}
std::string getOwnerIdFromSelf() {
- const std::string& prefix = SMACK_USER_APP_PREFIX;
- std::string smack = getLabel();
- if (0 == smack.compare(0, prefix.size(), prefix))
- return smack.substr(prefix.size(), std::string::npos);
- return "/" + smack;
+ if (smack_check()) {
+ const std::string& prefix = SMACK_USER_APP_PREFIX;
+ std::string smack = getLabel();
+ if (0 == smack.compare(0, prefix.size(), prefix))
+ return smack.substr(prefix.size());
+ smack.insert(smack.begin(), '/');
+ return smack;
+ } else {
+ return "default_app_no_Smack_mode";
+ }
}
-std::string aliasWithLabel(const char *label, const char *alias)
+std::string aliasWithLabel(const std::string& label, const std::string& alias)
{
- if(label)
+ if (!label.empty())
{
- std::stringstream ss;
- ss << label << std::string(ckmc_label_name_separator) << alias;
- return ss.str();
+ auto res = label + ckmc_label_name_separator;
+ res += alias;
+ return res;
}
- return std::string(alias);
+ return alias;
}
-std::string aliasWithLabelFromSelf(const char *alias)
+std::string aliasWithLabelFromSelf(const std::string_view& alias)
{
- std::ostringstream oss;
- oss << getOwnerIdFromSelf() << ckmc_label_name_separator << alias;
-
- return oss.str();
+ auto res = getOwnerIdFromSelf();
+ res += ckmc_label_name_separator;
+ res += alias;
+ return res;
}
#define ERRORDESCRIBE(name) case name: return #name
callCKMManagerDataFunc(data, alias, policy, &CKM::Manager::saveData, expected);
}
-void save_data(const char* alias, const char *data, size_t len, const char* password,
+void save_data(const std::string& alias, const char *data, size_t len, const char* password,
int expected_err, bool exportable)
{
- RUNNER_ASSERT(alias);
RUNNER_ASSERT(data);
ckmc_raw_buffer_s buffer;
ckmc_policy_s policy;
policy.password = const_cast<char*>(password);
policy.extractable = exportable;
- int ret = ckmc_save_data(alias, buffer, policy);
+ int ret = ckmc_save_data(alias.c_str(), buffer, policy);
RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
<< CKMCErrorToString(ret) << " while expected: "
<< CKMCErrorToString(expected_err));
}
-void save_data(const char* alias, const char *data, int expected_err, bool exportable)
+void save_data(const std::string& alias, const char *data, int expected_err, bool exportable)
{
save_data(alias, data, strlen(data), nullptr, expected_err, exportable);
}
-void save_data(const char* alias, const char *data, size_t len, int expected_err, bool exportable)
+void save_data(const std::string& alias, const char *data, size_t len, int expected_err, bool exportable)
{
save_data(alias, data, len, nullptr, expected_err, exportable);
}
return getpid() == m_pid;
}
-ScopedRemoveData::ScopedRemoveData(const char* alias) : m_alias(alias)
+ScopedRemoveData::ScopedRemoveData(const std::string& alias) : m_alias(alias)
{
}
* Let it throw. If we can't remove data then remaining tests results will be
* unreliable anyway.
*/
- check_remove_allowed(m_alias.c_str());
+ check_remove_allowed(m_alias);
}
-ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) :
+ScopedSaveData::ScopedSaveData(const std::string& alias, const char *data, int expected_err) :
ScopedRemoveData(alias)
{
save_data(alias, data, expected_err);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp));
}
-void check_remove_allowed(const char* alias)
+void check_remove_allowed(const std::string& alias)
{
- int ret = ckmc_remove_alias(alias);
+ int ret = ckmc_remove_alias(alias.c_str());
// remove, but ignore non existing
RUNNER_ASSERT_MSG((CKMC_ERROR_NONE == ret) || (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret),
"Removing data failed: " << CKMCErrorToString(ret));
}
-void check_remove_denied(const char* alias)
+void check_remove_denied(const std::string& alias)
{
- int ret = ckmc_remove_alias(alias);
+ int ret = ckmc_remove_alias(alias.c_str());
RUNNER_ASSERT_MSG(
CKMC_ERROR_PERMISSION_DENIED == ret,
"App with different label shouldn't have rights to remove this data. "
<< CKMCReadableError(ret));
}
-void check_remove_not_visible(const char* alias)
+void check_remove_not_visible(const std::string& alias)
{
- int ret = ckmc_remove_alias(alias);
+ int ret = ckmc_remove_alias(alias.c_str());
RUNNER_ASSERT_MSG(
CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"App with different label shouldn't have rights to see this data. "
<< CKMCReadableError(ret));
}
-void check_read(const char* alias,
- const char *label,
+void check_read(const std::string& alias,
+ const std::string& label,
const char *test_data,
size_t len,
int expected_code)
}
}
-void check_read(const char* alias, const char *label, const char *test_data, int expected_code)
+void check_read(const std::string& alias, const std::string& label, const char *test_data, int expected_code)
{
check_read(alias, label, test_data, strlen(test_data), expected_code);
}
-void check_read_allowed(const char* alias, const char *data)
+void check_read_allowed(const std::string& alias, const char *data)
{
// try to read previously saved data - label taken implicitly
- check_read(alias, NULL, data);
+ check_read(alias, "", data);
}
-void check_read_not_visible(const char* alias)
+void check_read_not_visible(const std::string& alias)
{
// try to read previously saved data - label taken implicitly
{
ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(alias, NULL, &buffer);
+ int ret = ckmc_get_data(alias.c_str(), NULL, &buffer);
RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
"App with different label shouldn't have rights to see this data. " << CKMCErrorToString(ret));
ckmc_buffer_free(buffer);
"App with different label shouldn't have rights to see this cert. " << CKMCErrorToString(temp));
}
-void allow_access(const char* alias, const char* accessor, int permissionMask)
+void allow_access(const std::string& alias, const std::string& accessor, int permissionMask)
{
// data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
+ int ret = ckmc_set_permission(alias.c_str(), accessor.c_str(), permissionMask);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: "
<< CKMCErrorToString(ret));
}
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
+void allow_access_negative(const std::string& alias, const std::string& accessor, int permissionMask, int expectedCode)
{
// data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
+ int ret = ckmc_set_permission(alias.c_str(), accessor.c_str(), permissionMask);
RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned "
<< CKMCErrorToString(ret) << ", while expected: "
<< CKMCErrorToString(expectedCode));
}
-void deny_access(const char* alias, const char* accessor)
+void deny_access(const std::string& alias, const std::string& accessor)
{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission(alias.c_str(), accessor.c_str(), CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: "
<< CKMCErrorToString(ret));
}
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
+void deny_access_negative(const std::string& alias, const std::string& accessor, int expectedCode)
{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
+ int ret = ckmc_set_permission(alias.c_str(), accessor.c_str(), CKMC_PERMISSION_NONE);
RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. "
<< CKMCErrorToString(ret) << ", while expected: "
<< CKMCErrorToString(expectedCode));
for (const auto &expectedIt : expected)
{
- const auto expectedAlias = aliasWithLabel(userSmackLabel.empty() ? nullptr :
- userSmackLabel.c_str(),
- expectedIt.alias.c_str());
+ const auto expectedAlias = aliasWithLabel(userSmackLabel, expectedIt.alias);
auto actualIt = actual.find(expectedAlias);
if (actualIt != actual.end()) {
if (actualIt->second.passwordProtected != expectedIt.passwordProtected) {
std::string sharedDatabase(const CKM::Alias & alias)
{
- return aliasWithLabel(ckmc_owner_id_system, alias.c_str());
+ return aliasWithLabel(ckmc_owner_id_system, alias);
}
ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes)
// returns process owner id
std::string getOwnerIdFromSelf();
-std::string aliasWithLabel(const char *label, const char *alias);
+std::string aliasWithLabel(const std::string& label, const std::string& alias);
-std::string aliasWithLabelFromSelf(const char *alias);
+std::string aliasWithLabelFromSelf(const std::string_view& alias);
-void save_data(const char* alias, const char *data, size_t len, const char* password,
+void save_data(const std::string& alias, const char *data, size_t len, const char* password,
int expected_err = CKMC_ERROR_NONE, bool exportable = true);
-void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE,
+void save_data(const std::string& alias, const char *data, int expected_err = CKMC_ERROR_NONE,
bool exportable = true);
-void save_data(const char* alias, const char *data, size_t len,
+void save_data(const std::string& alias, const char *data, size_t len,
int expected_err = CKMC_ERROR_NONE, bool exportable = true);
class PidBound
class ScopedRemoveData: public PidBound
{
public:
- explicit ScopedRemoveData(const char* alias);
+ explicit ScopedRemoveData(const std::string& alias);
virtual ~ScopedRemoveData();
protected:
std::string m_alias;
class ScopedSaveData : public ScopedRemoveData
{
public:
- ScopedSaveData(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
+ ScopedSaveData(const std::string& alias, const char *data, int expected_err = CKMC_ERROR_NONE);
};
class ScopedDBUnlock : public PidBound
uid_t m_uid;
};
-void check_remove_allowed(const char* alias);
-void check_remove_denied(const char* alias);
-void check_remove_not_visible(const char* alias);
-void check_read(const char* alias,
- const char *label,
+void check_remove_allowed(const std::string& alias);
+void check_remove_denied(const std::string& alias);
+void check_remove_not_visible(const std::string& alias);
+void check_read(const std::string& alias,
+ const std::string& label,
const char *test_data,
size_t len,
int expected_code = CKMC_ERROR_NONE);
-void check_read(const char* alias,
- const char *label,
+void check_read(const std::string& alias,
+ const std::string& label,
const char *test_data,
int expected_code = CKMC_ERROR_NONE);
-void check_read_allowed(const char* alias, const char *data);
-void check_read_not_visible(const char* alias);
+void check_read_allowed(const std::string& alias, const char *data);
+void check_read_not_visible(const std::string& alias);
void check_key(const char *alias,
int expected_error = CKMC_ERROR_NONE,
ckmc_key_type_e expected_type = CKMC_KEY_NONE);
void check_key_not_visible(const char *alias, const char *password = nullptr);
void check_cert_allowed(const char *alias);
void check_cert_not_visible(const char *alias);
-void allow_access(const char* alias, const char* accessor, int permissionMask);
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode);
-void deny_access(const char* alias, const char* accessor);
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode);
+void allow_access(const std::string& alias, const std::string& accessor, int permissionMask);
+void allow_access_negative(const std::string& alias, const std::string& accessor, int permissionMask, int expectedCode);
+void deny_access(const std::string& alias, const std::string& accessor);
+void deny_access_negative(const std::string& alias, const std::string& accessor, int expectedCode);
void unlock_user_data(uid_t user_id, const char *passwd);
void remove_user_data(uid_t user_id);
std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
{
ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, OWNER_GROUP_ID);
- save_data(alias1.c_str(), TEST_DATA);
- save_data(alias2.c_str(), TEST_DATA);
- save_data(alias3.c_str(), TEST_DATA);
+ save_data(alias1, TEST_DATA);
+ save_data(alias2, TEST_DATA);
+ save_data(alias3, TEST_DATA);
test_positive(&ManagerAsync::setPermission,
alias2,
std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
{
ScopedAppContext ctx(TEST_LABEL, OWNER_USER_ID, OWNER_GROUP_ID);
- save_data(alias1.c_str(), TEST_DATA);
+ save_data(alias1, TEST_DATA);
test_positive(&ManagerAsync::setPermission,
alias1,
ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
std::string test_alias_playground = std::string("AAA BBB CCC");
- check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ check_read(test_alias_playground, "", TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// control: expect success
- check_read(TEST_ALIAS, 0, TEST_DATA);
+ check_read(TEST_ALIAS, "", TEST_DATA);
check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
}
// basic test
std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// insert part of the separator in the middle
APP_LABEL_1_playground = std::string(APP_LABEL_1);
APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// prepend separator
APP_LABEL_1_playground = std::string(APP_LABEL_1);
APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// append separator
APP_LABEL_1_playground = std::string(APP_LABEL_1);
APP_LABEL_1_playground.append(ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ check_read(TEST_ALIAS, APP_LABEL_1_playground, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
// control: expect success
check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
+ check_read_not_visible(TEST_ALIAS_adr);
+ check_remove_not_visible(TEST_ALIAS_adr);
}
}
// test accessibility from another label
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
// test accessibility from another label
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ check_remove_denied(TEST_ALIAS_adr);
+ check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
}
}
// test accessibility from another label
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
}
}
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ check_remove_denied(TEST_ALIAS_adr);
+ check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ check_remove_denied(TEST_ALIAS_adr);
+ check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
}
// remove permission
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- check_read_not_visible(TEST_ALIAS_adr.c_str());
+ check_remove_not_visible(TEST_ALIAS_adr);
+ check_read_not_visible(TEST_ALIAS_adr);
}
}
ScopedAppContext ctx(APP_LABEL_1, USER_ID_1, GROUP_ID_1);
// test if can access label2 alias from label1 domain - should succeed
- check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
+ check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS), additional_data);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
+ allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
+ deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ check_remove_denied(TEST_ALIAS_adr);
+ check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
}
}
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
// double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
+ std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf(), TEST_ALIAS);
+ ret = ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner", aliasLabel).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
}
}
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(),
+ ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("", TEST_ALIAS).c_str(),
"accessor", CKMC_PERMISSION_NONE));
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("owner", TEST_ALIAS).c_str(),
NULL, CKMC_PERMISSION_NONE));
// double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
+ std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf(), TEST_ALIAS);
RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
ckmc_set_permission_by_adm(USER_ID_1, aliasWithLabel("another-owner",
- aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
+ aliasLabel).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
}
// tries to allow access for non existing alias
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
}
}
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ check_remove_denied(TEST_ALIAS_adr);
+ check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
+ check_remove_denied(TEST_ALIAS_adr);
+ check_read_allowed(TEST_ALIAS_adr, TEST_DATA);
}
deny_access_by_adm(USER_ID_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- check_read_not_visible(TEST_ALIAS_adr.c_str());
+ check_remove_not_visible(TEST_ALIAS_adr);
+ check_read_not_visible(TEST_ALIAS_adr);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
+ check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS), TEST_DATA);
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
}
}
{
ScopedAppContext ctx(APP_LABEL_2, USER_ID_1, GROUP_ID_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
+ check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS));
}
}
check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
}
// [test2]
check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
}
// [test3]
check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
}
}
check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
+ check_read_allowed(XML_1_EXPECTED_DATA_1, XML_1_EXPECTED_DATA_1_DATA);
+ check_read_allowed(XML_2_EXPECTED_DATA_1, XML_2_EXPECTED_DATA_1_DATA);
}
RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
- check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
+ check_read_not_visible(XML_3_EXPECTED_DATA_1);
}
RUNNER_TEST(T6040_CHECK_KEYS_VALID)
// try to access the item - expect fail (db is locked)
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
{
ScopedDBUnlock unlock(USER_ID, APP_PASS);
ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
// switch to user app, unlock DB
// try to access the system item - expect success
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
ScopedDBUnlock unlock(USER_ID, APP_PASS);
// try to access the system item - expect fail
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
// [test]
ScopedDBUnlock unlock(USER_ID, APP_PASS);
// try to access the system item - expect fail
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
ScopedDBUnlock unlock(USER_ID, APP_PASS);
}
// [prepare2]
- check_remove_allowed(TEST_SYSTEM_ALIAS.c_str());
+ check_remove_allowed(TEST_SYSTEM_ALIAS);
// [test2]
{
ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
+ ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS, TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
// try to remove item from system DB - expect fail
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
ScopedDBUnlock unlock(USER_ID, APP_PASS);
ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
- check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
+ check_remove_denied(TEST_SYSTEM_ALIAS);
}
RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS, RemoveDataEnv<0, USER_ID>)
// user lists items - expect system item A and private item
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS_2, TEST_DATA);
+ allow_access(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_READ);
// [test]
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()});
+ check_alias_list({TEST_SYSTEM_ALIAS, TEST_SYSTEM_ALIAS_2});
// [test2]
ScopedDBUnlock unlock(USER_ID, APP_PASS);
ScopedAppContext ctx(TEST_LABEL, USER_ID, GROUP_ID);
ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
+ check_alias_list({TEST_SYSTEM_ALIAS,
aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
}
// add remove permission to a user app - expect fail
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
// [test]
- allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
+ allow_access_negative(TEST_SYSTEM_ALIAS, TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
}
RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB, RemoveDataEnv<0>)
// try to access the item - expect success
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
// [test]
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
// try to access the item - expect success
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
// [test]
ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_2, SERVICE_GROUP_ID_2);
ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_2, SERVICE_GROUP_ID_2);
// [test]
- ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ ScopedSaveData ssd(TEST_SYSTEM_ALIAS, TEST_DATA);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
// try to access the item - expect success
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
// [test]
ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_MAX, SERVICE_GROUP_ID_MAX);
// try to access the item - expect fail (no system service)
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
// [test]
ScopedAppContext ctx(TEST_LABEL_2, SERVICE_USER_ID_FAIL, SERVICE_GROUP_ID_FAIL);
// try to add item using explicit system label - expect success
// [test]
- save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+ save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA);
+ save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS), TEST_DATA);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
// system service list alias status - expect both items to have no password protection
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS_2, TEST_DATA);
// [test]
InfoVector expected;
// protected with password
// [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
- save_data((TEST_SYSTEM_ALIAS_2 + "1").c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
+ save_data(TEST_SYSTEM_ALIAS, TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS_2, TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
+ save_data(TEST_SYSTEM_ALIAS_2 + "1", TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
// [test]
InfoVector expected;
save_data(TEST_OBJECT1, big_data.data(), big_size, CKMC_ERROR_NONE);
auto self_label = getOwnerIdFromSelf();
- check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), big_size, CKMC_ERROR_NONE);
+ check_read(TEST_OBJECT1, self_label, big_data.data(), big_size, CKMC_ERROR_NONE);
}
RUNNER_TEST(T3046_save_get_password_protected_data)
CKM::KeyShPtr key_name, key_full_addr;
CKM::Alias alias = "mykey-2";
std::string top_label = getOwnerIdFromSelf();
- std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str());
+ std::string full_address = aliasWithLabel(top_label, alias);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
projects / platform / core / test / security-tests.git / commitdiff