#include <unistd.h>
#include <sys/types.h>
-#include <fstream>
-#include <iostream>
-
-#include <netdb.h>
+#include <array>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
-#include <scoped-app-context.h>
#include <ckm-common.h>
#include <ckm-privileged-common.h>
#include <ckm_helpers.h>
+#include <scoped_app_launcher.h>
+#include <scoped_installer.h>
+#include <test_user.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
#include <ckm/ckm-type.h>
-#include <ckm/ckm-pkcs12.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
namespace {
-const gid_t GROUP_ID = 5000;
-
const char * const APP_PASS = "user-pass";
-const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
-const CKM::AliasVector EMPTY_ALIAS_VECTOR;
-} // namespace anonymous
-
-/*
- * How to numerate tests:
- * TABCD_NAME
- * T - test case (always T)
- * AB - number of test group (always two digits)
- * C - test number in group (all tests with same TABC must be run in the same time).
- * D - subtest.
- */
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+uid_t USER_ID;
+uid_t USER_ID2;
+std::string PKG_ID;
-RUNNER_TEST(T1510_init_unlock_key)
-{
- reset_user_data(OWNER_USER_ID, APP_PASS);
-}
+std::unique_ptr<AppInstallHelper> USER1_APP1;
+std::unique_ptr<AppInstallHelper> USER1_APP2;
+std::unique_ptr<AppInstallHelper> USER2_APP1;
+std::unique_ptr<AppInstallHelper> USER2_APP2;
-RUNNER_TEST(T1511_insert_data)
+class AppInstallationFixture: public DPL::Test::TestGroup
{
- auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
- auto certim = TestData::getTestCertificate(TestData::TEST_IM_CA);
- CKM::Alias certeeAlias("CertEE");
- CKM::Alias certimAlias("CertIM");
+public:
+ void Init() override
{
- ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, GROUP_ID);
+ m_user = std::make_unique<TestUser>(
+ TestUser::createTemporary("ckm_test_user", GUM_USERTYPE_NORMAL, false));
+ USER_ID = m_user->getUid();
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
- }
-
- // restart CKM
- stop_service(MANAGER);
- start_service(MANAGER);
+ m_user2 = std::make_unique<TestUser>(
+ TestUser::createTemporary("ckm_test_user2", GUM_USERTYPE_NORMAL, false));
+ USER_ID2 = m_user2->getUid();
- // actual test
- {
- ScopedDBUnlock unlock(OWNER_USER_ID, APP_PASS);
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, GROUP_ID);
-
- auto manager = CKM::Manager::create();
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::APICodeToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::APICodeToString(status2));
- }
-}
+ USER1_APP1 = std::make_unique<AppInstallHelper>("ckm_test_app", m_user->getUid());
+ m_installer = std::make_unique<ScopedInstaller>(*USER1_APP1);
-RUNNER_TEST(T1519_deinit)
-{
- remove_user_data(OWNER_USER_ID);
-}
+ USER1_APP2 = std::make_unique<AppInstallHelper>("ckm_test_app2", m_user->getUid());
+ m_installer2 = std::make_unique<ScopedInstaller>(*USER1_APP2);
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+ USER2_APP1 = std::make_unique<AppInstallHelper>("ckm_test_app", m_user2->getUid());
-RUNNER_TEST(T1701_init_unlock_key)
-{
- unlock_user_data(OWNER_USER_ID+1, "t170-special-password");
+ USER2_APP2 = std::make_unique<AppInstallHelper>("ckm_test_app2", m_user2->getUid());
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID);
-}
+ PKG_ID = USER1_APP1->getPkgId();
+ }
-RUNNER_CHILD_TEST(T1702_insert_data)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID);
+ void Finish() override
+ {
+ m_installer2.reset();
+ m_installer.reset();
+ m_user2.reset();
+ m_user.reset();
+ }
- auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
+private:
+ std::unique_ptr<ScopedInstaller> m_installer;
+ std::unique_ptr<ScopedInstaller> m_installer2;
+ std::unique_ptr<TestUser> m_user2;
+ std::unique_ptr<TestUser> m_user;
+};
+void checkAppDataPresence(bool present) {
+ size_t expected = present ? 1 : 0;
+ CKM::AliasVector av;
+ int err;
auto manager = CKM::Manager::create();
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::APICodeToString(status1));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (err = manager->getDataAliasVector(av)),
+ "Error=" << CKM::APICodeToString(err));
+ RUNNER_ASSERT_MSG(expected == av.size(),
+ "Vector size: " << av.size() << ". Expected: " << expected);
+};
- CKM::AliasVector av;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
+CKM::CertificateShPtr certEE() {
+ static auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ return cert;
}
-
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
- "Error=" << CKM::APICodeToString(tmp));
+CKM::CertificateShPtr certIM() {
+ static auto cert = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ return cert;
}
+const CKM::Alias CERT_EE_ALIAS("CertEE");
+const CKM::Alias CERT_IM_ALIAS("CertIM");
-RUNNER_CHILD_TEST(T1704_data_test)
+class RestartFixture
{
- int temp;
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+1, GROUP_ID);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+public:
+ void init(const std::string &) {
+ auto unlock = std::make_unique<ScopedDBUnlock>(USER_ID, APP_PASS);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ auto manager = CKM::Manager::create();
+ auto ret = manager->saveCertificate(CERT_EE_ALIAS, certEE(), CKM::Policy());
+ if (ret != CKM_API_SUCCESS)
+ RUNNER_ERROR_MSG("CERT_EE saving failed: " << ret);
+
+ ret = manager->saveCertificate(CERT_IM_ALIAS, certIM(), CKM::Policy());
+ if (ret != CKM_API_SUCCESS)
+ RUNNER_ERROR_MSG("CERT_IM saving failed: " << ret);
+ });
+ }
+ void finish() {
+ auto unlock = std::make_unique<ScopedDBUnlock>(USER_ID, APP_PASS);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ auto manager = CKM::Manager::create();
+ auto ret = manager->removeAlias(CERT_EE_ALIAS);
+ if (ret != CKM_API_SUCCESS)
+ RUNNER_ERROR_MSG("CERT_EE removal failed: " << ret);
+
+ ret = manager->removeAlias(CERT_IM_ALIAS);
+ if (ret != CKM_API_SUCCESS)
+ RUNNER_ERROR_MSG("CERT_IM removal failed: " << ret);
+ });
+ }
+};
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
+} // namespace anonymous
-RUNNER_TEST(T1705_deinit)
-{
- remove_user_data(OWNER_USER_ID+1);
-}
+RUNNER_TEST_GROUP_INIT_ENV(T151_CKM_STORAGE_PERMANENT_TESTS, AppInstallationFixture);
-RUNNER_TEST(T17101_init)
+RUNNER_CHILD_TEST(T1510_restart_test, RestartFixture)
{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+2)),
- "Error=" << CKM::APICodeToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(OWNER_USER_ID+2)),
- "Error=" << CKM::APICodeToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+2, "t1706-special-password")),
- "Error=" << CKM::APICodeToString(tmp));
+ stop_service(MANAGER);
+ start_service(MANAGER);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+3)),
- "Error=" << CKM::APICodeToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(OWNER_USER_ID+3)),
- "Error=" << CKM::APICodeToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+3, "t1706-special-password")),
- "Error=" << CKM::APICodeToString(tmp));
+ auto unlock = std::make_unique<ScopedDBUnlock>(USER_ID, APP_PASS);
+ ScopedAppLauncher(*USER1_APP1, [&]{
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(CERT_EE_ALIAS, certEE(), CKM::Policy());
+ int status2 = manager->saveCertificate(CERT_IM_ALIAS, certIM(), CKM::Policy());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+ "Certificate should be in database already. Error=" << CKM::APICodeToString(status1));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+ "Certificate should be in database already. Error=" << CKM::APICodeToString(status2));
+ });
}
-RUNNER_CHILD_TEST(T17102_prep_data_01)
+RUNNER_CHILD_TEST(T1520_remove_app_cert)
{
+ SynchronizationPipe syncPipe;
int temp;
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+2, GROUP_ID);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedAppLauncher app1(*USER1_APP1, [&]{
+ auto certee = TestData::getTestCertificate(TestData::TEST_LEAF);
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKM::APICodeToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKM::APICodeToString(temp));
-}
+ ScopedRemoveData srd("CertEEE");
-RUNNER_CHILD_TEST(T17103_prep_data_02)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+2, GROUP_ID);
+ CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::APICodeToString(temp));
+ RUNNER_ASSERT_MSG(1 == av.size(), "Vector size: " << av.size() << ". Expected: " << 1);
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+ syncPipe.claimChildEp();
+ syncPipe.post();
+ syncPipe.wait(); // wait for removal
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ av.clear();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::APICodeToString(temp));
+ RUNNER_ASSERT_MSG(av.empty(), "Vector size: " << av.size() << ". Expected: 0");
+ });
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ syncPipe.claimParentEp();
+ syncPipe.wait(); // wait for save & get
+ auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ CKM_API_SUCCESS == (temp = control->removeApplicationData(PKG_ID)),
"Error=" << CKM::APICodeToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17104_prep_data_03)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+3, GROUP_ID);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
- "Error=" << CKM::APICodeToString(temp));
+ syncPipe.post();
}
-RUNNER_CHILD_TEST(T17105_prep_data_04)
+RUNNER_CHILD_TEST(T1530_remove_app_data)
{
int temp;
- ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+3, GROUP_ID);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+ std::array<SynchronizationPipe, 4> syncPipe;
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
+ ScopedDBUnlock unlock(USER_ID, APP_PASS);
+ ScopedDBUnlock unlock2(USER_ID2, APP_PASS);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
- "Error=" << CKM::APICodeToString(temp));
-}
+ ScopedAppLauncher user1_app1(*USER1_APP1, [&]{
+ // user1 app1
+ ScopedSaveData ssd("data1", data.c_str());
-RUNNER_TEST(T17106_remove_application)
-{
- int tmp;
+ syncPipe[0].claimChildEp();
+ syncPipe[0].post();
+ syncPipe[0].wait(); // wait for app removal
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(OWNER_USER_ID+3)),
- "Error=" << CKM::APICodeToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
- "Error=" << CKM::APICodeToString(tmp));
-}
+ checkAppDataPresence(false);
+ });
-RUNNER_CHILD_TEST(T17107_check_data_01)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+2, GROUP_ID);
+ ScopedAppLauncher user1_app2(*USER1_APP2, [&]{
+ // user1 app2
+ ScopedSaveData ssd("data2", data.c_str());
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+ syncPipe[1].claimChildEp();
+ syncPipe[1].post();
+ syncPipe[1].wait(); // wait for app removal
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
+ checkAppDataPresence(true);
+ });
-RUNNER_CHILD_TEST(T17108_check_data_02)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+2, GROUP_ID);
+ ScopedAppLauncher user2_app1(*USER2_APP1, [&]{
+ // user2 app1
+ ScopedSaveData ssd("data3", data.c_str());
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+ syncPipe[2].claimChildEp();
+ syncPipe[2].post();
+ syncPipe[2].wait(); // wait for app removal
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
+ checkAppDataPresence(false);
+ });
-RUNNER_TEST(T17109_unlock_user2)
-{
- int tmp;
+ ScopedAppLauncher user2_app2(*USER2_APP2, [&]{
+ // user2 app2
+ ScopedSaveData ssd("data4", data.c_str());
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(OWNER_USER_ID+3, "t1706-special-password")),
- "Error=" << CKM::APICodeToString(tmp));
-}
+ syncPipe[3].claimChildEp();
+ syncPipe[3].post();
+ syncPipe[3].wait(); // wait for app removal
-RUNNER_CHILD_TEST(T17110_check_data_03)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID+3, GROUP_ID);
+ checkAppDataPresence(true);
+ });
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17111_check_data_04)
-{
- int temp;
- ScopedAppContext ctx(TEST_LABEL_2, OWNER_USER_ID+3, GROUP_ID);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
+ for (size_t i = 0; i < sizeof(syncPipe) / sizeof(syncPipe[0]); ++i) {
+ syncPipe[i].claimParentEp();
+ syncPipe[i].wait(); // wait for save
+ }
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::APICodeToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
+ // remove app1 as root
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeApplicationData(PKG_ID)),
+ "Error=" << CKM::APICodeToString(temp));
-RUNNER_TEST(T17112_deinit)
-{
- remove_user_data(OWNER_USER_ID+2);
- remove_user_data(OWNER_USER_ID+3);
+ for (size_t i = 0; i < syncPipe.size(); ++i) {
+ syncPipe[i].post();
+ }
}
int main(int argc, char *argv[])
projects / platform / core / test / security-tests.git / commitdiff