);
+       int tmp;
+
+       // remove the whole PKCS12 bundles
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())),
+                       CKMCReadableError(tmp));
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())),
+                       CKMCReadableError(tmp));
+
+       // expect lookup fails due to unknown alias
+       // try to lookup key
+       ckmc_key_s *key_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
+                       CKMCReadableError(tmp));
+       ckmc_key_free(key_lookup);
+       key_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
+                       CKMCReadableError(tmp));
+       ckmc_key_free(key_lookup);
+
+       // try to lookup certificate
+       ckmc_cert_s *cert_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
+                       CKMCReadableError(tmp));
+       ckmc_cert_free(cert_lookup);
+       cert_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
+                       CKMCReadableError(tmp));
+       ckmc_cert_free(cert_lookup);
  }
  
  RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
  {
-    int temp;
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-            CKMCReadableError(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-            CKMCReadableError(temp));
+       remove_user_data(0);
  }
  
  
@@ -2231,24 +2136,23 @@ RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
  
  RUNNER_TEST(T3201_CAPI_unlock_database)
  {
-       int temp;
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
-               CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-               CKMCReadableError(temp));
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")),
-               CKMCReadableError(temp));
+       reset_user_data(USER_APP, USER_PASS);
  }
  
  RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
  {
+       ScopedAccessProvider ap(TEST_LABEL);
+       ap.allowAPI("key-manager::api-storage", "rw");
+       ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+       ScopedDBUnlock unlock(USER_APP, USER_PASS);
+
         int temp;
-       char alias[10] = "mykey";
+       CKM::Alias alias = "mykey";
         char *password = NULL;
         ckmc_key_s *test_key = NULL;
  
         RUNNER_ASSERT_MSG(
-               CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)),
+               CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
                 "Error=" << temp);
  
         RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
@@ -2256,20 +2160,29 @@ RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
  
  RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
  {
+       ScopedAccessProvider ap(TEST_LABEL);
+       ap.allowAPI("key-manager::api-storage", "rw");
+       ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+       ScopedDBUnlock unlock(USER_APP, USER_PASS);
+
         int temp;
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
                 CKMCReadableError(temp));
  }
  
  RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
  {
+       ScopedAccessProvider ap(TEST_LABEL);
+       ap.allowAPI("key-manager::api-storage", "rw");
+       ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
         int temp;
-       char alias[10] = "mykey";
+       CKM::Alias alias = "mykey";
         char *password = NULL;
         ckmc_key_s *test_key = NULL;
  
         RUNNER_ASSERT_MSG(
-               CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)),
+               CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
                 CKMCReadableError(temp));
  
         RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
@@ -2277,8 +2190,6 @@ RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
  
  RUNNER_TEST(T3204_deinit)
  {
-       int temp;
-       RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
-               CKMCReadableError(temp));
+       remove_user_data(USER_APP);
  }
  
diff --git a/src/ckm/cc-mode.cpp b/src/ckm/cc-mode.cpp

index 5ec08d0..421b998 100644 (file)
--- a/src/ckm/cc-mode.cpp
+++ b/src/ckm/cc-mode.cpp
@@ -57,8 +57,6 @@ const char* const UNSET = "Unset"; // Meaningless value for unset.
  const char* const USER_LABEL = "User";
  const char* const CKM_LOCK = "/var/run/key-manager.pid";
  
-const char* const CC_PASSWD = "t200-special-password";
-
  // Wrapper for mdpp state that restores the original value upon destruction
  class MdppState
  {
@@ -104,10 +102,10 @@ void MdppState::set(const char* const value)
  
  
  
-Alias rsa_pri_alias("rsa-private-T2002");
-Alias rsa_pub_alias("rsa-public-T2002");
-Alias ecdsa_pri_alias("ecdsa-private-T2002");
-Alias ecdsa_pub_alias("ecdsa-public-T2002");
+Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002");
+Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
+Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
+Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
  
  void save_keys()
  {
@@ -175,7 +173,7 @@ RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
  
  RUNNER_TEST(TCC_0000_init)
  {
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
  }
  
  // updatedCCMode should succeed regardless of mdpp setting
@@ -208,7 +206,7 @@ RUNNER_TEST(TCC_0020_noListener)
      stop_service(LISTENER);
      MdppState mdpp;
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
  
      mdpp.set(NULL);
@@ -252,7 +250,7 @@ RUNNER_TEST(TCC_0030_noCallbackRegistered)
  {
      // restart listener without vconf callback
      stop_service(LISTENER);
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      MdppState mdpp;
      mdpp.set(NULL);
      update_cc_mode();
@@ -278,7 +276,7 @@ RUNNER_TEST(TCC_0040_callbackRegistered)
      update_cc_mode();
      start_service(LISTENER);
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_ERROR_BAD_REQUEST);
  
@@ -312,7 +310,7 @@ RUNNER_TEST(TCC_0050_manualCkmDisabled)
  {
      restart_ckm(DISABLED);
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_ERROR_BAD_REQUEST);
  }
@@ -322,7 +320,7 @@ RUNNER_TEST(TCC_0060_manualCkmEnabled)
  {
      restart_ckm(ENABLED);
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_ERROR_BAD_REQUEST);
  }
@@ -332,7 +330,7 @@ RUNNER_TEST(TCC_0070_manualCkmEnforcing)
  {
      restart_ckm(ENFORCING);
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_ERROR_BAD_REQUEST);
  }
@@ -342,7 +340,7 @@ RUNNER_TEST(TCC_0075_manualCkmReady)
  {
      restart_ckm(READY);
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_SUCCESS);
  }
@@ -352,7 +350,7 @@ RUNNER_TEST(TCC_0080_manualCkmWhatever)
  {
      restart_ckm("whatever");
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_SUCCESS);
  }
@@ -362,7 +360,7 @@ RUNNER_TEST(TCC_0090_manualCkmUnset)
  {
      restart_ckm(NULL);
  
-    reset_user_data(0, CC_PASSWD);
+    remove_user_data(0);
      save_keys();
      read_keys(CKM_API_SUCCESS);
  }
diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp

index 408a61d..46c0c6b 100644 (file)
--- a/src/ckm/ckm-common.cpp
+++ b/src/ckm/ckm-common.cpp
@@ -99,7 +99,7 @@ std::string aliasWithLabel(const char *label, const char *alias)
  void change_label(const char* label)
  {
      int ret = smack_set_label_for_self(label);
-    RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self. Error: " << ret);
+    RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
  }
  
  ScopedLabel::ScopedLabel(const char* label) : m_original_label(get_label())
@@ -170,6 +170,7 @@ void save_data(const char* alias, const char *data, int expected_err)
      RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
                          << CKMCErrorToString(ret) << " while expected: "
                          << CKMCErrorToString(expected_err));
+
  }
  
  ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
@@ -213,14 +214,12 @@ GarbageCollector::~GarbageCollector()
  ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id)
  {
      int temp;
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(user_id)), CKMCErrorToString(temp));
      RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(user_id, passwd)), CKMCErrorToString(temp));
  }
  ScopedDBUnlock::~ScopedDBUnlock()
  {
      int temp;
      RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp));
-    RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(m_uid)), CKMCErrorToString(temp));
  }
  
  void check_remove_allowed(const char* alias)
@@ -333,12 +332,9 @@ void unlock_user_data(uid_t user_id, const char *passwd)
  
  void remove_user_data(uid_t user_id)
  {
-    int ret;
      auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->lockUserKey(user_id)),
-                      "Error=" << CKM::ErrorToString(ret));
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)),
-                      "Remove user data failed with error: " << CKM::ErrorToString(ret));
+    control->lockUserKey(user_id);
+    control->removeUserData(user_id);
  }
  
  void reset_user_data(uid_t user_id, const char *passwd)
@@ -372,3 +368,58 @@ void check_alias_list(const CKM::AliasVector& expected)
  
      RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
  }
+
+size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
+{
+    ckmc_alias_list_s *aliasList = NULL;
+    int ec;
+    switch(type)
+    {
+        case ALIAS_KEY:
+            ec = ckmc_get_key_alias_list(&aliasList);
+            break;
+
+        case ALIAS_CERT:
+            ec = ckmc_get_cert_alias_list(&aliasList);
+            break;
+
+        case ALIAS_DATA:
+            ec = ckmc_get_data_alias_list(&aliasList);
+            break;
+    }
+    if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
+        return 0;
+    else if(ec==0)
+    {
+        ckmc_alias_list_s *plist = aliasList;
+        size_t return_count = 0;
+        while(plist)
+        {
+            plist = plist->next;
+            return_count ++;
+        }
+        ckmc_alias_list_all_free(aliasList);
+
+        RUNNER_ASSERT_MSG(
+                return_count >= minimum_initial_element_count,
+                "Error: alias list failed, current element count: " << return_count <<
+                " while expected minimal count of " << minimum_initial_element_count <<
+                " elements");
+
+        return return_count;
+    }
+    else
+    {
+        // error - fail
+        RUNNER_ASSERT_MSG(
+                ec >= 0,
+                "Error: alias list failed, ec: " << CKMCErrorToString(ec));
+    }
+
+    return 0;
+}
+
+std::string sharedDatabase(const CKM::Alias & alias)
+{
+    return aliasWithLabel(ckmc_label_shared_owner, alias.c_str());
+}
diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h

index 586c68d..41160c0 100644 (file)
--- a/src/ckm/ckm-common.h
+++ b/src/ckm/ckm-common.h
@@ -173,3 +173,11 @@ void reset_user_data(uid_t user_id, const char *passwd);
  
  ckmc_raw_buffer_s prepare_message_buffer(const char * input);
  void check_alias_list(const CKM::AliasVector& expected);
+
+typedef enum {
+    ALIAS_KEY,
+    ALIAS_CERT,
+    ALIAS_DATA
+} alias_type_;
+size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0);
+std::string sharedDatabase(const CKM::Alias & alias);
diff --git a/src/ckm/main.cpp b/src/ckm/main.cpp

index 189edcc..92046b5 100644 (file)
--- a/src/ckm/main.cpp
+++ b/src/ckm/main.cpp
@@ -24,7 +24,13 @@
  namespace {
  const int USER_APP = 5000;
  const int GROUP_APP = 5000;
+
+const int USER_APP_2 = 5020;
+const int USER_APP_3 = 5030;
+
+const char * const APP_PASS  = "user-pass";
  const int USER_TEST = 5001;
+const char* TEST_LABEL = "test_label";
  
  const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
  const CKM::AliasVector EMPTY_ALIAS_VECTOR;
@@ -70,11 +76,11 @@ RUNNER_TEST(T0011_Control)
      auto control = CKM::Control::create();
  
      control->removeUserData(0);
-    control->removeUserData(20);
+    control->removeUserData(USER_APP_2);
      control->removeUserData(USER_APP);
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
          "Error=" << CKM::ErrorToString(temp));
  }
  
@@ -83,10 +89,10 @@ RUNNER_TEST(T0012_Control)
      int temp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
@@ -95,7 +101,7 @@ RUNNER_TEST(T0013_Control)
      int temp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
          "Error=" << CKM::ErrorToString(temp));
  }
  
@@ -104,31 +110,31 @@ RUNNER_TEST(T0014_Control)
      int temp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
          "Error=" << CKM::ErrorToString(temp));
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+        CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
          "Error=" << CKM::ErrorToString(temp));
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+        CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
          "Error=" << CKM::ErrorToString(temp));
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
          "Error=" << CKM::ErrorToString(temp));
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
          "Error=" << CKM::ErrorToString(temp));
  
      RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+        CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
          "Error=" << CKM::ErrorToString(temp));
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
@@ -137,16 +143,16 @@ RUNNER_TEST(T0015_Control)
      int temp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+        CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
@@ -155,19 +161,19 @@ RUNNER_TEST(T0016_Control_negative_wrong_password)
      int temp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+        CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(20)),
+        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
@@ -175,14 +181,7 @@ RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
  
  RUNNER_TEST(T1010_init)
  {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    unlock_user_data(USER_APP, "user-pass");
  }
  
  RUNNER_TEST(T1011_key)
@@ -203,7 +202,7 @@ RUNNER_TEST(T1011_key)
      CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
      auto key = CKM::Key::create(buffer, CKM::Password());
      CKM::KeyShPtr key2;
-    CKM::Alias alias = "mykey";
+    CKM::Alias alias = sharedDatabase("mykey");
  
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
@@ -223,7 +222,7 @@ RUNNER_TEST(T1012_certificate)
  
      auto cert = TestData::getTestCertificate(TestData::GIAG2);
      CKM::CertificateShPtr cert2;
-    CKM::Alias alias = "myCert";
+    CKM::Alias alias = sharedDatabase("myCert");
  
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
@@ -271,6 +270,10 @@ RUNNER_CHILD_TEST(T1013_user_app_save_key)
  
  RUNNER_TEST(T1014_save_with_label)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
      int temp;
      auto manager = CKM::Manager::create();
  
@@ -314,21 +317,8 @@ RUNNER_TEST(T1014_save_with_label)
  
  RUNNER_TEST(T1015_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
+    remove_user_data(USER_APP);
  }
  
  RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
@@ -338,9 +328,6 @@ RUNNER_TEST(T1020_init)
      int temp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
          "Error=" << CKM::ErrorToString(temp));
  }
@@ -364,21 +351,22 @@ RUNNER_TEST(T1021_save_keys_get_alias)
      auto key = CKM::Key::create(buffer, CKM::Password());
      CKM::AliasVector labelAliasVector;
  
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
+        CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
  }
  
  RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
@@ -404,6 +392,7 @@ RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
      auto key = CKM::Key::create(buffer, CKM::Password());
      CKM::AliasVector labelAliasVector;
  
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
@@ -417,8 +406,8 @@ RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
          CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
  }
  
  RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
@@ -458,35 +447,15 @@ RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
  
  RUNNER_TEST(T1029_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
+    remove_user_data(USER_APP);
  }
  
  RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-
  RUNNER_TEST(T1030_init)
  {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
+    reset_user_data(USER_APP, APP_PASS);
  }
  
  RUNNER_TEST(T1031_save_get_bin_data)
@@ -504,35 +473,36 @@ RUNNER_TEST(T1031_save_get_bin_data)
  
      CKM::AliasVector labelAliasVector;
  
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
+        CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
  
      CKM::RawBuffer buffer;
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
          buffer == buffer2,
          "Data corrupted");
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
          "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
  }
  
@@ -541,6 +511,7 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
      ScopedAccessProvider ap("mylabel");
      ap.allowAPI("key-manager::api-storage", "rw");
      ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
  
      int temp;
      auto manager = CKM::Manager::create();
@@ -551,6 +522,7 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
  
      CKM::AliasVector labelAliasVector;
  
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
@@ -564,8 +536,8 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
          CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 3,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
+        labelAliasVector.size() == (current_aliases_num+3),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
  }
  
  RUNNER_TEST(T1033_remove_bin_data)
@@ -578,80 +550,113 @@ RUNNER_TEST(T1033_remove_bin_data)
  
      CKM::AliasVector labelAliasVector;
  
-    std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
+    std::string invalid_address = sharedDatabase("i-do-not-exist");
      RUNNER_ASSERT_MSG(
          CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
+        CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
+        CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        labelAliasVector.size() == 1,
-        "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
+        labelAliasVector.size() == (current_aliases_num-2),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
  
      CKM::RawBuffer buffer;
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
          buffer == buffer2,
          "Data corrupted");
      RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
-RUNNER_TEST(T1034_getData_wrong_password)
+RUNNER_TEST(T1034_app_remove_bin_data)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int temp;
      auto manager = CKM::Manager::create();
  
-    std::string binData1 = "My bin data4";
+    std::string binData2 = "My bin data";
+    CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
  
-    CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+    CKM::AliasVector labelAliasVector;
  
+    size_t current_aliases_num = count_aliases(ALIAS_DATA);
+    std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+        "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
+        "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+        CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
          "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
+        "Error=" << CKM::ErrorToString(temp));
+    RUNNER_ASSERT_MSG(
+        labelAliasVector.size() == (current_aliases_num-2),
+        "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
  
      CKM::RawBuffer buffer;
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+        CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        buffer == buffer1,
+        buffer == buffer2,
          "Data corrupted");
-
      RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
-RUNNER_TEST(T1035_deinit)
+RUNNER_TEST(T1035_getData_wrong_password)
  {
      int temp;
-    auto control = CKM::Control::create();
+    auto manager = CKM::Manager::create();
+
+    std::string binData1 = "My bin data4";
+
+    CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
  
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+        CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
          "Error=" << CKM::ErrorToString(temp));
+
+    CKM::RawBuffer buffer;
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+        CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+        buffer == buffer1,
+        "Data corrupted");
+
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
+        CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
          "Error=" << CKM::ErrorToString(temp));
  }
  
+RUNNER_TEST(T1036_deinit)
+{
+    remove_user_data(0);
+    remove_user_data(USER_APP);
+}
+
  RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
  
  RUNNER_TEST(T1040_init)
@@ -674,6 +679,7 @@ RUNNER_CHILD_TEST(T1041_create_rsa_key)
      ap.allowAPI("key-manager::api-storage", "rw");
      ap.applyAndSwithToUser(USER_APP, GROUP_APP);
  
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
@@ -681,8 +687,8 @@ RUNNER_CHILD_TEST(T1041_create_rsa_key)
          CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        2 == (temp = av.size()),
-        "Vector size: " << temp << ". Expected: 2");
+        (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
  }
  
  RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
@@ -713,6 +719,7 @@ RUNNER_CHILD_TEST(T1043_create_dsa_key)
      ap.allowAPI("key-manager::api-storage", "rw");
      ap.applyAndSwithToUser(USER_APP, GROUP_APP);
  
+    size_t current_aliases_num = count_aliases(ALIAS_KEY);
      RUNNER_ASSERT_MSG(
          CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
          "Error=" << CKM::ErrorToString(temp));
@@ -720,21 +727,13 @@ RUNNER_CHILD_TEST(T1043_create_dsa_key)
          CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        2 == (temp = av.size()),
-        "Vector size: " << temp << ". Expected: 2");
+        (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
  }
  
  RUNNER_TEST(T1049_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(USER_APP);
  }
  
  
@@ -742,22 +741,15 @@ RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
  
  RUNNER_TEST(T1110_init)
  {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    unlock_user_data(USER_APP, "user-pass");
  }
  
  RUNNER_TEST(T1111_CreateKeyPairRSA)
  {
      int temp;
      auto manager = CKM::Manager::create();
-    CKM::Alias a1("rsa-test-1");
-    CKM::Alias a2("rsa-test-2");
+    CKM::Alias a1 = sharedDatabase("rsa-test-1");
+    CKM::Alias a2 = sharedDatabase("rsa-test-2");
      CKM::Policy p1;
      CKM::Policy p2;
      RUNNER_ASSERT_MSG(
@@ -772,8 +764,8 @@ RUNNER_TEST(T1112_CreateKeyPairDSA)
  {
      int temp;
      auto manager = CKM::Manager::create();
-    CKM::Alias a1("dsa-test-1");
-    CKM::Alias a2("dsa-test-2");
+    CKM::Alias a1 = sharedDatabase("dsa-test-1");
+    CKM::Alias a2 = sharedDatabase("dsa-test-2");
      CKM::Policy p1;
      CKM::Policy p2;
      RUNNER_ASSERT_MSG(
@@ -788,8 +780,8 @@ RUNNER_TEST(T1113_CreateKeyPairECDSA)
  {
      int temp;
      auto manager = CKM::Manager::create();
-    CKM::Alias a1("ecdsa-test-1");
-    CKM::Alias a2("ecdsa-test-2");
+    CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
+    CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
      CKM::Policy p1;
      CKM::Policy p2;
      RUNNER_ASSERT_MSG(
@@ -799,33 +791,23 @@ RUNNER_TEST(T1113_CreateKeyPairECDSA)
  
  RUNNER_TEST(T1114_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
  }
  
  RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
  
  RUNNER_TEST(T12100_init)
  {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    reset_user_data(USER_APP, APP_PASS);
  }
  
  RUNNER_TEST(T12101_key_exist)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int ret;
      auto manager = CKM::Manager::create();
  
@@ -857,6 +839,11 @@ RUNNER_TEST(T12101_key_exist)
  
  RUNNER_TEST(T12102_saveKey_empty_alias)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
          "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
          "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
@@ -881,6 +868,11 @@ RUNNER_TEST(T12102_saveKey_empty_alias)
  
  RUNNER_TEST(T12103_saveKey_foreign_label)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
        "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
@@ -904,6 +896,11 @@ RUNNER_TEST(T12103_saveKey_foreign_label)
  
  RUNNER_TEST(T12104_saveKey_empty_key)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      CKM::KeyShPtr key; //key is not initialized
      CKM::Alias alias = "empty-key";
  
@@ -916,6 +913,11 @@ RUNNER_TEST(T12104_saveKey_empty_key)
  
  RUNNER_TEST(T12105_saveCertificate_empty_alias)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      auto cert = TestData::getTestCertificate(TestData::GIAG2);
      CKM::Alias alias; //alias is not initialized
  
@@ -928,6 +930,11 @@ RUNNER_TEST(T12105_saveCertificate_empty_alias)
  
  RUNNER_TEST(T12106_saveCertificate_foreign_label)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      auto cert = TestData::getTestCertificate(TestData::GIAG2);
      CKM::Alias alias = "iamsomebodyelse alias";
  
@@ -940,6 +947,11 @@ RUNNER_TEST(T12106_saveCertificate_foreign_label)
  
  RUNNER_TEST(T12107_saveCertificate_empty_cert)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      CKM::CertificateShPtr cert; //cert is not initialized
      CKM::Alias alias = "empty-cert";
  
@@ -952,6 +964,11 @@ RUNNER_TEST(T12107_saveCertificate_empty_cert)
  
  RUNNER_TEST(T12108_saveData_empty_alias)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      std::string testData = "test data test data test data";
      CKM::RawBuffer buffer(testData.begin(), testData.end());
      CKM::Alias alias;
@@ -965,6 +982,11 @@ RUNNER_TEST(T12108_saveData_empty_alias)
  
  RUNNER_TEST(T12109_saveData_foreign_label)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      std::string testData = "test data test data test data";
      CKM::RawBuffer buffer(testData.begin(), testData.end());
      CKM::Alias alias = "iamsomebodyelse alias";
@@ -978,6 +1000,11 @@ RUNNER_TEST(T12109_saveData_foreign_label)
  
  RUNNER_TEST(T12110_saveData_empty_data)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      CKM::RawBuffer buffer;
      CKM::Alias alias = "empty-data";
  
@@ -994,6 +1021,11 @@ RUNNER_TEST(T12110_saveData_empty_data)
  
  RUNNER_TEST(T12111_getKey_alias_not_exist)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      CKM::KeyShPtr key;
      CKM::Alias alias = "this-alias-not-exist";
  
@@ -1006,6 +1038,11 @@ RUNNER_TEST(T12111_getKey_alias_not_exist)
  
  RUNNER_TEST(T12112_getCertificate_alias_not_exist)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      CKM::CertificateShPtr certificate;
      CKM::Alias alias = "this-alias-not-exist";
  
@@ -1018,6 +1055,11 @@ RUNNER_TEST(T12112_getCertificate_alias_not_exist)
  
  RUNNER_TEST(T12113_getData_alias_not_exist)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int temp;
      auto manager = CKM::Manager::create();
      CKM::RawBuffer buffer;
@@ -1032,6 +1074,11 @@ RUNNER_TEST(T12113_getData_alias_not_exist)
   */
  RUNNER_TEST(T12114_rsa_key_damaged)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int ret;
      auto manager = CKM::Manager::create();
  
@@ -1059,6 +1106,11 @@ RUNNER_TEST(T12114_rsa_key_damaged)
  
  RUNNER_TEST(T12115_rsa_key_too_short)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int ret;
      auto manager = CKM::Manager::create();
  
@@ -1083,6 +1135,11 @@ RUNNER_TEST(T12115_rsa_key_too_short)
  
  RUNNER_TEST(T12116_dsa_key_too_short)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int ret;
      auto manager = CKM::Manager::create();
  
@@ -1115,6 +1172,11 @@ RUNNER_TEST(T12116_dsa_key_too_short)
  
  RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      int ret;
      auto manager = CKM::Manager::create();
  
@@ -1157,6 +1219,11 @@ RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
  
  RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
  {
+    ScopedAccessProvider ap("mylabel");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
      // fake the client - let the service detect the problem
      class WrongCertImpl : public CKM::Certificate
      {
@@ -1198,26 +1265,14 @@ RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
  
  RUNNER_TEST(T12119_deinit)
  {
-     int temp;
-     auto control = CKM::Control::create();
-
-     RUNNER_ASSERT_MSG(
-         CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-         "Error=" << CKM::ErrorToString(temp));
-     RUNNER_ASSERT_MSG(
-         CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-         "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(USER_APP);
  }
  
  RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
  
  RUNNER_TEST(T1311_init)
  {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
      RUNNER_ASSERT_MSG(time(0) > 1405343457,
          "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
  
@@ -1268,9 +1323,7 @@ RUNNER_TEST(T1313_get_chain_with_alias)
  
      CKM::CertificateShPtrVector certChain;
      CKM::AliasVector aliasVector;
-    CKM::Alias alias("imcert");
-    CharPtr top_label = get_label();
-    std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+    CKM::Alias alias = sharedDatabase("imcert");
  
      int tmp;
      auto manager = CKM::Manager::create();
@@ -1290,7 +1343,7 @@ RUNNER_TEST(T1313_get_chain_with_alias)
          CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
          "Error=" << CKM::ErrorToString(tmp));
  
-    aliasVector.push_back(full_address);
+    aliasVector.push_back(alias);
  
      tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
      RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
@@ -1340,26 +1393,14 @@ RUNNER_TEST(T1314_ocsp_check)
  
  RUNNER_TEST(T1315_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
  }
  
  RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
  
  RUNNER_TEST(T1411_init)
  {
-    int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
  }
  
  RUNNER_TEST(T1412_rsa_key_create_verify)
@@ -1410,8 +1451,8 @@ RUNNER_TEST(T1412_rsa_key_create_verify)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "pub1";
-    CKM::Alias aliasPrv = "prv1";
+    CKM::Alias aliasPub = sharedDatabase("pub1");
+    CKM::Alias aliasPrv = sharedDatabase("prv1");
      CKM::Password password = "1234";
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -1486,8 +1527,8 @@ RUNNER_TEST(T1413_dsa_key_create_verify)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "pub2";
-    CKM::Alias aliasPrv = "prv2";
+    CKM::Alias aliasPub = sharedDatabase("pub2");
+    CKM::Alias aliasPrv = sharedDatabase("prv2");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
      CKM::RawBuffer signature;
@@ -1547,8 +1588,8 @@ RUNNER_TEST(T1414_ec_key_create_verify)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "ecpub2";
-    CKM::Alias aliasPrv = "ecprv2";
+    CKM::Alias aliasPub = sharedDatabase("ecpub2");
+    CKM::Alias aliasPrv = sharedDatabase("ecprv2");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
      CKM::RawBuffer signature;
@@ -1609,8 +1650,8 @@ RUNNER_TEST(T1415_rsa_key_create_verify_negative)
      auto manager = CKM::Manager::create();
      std::string message = "message asdfaslkdfjlksadjf test";
  
-    CKM::Alias aliasPub = "pub1";
-    CKM::Alias aliasPrv = "prv1";
+    CKM::Alias aliasPub = sharedDatabase("pub1");
+    CKM::Alias aliasPrv = sharedDatabase("prv1");
  
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -1656,8 +1697,8 @@ RUNNER_TEST(T1416_dsa_key_create_verify_negative)
      auto manager = CKM::Manager::create();
      std::string message = "message asdfaslkdfjlksadjf test";
  
-    CKM::Alias aliasPub = "pub2";
-    CKM::Alias aliasPrv = "prv2";
+    CKM::Alias aliasPub = sharedDatabase("pub2");
+    CKM::Alias aliasPrv = sharedDatabase("prv2");
  
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -1739,8 +1780,8 @@ RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "pub1-cert";
-    CKM::Alias aliasPrv = "prv1-cert";
+    CKM::Alias aliasPub = sharedDatabase("pub1-cert");
+    CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
      CKM::RawBuffer signature;
@@ -1836,8 +1877,8 @@ RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "pub2-cert";
-    CKM::Alias aliasPrv = "prv2-cert";
+    CKM::Alias aliasPub = sharedDatabase("pub2-cert");
+    CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
      CKM::RawBuffer signature;
@@ -1927,8 +1968,8 @@ RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "pub3";
-    CKM::Alias aliasPrv = "prv3";
+    CKM::Alias aliasPub = sharedDatabase("pub3");
+    CKM::Alias aliasPrv = sharedDatabase("prv3");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
      CKM::RawBuffer signature;
@@ -1985,15 +2026,7 @@ RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
  
  RUNNER_TEST(T1420_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
  }
  
  RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
@@ -2001,10 +2034,7 @@ RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
  RUNNER_TEST(T14180_init)
  {
      int temp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
  
      auto manager = CKM::Manager::create();
  
@@ -2050,8 +2080,8 @@ RUNNER_TEST(T14180_init)
        "zQIDAQAB\n"
        "-----END PUBLIC KEY-----\n";
  
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
      CKM::Password password = "1234";
  
      auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
@@ -2081,8 +2111,8 @@ RUNNER_TEST(T14180_init)
          "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
          "-----END PUBLIC KEY-----\n";
  
-    CKM::Alias aliasEcPub = "ecpub_nohash1";
-    CKM::Alias aliasEcPrv = "ecprv_nohash1";
+    CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
+    CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
  
      auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
      auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
@@ -2107,8 +2137,8 @@ RUNNER_TEST(T14181_rsa_create_signatue_nohash)
      auto manager = CKM::Manager::create();
      std::string message = "message asdfaslkdfjlksadjf test";
  
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
  
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -2154,8 +2184,8 @@ RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
      auto manager = CKM::Manager::create();
      std::string message = "message asdfaslkdfjlksadjf test";
  
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
  
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
@@ -2197,8 +2227,8 @@ RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
                            "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
                            "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
  
-    CKM::Alias aliasPub = "pub_nohash1";
-    CKM::Alias aliasPrv = "prv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
  
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
@@ -2223,8 +2253,8 @@ RUNNER_TEST(T14184_ec_create_signatue_nohash)
  
      std::string message = "message test";
  
-    CKM::Alias aliasPub = "ecpub_nohash1";
-    CKM::Alias aliasPrv = "ecprv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
      CKM::RawBuffer signature;
@@ -2272,13 +2302,13 @@ RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
      int msgSize = 1024*1024;
      char big_msg[msgSize];
      for(int i =0; i<msgSize-1; i++) {
-       big_msg[i] = 'a';
+        big_msg[i] = 'a';
      }
      big_msg[msgSize-1]=0x00;
      std::string message(big_msg);
  
-    CKM::Alias aliasPub = "ecpub_nohash1";
-    CKM::Alias aliasPrv = "ecprv_nohash1";
+    CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
+    CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
      CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
      CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
      CKM::RawBuffer signature;
@@ -2297,15 +2327,7 @@ RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
  
  RUNNER_TEST(T14189_deinit)
  {
-    int temp;
-    auto control = CKM::Control::create();
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (temp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(temp));
+    remove_user_data(0);
  }
  
  
@@ -2313,15 +2335,11 @@ RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
  
  RUNNER_CHILD_TEST(T1510_init_unlock_key)
  {
-    int tmp;
      ScopedAccessProvider ap("my-label");
      ap.allowAPI("key-manager::api-control", "rw");
      ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
  
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
-        "Error=" << CKM::ErrorToString(tmp));
+    unlock_user_data(USER_TEST, "strong-password");
  }
  
  RUNNER_CHILD_TEST(T1511_insert_data)
@@ -2364,11 +2382,11 @@ RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
  
  RUNNER_TEST(T1701_init_unlock_key)
  {
-    int tmp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
-        "Error=" << CKM::ErrorToString(tmp));
+    ScopedAccessProvider ap("t170-special-label");
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+    unlock_user_data(USER_TEST+1, "t170-special-password");
  }
  
  RUNNER_CHILD_TEST(T1702_insert_data)
@@ -2381,6 +2399,7 @@ RUNNER_CHILD_TEST(T1702_insert_data)
      auto certee = TestData::getTestCertificate(TestData::MBANK);
  
      auto manager = CKM::Manager::create();
+    size_t current_aliases_num = count_aliases(ALIAS_CERT);
      int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
  
      RUNNER_ASSERT_MSG(
@@ -2392,8 +2411,8 @@ RUNNER_CHILD_TEST(T1702_insert_data)
          CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
          "Error=" << CKM::ErrorToString(temp));
      RUNNER_ASSERT_MSG(
-        1 == (temp = av.size()),
-        "Vector size: " << temp << ". Expected: 1");
+        (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
+        "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
  }
  
  RUNNER_TEST(T1703_removeApplicationData)
@@ -2425,15 +2444,7 @@ RUNNER_CHILD_TEST(T1704_data_test)
  
  RUNNER_TEST(T1705_deinit)
  {
-    int tmp;
-
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
-        "Error=" << CKM::ErrorToString(tmp));
+    remove_user_data(USER_TEST+1);
  }
  
  RUNNER_TEST(T17101_init)
@@ -2639,39 +2650,24 @@ RUNNER_CHILD_TEST(T17111_check_data_04)
  
  RUNNER_TEST(T17112_deinit)
  {
-    int tmp;
-
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
-        "Error=" << CKM::ErrorToString(tmp));
-
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
-        "Error=" << CKM::ErrorToString(tmp));
+    remove_user_data(USER_TEST+2);
+    remove_user_data(USER_TEST+3);
  }
  
  RUNNER_TEST_GROUP_INIT(T180_PKCS12);
  
  namespace
  {
-CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
-CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
-CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
-CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
-CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
-const char *PKCS_PASSWD = "PKCS-pass";
+CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
+CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
+CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
+CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
+CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
  }
  
  RUNNER_TEST(T1800_init)
  {
-    reset_user_data(0, PKCS_PASSWD);
+    remove_user_data(0);
  }
  
  RUNNER_TEST(T1801_parse_PKCS12) {
@@ -2858,7 +2854,7 @@ RUNNER_TEST(T1806_get_PKCS)
  
      // fail - no entry
      RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
          "Error=" << CKM::ErrorToString(temp));
  
      // fail - not exportable
@@ -3114,7 +3110,7 @@ RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
  
  RUNNER_TEST(T1812_get_pkcs12_password_tests)
  {
-    CKM::Alias alias = "t1812alias1";
+    CKM::Alias alias = sharedDatabase("t1812alias1");
  
      auto manager = CKM::Manager::create();
      std::ifstream is("/usr/share/ckm-test/pkcs.p12");
@@ -3183,24 +3179,21 @@ RUNNER_TEST(T1813_deinit)
  }
  
  RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-
+namespace {
+const char * const T190_PASSWD = "t190-special-password";
+}
  RUNNER_TEST(T1901_init_unlock_key)
  {
-    int tmp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(tmp));
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
-        "Error=" << CKM::ErrorToString(tmp));
+    reset_user_data(USER_APP, T190_PASSWD);
  }
  
  RUNNER_TEST(T1902_get_data)
  {
+    ScopedAccessProvider ap(TEST_LABEL);
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+    ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
+
      auto manager = CKM::Manager::create();
      CKM::KeyShPtr ptr;
  
@@ -3216,12 +3209,16 @@ RUNNER_TEST(T1903_lock_database)
      int tmp;
      auto control = CKM::Control::create();
      RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+        CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
          "Error=" << CKM::ErrorToString(tmp));
  }
  
  RUNNER_TEST(T1904_get_data_from_locked_database)
  {
+    ScopedAccessProvider ap(TEST_LABEL);
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
      auto manager = CKM::Manager::create();
      CKM::KeyShPtr ptr;
  
@@ -3234,11 +3231,7 @@ RUNNER_TEST(T1904_get_data_from_locked_database)
  
  RUNNER_TEST(T1905_deinit)
  {
-    int tmp;
-    auto control = CKM::Control::create();
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
-        "Error=" << CKM::ErrorToString(tmp));
+    remove_user_data(USER_APP);
  }
  
  int main(int argc, char *argv[])
diff --git a/src/ckm/system-db.cpp b/src/ckm/system-db.cpp

index dd1b97a..6b705f0 100644 (file)
--- a/src/ckm/system-db.cpp
+++ b/src/ckm/system-db.cpp
@@ -68,7 +68,7 @@ RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
      // add permission to the resource to a user app
      // [test]
      // switch to user app, leave DB locked
-    // try to access system DB item - expect fail
+    // try to access system DB item - expect success
  
      // [prepare]
      GarbageCollector gc;
diff --git a/src/ckm/test-certs.cpp b/src/ckm/test-certs.cpp

index 0c615e0..0cbea40 100644 (file)
--- a/src/ckm/test-certs.cpp
+++ b/src/ckm/test-certs.cpp
@@ -281,18 +281,18 @@ CertMap initializeTestCerts()
          cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64));
      }
  
-    // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015
+    // GOOGLE_COM, *.google.com - signed by GIAG2, expires 21 Jul 2015
      {
          std::string raw_base64 = std::string(
              "-----BEGIN CERTIFICATE-----\n"
-            "MIIGxTCCBa2gAwIBAgIIBIsVw6gw3hgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+            "MIIGxTCCBa2gAwIBAgIIF4oWRtoEsZgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
              "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
-            "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjExMTI0NzAyWhcNMTUwNTEyMDAwMDAw\n"
+            "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNDIyMTM0NzM5WhcNMTUwNzIxMDAwMDAw\n"
              "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
              "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n"
-            "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmokK6sw/osw7yrkc\n"
-            "rSJZk5FAod6yrCptxyq7AssrJbcTCpuxGbG9Ip6/jR8QP4109kZxadoaZ/0ICOh5\n"
-            "bHx44qOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
+            "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeI/HfDmnVdpQ4JNA\n"
+            "9z7aYLzV30SZp0EFfrC5iV4l4AVNRfnCjOdYrdx387n9mhVPghWVWDkb05JtRZqr\n"
+            "9vgwMqOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
              "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n"
              "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n"
              "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n"
@@ -312,16 +312,16 @@ CertMap initializeTestCerts()
              "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n"
              "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n"
              "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n"
-            "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBShZRhQFOqlCCt51oEJBD94sL7K4zAMBgNV\n"
+            "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTgUFAZJ8fMjqEj8KpwMspvje7cSzAMBgNV\n"
              "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1Ud\n"
              "IAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtp\n"
-            "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBOQBrolcUp\n"
-            "UFh/5O369pXbuxDZajpSKAjX4Zu6L5LxS9NQRuWqheWNsNcZMRzZ6dP6xpeqf522\n"
-            "zUjzUEzDCOaxCbccakucnXUvg3/m5qgYhxUmLdZjXZ53mTCy4tHbswQrwnxZH+t+\n"
-            "Y4rlJFr4bzPNPx7ucB7wRvxFGCjWXflK1JpgXmUcjFFu8/xrlqJdCwmrjEOJaVRq\n"
-            "urh11t2o4N/DjdboKWBdv+reuijPjzJTKmTbjuZU/bty6COIqtu8vWD39xRCK2y+\n"
-            "W6und7oGKIEvisrLIoHRRgBPfiFBxuzLbvOg/mGbz34pSuBJEzMxrAbkOnGWEQOm\n"
-            "B3KPgoV0lPFo\n"
+            "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQA2YKaE9hJu\n"
+            "96a81VC53Qrk1JbhMeVRL+uLsidRNK2uBCzJs4zkKT8QTp2m0w792djprAMDuzKx\n"
+            "GUaVj9TyAX5b1ObcRh2cvom1bzakjWpr1sLW+71vPIeRK8XZvbkVpvgbUF5pQFda\n"
+            "xZmS49iTG4+8yH6jSnlC/GLSFBihIYmKhU4HSOvzhRBbMNc6ldfvyomE0DtGJXDs\n"
+            "qOQqfwpyUopGZIIiETLw3PQrdrXSxhoTaVdvL0V9+SGS4Dp7D+WsNl23a7nhxUv3\n"
+            "PSl6FTRcANKzXflSpdbu9BsuD78KQNnK2cl0mlcE8PETflMFjogi7OhEEQitwp3S\n"
+            "043LZ7LBy0m5\n"
              "-----END CERTIFICATE-----\n");
          cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64));
      }
diff --git a/src/ckm/test-certs.h b/src/ckm/test-certs.h

index f920eaf..7f55b7d 100644 (file)
--- a/src/ckm/test-certs.h
+++ b/src/ckm/test-certs.h
@@ -39,7 +39,7 @@ enum certificateID {
      SYMANTEC,                       // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
      GEOTRUST,                       // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018
      EQUIFAX,                        // EQUIFAX (root CA), expires 22 Aug 2018
-    GOOGLE_COM,                     // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015
+    GOOGLE_COM,                     // GOOGLE_COM, *.google.com - signed by GIAG2, expires 21 Jul 2015
  
      // footer - last element in the set
      NO_CERT
diff --git a/src/common/tests_common.h b/src/common/tests_common.h

index c03d37a..8e83ef5 100644 (file)
--- a/src/common/tests_common.h
+++ b/src/common/tests_common.h
@@ -34,8 +34,10 @@
  #include <errno.h>
  #include <string.h>
  
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
+const uid_t APP_UID     = 5000;
+const gid_t APP_GID     = 5000;
+const uid_t APP_UID_2   = 5200;
+const gid_t APP_GID_2   = 5200;
  const uid_t DB_ALARM_UID = 6001;
  const gid_t DB_ALARM_GID = 6001;
  const std::string TMP_DIR("/tmp");
author	Maciej J. Karpiuk <m.karpiuk2@samsung.com>
	Wed, 22 Apr 2015 08:43:21 +0000 (10:43 +0200)
committer	Maciej J. Karpiuk <m.karpiuk2@samsung.com>
	Fri, 15 May 2015 07:56:19 +0000 (09:56 +0200)
src/ckm/async-api.cpp		patch \| blob \| history
src/ckm/capi-access_control.cpp		patch \| blob \| history
src/ckm/capi-certificate-chains.cpp		patch \| blob \| history
src/ckm/capi-testcases.cpp		patch \| blob \| history
src/ckm/cc-mode.cpp		patch \| blob \| history
src/ckm/ckm-common.cpp		patch \| blob \| history
src/ckm/ckm-common.h		patch \| blob \| history
src/ckm/main.cpp		patch \| blob \| history
src/ckm/system-db.cpp		patch \| blob \| history
src/ckm/test-certs.cpp		patch \| blob \| history
src/ckm/test-certs.h		patch \| blob \| history
src/common/tests_common.h		patch \| blob \| history