############################# compilation defines #############################
-# EMPTY
+# If supported for the target machine, emit position-independent code,suitable
+# for dynamic linking and avoiding any limit on the size of the global offset
+# table. This option makes a difference on the m68k, PowerPC and SPARC.
+# (BJ: our ARM too?)
+ADD_DEFINITIONS("-fPIC")
+
+# Set the default ELF image symbol visibility to hidden - all symbols will be
+# marked with this unless overridden within the code.
+#ADD_DEFINITIONS("-fvisibility=hidden")
+ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
+ADD_DEFINITIONS("-Wall") # Generate all warnings
+ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
+ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
+ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
+ADD_DEFINITIONS("-Wno-deprecated-declarations") # No warnings about deprecated features
############################# compiler flags ##################################
SET(CMAKE_C_FLAGS "-g")
SET(CMAKE_CXX_FLAGS "-g -std=c++0x")
SET(CMAKE_C_FLAGS_PROFILING "-O0 -pg")
-SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -pg")
+SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -pg -std=c++0x")
SET(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb")
-SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -ggdb")
+SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -ggdb -std=c++0x")
SET(CMAKE_C_FLAGS_RELEASE "-O2")
-SET(CMAKE_CXX_FLAGS_RELEASE "-O2")
+SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x")
SET(SMACK_ENABLE ON)
MESSAGE(STATUS "Logging disabled for DPL")
ENDIF(DPL_LOG)
-# If supported for the target machine, emit position-independent code,suitable
-# for dynamic linking and avoiding any limit on the size of the global offset
-# table. This option makes a difference on the m68k, PowerPC and SPARC.
-# (BJ: our ARM too?)
-ADD_DEFINITIONS("-fPIC")
-
-# Set the default ELF image symbol visibility to hidden - all symbols will be
-# marked with this unless overridden within the code.
-#ADD_DEFINITIONS("-fvisibility=hidden")
-
-# Set compiler warning flags
-ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
-ADD_DEFINITIONS("-Wall") # Generate all warnings
-ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
-ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
-ADD_DEFINITIONS("-Wno-deprecated-declarations") # No warnings about deprecated features
-STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
-ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-ADD_DEFINITIONS("-DCYNARA_DB_DIR=\"${CYNARA_DB_DIR}\"")
-ADD_DEFINITIONS("-DAPP_USER=\"${APP_USER}\"")
-
IF(SMACK_ENABLE)
ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")
ENDIF(SMACK_ENABLE)
############################# Targets names ###################################
-SET(TARGET_CKM_TESTS "ckm-tests")
-SET(TARGET_CKMI_TESTS "ckm-integration-tests")
+SET(DPL_FRAMEWORK_TEST_LIBRARY "dpl-test-framework")
SET(COMMON_TARGET_TEST "tests-common")
+SET(TARGET_AFP_TESTS "auth-fw-passwd-tests")
+
############################# subdirectories ##################################
ADD_SUBDIRECTORY(src)
<manifest>
- <assign>
- <filesystem path="/usr/bin/security-tests.sh" exec_label="_" />
- <filesystem path="/usr/bin/security-tests-all.sh" exec_label="_" />
-
- <filesystem path="/usr/bin/tests-summary.sh" exec_label="_" />
- <filesystem path="/usr/bin/test-performance-check.sh" exec_label="_" />
- <filesystem path="/usr/bin/perf" exec_label="_" />
-
- <filesystem path="/usr/bin/libsmack-test" exec_label="_" />
- <filesystem path="/usr/bin/libprivilege-control-test" exec_label="_" />
- <filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
- <filesystem path="/usr/bin/cynara-tests" exec_label="_" />
- <filesystem path="/usr/bin/ckm-tests" exec_label="User" />
- <filesystem path="/usr/bin/ckm-tests" exec_label="System" />
-
- <filesystem path="/usr/bin/test-app-wgt" exec_label="User" />
- <filesystem path="/usr/bin/test-app-efl" exec_label="User" />
- <filesystem path="/usr/bin/test-app-osp" exec_label="User" />
- </assign>
<request>
<domain name="_" />
</request>
Version: 0.0.45
Release: 1
Group: Security/Testing
-License: Apache License, Version 2.0
+License: Apache-2.0
URL: N/A
Source0: %{name}-%{version}.tar.gz
Source1: %{name}.manifest
BuildRequires: cmake
-BuildRequires: libattr-devel
-BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsmack)
-BuildRequires: pkgconfig(libprivilege-control)
-BuildRequires: pkgconfig(security-manager)
-BuildRequires: pkgconfig(key-manager)
+BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libiri)
BuildRequires: pkgconfig(sqlite3)
-BuildRequires: pkgconfig(libwebappenc)
-BuildRequires: cynara-devel
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: boost-devel
BuildRequires: pkgconfig(vconf)
BuildRequires: pkgconfig(libgum) >= 1.0.5
+BuildRequires: pkgconfig(authentication-server)
Requires: perf
Requires: gdb
-%global ckm_test_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE/ckm-test/}%{!?TZ_SYS_SHARE:/usr/share/ckm-test/}
-%global ckm_rw_data_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm/}%{!?TZ_SYS_DATA:/opt/data/ckm/}
-
%description
Security tests repository - for tests that can't be kept together with code.
%build
export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib"
-cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
+%cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-DDPL_LOG="ON" \
- -DVERSION=%{version} \
-DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:DEBUG} \
-%if "%{sec_product_feature_security_mdfpp_enable}" == "1"
- -DSECURITY_MDFPP_STATE_ENABLE=1 \
-%endif
- -DCMAKE_VERBOSE_MAKEFILE=ON \
- -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
- -DAPP_USER="security_test_user" \
- -DCKM_TEST_DIR=%{ckm_test_dir} \
- -DCKM_RW_DATA_DIR=%{ckm_rw_data_dir}
+ -DCMAKE_VERBOSE_MAKEFILE=ON
make %{?jobs:-j%jobs}
%install
%make_install
-ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
-
-%post
-find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} +
-
-# Load permissions templates
-api_feature_loader --verbose
-
-# Set vconf key for cc-mode testing if vconf key isn't there.
-#%if "%{sec_product_feature_security_mdfpp_enable}" != "1"
-# echo "Install vconf key (file/security_mdpp/security_mdpp_state) for testing key-manager"
-# vconftool set -t string file/security_mdpp/security_mdpp_state "Unset"
-#%endif
-
-id -u security_test_user 1>/dev/null 2>&1 || \
- useradd -r -g users -s /sbin/nologin -c "for tests only" security_test_user
-
-echo "security-tests postinst done ..."
%files
%manifest %{name}.manifest
%defattr(-, root, root, -)
-/usr/bin/security-tests.sh
-/usr/bin/security-tests-all.sh
-/usr/bin/test-performance-check.sh
-
-/etc/dbus-1/system.d/security-tests.conf
-
-/usr/bin/libsmack-test
-/usr/bin/smack-dbus-tests
-/usr/bin/libprivilege-control-test
-/etc/smack/test_smack_rules_full
-/etc/smack/test_smack_rules2
-/etc/smack/test_smack_rules3
-/etc/smack/test_smack_rules4
-/usr/bin/security-manager-tests
-/etc/smack/test_smack_rules
-/etc/smack/test_smack_rules_lnk
-/usr/share/privilege-control/*
-/etc/smack/test_privilege_control_DIR/*
-/usr/apps/*
-/usr/bin/test-app-efl
-/usr/bin/test-app-osp
-/usr/bin/test-app-wgt
-/usr/bin/cynara-test
-/usr/bin/ckm-tests
-/usr/bin/ckm-integration-tests
-%{ckm_test_dir}/*
-/etc/security-tests
-/usr/lib/security-tests/cynara-tests/plugins/single-policy/*
-/usr/lib/security-tests/cynara-tests/plugins/multiple-policy/*
-/usr/lib/security-tests/cynara-tests/plugins/test-agent/*
-/usr/bin/security-tests-inner-test
-/usr/bin/libwebappenc-tests
+%{_bindir}/security-tests.sh
+%{_bindir}/security-tests-all.sh
+%{_bindir}/test-performance-check.sh
+%{_sysconfdir}/dbus-1/system.d/security-tests.conf
+%{_bindir}/security-tests-inner-test
-%postun
-id -u security_test_user 1>/dev/null 2>&1 && userdel security_test_user
+%{_bindir}/auth-fw-passwd-tests
# limitations under the License.
#
-INCLUDE(FindPkgConfig)
-
PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST
REQUIRED
libxml-2.0
include(framework/config.cmake)
-SET(DPL_FRAMEWORK_TEST_LIBRARY "dpl-test-framework")
-
INCLUDE_DIRECTORIES(SYSTEM
${SYS_FRAMEWORK_TEST_OTHER_INCLUDE_DIRS}
${DPL_FRAMEWORK_TEST_INCLUDE_DIR}
)
-ADD_LIBRARY(${DPL_FRAMEWORK_TEST_LIBRARY} ${DPL_FRAMEWORK_TEST_SOURCES})
+ADD_LIBRARY(${DPL_FRAMEWORK_TEST_LIBRARY} STATIC ${DPL_FRAMEWORK_TEST_SOURCES})
TARGET_LINK_LIBRARIES(${DPL_FRAMEWORK_TEST_LIBRARY}
${SYS_FRAMEWORK_TEST_OTHER_LIBRARIES}
ADD_SUBDIRECTORY(common)
-ADD_SUBDIRECTORY(ckm)
-ADD_SUBDIRECTORY(ckm-integration)
-ADD_SUBDIRECTORY(libprivilege-control-tests)
-ADD_SUBDIRECTORY(libsmack-tests)
-ADD_SUBDIRECTORY(smack-dbus-tests)
-ADD_SUBDIRECTORY(security-manager-tests)
-ADD_SUBDIRECTORY(cynara-tests)
-ADD_SUBDIRECTORY(libwebappenc-tests)
+ADD_SUBDIRECTORY(auth-fw-passwd)
--- /dev/null
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Kyungwook Tak (k.tak@samsung.com)
+# @brief
+#
+
+PKG_CHECK_MODULES(AFP_DEP
+ REQUIRED
+ authentication-server
+ authentication-server-admin
+)
+
+SET(AFP_SOURCES
+ main.cpp
+ auth-passwd.cpp
+# auth-passwd-admin.cpp # TODO: write TC for admin APIs
+)
+
+INCLUDE_DIRECTORIES(
+ SYSTEM
+ ${AFP_DEP_INCLUDE_DIRS}
+ ${PROJECT_SOURCE_DIR}/src/common
+ .
+)
+
+ADD_EXECUTABLE(${TARGET_AFP_TESTS} ${AFP_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_AFP_TESTS}
+ ${COMMON_TARGET_TEST}
+ ${AFP_DEP_LIBRARIES}
+)
+
+INSTALL(TARGETS ${TARGET_AFP_TESTS} DESTINATION bin)
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file auth-passwd-admin.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief TC for auth-passwd-admin.h
+ */
+#include <auth-passwd-admin.h>
+
+#include <dpl/test/test_runner.h>
+
+RUNNER_TEST_GROUP_INIT(T0020_AUTH_FW_PASSWD_ADMIN);
+
+RUNNER_TEST(T00201_init)
+{
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file auth-passwd.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief TC for auth-passwd.h
+ */
+#include <auth-passwd.h>
+#include <auth-passwd-admin.h> /* for init/deinit */
+
+#include <chrono>
+#include <thread>
+#include <unistd.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace {
+const char *default_pass = "test-password";
+const uid_t default_user = 5001; /* owner */
+
+struct Policy {
+ unsigned int current_attempts;
+ unsigned int max_attempts;
+ unsigned int valid_secs;
+
+ Policy() :
+ current_attempts(0),
+ max_attempts(0),
+ valid_secs(0) {}
+};
+
+inline void sleep_for_retry_timeout(void)
+{
+ std::chrono::milliseconds dur(500);
+ std::this_thread::sleep_for(dur);
+}
+
+Policy check_passwd(password_type type, const char *token, int expected)
+{
+ sleep_for_retry_timeout();
+
+ Policy policy;
+
+ int ret = auth_passwd_check_passwd(
+ type,
+ token,
+ &policy.current_attempts,
+ &policy.max_attempts,
+ &policy.valid_secs);
+
+ RUNNER_ASSERT_MSG(ret == expected,
+ "Returned value on auth_passwd_check_passwd() is different to expected. "
+ "ret: " << ret << " and expected: " << expected);
+
+ return policy;
+}
+
+Policy check_passwd_state(password_type type, int expected)
+{
+ Policy policy;
+
+ int ret = auth_passwd_check_passwd_state(
+ type,
+ &policy.current_attempts,
+ &policy.max_attempts,
+ &policy.valid_secs);
+
+ RUNNER_ASSERT_MSG(ret == expected,
+ "Returned value on auth_passwd_check_passwd_state() is different to expected. "
+ "ret: " << ret << " and expected: " << expected);
+
+ return policy;
+}
+
+bool check_passwd_reusable(password_type type, const char *token, int expected)
+{
+ int is_reused = -1;
+ int ret = auth_passwd_check_passwd_reused(type, token, &is_reused);
+
+ RUNNER_ASSERT_MSG(ret == expected,
+ "Returned value on auth_passwd_check_passwd_reused() is different to expected. "
+ "ret: " << ret << " and expected: " << expected);
+
+ return is_reused ? true : false;
+}
+
+}
+
+RUNNER_TEST_GROUP_INIT(T0010_AUTH_FW_PASSWD);
+
+RUNNER_TEST_GROUP_INIT(T0011_AUTH_FW_PASSWD_NORMAL);
+
+RUNNER_TEST(T00110_init)
+{
+ int ret = auth_passwd_reset_passwd(
+ AUTH_PWD_NORMAL,
+ getuid(),
+ default_pass);
+
+ RUNNER_ASSERT_MSG(ret == AUTH_PASSWD_API_SUCCESS,
+ "Failed to reset passwd of user: " << default_user << " with ret: " << ret);
+}
+
+RUNNER_TEST(T00111_check)
+{
+ check_passwd(AUTH_PWD_NORMAL, default_pass, AUTH_PASSWD_API_SUCCESS);
+}
+
+RUNNER_TEST(T00112_check_state)
+{
+ check_passwd_state(AUTH_PWD_NORMAL, AUTH_PASSWD_API_SUCCESS);
+}
+
+RUNNER_TEST(T00113_check_reusable)
+{
+ check_passwd_reusable(AUTH_PWD_NORMAL, "hoipoi", AUTH_PASSWD_API_SUCCESS);
+}
+
+RUNNER_TEST(T00114_set)
+{
+ sleep_for_retry_timeout();
+
+ const char *new_pass = "new_pass_temp";
+
+ int ret = auth_passwd_set_passwd(
+ AUTH_PWD_NORMAL,
+ default_pass,
+ new_pass);
+
+ RUNNER_ASSERT_MSG(ret == AUTH_PASSWD_API_SUCCESS,
+ "Failed to auth_passwd_set_passwd. ret: " << ret);
+
+ sleep_for_retry_timeout();
+
+ /* roll back passwd to default pass */
+ ret = auth_passwd_set_passwd(
+ AUTH_PWD_NORMAL,
+ new_pass,
+ default_pass);
+
+ RUNNER_ASSERT_MSG(ret == AUTH_PASSWD_API_SUCCESS,
+ "Failed to auth_passwd_set_passwd for rollback. ret: " << ret);
+}
+
+RUNNER_TEST_GROUP_INIT(T0012_AUTH_FW_PASSWD_RECOVERY);
+
+RUNNER_TEST(T00120_init)
+{
+ int ret = auth_passwd_reset_passwd(
+ AUTH_PWD_RECOVERY,
+ getuid(),
+ default_pass);
+
+ RUNNER_ASSERT_MSG(ret == AUTH_PASSWD_API_SUCCESS,
+ "Failed to reset passwd of user: " << default_user);
+}
+
+RUNNER_TEST(T00121_check)
+{
+ check_passwd(AUTH_PWD_RECOVERY, default_pass, AUTH_PASSWD_API_SUCCESS);
+}
+
+RUNNER_TEST(T00122_check_state)
+{
+ check_passwd_state(AUTH_PWD_RECOVERY, AUTH_PASSWD_API_SUCCESS);
+}
+
+RUNNER_TEST(T00123_check_reused)
+{
+ check_passwd_reusable(AUTH_PWD_RECOVERY, "hoipoi", AUTH_PASSWD_API_SUCCESS);
+}
+
+RUNNER_TEST(T00124_set)
+{
+ sleep_for_retry_timeout();
+
+ const char *new_pass = "new_pass_temp";
+
+ int ret = auth_passwd_set_passwd(
+ AUTH_PWD_RECOVERY,
+ default_pass,
+ new_pass);
+
+ RUNNER_ASSERT_MSG(ret == AUTH_PASSWD_API_SUCCESS,
+ "Failed to auth_passwd_set_passwd. ret: " << ret);
+
+ sleep_for_retry_timeout();
+
+ /* roll back passwd to default pass */
+ ret = auth_passwd_set_passwd(
+ AUTH_PWD_RECOVERY,
+ new_pass,
+ default_pass);
+
+ RUNNER_ASSERT_MSG(ret == AUTH_PASSWD_API_SUCCESS,
+ "Failed to auth_passwd_set_passwd for rollback. ret: " << ret);
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file main.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief DPL test main for auth-fw-passwd module
+ */
+#include <dpl/test/test_runner.h>
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-PKG_CHECK_MODULES(CKMI_DEP
- REQUIRED
- libsmack
- libgum
- key-manager
- security-manager
- dbus-1
- vconf
- REQUIRED)
-
-SET(CKMI_SOURCES_DIR ${PROJECT_SOURCE_DIR}/src/ckm-integration)
-
-SET(CKMI_SOURCES
- ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp
- ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp
- ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp
- ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp
- ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp
- ${CKMI_SOURCES_DIR}/ckm-policy.cpp
- ${CKMI_SOURCES_DIR}/group01.cpp
- ${CKMI_SOURCES_DIR}/group02.cpp
- ${CKMI_SOURCES_DIR}/main.cpp
-)
-
-INCLUDE_DIRECTORIES(SYSTEM ${CKMI_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm-integration/ )
-
-ADD_EXECUTABLE(${TARGET_CKMI_TESTS} ${CKMI_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKMI_TESTS} ${CKMI_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
-
-INSTALL(TARGETS ${TARGET_CKMI_TESTS} DESTINATION bin)
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-policy.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sstream>
-
-#include <ckm-policy.h>
-
-CKMPolicy::CKMPolicy(
- std::string pkgId,
- std::string userName,
- ProcessSettings::PrivilegeVector priv)
- : m_userName(std::move(userName))
- , m_pkgId(pkgId)
- , m_appId(std::move(pkgId))
- , m_privileges(std::move(priv))
-{
- std::stringstream ss;
- ss << "User::App::" << m_pkgId;
- m_smackLabel = ss.str();
-}
-
-std::string CKMPolicy::GetUserName() const {
- return m_userName;
-}
-
-void CKMPolicy::SetUserName(std::string userName) {
- m_userName = std::move(userName);
-}
-
-gid_t CKMPolicy::GetGid() const {
- return m_gid;
-}
-
-void CKMPolicy::SetGid(gid_t gid) {
- m_gid = gid;
-}
-
-uid_t CKMPolicy::GetUid() const {
- return m_uid;
-}
-
-void CKMPolicy::SetUid(uid_t uid) {
- m_uid = uid;
-}
-
-std::string CKMPolicy::GetSmackLabel() const {
- return m_smackLabel;
-}
-
-void CKMPolicy::SetSmackLabel(std::string label) {
- m_smackLabel = std::move(label);
-}
-
-std::string CKMPolicy::GetAppId() const {
- return m_appId;
-}
-
-void CKMPolicy::SetAppId(std::string appId) {
- m_appId = std::move(appId);
-}
-
-std::string CKMPolicy::GetPkgId() const {
- return m_pkgId;
-}
-
-void CKMPolicy::SetPkgId(std::string pkgId) {
- m_pkgId = std::move(pkgId);
-}
-
-ProcessSettings::PrivilegeVector CKMPolicy::GetPrivileges() const {
- return m_privileges;
-}
-
-void CKMPolicy::SetPrivileges(ProcessSettings::PrivilegeVector priv) {
- m_privileges = std::move(priv);
-}
-
-const ProcessSettings::PrivilegeVector PrivNone;
-const ProcessSettings::PrivilegeVector PrivCKMBoth {
- "http://tizen.org/privilege/keymanager",
- "http://tizen.org/privilege/keymanager.admin"};
-const ProcessSettings::PrivilegeVector PrivCKMControl {
- "http://tizen.org/privilege/keymanager.admin"};
-const ProcessSettings::PrivilegeVector PrivCKMStore {
- "http://tizen.org/privilege/keymanager"};
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-policy.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <process-settings/policy.h>
-#include <process-settings/executor.h>
-#include <process-settings/change-uid.h>
-#include <process-settings/change-smack.h>
-#include <process-settings/install-app.h>
-#include <process-settings/create-user.h>
-#include <process-settings/unlock-ckm.h>
-
-class CKMPolicy : public ProcessSettings::Policy {
-public:
- CKMPolicy(
- std::string pkgId,
- std::string userName,
- ProcessSettings::PrivilegeVector priv);
- virtual std::string GetUserName() const;
- virtual void SetUserName(std::string);
- virtual gid_t GetGid() const;
- virtual void SetGid(gid_t);
- virtual uid_t GetUid() const;
- virtual void SetUid(uid_t);
- virtual std::string GetSmackLabel() const;
- virtual void SetSmackLabel(std::string);
- virtual std::string GetAppId() const;
- virtual void SetAppId(std::string);
- virtual std::string GetPkgId() const;
- virtual void SetPkgId(std::string);
- virtual ProcessSettings::PrivilegeVector GetPrivileges() const;
- virtual void SetPrivileges(ProcessSettings::PrivilegeVector);
- virtual ~CKMPolicy() {}
-private:
- uid_t m_uid;
- gid_t m_gid;
- std::string m_userName;
- std::string m_smackLabel;
- std::string m_pkgId;
- std::string m_appId;
- ProcessSettings::PrivilegeVector m_privileges;
-};
-
-extern const ProcessSettings::PrivilegeVector PrivNone;
-extern const ProcessSettings::PrivilegeVector PrivCKMBoth;
-extern const ProcessSettings::PrivilegeVector PrivCKMControl;
-extern const ProcessSettings::PrivilegeVector PrivCKMStore;
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file group01.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-
-#include <ckm-policy.h>
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> ProcSettings;
-
-RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess);
-
-RUNNER_CHILD_TEST(G01T01_ControlNegative) {
- // Socket is secured with 0700
- // in this test we have no access to this socket
- // DAC should DENIED access to CKM
- ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone);
- ps.Apply();
-
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(),
- "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(G01T02_ControlPositive) {
- // We have root privileges.
- // We should be able to control data.
- // The cynara (if integrated) should give us an access.
- uid_t USER_UID = 5102;
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID,
- "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file group02.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-
-#include <ckm-policy.h>
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> PS;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack> PSNoUid;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::ChangeUid> PSUid;
-
-RUNNER_TEST_GROUP_INIT(GROUP_02_IntegrationStorageApiWithCynara);
-
-RUNNER_CHILD_TEST(G02T01_StorageNegative) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We are ordinary user without any privileges.
- // Cynara should deny all accesses.
- PS ps("PkgIdG02T01", "UserG02T01", PrivNone);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T01";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(G02T02_StoragePositive) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We are root. We will be allowed.
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "/System dataG02T02";
-
- // This funciton may return error.
- manager->removeAlias(alias);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
-}
-
-RUNNER_CHILD_TEST(G02T03_StoragePositive) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We are oridinary user with proper privileges.
- PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *dataAlias = "dataG02T03";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
-}
-
-RUNNER_CHILD_TEST(G02T04_StorageNegative) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // There is some user with privileges but we are
- // are ordinary user without any.
- // Cynara should deny all accesses.
- PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth);
- ps.Apply();
-
- PSUid ps2("", "", PrivNone);
- ps2.SetUid(ps.GetUid()+1);
- ps2.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T04";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(G02T05_StorageNegative) {
- RUNNER_IGNORED_MSG("Cynara integration with CKM Storage API was canceled.");
- // We have wrong privilege.
- // Cynara should deny all accesses to storage.
- PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T05";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file main.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[]) {
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sys/smack.h>
-
-#include <tests_common.h>
-
-#include <process-settings/change-smack.h>
-
-namespace ProcessSettings {
-
-ChangeSmack::ChangeSmack(const Policy &policy)
- : m_policy(policy)
-{}
-
-void ChangeSmack::Apply() {
- char *my_label = nullptr;
-
- RUNNER_ASSERT(-1 != smack_new_label_from_self(&my_label));
-
- if (my_label)
- m_originalLabel = my_label;
-
- free(my_label);
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_policy.GetSmackLabel().c_str()),
- "Error in smack_set_label_for_self(" << m_policy.GetSmackLabel() << ")");
-}
-
-void ChangeSmack::Revoke() {
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_originalLabel.c_str()),
- "Error in smack_set_label_for_self(" << m_originalLabel << ")");
-}
-
-ChangeSmack::~ChangeSmack() {}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-smack.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class ChangeSmack {
-public:
- ChangeSmack(const Policy &policy);
- void Apply();
- void Revoke();
- virtual ~ChangeSmack();
-private:
- const Policy &m_policy;
- std::string m_originalLabel;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-uid.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <unistd.h>
-
-#include <tests_common.h>
-
-#include <process-settings/change-uid.h>
-
-namespace ProcessSettings {
-
-ChangeUid::ChangeUid(const Policy &policy)
- : m_policy(policy)
-{}
-
-void ChangeUid::Apply() {
- m_originalUid = getuid();
- m_originalGid = getgid();
-
- RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_policy.GetGid()),
- "Error in setegid(" << m_policy.GetGid() << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_policy.GetUid()),
- "Error in seteuid(" << m_policy.GetUid() << ")");
-}
-
-void ChangeUid::Revoke() {
- RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_originalUid),
- "Error in seteuid(" << m_originalUid << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_originalGid),
- "Error in setegid(" << m_originalGid << ")");
-}
-
-ChangeUid::~ChangeUid() {}
-
-} // namespace ProcessSettings
-
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-uid.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class ChangeUid {
-public:
- ChangeUid(const Policy &policy);
-
- void Apply();
- void Revoke();
-
- virtual ~ChangeUid();
-private:
- const Policy &m_policy;
- uid_t m_originalUid;
- gid_t m_originalGid;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file create-user.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-#include <glib-object.h>
-#include <common/gum-user-types.h>
-
-#include <tests_common.h>
-
-#include <process-settings/create-user.h>
-
-namespace ProcessSettings {
-
-CreateUser::CreateUser(Policy &policy)
- : m_policy(policy)
- , m_userType(GUM_USERTYPE_NORMAL)
- , m_guser(nullptr)
-{}
-
-void CreateUser::Apply()
-{
- m_userName = m_policy.GetUserName();
- m_guser = gum_user_create_sync(false);
- RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
- g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
- g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
- gboolean added = gum_user_add_sync(m_guser);
- RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName);
- g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
- RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
- g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
- RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
-
- m_policy.SetUid(m_uid);
- m_policy.SetGid(m_gid);
-}
-
-void CreateUser::Revoke() {
- if (m_guser) {
- gum_user_delete_sync(m_guser, TRUE);
- g_object_unref(m_guser);
- m_guser = nullptr;
- }
-}
-
-CreateUser::~CreateUser(){
- if (m_guser)
- g_object_unref(m_guser);
-}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file create-user.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-#include <gum-user.h>
-#include <common/gum-user-types.h>
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class CreateUser {
-public:
- CreateUser(Policy &policy);
- void Apply();
- void Revoke();
- virtual ~CreateUser();
-private:
- Policy &m_policy;
- uid_t m_uid;
- gid_t m_gid;
- std::string m_userName;
- GumUserType m_userType;
- GumUser *m_guser;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file executor.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <stdlib.h>
-
-#include <iostream>
-
-#include <dpl/test/test_exception.h>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-template <typename PolicyArg, typename... Args>
-class Executor : public PolicyArg, public Args... {
-public:
- template <typename... T>
- Executor(T&&... t)
- : PolicyArg(std::forward<T>(t)...)
- , Args(static_cast<Policy&>(*this))...
- , m_applied(false)
- {}
-
- void Apply() {
- if (!m_applied) {
- m_applied = true;
- InternalApply<Args...>();
- }
- }
-
- void Revoke() {
- if (m_applied) {
- m_applied = false;
- InternalRevoke<Args...>();
- }
- }
-
- virtual ~Executor() {
- try {
- Revoke();
- } catch (const DPL::Test::TestException &e) {
- // This is bad. The rest of test will not work properly!
- std::cerr << "Error during cleaning up environment. "
- "The rest of test will probably fail." << e.GetMessage() << std::endl;
- }
- }
-
-private:
-
- template <typename First>
- void InternalApply() {
- First::Apply();
- }
-
- template <typename First, typename Second, typename... Rest>
- void InternalApply() {
- First::Apply();
- InternalApply<Second, Rest...>();
- }
-
- template <typename First>
- void InternalRevoke() {
- First::Revoke();
- }
-
- template <typename First, typename Second, typename... Rest>
- void InternalRevoke() {
- InternalRevoke<Second, Rest...>();
- First::Revoke();
- }
-
- bool m_applied;
-};
-
-} // namespace ProcessSetings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file install-app.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <security-manager.h>
-
-#include <tests_common.h>
-
-#include <process-settings/install-app.h>
-
-#define ERRORDESCRIBE(name) case name: return #name
-
-namespace {
-
-const char *ToString(int code) {
- switch(static_cast<lib_retcode>(code)) {
- ERRORDESCRIBE(SECURITY_MANAGER_SUCCESS);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_UNKNOWN);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_INPUT_PARAM);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_MEMORY);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_ACCESS_DENIED);
- default:
- return "Unknown code";
- }
-}
-
-} // namespace anonymous
-
-#undef ERRORDESCRIBE
-
-namespace ProcessSettings {
-
-InstallApp::InstallApp(const Policy &policy)
- : m_policy(policy)
- , m_req(nullptr, security_manager_app_inst_req_free)
-{}
-
-void InstallApp::Apply() {
- app_inst_req *whatever = nullptr;
-
- int retcode = security_manager_app_inst_req_new(&whatever);
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_new. Error: " << ToString(retcode));
-
- m_req.reset(whatever);
-
- retcode = security_manager_app_inst_req_set_app_id(m_req.get(), m_policy.GetAppId().c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_app_id. Error: " << ToString(retcode));
-
- retcode = security_manager_app_inst_req_set_pkg_id(m_req.get(), m_policy.GetPkgId().c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_pkg_id. Error: " << ToString(retcode));
-
- for(auto &e : m_policy.GetPrivileges()) {
- retcode = security_manager_app_inst_req_add_privilege(m_req.get(), e.c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_add_privilege. Error: " << ToString(retcode));
- }
-
- retcode = security_manager_app_inst_req_set_uid(m_req.get(), m_policy.GetUid());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_uid. Error: " << ToString(retcode));
-
- retcode = security_manager_app_install(m_req.get());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_install. Error: " << ToString(retcode));
-}
-
-void InstallApp::Revoke() {
- if (m_req.get()) {
- int retcode = security_manager_app_uninstall(m_req.get());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_uninstall. Error: " << ToString(retcode));
- }
-}
-
-InstallApp::~InstallApp() {}
-
-} // ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file install-app.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-
-#pragma once
-
-#include <memory>
-#include <functional>
-
-#include <process-settings/policy.h>
-
-extern "C" {
-struct app_inst_req;
-typedef struct app_inst_req app_inst_req;
-} // extern "C"
-
-namespace ProcessSettings {
-
-class InstallApp {
-public:
- InstallApp(const Policy &policy);
-
- void Apply();
- void Revoke();
-
- virtual ~InstallApp();
-private:
- const Policy &m_policy;
- std::unique_ptr<app_inst_req, std::function<void(app_inst_req*)>> m_req;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file policy.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <string>
-#include <vector>
-
-namespace ProcessSettings {
-typedef std::vector<std::string> PrivilegeVector;
-
-class Policy {
-public:
- virtual std::string GetUserName() const = 0;
- virtual void SetUserName(std::string) = 0;
- virtual gid_t GetGid() const = 0;
- virtual void SetGid(gid_t) = 0;
- virtual uid_t GetUid() const = 0;
- virtual void SetUid(uid_t) = 0;
- virtual std::string GetSmackLabel() const = 0;
- virtual void SetSmackLabel(std::string) = 0;
- virtual std::string GetAppId() const = 0;
- virtual void SetAppId(std::string) = 0;
- virtual std::string GetPkgId() const = 0;
- virtual void SetPkgId(std::string) = 0;
- virtual PrivilegeVector GetPrivileges() const = 0;
- virtual void SetPrivileges(PrivilegeVector) = 0;
- virtual ~Policy() {}
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file unlock-ckm.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <ckm/ckm-control.h>
-
-#include <tests_common.h>
-
-#include <process-settings/unlock-ckm.h>
-
-namespace ProcessSettings {
-
-UnlockCkm::UnlockCkm(const Policy &policy)
- : m_policy(policy)
-{}
-
-void UnlockCkm::Apply() {
- int temp;
-
- m_uid = m_policy.GetUid();
-
- auto control = CKM::Control::create();
-
- // Let's clean up environment.
- // It will usually fails.
- control->removeUserData(m_uid);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")),
- "Error=" << CKM::ErrorToString(temp));
-
-}
-
-void UnlockCkm::Revoke() {
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-UnlockCkm::~UnlockCkm() {}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file unlock-ckm.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class UnlockCkm {
-public:
- UnlockCkm(const Policy &policy);
- void Apply();
- void Revoke();
- virtual ~UnlockCkm();
-private:
- const Policy &m_policy;
- uid_t m_uid;
-};
-
-} // namespace ProcessSettings
-
-
+++ /dev/null
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# mdpp flag
-IF (DEFINED SECURITY_MDFPP_STATE_ENABLED)
- MESSAGE("SECURITY_MDFPP_STATE_ENABLE ENABLED !")
- ADD_DEFINITIONS("-DSECURITY_MDFPP_STATE_ENABLE")
-ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLED)
- MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !")
-ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLED)
-
-ADD_DEFINITIONS("-DCKM_TEST_DIR=\"${CKM_TEST_DIR}\"")
-ADD_DEFINITIONS("-DCKM_RW_DATA_DIR=\"${CKM_RW_DATA_DIR}\"")
-
-# Dependencies
-PKG_CHECK_MODULES(CKM_DEP
- libsmack
- key-manager
- dbus-1
- vconf
- REQUIRED)
-
-# Targets definition
-
-SET(CKM_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/access_provider2.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/main.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-certificate-chains.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-access_control.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/algo-params.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption-env.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption.cpp
-)
-
-INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm/ )
-
-ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
-INSTALL(FILES
- test1801.pkcs12
- pkcs.p12
- capi-t3096.p12
- XML_1_okay.xml
- XML_2_okay.xml
- XML_3_wrong.xml
- device_key.xml
- DESTINATION ${CKM_TEST_DIR}
- )
-
-# C compilation
-SET(TARGET_C_COMPILATION_TEST "ckm-c-compilation-test")
-
-SET(C_COMPILATION_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/c-compilation.c
-)
-
-PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP
- key-manager
- REQUIRED)
-
-ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES})
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd">
- <!-- if EncryptionKey present, the content is an AES key encrypted using device key.
- The format is Base64(encrypt(AES_key_binary))
- i.e.:
- * RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
- * encode base64: openssl enc -base64 -in encryption_AES_key.encrypted -->
- <EncryptionKey>
- QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp
- UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s
- CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj
- bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss
- Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC
- ZVOanzc0euaenw1q9b+yEQ==
- </EncryptionKey>
- <Key name="test-key1" type="RSA_PUB" password="123">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
- +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
- tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
- x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
- 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
- m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
- +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
- f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
- +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
- 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
- 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
- -----END PUBLIC KEY-----
- </PEM>
- <Permission accessor="web_app1"/>
- </Key>
- <Key name="test-key2" type="RSA_PRV" exportable="true">
- <DER>
- MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
- jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
- 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
- GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
- xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
- TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
- VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
- wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
- BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
- 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
- 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
- pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
- 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
- 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
- RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
- bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
- jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
- 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
- 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
- GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
- UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
- /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
- AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
- ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
- TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
- ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
- v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
- xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
- 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
- eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
- 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
- xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
- sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
- WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
- gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
- W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
- G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
- oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
- yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
- 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
- Vx676FQrM4EzjSSqgA==
- </DER>
- <Permission accessor="web_app2"/>
- </Key>
- <Cert exportable="true" name="test-cert1">
- <DER>
- MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
- EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
- VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
- MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
- MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
- 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
- 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
- 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
- +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
- AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
- PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
- 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
- 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
- wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
- 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
- kOg11TpPdNDkhb1J4ZCh2gupDg==
- </DER>
- <Permission accessor="web_app2"/>
- </Cert>
- <Data name="test-data1" exportable="true">
- <ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Data>
- <Key name="test-aes1" type="AES" exportable="true">
- <Base64>
- QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
- </Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Key>
- <!-- key below is encrypted using AES-CBC algorithm.
- The key used is decrypted <EncryptionKey> provided above.
- Encryption:
- * encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in data -out data.enc
- -->
- <Key name="test-encryption-prv" type="RSA_PRV" exportable="true">
- <EncryptedDER IV="X1RoaXNJc0lWRm9yQUVTXw==">
- BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
- 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
- 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
- tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
- +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
- xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
- FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
- vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
- 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
- Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
- wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
- j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
- bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
- </EncryptedDER>
- </Key>
- <Key name="test-encryption-pub" type="RSA_PUB" exportable="true">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
- JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
- CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
- 3Op0tEjy0jpmzeyNiQIDAQAB
- -----END PUBLIC KEY-----
- </PEM>
- </Key>
- <Cert name="test-encryption-certificate" exportable="true">
- <!-- Note IV differs between items -->
- <EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
- pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
- /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
- l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
- XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
- /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
- osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
- 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
- TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
- ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
- oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
- ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
- tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
- kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
- DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
- LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
- XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
- 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
- a+r+N4lsYPKJbX2ywUvDHg==
- </EncryptedDER>
- </Cert>
- <Data name="test-ascii-data-encryption" exportable="true">
- <!-- this below decrypts to ASCII: "My secret data" -->
- <EncryptedASCII IV="X19hbm90aGVyX0lWXzJfXw==">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
- </Data>
- <Data name="test-binary-data-encryption" exportable="true">
- <!-- this below decrypts to small PNG image -->
- <EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
- weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC
- Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF
- oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf
- kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk
- KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy
- iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8
- gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju
- yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC
- Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps
- ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod
- v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW
- NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti
- udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0
- FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx
- IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h
- ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx
- asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0
- +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA
- Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI
- Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK
- XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT
- gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg
- g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8
- DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4
- T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q
- MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0
- CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz
- traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c
- q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP
- ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n
- Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t
- gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3
- 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW
- YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx
- pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys
- nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9
- pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI
- 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY
- hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp
- VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka
- lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP
- 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32
- LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk
- UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2
- rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/
- sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY
- 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1
- H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv
- e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt
- ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW
- MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP
- zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J
- 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un
- TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb
- aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS
- eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09
- +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ
- 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo
- p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO
- fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT
- mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ
- ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA
- YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3
- aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC
- jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK
- vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T
- INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA
- wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3
- Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf
- ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR
- 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu
- Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm
- q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O
- eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ
- USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx
- qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk
- p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL
- 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS
- orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY
- BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL
- YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5
- ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm
- HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h
- TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9
- jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ
- ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B
- Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU
- V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5
- RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc
- Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc
- Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh
- PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1
- zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV
- e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt
- eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz
- zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c
- 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw
- eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV
- HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu
- by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT
- n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50
- mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL
- PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe
- xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg
- wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0
- ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp
- EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr
- d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb
- 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi
- F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7
- HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM
- yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC
- Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV
- lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw
- xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm
- LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi
- eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A
- CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb
- U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB
- +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw
- IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx
- 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe
- FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD
- yYRBt5UqwGovABM08jYkuA==
- </EncryptedBinary>
- </Data>
-</InitialValues>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
- <Key name="test2-key1" type="RSA_PUB" password="123">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
- +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
- tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
- x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
- 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
- m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
- +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
- f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
- +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
- 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
- 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
- -----END PUBLIC KEY-----
- </PEM>
- <Permission accessor="web_app1"/>
- </Key>
- <Key name="test2-key2" type="RSA_PRV" exportable="true">
- <DER>
- MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
- jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
- 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
- GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
- xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
- TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
- VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
- wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
- BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
- 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
- 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
- pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
- 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
- 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
- RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
- bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
- jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
- 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
- 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
- GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
- UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
- /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
- AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
- ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
- TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
- ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
- v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
- xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
- 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
- eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
- 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
- xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
- sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
- WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
- gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
- W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
- G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
- oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
- yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
- 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
- Vx676FQrM4EzjSSqgA==
- </DER>
- <Permission accessor="web_app2"/>
- </Key>
- <Cert exportable="true" name="test2-cert1">
- <DER>
- MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
- EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
- VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
- MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
- MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
- 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
- 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
- 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
- +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
- AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
- PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
- 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
- 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
- wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
- 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
- kOg11TpPdNDkhb1J4ZCh2gupDg==
- </DER>
- <Permission accessor="web_app2"/>
- </Cert>
- <Data name="test2-data1" exportable="true">
- <ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Data>
- <Key name="test2-aes1" type="AES" exportable="true">
- <Base64>
- QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
- </Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Key>
-</InitialValues>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
- <Key name="test3-key1" type="RSA_PUB" password="123">
- <Permission accessor="web_app1"/>
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
- +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
- tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
- x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
- 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
- m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
- +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
- f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
- +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
- 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
- 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
- -----END PUBLIC KEY-----
- </PEMIAMWRONG>
- </Key>
- <Key name="test3-key2" type="RSA_PRV" exportable="true">
- <DER>
- MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
- jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
- 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
- GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
- xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
- TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
- VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
- wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
- BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
- 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
- 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
- pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
- 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
- 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
- RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
- bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
- jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
- 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
- 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
- GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
- UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
- /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
- AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
- ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
- TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
- ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
- v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
- xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
- 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
- eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
- 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
- xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
- sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
- WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
- gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
- W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
- G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
- oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
- yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
- 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
- Vx676FQrM4EzjSSqgA==
- </DER>
- <Permission accessor="web_app2"/>
- </Key>
- <Cert exportable="true" name="test3-cert1">
- <DER>
- MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
- EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
- VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
- MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
- MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
- 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
- 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
- 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
- +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
- AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
- PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
- 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
- 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
- wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
- 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
- kOg11TpPdNDkhb1J4ZCh2gupDg==
- </DER>
- <Permission accessor="web_app2"/>
- </Cert>
- <Data name="test3-data1" exportable="true">
- <ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Data>
- <Key name="test3-aes1" type="AES">
- <Base64>
- QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
- </Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Key>
-</InitialValues>
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/smack.h>
-
-#include <access_provider2.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-
-namespace {
-
-std::string toSmackLabel(const std::string &ownerId) {
- if (ownerId.empty())
- return ownerId;
-
- if (ownerId[0] == '/') {
- return ownerId.substr(1, std::string::npos);
- }
-
- return SMACK_USER_APP_PREFIX + ownerId;
-}
-
-} // anonymous namespace
-
-AccessProvider::AccessProvider(const std::string &ownerId)
- : m_mySubject(toSmackLabel(ownerId))
- , m_inSwitchContext(false)
-{
- RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
- allowJournaldLogs();
-}
-
-AccessProvider::AccessProvider(const std::string &ownerId, int uid, int gid)
- : m_mySubject(toSmackLabel(ownerId))
- , m_inSwitchContext(false)
-{
- RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
- allowJournaldLogs();
- applyAndSwithToUser(uid, gid);
-}
-
-void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
- m_smackAccess.add(m_mySubject, api, rule);
-}
-
-void AccessProvider::apply() {
- // This should be done by security-manager
- m_smackAccess.add("System", m_mySubject, "w");
- m_smackAccess.add(m_mySubject, "System", "w");
- m_smackAccess.apply();
-}
-
-void AccessProvider::applyAndSwithToUser(int uid, int gid)
-{
- RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context");
-
- // get calling label
- char* my_label = NULL;
- RUNNER_ASSERT(smack_new_label_from_self(&my_label) > 0);
- if(my_label)
- {
- m_origLabel = std::string(my_label);
- free(my_label);
- }
- RUNNER_ASSERT(m_origLabel.size() > 0);
-
- RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
- "Error in smack_revoke_subject(" << m_mySubject << ")");
- apply();
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
- "Error in smack_set_label_for_self.");
-
- m_origUid = getuid();
- m_origGid = getgid();
- RUNNER_ASSERT_MSG(0 == setegid(gid),
- "Error in setgid.");
- RUNNER_ASSERT_MSG(0 == seteuid(uid),
- "Error in setuid.");
- m_inSwitchContext = true;
-}
-
-void AccessProvider::allowJournaldLogs() {
- allowAPI("System::Run","wx"); // necessary for logging with journald
-}
-
-ScopedAccessProvider::~ScopedAccessProvider()
-{
- if(m_inSwitchContext == true)
- {
- RUNNER_ASSERT_MSG(0 == setegid(m_origGid), "Error in setgid.");
- RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid.");
- RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
- "Error in smack_revoke_subject(" << m_mySubject << ")");
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_origLabel.c_str()),
- "Error in smack_set_label_for_self.");
- m_inSwitchContext = false;
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider2.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef _ACCESS_FOR_DUMMIES_H_
-#define _ACCESS_FOR_DUMMIES_H_
-
-#include <string>
-
-#include <smack_access.h>
-
-class AccessProvider {
-public:
- explicit AccessProvider(const std::string &ownerId);
- AccessProvider(const std::string &ownerId, int uid, int gid);
- virtual ~AccessProvider() {}
-
- AccessProvider(const AccessProvider &second) = delete;
- AccessProvider& operator=(const AccessProvider &second) = delete;
-
- void allowAPI(const std::string &api, const std::string &rules);
- void apply();
- void applyAndSwithToUser(int uid, int gid);
-
-private:
- void allowJournaldLogs();
-
- SmackAccess m_smackAccess;
-protected:
- std::string m_mySubject;
- uid_t m_origUid;
- gid_t m_origGid;
- std::string m_origLabel;
- bool m_inSwitchContext;
-};
-
-class ScopedAccessProvider : public AccessProvider {
-public:
- explicit ScopedAccessProvider(const std::string &mySubject)
- : AccessProvider(mySubject) {}
- ScopedAccessProvider(const std::string &mySubject, int uid, int gid)
- : AccessProvider(mySubject, uid, gid) {}
- virtual ~ScopedAccessProvider();
-};
-
-#endif // _ACCESS_FOR_DUMMIES_H_
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file algo-params.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <memory>
-#include <fstream>
-
-#include <string.h>
-
-#include <dpl/test/test_runner.h>
-#include <ckm-common.h>
-#include <ckmc/ckmc-type.h>
-#include <ckm/ckm-type.h>
-
-namespace {
-
-struct CryptoAlgorithmWrapper : public CKM::CryptoAlgorithm
-{
- bool empty() const { return m_params.empty(); }
- size_t count() const { return m_params.size(); }
-};
-
-ckmc_param_list_h* EMPTY_PLIST = NULL;
-ckmc_param_list_h EMPTY_LIST = NULL;
-
-const size_t DEFAULT_IV_LEN = 16;
-const size_t DEFAULT_IV_LEN_BITS = 8*DEFAULT_IV_LEN;
-
-RawBufferPtr IV(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free);
-
-void assert_list_empty(ckmc_param_list_h list)
-{
- const CryptoAlgorithmWrapper* caw = reinterpret_cast<const CryptoAlgorithmWrapper*>(list);
- RUNNER_ASSERT_MSG(caw->empty(), "Parameter list is not empty");
-}
-
-void check_int_param(ckmc_param_list_h list,
- ckmc_param_name_e name,
- uint64_t expected)
-{
- RUNNER_ASSERT_MSG(list, "List is NULL");
- uint64_t got;
- int ret = ckmc_param_list_get_integer(list, name, &got);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "No such integer param: " << name);
- RUNNER_ASSERT_MSG(expected == got,
- "Param " << name << " expected value: " << expected << " got: " << got);
-}
-
-void check_buffer_param(ckmc_param_list_h list,
- ckmc_param_name_e name,
- const ckmc_raw_buffer_s& expected)
-{
- RUNNER_ASSERT_MSG(list, "List is NULL");
- ckmc_raw_buffer_s* got = NULL;
- int ret = ckmc_param_list_get_buffer(list, name, &got);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "No such buffer param: " << name);
- assert_buffers_equal(expected, *got);
-}
-
-void assert_param_count(ckmc_param_list_h list, size_t expected)
-{
- RUNNER_ASSERT_MSG(list, "List is NULL");
- const CryptoAlgorithmWrapper* caw = reinterpret_cast<const CryptoAlgorithmWrapper*>(list);
- size_t count = caw->count();
- RUNNER_ASSERT_MSG(count == expected, "Expected param count: " << expected << " got: " << count);
-}
-
-} // anonymous namespace
-
-RUNNER_TEST_GROUP_INIT(CKM_ALGO_PARAMS);
-
-RUNNER_TEST(TAP_0010_new_invalid_param)
-{
- assert_invalid_param(ckmc_param_list_new, EMPTY_PLIST);
-}
-
-RUNNER_TEST(TAP_0020_free_invalid_param)
-{
- ckmc_param_list_free(EMPTY_LIST); // should not throw/segfault
-}
-
-RUNNER_TEST(TAP_0030_new_free)
-{
- ParamListPtr list = createParamListPtr();
- assert_list_empty(list.get());
-}
-
-RUNNER_TEST(TAP_0040_add_integer_invalid_param)
-{
- assert_invalid_param(ckmc_param_list_set_integer,
- EMPTY_LIST,
- CKMC_PARAM_ALGO_TYPE,
- CKMC_ALGO_AES_CTR);
-
- ParamListPtr list = createParamListPtr();
- assert_invalid_param(ckmc_param_list_set_integer,
- list.get(),
- static_cast<ckmc_param_name_e>(-1),
- CKMC_ALGO_AES_CTR);
- assert_list_empty(list.get());
-}
-
-RUNNER_TEST(TAP_0050_add_buffer_invalid_param)
-{
- assert_invalid_param(ckmc_param_list_set_buffer,
- EMPTY_LIST,
- CKMC_PARAM_ED_IV,
- IV.get());
-
- ParamListPtr list = createParamListPtr();
- assert_invalid_param(ckmc_param_list_set_buffer,
- list.get(),
- CKMC_PARAM_ED_IV,
- nullptr);
- assert_list_empty(list.get());
-
- ckmc_raw_buffer_s buffer;
- buffer.data = nullptr;
- buffer.size = 0;
- assert_invalid_param(ckmc_param_list_set_buffer,
- list.get(),
- CKMC_PARAM_ED_IV,
- &buffer);
- assert_list_empty(list.get());
-
- assert_invalid_param(ckmc_param_list_set_buffer,
- list.get(),
- static_cast<ckmc_param_name_e>(-1),
- IV.get());
- assert_list_empty(list.get());
-}
-
-RUNNER_TEST(TAP_0060_add_param)
-{
- ParamListPtr list = createParamListPtr();
- assert_positive(ckmc_param_list_set_integer,
- list.get(),
- CKMC_PARAM_ALGO_TYPE,
- CKMC_ALGO_AES_GCM);
- check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM);
- assert_param_count(list.get(),1);
-
- RawBufferPtr buffer(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free);
- assert_positive(ckmc_param_list_set_buffer,
- list.get(),
- CKMC_PARAM_ED_IV,
- buffer.get());
- check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM);
- check_buffer_param(list.get(), CKMC_PARAM_ED_IV, *buffer.get());
- assert_param_count(list.get(),2);
-}
-
-RUNNER_TEST(TAP_0070_generate_invalid_param)
-{
- assert_invalid_param(ckmc_generate_new_params, static_cast<ckmc_algo_type_e>(-1), EMPTY_PLIST);
-}
-
-RUNNER_TEST(TAP_0080_generate)
-{
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_CTR, &handle);
- ParamListPtr list = ParamListPtr(handle, ckmc_param_list_free);
- check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
- check_int_param(list.get(), CKMC_PARAM_ED_CTR_LEN, DEFAULT_IV_LEN_BITS);
-
- CKM::CryptoAlgorithm* ca = reinterpret_cast<CKM::CryptoAlgorithm*>(list.get());
- CKM::RawBuffer iv;
- bool ret = ca->getParam(CKM::ParamName::ED_IV, iv);
- RUNNER_ASSERT_MSG(!ret, "ED_IV param should not be present");
- assert_param_count(list.get(),2);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file async-api.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <mutex>
-#include <utility>
-#include <condition_variable>
-#include <cassert>
-
-#include <ckmc/ckmc-type.h>
-#include <ckm/ckm-manager-async.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-raw-buffer.h>
-
-#include <fstream>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <ckm-common.h>
-#include <access_provider2.h>
-#include <random>
-
-using namespace CKM;
-using namespace std;
-using namespace TestData;
-
-namespace {
-
-const char* TEST_LABEL = "test_label";
-const char* TEST_LABEL_2 = "test_label-2";
-
-const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-
-const char* TEST_PASS = "test-pass";
-
-const CertificateShPtrVector EMPTY_CERT_VECTOR;
-const CertificateShPtrVector NULL_PTR_VECTOR = {
- CertificateShPtr(),
- CertificateShPtr(),
- CertificateShPtr()
-};
-const AliasVector EMPTY_ALIAS_VECTOR;
-const Alias alias_PKCS_exportable = "async-test-PKCS-export";
-const Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
-
-class MyObserver: public ManagerAsync::Observer
-{
-public:
- MyObserver() :
- m_finished(false), m_error(0)
- {
- }
-
- void ReceivedError(int error)
- {
- m_finished = true;
- m_error = error;
- m_cv.notify_one();
- }
-
- void ReceivedSaveKey() { Succeeded(); }
- void ReceivedSaveCertificate() { Succeeded(); }
- void ReceivedSaveData() { Succeeded(); }
- void ReceivedSavePKCS12() { Succeeded(); }
-
- void ReceivedRemovedAlias() { Succeeded(); }
-
- void ReceivedKey(Key &&) { Succeeded(); }
- void ReceivedCertificate(Certificate &&) { Succeeded(); }
- void ReceivedData(RawBuffer &&) { Succeeded(); }
- void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
-
- void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
- void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
- void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
-
- void ReceivedCreateKeyAES() { Succeeded(); }
- void ReceivedCreateKeyPair() { Succeeded(); }
-
- void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
- { m_certChain = move(chain); Succeeded(); }
-
- void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
- void ReceivedVerifySignature() { Succeeded(); }
-
- void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
-
- void ReceivedSetPermission() { Succeeded(); }
-
- void WaitForResponse()
- {
- unique_lock < mutex > lock(m_mutex);
-
- m_cv.wait(lock, [this] {return m_finished;});
- }
-
- bool m_finished;
- int m_error;
- AliasVector m_aliases;
- CertificateShPtrVector m_certChain;
- PKCS12ShPtr m_pkcs;
- RawBuffer m_signed;
- int m_ocspStatus;
-
-protected:
- void Succeeded()
- {
- m_finished = true;
- m_cv.notify_one();
- }
-
- mutex m_mutex;
- condition_variable m_cv;
-};
-
-typedef shared_ptr<MyObserver> MyObserverPtr;
-
-enum Type {
- RSA,
- DSA,
- ECDSA,
- AES
-};
-
-struct KeyContainer
-{
- // assymetric
- KeyContainer(const std::string& prv_pem, const std::string& pub_pem) {
- RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
- prv = Key::create(buffer_prv);
- assert(prv);
-
- RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
- pub = Key::create(buffer_pub);
- assert(pub);
- }
-
- // symmetric
- KeyContainer(const RawBuffer& key_raw) {
- prv = pub = Key::createAES(key_raw);
- assert(prv);
- assert(pub);
- }
-
- KeyShPtr prv;
- KeyShPtr pub;
-};
-
-typedef map<Type, vector<KeyContainer> > KeyMap;
-
-
-KeyMap initializeKeys()
-{
- KeyMap km;
-
- km[RSA].emplace_back(
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
- "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
- "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
- "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
- "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
- "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
- "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
- "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
- "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
- "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
- "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
- "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
- "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
- "-----END RSA PRIVATE KEY-----",
-
- "-----BEGIN PUBLIC KEY-----\n"
- "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
- "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
- "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
- "3Op0tEjy0jpmzeyNiQIDAQAB\n"
- "-----END PUBLIC KEY-----"
- );
-
- km[RSA].emplace_back(
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6\n"
- "YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6T\n"
- "AQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7m\n"
- "Tus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2QNv3kBPuYdQQrXhoxCcIVtSIl8pU\n"
- "fI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8SGjA6mSpmrp7lPlKE\n"
- "9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWpxOzb\n"
- "lliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37J\n"
- "IudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4\n"
- "V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDes\n"
- "NBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ4rsmBqOwuglHFW52dIZEG9u/20ta\n"
- "QMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLiBLx0Yr/RXKf6gJUCAwEA\n"
- "AQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh18pva5Kzh\n"
- "EU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh\n"
- "9u236vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXN\n"
- "GF5JjNcCOQxO1Em8pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG\n"
- "5DPb19r9XjQhUPjbcq3/4qmLwtLT9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+\n"
- "fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK6wX2IQ+7vJoWQyg2w6DbpSRq\n"
- "cyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxeeRpNqFU9OCw0B\n"
- "d3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O\n"
- "bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBW\n"
- "gUyLSdxR5RoEjBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbP\n"
- "ggFZ8JnuwgtNo0soVKsWGATH65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX8\n"
- "0jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H1TYDjwA1iBFku/O/xx7Jag7Y0A2l\n"
- "1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MOGFTs5r9QyM//sm5D\n"
- "2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDOUCx6\n"
- "xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0\n"
- "/zX4MFMD/Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWd\n"
- "kKpm9xcFddATlT0CggEBAOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvE\n"
- "qgKHOgZO9ztD6/UgX41uc+3rKfvmY5AsldGZgd0ov/DyeF0N834LeBVayG1fdcEt\n"
- "amqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9TwoUWS2xmldc+nehCdHs\n"
- "WQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ETjKemdK\n"
- "HQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5\n"
- "ZB7ev8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FW\n"
- "Nqvwp9PQzxwTv8wuxBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o\n"
- "1Rad6jtb1SiV9KcPk83wIeoUk/xp0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7L\n"
- "qpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8eTEywu5yrMGeAjVpLFfKlmGI\n"
- "pYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk2kuGLYXISfUG\n"
- "j0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a\n"
- "xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8W\n"
- "X4+ZEW7S4heLsUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/a\n"
- "W22I0REV5UU8bS1F7taV93EwWmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVy\n"
- "FjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4igfJpPcUFYOazZ3Y7q53RdCgIPKKy\n"
- "iVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GHW93TUDTKWlTXyUFm\n"
- "C2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltYG08t\n"
- "fEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL6\n"
- "06qeBC8xoVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQ\n"
- "pyVWfB+F2ppBOYtKvNubyKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+I\n"
- "Qj8I06c1T31kzfJ71Vx1DUWZW/65xmFD4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rq\n"
- "uPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+Vx676FQrM4EzjSSqgA==\n"
- "-----END RSA PRIVATE KEY-----\n",
- "-----BEGIN PUBLIC KEY-----\n"
- "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3\n"
- "+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui\n"
- "tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB\n"
- "x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2\n"
- "QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8\n"
- "9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4\n"
- "m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA\n"
- "+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp\n"
- "f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4\n"
- "+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ\n"
- "4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+\n"
- "8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==\n"
- "-----END PUBLIC KEY-----");
- km[DSA].emplace_back(
- "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
- "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
- "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
- "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
- "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
- "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
- "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
- "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
- "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
- "yAKPlW7WQzgV5jLLNUW7\n"
- "-----END DSA PRIVATE KEY-----\n",
- "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMixBFiCdTiablWszLKSk03N4dNAA7wT\n"
- "aEkBw7A08Gt2izxqZqStwmfIFo2HnpmyVy5c0Qom7GIOzLhUz0pRHx8dOpOIXmz7\n"
- "g0CvN2t3A1CkpaMCok1+CkJ1otkfD2jznt+VxDh3Jg2cDPX9I0ae/TcObwRhE1EU\n"
- "1oU3DvME+PJXAhUA3KPuKMt+sJsNkOLqid3k2nU2zSECgYEAhxLVx5a3DoMAaZjD\n"
- "Dbuv/WUu2qOuryPTDRoXovL6ln/L5ZPD0pPXx5Eo+ZWCu5VKfdVVUl43TRdqgq98\n"
- "9IeRNEgTmuujZkQieGneDRVqTsRclZ7sooFFepIw0WSd2Mq/WfI0p5ZISr1eqXpI\n"
- "+fwnxN+ZvJSk9IiCVlG8nYMfAckDgYQAAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkB\n"
- "eukXzeZGqNWEjgzLAjMZEVYMDLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23\n"
- "ToR8fQuiBu+KvtAP/QuCOJ/LS0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6\n"
- "J2+fygnWcOOSo6s=\n"
- "-----END PUBLIC KEY-----\n"
- );
- km[ECDSA].emplace_back(
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
- "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
- "sQ==\n"
- "-----END EC PRIVATE KEY-----",
-
- "-----BEGIN PUBLIC KEY-----\n"
- "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
- "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
- "-----END PUBLIC KEY-----"
- );
-
- CKM::RawBuffer AES_key = createRandomBuffer(256/8);
- km[AES].emplace_back(AES_key);
-
- return km;
-}
-
-KeyMap keys = initializeKeys();
-typedef vector<CertificateShPtr> CertVector;
-
-const RawBuffer raw_buffer(const char* buffer)
-{
- return RawBuffer(buffer, buffer + strlen(buffer));
-}
-
-const RawBuffer test_buffer = raw_buffer("test_string");
-
-template <typename F, typename... Args>
-void test_negative(F&& func, int expected, Args... args)
-{
- MyObserverPtr obs = make_shared<MyObserver>();
- ManagerAsync mgr;
-
- (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
- obs->WaitForResponse();
-
- RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
- RUNNER_ASSERT_MSG(
- obs->m_error == expected,
- "Expected " << expected << "/" << ErrorToString(expected) <<
- " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
-}
-
-template <typename F, typename... Args>
-void test_invalid_param(F&& func, Args... args)
-{
- test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
-}
-
-template <typename F, typename... Args>
-MyObserverPtr test_positive(F&& func, Args... args)
-{
- MyObserverPtr obs = make_shared<MyObserver>();
- ManagerAsync mgr;
-
- (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
- obs->WaitForResponse();
-
- RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
- RUNNER_ASSERT_MSG(obs->m_error == 0,
- "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
- return obs;
-}
-
-template <typename F, typename... Args>
-void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
-{
- auto obs = test_positive(move(func), args...);
- RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
-}
-
-template <typename F, typename... Args>
-void test_check_cert_chain(F&& func, size_t expected, Args... args)
-{
- auto obs = test_positive(move(func), args...);
- RUNNER_ASSERT_MSG(
- obs->m_certChain.size() == expected,
- "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
-}
-
-typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
- const CertificateShPtr&,
- const CertificateShPtrVector&,
- const CertificateShPtrVector&,
- bool);
-
-typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
- const CertificateShPtr&,
- const AliasVector&,
- const AliasVector&,
- bool);
-
-class UserEnv : public RemoveDataEnv<APP_UID>
-{
-public:
- void init(const std::string & str) {
- RemoveDataEnv<APP_UID>::init(str);
- unlock_user_data(APP_UID, TEST_PASS);
- m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID));
- }
- void finish() {
- m_ap.reset();
- // lock is performed by remove_user_data() in RemoveDataEnv
- RemoveDataEnv<APP_UID>::finish();
- }
- std::unique_ptr<ScopedAccessProvider> m_ap;
-};
-
-CKM::PKCS12ShPtr loadPkcs()
-{
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-
- return pkcs;
-}
-
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
-
-// saveKey
-RUNNER_TEST(TA0010_save_key_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
- test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
- test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
-}
-
-RUNNER_TEST(TA0020_save_key_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
- test_negative(&ManagerAsync::saveKey,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- "alias",
- keys[RSA][0].prv,
- Policy());
-}
-
-RUNNER_TEST(TA0050_save_key_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
-}
-
-
-// saveCertificate
-RUNNER_TEST(TA0110_save_cert_invalid_param, UserEnv)
-{
- CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
- test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
- test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
- test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
-}
-
-RUNNER_TEST(TA0120_save_cert_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
- test_negative(&ManagerAsync::saveCertificate,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- "alias",
- getTestCertificate(MBANK),
- Policy());
-}
-
-RUNNER_TEST(TA0150_save_cert_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
-}
-
-
-// saveData
-RUNNER_TEST(TA0210_save_data_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
- test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
- test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
-}
-
-RUNNER_TEST(TA0220_save_data_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy());
- test_negative(&ManagerAsync::saveData,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- "alias",
- test_buffer,
- Policy());
-}
-
-RUNNER_TEST(TA0250_save_data_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy());
-}
-
-
-// removeKey
-RUNNER_TEST(TA0310_remove_alias_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::removeAlias, "alias");
- test_invalid_param(&ManagerAsync::removeAlias, "");
-}
-
-RUNNER_TEST(TA0330_remove_alias_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
-}
-
-RUNNER_TEST(TA0350_remove_key_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias_RSA");
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias_DSA");
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias_AES");
-
-}
-
-
-RUNNER_TEST(TA0450_remove_cert_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
- test_positive(&ManagerAsync::removeAlias, "alias");
-}
-
-
-RUNNER_TEST(TA0550_remove_data_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias");
-}
-
-
-// getKey
-RUNNER_TEST(TA0610_get_key_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getKey, "alias", "");
- test_invalid_param(&ManagerAsync::getKey, "", "");
-}
-
-RUNNER_TEST(TA0630_get_key_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
-}
-
-RUNNER_TEST(TA0640_get_key_wrong_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password"));
- test_negative(&ManagerAsync::getKey,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_RSA",
- "wrong-password");
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password"));
- test_negative(&ManagerAsync::getKey,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_DSA",
- "wrong-password");
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password"));
- test_negative(&ManagerAsync::getKey,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_AES",
- "wrong-password");
-}
-
-RUNNER_TEST(TA0650_get_key_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias_RSA", "password");
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias_DSA", "password");
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias_AES", "password");
-}
-
-
-// getCertificate
-RUNNER_TEST(TA0710_get_cert_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getCertificate, "alias", "");
- test_invalid_param(&ManagerAsync::getCertificate, "", "");
-}
-
-RUNNER_TEST(TA0730_get_cert_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::getCertificate,
- CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- "non-existing-alias",
- "");
-}
-
-RUNNER_TEST(TA0740_get_cert_wrong_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate,
- "alias",
- getTestCertificate(MBANK),
- Policy("password"));
- test_negative(&ManagerAsync::getCertificate,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias",
- "wrong-password");
-}
-
-RUNNER_TEST(TA0750_get_cert_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy("password"));
- test_positive(&ManagerAsync::getCertificate, "alias", "password");
-}
-
-
-// getData
-RUNNER_TEST(TA0810_get_data_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getData, "alias", "");
- test_invalid_param(&ManagerAsync::getData, "", "");
-}
-
-RUNNER_TEST(TA0830_get_data_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
-}
-
-RUNNER_TEST(TA0840_get_data_wrong_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy("password"));
- test_negative(&ManagerAsync::getData,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias",
- "wrong-password");
-}
-
-RUNNER_TEST(TA0850_get_data_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy("password"));
- test_positive(&ManagerAsync::getData, "alias", "password");
-}
-
-
-// getKeyAliasVector
-RUNNER_TEST(TA0910_get_key_alias_vector_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getKeyAliasVector);
-}
-
-RUNNER_TEST(TA0950_get_key_alias_vector_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA") });
-
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA") });
-
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES") });
-
- // remove DSA key
- test_positive(&ManagerAsync::removeAlias, "alias_DSA");
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES")});
-}
-
-
-// getCertificateAliasVector
-RUNNER_TEST(TA1010_get_cert_alias_vector_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getCertificateAliasVector);
-}
-
-RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(MBANK), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
-
- test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(SYMANTEC), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
-
- test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
-}
-
-
-// getDataAliasVector
-RUNNER_TEST(TA1110_get_data_alias_vector_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getDataAliasVector);
-}
-
-RUNNER_TEST(TA1150_get_data_alias_vector_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias1", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
-
- test_positive(&ManagerAsync::saveData, "alias2", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
-
- test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
-}
-
-
-// createKeyPairRSA
-RUNNER_TEST(TA1210_create_key_pair_RSA_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createKeyPairRSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1220_create_key_pair_RSA_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyPairRSA,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1250_create_key_pair_RSA_positive, UserEnv)
-{
- test_positive(&ManagerAsync::createKeyPairRSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
-}
-
-// createKeyPairDSA
-RUNNER_TEST(TA1270_create_key_pair_DSA_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createKeyPairDSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1280_create_key_pair_DSA_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[DSA][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyPairDSA,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1290_create_key_pair_DSA_positive, UserEnv)
-{
- test_positive(&ManagerAsync::createKeyPairDSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
-}
-
-// createKeyPairECDSA
-RUNNER_TEST(TA1310_create_key_pair_ECDSA_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createKeyPairECDSA,
- ElipticCurve::prime192v1,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1320_create_key_pair_ECDSA_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[ECDSA][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyPairECDSA,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- ElipticCurve::prime192v1,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1350_create_key_pair_ECDSA_positive, UserEnv)
-{
- test_positive(&ManagerAsync::createKeyPairECDSA,
- ElipticCurve::prime192v1,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
-}
-
-// createKeyAES
-RUNNER_TEST(TA1360_create_key_AES_invalid_param, UserEnv)
-{
- test_invalid_param(&ManagerAsync::createKeyAES,
- 147,
- "alias_AES",
- Policy());
-}
-
-RUNNER_TEST(TA1370_create_key_AES_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyAES,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- 256,
- "alias_AES",
- Policy());
-}
-
-RUNNER_TEST(TA1380_create_key_AES_positive, UserEnv)
-{
- test_positive(&ManagerAsync::createKeyAES,
- 256,
- "alias_AES",
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_AES")});
-}
-
-// getCertificateChain
-RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
- test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
- test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
- CertificateShPtr(),
- certv,
- EMPTY_CERT_VECTOR,
- true);
-
- Alias alias = "alias";
- AliasVector aliasv = { alias };
- test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
- cert,
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
- test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
- CertificateShPtr(),
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
-}
-
-RUNNER_TEST(TA1420_get_certificate_chain_negative, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(MBANK) };
- test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true);
- test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
- AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
- test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- EMPTY_ALIAS_VECTOR,
- EMPTY_ALIAS_VECTOR,
- true);
- test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
-}
-
-RUNNER_TEST(TA1450_get_certificate_chain_positive, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
- test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
- 3,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
-
- AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
- test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
- 3,
- cert,
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
-}
-
-
-// createSignature
-RUNNER_TEST(TA1510_create_signature_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createSignature,
- "alias",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
- test_invalid_param(&ManagerAsync::createSignature,
- "",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
- test_invalid_param(&ManagerAsync::createSignature,
- "alias",
- "",
- RawBuffer(),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1520_create_signature_invalid_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password"));
- test_negative(&ManagerAsync::createSignature,
- CKM_API_ERROR_INPUT_PARAM,
- "alias",
- "wrong-password",
- RawBuffer(),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1550_create_signature_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::createSignature,
- "alias",
- "password",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-
-// verifySignature
-RUNNER_TEST(TA1610_verify_signature_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::verifySignature,
- "",
- "",
- RawBuffer(),
- RawBuffer(),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
- test_invalid_param(&ManagerAsync::verifySignature,
- "",
- "",
- test_buffer,
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1620_verify_signature_invalid_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("pass1"));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("pass2"));
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "pass1",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_pub",
- "wrong-password",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1630_verify_signature_invalid_message, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy(""));
-
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub",
- "",
- raw_buffer("invalid-unsigned-mesage"),
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1640_verify_signature_invalid_signature, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy(""));
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub",
- "",
- test_buffer,
- raw_buffer("invalid-signature"),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1650_verify_signature_wrong_key, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub2", keys[RSA][1].pub, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub3", keys[DSA][0].prv, Policy(""));
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_positive(&ManagerAsync::verifySignature,
- "alias_prv",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_positive(&ManagerAsync::verifySignature,
- "alias_pub",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub2",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub3",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1660_verify_signature_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("pass1"));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("pass2"));
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "pass1",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_positive(&ManagerAsync::verifySignature,
- "alias_pub",
- "pass2",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-
-// ocspCheck
-RUNNER_TEST(TA1710_ocsp_check_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
- test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
- test_invalid_param(&ManagerAsync::ocspCheck, NULL_PTR_VECTOR);
-}
-
-RUNNER_TEST(TA1720_ocsp_check_negative, UserEnv)
-{
- CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
-
- auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
- RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
- "Verification should fail. Got: " << obs->m_ocspStatus);
-}
-
-RUNNER_TEST(TA1750_ocsp_check_positive, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
- auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
-
- auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
- RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
- "Verification failed. Error: " << obs->m_ocspStatus);
-}
-
-// setPermission
-RUNNER_TEST(TA1810_allow_access_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
- test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
- test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
-}
-
-RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
-{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
-
- // prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
- std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
- save_data(alias2.c_str(), TEST_DATA);
- save_data(alias3.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias2,
- TEST_LABEL_2,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- alias3,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- }
-
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
-
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
-
- // test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
-
- // now test with appropriate addressing
- test_positive(&ManagerAsync::getData, alias2, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
-
- test_positive(&ManagerAsync::getData, alias3, "");
- test_positive(&ManagerAsync::removeAlias, alias3);
- }
-}
-
-// denyAccess
-RUNNER_TEST(TA1910_deny_access_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
- test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
- test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
-}
-
-RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
-{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
-
- // prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::NONE);
- }
-
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
-
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
- }
-}
-
-RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, RemoveDataEnv<0>)
-{
- auto pkcs = loadPkcs();
-
- // save to the CKM
- CKM::Policy exportable;
- CKM::Policy notExportable(CKM::Password(), false);
-
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
- pkcs,
- exportable,
- exportable);
- test_negative(&ManagerAsync::savePKCS12,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_exportable),
- pkcs,
- exportable,
- exportable);
-
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
- pkcs,
- notExportable,
- notExportable);
- test_negative(&ManagerAsync::savePKCS12,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_not_exportable),
- pkcs,
- notExportable,
- notExportable);
-}
-
-RUNNER_TEST(TA2010_PKCS_get, RemoveDataEnv<0>)
-{
- auto pkcs = loadPkcs();
-
- // save to the CKM
- CKM::Policy exportable;
- CKM::Policy notExportable(CKM::Password(), false);
-
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
- pkcs,
- exportable,
- exportable);
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
- pkcs,
- notExportable,
- notExportable);
-
- // fail - no entry
- test_negative(&ManagerAsync::getPKCS12,
- CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- sharedDatabase("i-do-not-exist").c_str(),
- CKM::Password(),
- CKM::Password());
-
-
- // fail - not exportable
- test_negative(&ManagerAsync::getPKCS12,
- CKM_API_ERROR_NOT_EXPORTABLE,
- sharedDatabase(alias_PKCS_not_exportable),
- CKM::Password(),
- CKM::Password());
-
- // success - exportable
- auto obs = test_positive(&ManagerAsync::getPKCS12,
- sharedDatabase(alias_PKCS_exportable),
- CKM::Password(),
- CKM::Password());
-
- auto cert = obs->m_pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = obs->m_pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file c-compilation.c
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-type.h>
-
-static unsigned char iv[] = { "rewrewrewgegsrtbhns" };
-
-void algo_param() {
- ckmc_param_list_h list = NULL;
- ckmc_raw_buffer_s* buffer = NULL;
-
- if(CKMC_ERROR_NONE != ckmc_param_list_new(&list))
- goto finish;
- if(CKMC_ERROR_NONE != ckmc_buffer_new(iv, sizeof(iv), &buffer))
- goto finish;
- if(CKMC_ERROR_NONE != ckmc_param_list_set_integer(list, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM))
- goto finish;
- if(CKMC_ERROR_NONE != ckmc_param_list_set_buffer(list, CKMC_PARAM_ED_IV, buffer))
- goto finish;
-
-finish:
- ckmc_buffer_free(buffer);
- ckmc_param_list_free(list);
-}
-
-
-int main()
-{
- algo_param();
- // TODO test other API
- return 0;
-}
+++ /dev/null
-#include <sys/types.h>
-#include <sys/wait.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <access_provider2.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-#include <ckm/ckm-type.h>
-
-namespace {
-const int USER_ROOT = 0;
-const int APP_1 = 6000;
-const int GROUP_1 = 6000;
-const int APP_2 = 6200;
-const int GROUP_2 = 6200;
-const char * const APP_PASS_1 = "app-pass-1";
-const char * const APP_PASS_2 = "app-pass-2";
-const char* APP_LABEL_1 = "APP_LABEL_1";
-const char* APP_LABEL_2 = "APP_LABEL_2";
-const char* APP_LABEL_3 = "APP_LABEL_3";
-const char* APP_LABEL_4 = "APP_LABEL_4";
-
-
-const char* NO_ALIAS = "definitely-non-existent-alias";
-const char* NO_OWNER = "definitely-non-existent-owner";
-
-const char* TEST_ALIAS = "test-alias";
-const char* TEST_ALIAS2 = "test-alias2";
-const char* TEST_ALIAS3 = "test-alias3";
-
-const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-
-void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
-{
- int ret = ckmc_allow_access(alias, accessor, accessRights);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
-{
- // data removal should revoke this access
- int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
-{
- int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
-}
-
-void check_alias_count(size_t expected)
-{
- size_t count = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
-}
-
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
-
-
-/////////////////////////////////////////////////////////////////////////////
-// Manager
-RUNNER_TEST(T3000_init)
-{
- reset_user_data(APP_1, APP_PASS_1);
- reset_user_data(APP_2, APP_PASS_2);
-}
-
-// invalid arguments check
-RUNNER_TEST(T3001_manager_allow_access_invalid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
- RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
-}
-
-// invalid arguments check
-RUNNER_TEST(T3002_manager_deny_access_invalid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
-}
-
-// tries to allow access for non existing alias
-RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny access for non existing alias
-RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Denying access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny access that does not exist in database
-RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- // deny non existing access to existing alias
- int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
-}
-
-// tries to allow access to application own data
-RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- std::string ownerId = getOwnerIdFromSelf();
- int ret = ckmc_set_permission(TEST_ALIAS, ownerId.c_str(), CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
-}
-
-// verifies that alias can not contain forbidden characters
-RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- std::string test_alias_playground = std::string("AAA BBB CCC");
- check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // control: expect success
- check_read(TEST_ALIAS, 0, TEST_DATA);
- check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
-}
-
-// verifies that label can not contain forbidden characters
-RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- // basic test
- std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // insert part of the separator in the middle
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // prepend separator
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // append separator
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.append(ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // control: expect success
- check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
-}
-
-
-// tries to access other application data without permission
-RUNNER_TEST(T3020_manager_access_not_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- }
-}
-
-// tries to access other application data with permission
-RUNNER_TEST(T3021_manager_access_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3022_manager_access_allowed_with_remove, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3023_manager_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3025_manager_remove_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to access other application data after allow function was called twice with different
-// rights
-RUNNER_TEST(T3026_manager_double_allow, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- // access should be overwritten
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to access application data with permission and after permission has been revoked
-RUNNER_TEST(T3027_manager_allow_deny, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-
- // remove permission
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- deny_access(TEST_ALIAS, APP_LABEL_2);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- }
-}
-
-RUNNER_TEST(T3028_manager_access_by_label, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- const char *additional_data = "label-2-data";
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // add data as app 2
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- save_data(TEST_ALIAS, additional_data);
-
- allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
-
- // test if accessing valid alias (of label2 domain)
- check_read_allowed(TEST_ALIAS, additional_data);
- }
-
- // test accessibility to app 2 from app 1
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- // test if can access label2 alias from label1 domain - should succeed
- check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
- }
-}
-
-// tries to modify another label's permission
-RUNNER_TEST(T3029_manager_access_modification_by_foreign_label, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
- }
-}
-
-// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3030_manager_get_all_aliases, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- size_t count;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- save_data(TEST_ALIAS2, TEST_DATA);
-
- count = count_aliases(ALIAS_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can access other aliases when it has permission
- check_alias_count(count - 1);
-
- ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
-
- // check that app can access its own aliases
- check_alias_count(count - 1 + 1);
- }
-
- // remove permission
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- deny_access(TEST_ALIAS, APP_LABEL_2);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can't access other aliases for which permission has been revoked
- check_alias_count(count - 2);
- }
-}
-
-// tries to access other application data with permission
-RUNNER_TEST(T3031_manager_deprecated_access_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3034_manager_deprecated_remove_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-/////////////////////////////////////////////////////////////////////////////
-// Control
-
-RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
-
-RUNNER_TEST(T3100_init)
-{
- reset_user_data(APP_1, APP_PASS_1);
- reset_user_data(APP_2, APP_PASS_2);
-}
-
-// invalid argument check
-RUNNER_TEST(T3101_control_allow_access_invalid, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- int ret;
- ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
-
- // double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
-}
-
-// invalid argument check
-RUNNER_TEST(T3102_control_deny_access_invalid, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
-
- // double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
-}
-
-// tries to allow access for non existing alias
-RUNNER_TEST(T3103_control_allow_access_non_existing)
-{
- reset_user_data(APP_1, APP_PASS_1);
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny access for non existing alias
-RUNNER_TEST(T3104_control_deny_access_non_existing)
-{
- reset_user_data(APP_1, APP_PASS_1);
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Denying access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny non existing access
-RUNNER_TEST(T3105_control_deny_access_non_existing_access, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
-}
-
-// tries to allow application to access its own data
-RUNNER_TEST(T3106_control_allow_access_to_myself, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
-}
-
-// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3110_control_allow_access_as_user, RemoveDataEnv<APP_1>)
-{
- RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
-
- // prepare: add data
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
-}
-
-// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_deny_access_as_user, RemoveDataEnv<APP_1>)
-{
- RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
-
- // prepare: add data
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
-}
-
-// tries to read other application data with permission
-RUNNER_TEST(T3121_control_access_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3122_control_access_allowed_with_remove, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission to read
-RUNNER_TEST(T3122_control_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3125_control_remove_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to access other application data after allow function has been called twice with different
-// rights
-RUNNER_TEST(T3126_control_double_allow, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- // access should be overwritten
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to access other application data with permission and after permission has been revoked
-RUNNER_TEST(T3127_control_allow_deny, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-
- deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- }
-}
-
-// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3130_control_get_all_aliases, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- size_t count;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- save_data(TEST_ALIAS2, TEST_DATA);
-
- count = count_aliases(ALIAS_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can access other aliases when it has permission
- check_alias_count(count - 1);
-
- ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA);
-
- // check that app can access its own aliases
- check_alias_count(count - 1 + 1);
- }
-
- deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can't access other aliases for which permission has been revoked
- check_alias_count(count - 2);
- }
-}
-
-// tries to add access to data in a database of invalid user
-RUNNER_TEST(T3140_control_allow_invalid_user, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
-}
-
-// tries to revoke access to data in a database of invalid user
-RUNNER_TEST(T3141_control_deny_invalid_user, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
-}
-
-// tries to read other application data with permission
-RUNNER_TEST(T3142_control_deprecated_access_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission to read
-RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3145_control_deprecated_remove_allowed, RemoveDataEnv<APP_1>)
-{
- // prepare: add data
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- save_data(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file capi-certificate-chains.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <stdarg.h>
-
-#include <string>
-#include <memory>
-
-#include <dpl/test/test_runner.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <ckm-common.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-namespace {
-
-typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
-typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
-typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
-
-ckmc_cert_s* create_cert(TestData::certificateID idx) {
-
- std::string cert_raw = TestData::getTestCertificateBase64(idx);
-
- ckmc_cert_s* cert = NULL;
- assert_positive(ckmc_cert_new,
- reinterpret_cast<unsigned char*>(const_cast<char*>(cert_raw.c_str())),
- cert_raw.size(),
- CKMC_FORM_PEM,
- &cert);
-
- RUNNER_ASSERT_MSG(cert != NULL, "Cert is NULL");
- return cert;
-}
-
-void save_cert(const ckmc_cert_s* cert, const char* alias) {
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
- assert_positive(ckmc_save_cert, alias, *cert, policy);
-}
-
-// list takes ownership of provided certificates
-CertListPtr create_cert_list(ckmc_cert_s* cert, ...) {
- CertListPtr certList(NULL, ckmc_cert_list_all_free);
-
- va_list ap;
-
- va_start(ap, cert);
- ckmc_cert_list_s* last = NULL;
- for (ckmc_cert_s* c = cert; c!=NULL; c = va_arg(ap, ckmc_cert_s*)) {
- if (!certList) {
- ckmc_cert_list_s* tmp = NULL;
- assert_positive(ckmc_cert_list_new, c, &tmp);
- certList = CertListPtr(tmp, ckmc_cert_list_all_free);
- RUNNER_ASSERT_MSG(!!certList, "Cert list is NULL");
- last = certList.get();
- } else {
- assert_positive(ckmc_cert_list_add, last, c, &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL");
- }
- }
- va_end(ap);
-
- return certList;
-}
-
-const ckmc_cert_s* NULL_CERT = NULL;
-ckmc_cert_list_s** NULL_CHAIN = NULL;
-
-/*
- * Helper class for certificate verification
- */
-class ChainVerifierBase {
-public:
- ChainVerifierBase();
- virtual ~ChainVerifierBase();
-
- void addTrusted(TestData::certificateID idx);
- void addUntrusted(TestData::certificateID idx);
- void enableSystem(bool enable);
-
- virtual void verifyPositive(TestData::certificateID idx, size_t expected) = 0;
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED) = 0;
-
-protected:
- void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert);
- void addAlias(ckmc_alias_list_s*& list, const char* alias);
-
- ckmc_cert_list_s* m_trustedCerts;
- ckmc_alias_list_s* m_trustedAliases;
-
- ckmc_cert_list_s* m_untrustedCerts;
- ckmc_alias_list_s* m_untrustedAliases;
-
- bool m_system;
-};
-
-
-ChainVerifierBase::ChainVerifierBase() :
- m_trustedCerts(NULL),
- m_trustedAliases(NULL),
- m_untrustedCerts(NULL),
- m_untrustedAliases(NULL),
- m_system(true)
-{
-}
-
-ChainVerifierBase::~ChainVerifierBase()
-{
- ckmc_cert_list_all_free(m_trustedCerts);
- ckmc_cert_list_all_free(m_untrustedCerts);
- ckmc_alias_list_all_free(m_trustedAliases);
- ckmc_alias_list_all_free(m_untrustedAliases);
-}
-
-void ChainVerifierBase::addTrusted(TestData::certificateID idx)
-{
- size_t size = list_size(m_trustedCerts);
- ckmc_cert_s* cert = create_cert(idx);
- addCert(m_trustedCerts, cert);
-
- std::stringstream ss;
- ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
- save_cert(cert, ss.str().c_str());
- addAlias(m_trustedAliases, ss.str().c_str());
-}
-
-void ChainVerifierBase::addUntrusted(TestData::certificateID idx)
-{
- size_t size = list_size(m_untrustedCerts);
- ckmc_cert_s* cert = create_cert(idx);
- addCert(m_untrustedCerts, cert);
-
- std::stringstream ss;
- ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
- save_cert(cert, ss.str().c_str());
- addAlias(m_untrustedAliases, ss.str().c_str());
-}
-
-void ChainVerifierBase::enableSystem(bool enable)
-{
- m_system = enable;
-}
-
-void ChainVerifierBase::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
-{
- if (!list) {
- ckmc_cert_list_s* tmp = NULL;
- assert_positive(ckmc_cert_list_new, cert, &tmp);
- RUNNER_ASSERT_MSG(!!tmp, "Cert list is NULL");
- list = tmp;
- } else {
- ckmc_cert_list_s* last = list;
- while(last->next)
- last = last->next;
- assert_positive(ckmc_cert_list_add, last, cert, &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL");
- }
-}
-
-void ChainVerifierBase::addAlias(ckmc_alias_list_s*& list, const char* alias)
-{
- if (!list) {
- ckmc_alias_list_s* tmp = NULL;
- assert_positive(ckmc_alias_list_new, strdup(alias), &tmp);
- RUNNER_ASSERT_MSG(!!tmp, "Alias list is NULL");
- list = tmp;
- } else {
- ckmc_alias_list_s* last = list;
- while(last->next)
- last = last->next;
- assert_positive(ckmc_alias_list_add, last, strdup(alias), &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last alias on the list is NULL");
- }
-}
-
-class ChainVerifierOld : public ChainVerifierBase {
-public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
-};
-
-class ChainVerifier : public ChainVerifierBase {
-public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
-};
-
-void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_positive(ckmc_get_cert_chain,
- cert,
- m_untrustedCerts,
- &chain);
-
- size_t size = list_size(chain);
- ckmc_cert_list_all_free(chain);
- chain = NULL;
- RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
-
- assert_positive(ckmc_get_cert_chain_with_alias,
- cert,
- m_untrustedAliases,
- &chain);
-
- size = list_size(chain);
- ckmc_cert_list_all_free(chain);
- chain = NULL;
- RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
-
- ckmc_cert_free(cert);
-}
-
-void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_positive(ckmc_get_cert_chain_with_trustedcert,
- cert,
- m_untrustedCerts,
- m_trustedCerts,
- m_system,
- &chain);
-
- size_t size = list_size(chain);
- ckmc_cert_list_all_free(chain);
- chain = NULL;
- RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
-
- ckmc_cert_free(cert);
-}
-
-void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_result(error,
- ckmc_get_cert_chain,
- cert,
- m_untrustedCerts,
- &chain);
- RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
-
- assert_result(error,
- ckmc_get_cert_chain_with_alias,
- cert,
- m_untrustedAliases,
- &chain);
-
- RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
-
- ckmc_cert_free(cert);
-}
-
-void ChainVerifier::verifyNegative(TestData::certificateID idx, int error)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_result(error,
- ckmc_get_cert_chain_with_trustedcert,
- cert,
- m_untrustedCerts,
- m_trustedCerts,
- m_system,
- &chain);
- RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
-
- ckmc_cert_free(cert);
-}
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
-
-RUNNER_TEST(TCCH_0000_init)
-{
- remove_user_data(0);
-}
-
-// old API
-RUNNER_TEST(TCCH_0010_get_chain_old_api)
-{
- remove_user_data(0);
-
- ChainVerifierOld cv;
- cv.verifyNegative(TestData::GOOGLE_COM);
-
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyPositive(TestData::GOOGLE_COM, 3); // including system cert
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-// old API
-RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
-{
- remove_user_data(0);
-
- ChainVerifierOld cv;
- cv.verifyPositive(TestData::GIAG2, 2); // including system cert
-}
-
-// check invalid arguments
-RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
-{
- remove_user_data(0);
-
- ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
- ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
- ckmc_cert_list_s* chain = NULL;
-
- // cert
- CertListPtr untrusted_c = create_cert_list(ca1, NULL);
- ca1 = NULL;
-
- assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
- NULL_CERT,
- untrusted_c.get(),
- untrusted_c.get(),
- true,
- &chain);
-
- assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
- ca2,
- untrusted_c.get(),
- untrusted_c.get(),
- true,
- NULL_CHAIN);
-
- ckmc_cert_free(ca2);
-}
-
-/*
- * This test verifies that chain of trust won't be successfully built unless system or trusted
- * certificates are used even if real trusted root ca certs are used as untrusted.
- */
-RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.verifyNegative(TestData::EQUIFAX);
-
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-/*
- * This test verifies that it's possible to build a chain of trust with single trusted certificate
- * and no system certificates.
- */
-RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.verifyPositive(TestData::TEST_IM_CA, 2);
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-/*
- * This test verifies that it's possible to build a chain of trust with system certificates only
- */
-RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.verifyPositive(TestData::GIAG2, 2); // including system cert
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-/*
- * Verifies that chain of trust can be built without untrusted certificates.
- */
-RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.verifyPositive(TestData::TEST_IM_CA, 2);// signed by trusted cert (TEST_ROOT_CA)
- cv.verifyPositive(TestData::GIAG2, 2); // signed by system cert (GEOTRUST)
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyPositive(TestData::GOOGLE_COM,3); // including system cert
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-/*
- * Check if its possible to build a chain of trust without system certs.
- */
-RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::TEST_IM_CA);
- cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-/*
- * Check if its possible to build a chain of trust with intermediate ca cert in trusted list.
- */
-RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addTrusted(TestData::TEST_IM_CA);
- cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(true);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::GEOTRUST);
- cv.addUntrusted(TestData::GIAG2);
- /*
- * In combat conditions this may as well be 3. Because of 2 existing GeoTrust certificates with
- * same Subject and Public key one being root ca and the other not there are 2 possible chains
- * of trust for this certificate.
- */
- cv.verifyPositive(TestData::GOOGLE_COM,4);
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-RUNNER_TEST(TCCH_9999_deinit)
-{
- remove_user_data(0);
-}
+++ /dev/null
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <ckm-common.h>
-#include <access_provider2.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-type.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-#include <ckm-common.h>
-
-#include <string>
-#include <fstream>
-#include <string.h>
-#include <stdio.h>
-#include <stddef.h>
-#include <stdlib.h>
-
-namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
-const char* USER_PASS = "user-pass";
-const char* TEST_LABEL = "test_label";
-const char *const TEST_OBJECT1 = "OBJECT1";
-const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
-const char* TEST_SYSTEM_ALIAS = "system-alias-1";
-const char* TEST_DATA = "ABCD";
-} // namespace anonymous
-
-
-RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
-
-RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
- CKMCReadableError(temp));
-
- remove_user_data(5000);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3011_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3012_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3013_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3014_Control_C_API)
-{
- int temp;
- const uid_t UNIQUE_USER = 6500;
-
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
- // unlock with empty password
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
- CKMCReadableError(temp));
- // reset password (NULL, "simple-password")
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
- CKMCReadableError(temp));
- // get rid of NULL DKEK
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")),
- CKMCReadableError(temp));
- // lock db
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)),
- CKMCReadableError(temp));
- // try to reset password when db locked
- RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
- CKMCReadableError(temp));
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3015_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3016_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
-{
- save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
-
- // [test] - expect success
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA);
-
- // remove user data - expect to map to the system DB
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
- CKMCReadableError(temp));
-
- // [test] - expect fail
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-}
-
-RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
-
-RUNNER_TEST(T30201_init_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30202_RSA_key_C_API)
-{
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- CKM::Alias alias = sharedDatabase("mykey");
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30203_AES_key_C_API)
-{
- int temp;
- CKM::Alias alias = sharedDatabase("my_AES_key");
- size_t key_length = 192;
-
- ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = NULL;
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
-
- compare_AES_keys(test_key, test_key2);
- ckmc_key_free(test_key);
- ckmc_key_free(test_key2);
-}
-
-RUNNER_TEST(T30204_certificate_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- ckmc_cert_s cert;
-
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
-RUNNER_TEST(T30205_certificate_remove_C_API)
-{
- int temp;
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert2);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30206_certificate_list_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_CERT);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-}
-
-
-RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- const char *passwordPolicy = "x";
- const char *alias = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = const_cast<char *>(passwordPolicy);
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
- CKMCReadableError(temp));
-
- // RUNNER_ASSERT_MSG(
- // key.getDER() == key2.getDER(), "Key value has been changed by service");
-
- delete [] char_keypem;
-}
-
-RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = NULL;
- size_t key_length = 192;
- CKM::Alias alias = "my_AES_key";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-
- compare_AES_keys(test_key, test_key2);
- ckmc_key_free(test_key);
- ckmc_key_free(test_key2);
-}
-
-RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = "x";
- size_t key_length = 192;
- CKM::Alias alias = "my_AES_key-2";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- ckmc_key_free(test_key);
-}
-
-RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- ckmc_policy_s test_policy;
- ckmc_key_s test_key, *test_key2;
- char* char_keypem = new char[keyPem.length() + 1];
- char* password = NULL;
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = NULL;
-
- test_policy.password = password;
- test_policy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = NULL;
- size_t key_length = 256;
- CKM::Alias alias = "my_AES_key-3";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- ckmc_key_free(test_key);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30212_certificate_with_DSA_key_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s *cert2 = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
-RUNNER_TEST(T30213_deinit_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-
-RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
-
-RUNNER_TEST(T3031_init_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3032_save_asymmetric_keys_get_alias_C_API)
-{
- int temp;
-
- char* password = NULL;
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
- ckmc_key_s test_key;
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 0;
-
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-}
-
-
-RUNNER_TEST(T3033_remove_asymmetric_key_C_API)
-{
- int temp;
-
- char* password = NULL;
-
- ckmc_key_s *test_key2;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3034_save_symmetric_keys_get_alias_C_API)
-{
- int temp;
- size_t key_length = 128;
- ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
- test_policy1.password = NULL;
- test_policy1.extractable = 1;
-
- test_policy2.password = NULL;
- test_policy2.extractable = 1;
-
- test_policy3.password = NULL;
- test_policy3.extractable = 1;
-
- int current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
-
- ckmc_key_free(test_key);
-}
-
-
-RUNNER_TEST(T3035_remove_symmetric_key_C_API)
-{
- int temp;
-
- ckmc_key_s *test_key2;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
- validate_AES_key(test_key2);
- ckmc_key_free(test_key2);
-
- // actual test - remove middle item
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
- validate_AES_key(test_key2);
- ckmc_key_free(test_key2);
-
-}
-
-RUNNER_TEST(T3036_deinit_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
-
-RUNNER_TEST(T3041_init_C_API)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, "simple-password");
-}
-
-RUNNER_TEST(T3042_save_get_bin_data_C_API)
-{
- int temp;
-
- ckmc_raw_buffer_s testData1, testData2, testData3;
- char* password = NULL;
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
- char* char_binData1 = new char[binData1.length() + 1];
- char* char_binData2 = new char[binData2.length() + 1];
- char* char_binData3 = new char[binData3.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- std::strcpy(char_binData2, binData2.c_str());
- std::strcpy(char_binData3, binData3.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData2.data = (unsigned char *) char_binData2;
- testData3.data = (unsigned char *) char_binData3;
- testData1.size = binData1.length()+1;
- testData2.size = binData2.length()+1;
- testData3.size = binData3.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
- test_policy2.password = password;
- test_policy2.extractable = 1;
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-
- ckmc_raw_buffer_s *testData4;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
- CKMCReadableError(temp));
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-}
-
-RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- ckmc_raw_buffer_s testData1;
- char* password = NULL;
- std::string binData1 = "My bin data";
- char* char_binData1 = new char[binData1.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData1.size = binData1.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 1;
-
- std::string binData = "My bin data";
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-}
-
-RUNNER_TEST(T3044_remove_bin_data_C_API)
-{
- int temp;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- (current_aliases_num-2) == actual_cnt,
- "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
-
- char* password = NULL;
-
- ckmc_raw_buffer_s *testData1, testData2;
-
- std::string testStr = "My bin data2";
- char* char_testData2 = new char[testStr.length() + 1];
- std::strcpy(char_testData2, testStr.c_str());
- testData2.data = (unsigned char *) char_testData2;
- testData2.size = testStr.length()+1;
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
- CKMCReadableError(temp));
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
-{
- const size_t BIG_SIZE = 5000000;
- ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
-
- std::vector<char> big_data(BIG_SIZE);
- std::ifstream is("/dev/urandom", std::ifstream::binary);
- if(is)
- is.read(big_data.data(), BIG_SIZE);
-
- RUNNER_ASSERT_MSG(is,
- "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
-
- save_data(TEST_ALIAS1.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
- check_read(TEST_OBJECT1, TEST_LABEL, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
-}
-
-RUNNER_TEST(T3050_deinit_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI);
-
-RUNNER_TEST(T3051_CAPI_init)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key)
-{
- int temp;
-
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t size = 1024;
- const char *private_key_alias = "RSA-test-1-priv";
- const char *public_key_alias = "RSA-test-1-pub";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == actual_cnt,
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
-
- ckmc_key_s *privateKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
- RUNNER_ASSERT_MSG(
- privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
- "Private key is broken.");
-
- ckmc_key_s *publicKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
- RUNNER_ASSERT_MSG(
- publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
- "Public key is broken.");
-
- // on next attempt to generate keys with the same alias, expect fail (alias exists)
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key)
-{
- int temp;
-
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t size = 1024;
- const char *private_key_alias = "DSA-test-2-priv";
- const char *public_key_alias = "DSA-test-2-pub";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == actual_cnt,
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
-
- ckmc_key_s *privateKey = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
- "Private key is broken.");
- RUNNER_ASSERT_MSG(
- privateKey->key_type == CKMC_KEY_DSA_PRIVATE,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
- ckmc_key_free(privateKey);
-
- ckmc_key_s *pubKey = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL,
- "Public key is broken.");
- RUNNER_ASSERT_MSG(
- pubKey->key_type == CKMC_KEY_DSA_PUBLIC,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast<int>(pubKey->key_type));
- ckmc_key_free(pubKey);
-
- // on next attempt to generate keys with the same alias, expect fail (alias exists)
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-
-RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key)
-{
- int temp;
- size_t size = 128;
- CKM::Alias key_alias = sharedDatabase("AES-gen-test-1");
- ckmc_policy_s policy_key;
-
- policy_key.password = NULL;
- policy_key.extractable = 1;
-
- int current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_aes(size, key_alias.c_str(), policy_key)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
-
- ckmc_key_s *get_AES_key = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(key_alias.c_str(), policy_key.password, &get_AES_key)),
- CKMCReadableError(temp));
- validate_AES_key(get_AES_key);
- ckmc_key_free(get_AES_key);
-}
-
-
-RUNNER_TEST(T3055_CAPI_deinit)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-
-RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
-
-RUNNER_TEST(T3061_CAPI_init)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, USER_PASS);
-}
-
-RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
-{
- int temp;
-
- size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-
- // on next attempt to generate keys with the same alias, expect fail (alias exists)
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
-{
- int temp;
-
- size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
-{
- int temp;
-
- ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3065_CAPI_deinit)
-{
- remove_user_data(0);
-}
-
-// TODO
-//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
-
-
-RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
-
-RUNNER_TEST(T3071_CAPI_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
-{
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
-
- ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
- c_cert.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
- ckmc_cert_list_s *cert_chain_list;
-
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
-
- RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
-
- ckmc_ocsp_status_e ocsp_status;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
-}
-
-RUNNER_TEST(T3075_CAPI_deinit)
-{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE);
-
-RUNNER_TEST(T3081_CAPI__init)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
-
- remove_user_data(0);
-}
-
-RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
- const char *key_passwd = "1234";
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 0;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = const_cast<char *>(key_passwd);
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
-{
- int temp;
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("ecprv2");
- CKM::Alias pub_alias = sharedDatabase("ecpub2");
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
-{
- int temp;
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pri_alias = sharedDatabase("prv3");
- CKM::Alias pub_alias = sharedDatabase("pub3");
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
-{
- int temp;
-
- const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
- "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
- "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
- "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
- "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
- "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
- "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
- "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
- "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
- "YMYCBhubtrVaLmc=\n"
- "-----END PUBLIC KEY-----";
-
- const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
- "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
- "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
- "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
- "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
- "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
- "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
- "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
- "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
- "u1roOuaPY+Hl19BlTE2qdw==\n"
- "-----END DSA PRIVATE KEY-----";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 0;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
- prikey.key_size = priv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = NULL;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // positive test
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- // negative test
- ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- invalid_msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
-{
- int temp;
-
- size_t size = 1024;
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
- "Error=" << temp);
-
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s *pubkey = NULL;
- ckmc_key_s *prikey = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // positive test
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- // negative test
- ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- invalid_msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_key_free(prikey);
- ckmc_key_free(pubkey);
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
-{
- int temp;
-
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pri_alias = sharedDatabase("prv4");
- CKM::Alias pub_alias = sharedDatabase("pub4");
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3089_CAPI__deinit)
-{
- remove_user_data(0);
-}
-
-
-//#######################################################################################
-
-void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
-{
- RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
- RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
-
- if(key->password != NULL && password != NULL) {
- RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
- }else if(key->password == NULL && password == NULL) {
- RUNNER_ASSERT_MSG(true, "Password Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Password Error" );
- }
-
- if(key->raw_key != NULL && raw_key != NULL) {
- for(unsigned int i=0; i<key_size; i++) {
- RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
- }
- }else if(key->raw_key == NULL && raw_key == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw Key Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw Key Error" );
- }
-}
-
-RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
-
-RUNNER_TEST(T3091_CAPI_TYPE_init)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, USER_PASS);
-}
-
-RUNNER_TEST(T3092_CAPI_TYPE_KEY)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int key_size = keyPem.size();
- ckmc_key_type_e key_type = CKMC_KEY_NONE;
- char *password = const_cast< char *>("");
-
- ckmc_key_s *key;
- ckmc_key_new(raw_key, key_size, key_type, password, &key);
-
- _assertKey(key, raw_key, key_size, key_type, password);
- ckmc_key_free(key);
-
- char *passwordNull = NULL;
- ckmc_key_s *key2;
- ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
- ckmc_key_free(key2);
-}
-
-RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int size = keyPem.size();
-
- ckmc_raw_buffer_s *buff;
- ckmc_buffer_new(data, size, &buff);
-
- RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
-
- if(buff->data != NULL && data != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
- }
- }else if(buff->data == NULL && data == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw data Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw data Error" );
- }
-
- ckmc_buffer_free(buff);
-}
-
-RUNNER_TEST(T3094_CAPI_TYPE_CERT)
-{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
- unsigned int size = certPem.size();
- ckmc_data_format_e form = CKMC_FORM_PEM;
-
- ckmc_cert_s *ckmCert;
- ckmc_cert_new(raw_cert, size, form, &ckmCert);
-
- RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
-
- if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
- }
- }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
- RUNNER_ASSERT_MSG(true, "raw_cert Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "raw_cert Error" );
- }
-
- RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
-
- ckmc_cert_free(ckmCert);
-}
-
-
-RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
-{
- int ret;
-
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
-
- const char *file_name = "/tmp/ckmc_test_cert.pem";
- remove(file_name);
-
- FILE* cert_file;
- cert_file = fopen(file_name, "w");
- fprintf(cert_file, "%s",certStr.c_str());
- fclose(cert_file);
-
- ckmc_cert_s *pcert;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
- CKMCReadableError(ret));
-
- RUNNER_ASSERT_MSG(
- pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
-
- CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
- CKMCReadableError(ret));
-
- remove(file_name);
-}
-
-RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
- const char *p12file = CKM_TEST_DIR "/capi-t3096.p12";
- const char *password = "password";
-
- int temp;
-
- ckmc_key_s *private_key = NULL;
- ckmc_cert_s *cert = NULL;
- ckmc_cert_list_s *ca_cert_list = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
- &private_key, &cert, &ca_cert_list)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
-
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
-
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
- CKMCReadableError(temp));
-
- CKM::Alias cert_alias = sharedDatabase("cert_alias");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
- CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_");
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ca_cert_list;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- CKMCReadableError(temp));
- tmpList = tmpList->next;
- cnt ++;
- }
-
- RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
-
- ckmc_key_free(private_key);
- ckmc_cert_free(cert);
- ckmc_cert_list_all_free(ca_cert_list);
-}
-
-RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
- const char *p12file = CKM_TEST_DIR "/capi-t3096.p12";
- const char *password = "password";
-
- int temp;
-
- ckmc_pkcs12_s *ppkcs12 = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
-
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
-
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
- CKMCReadableError(temp));
-
- CKM::Alias cert_alias = sharedDatabase("cert_alias2");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
- CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- CKMCReadableError(temp));
- tmpList = tmpList->next;
- cnt ++;
- }
-
- RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
-
- ckmc_pkcs12_free(ppkcs12);
-}
-
-RUNNER_TEST(T3098_CAPI_TYPE_deinit)
-{
- int temp;
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
-
-namespace
-{
-CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
-}
-
-RUNNER_TEST(T3101_CAPI_PKCS12_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
-{
- const char *wrong_passwd = "wrong";
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load(CKM_TEST_DIR "/test1801.pkcs12", wrong_passwd, &ppkcs12)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
-{
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(CKM_TEST_DIR "/pkcs.p12", NULL, &ppkcs12)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
-
- // save to the CKM
- ckmc_policy_s exportable;
- exportable.password = NULL;
- exportable.extractable = 1;
- ckmc_policy_s notExportable;
- notExportable.password = NULL;
- notExportable.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
-
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
-}
-
-RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
-{
- int temp;
- ckmc_pkcs12_s *pkcs = NULL;
-
- // fail - no entry
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // fail - not exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // success - exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
- size_t cntr = 0;
- ckmc_cert_list_s *iter = pkcs->ca_chain;
- do {
- cntr ++;
- iter = iter->next;
- } while(iter);
- RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
-
- ckmc_pkcs12_free(pkcs);
-}
-
-RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
-{
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- int temp;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- alias_PKCS_exportable.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- alias_PKCS_exportable.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
-{
- int tmp;
-
- // remove the whole PKCS12 bundles
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_exportable.c_str())),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
- CKMCReadableError(tmp));
-
- // expect lookup fails due to unknown alias
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
-}
-
-RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
-{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
-
-RUNNER_TEST(T3201_CAPI_unlock_database)
-{
- reset_user_data(USER_APP, USER_PASS);
-}
-
-RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
-{
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- CKM::Alias alias = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
-}
-
-RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
-{
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
-
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
-{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- CKM::Alias alias = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
-}
-
-RUNNER_TEST(T3204_deinit)
-{
- remove_user_data(USER_APP);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file cc-mode.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <string>
-
-#include <vconf/vconf.h>
-
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-
-using namespace CKM;
-using namespace std;
-
-#ifndef VCONFKEY_SECURITY_MDPP_STATE
-#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
-#endif
-
-namespace {
-
-const useconds_t SLEEP = 100*1000;
-
-const size_t MAX_RETRIES = 50;
-
-const char* const ENABLED = "Enabled";
-const char* const ENFORCING = "Enforcing";
-const char* const DISABLED = "Disabled";
-const char* const READY = "Ready";
-const char* const UNSET = "Unset"; // Meaningless value for unset.
-
-const char* const USER_LABEL = "User";
-const char* const CKM_LOCK = "/var/run/key-manager.pid";
-
-// Wrapper for mdpp state that restores the original value upon destruction
-class MdppState
-{
-public:
- MdppState();
- ~MdppState();
-
- // pass NULL to unset
- void set(const char* const value);
-
-private:
- char* m_original;
-};
-
-MdppState::MdppState()
-{
- ScopedLabel sl(USER_LABEL);
- m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
-}
-
-MdppState::~MdppState()
-{
- ScopedLabel sl(USER_LABEL);
- if (!m_original)
- vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
- else {
- vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
- }
-}
-
-void MdppState::set(const char* const value)
-{
- ScopedLabel sl(USER_LABEL);
- if (value)
- {
- int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
- RUNNER_ASSERT_MSG(0 == ret,
- "vconf_set() failed, ec: " << ret);
- }
- else
- vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
-}
-
-
-
-Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002");
-Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
-Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
-Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
-Alias aes_alias = sharedDatabase("aes-T2002");
-size_t aes_length = 128;
-
-void save_keys()
-{
- int temp;
- auto manager = Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
- 1024,
- rsa_pri_alias,
- rsa_pub_alias,
- Policy(Password(), true),
- Policy(Password(), true))),
- "Error=" << ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
- ElipticCurve::prime192v1,
- ecdsa_pri_alias,
- ecdsa_pub_alias,
- Policy(Password(), true),
- Policy(Password(), true))),
- "Error=" << ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyAES(
- aes_length,
- aes_alias,
- Policy(Password(), true))),
- "Error=" << ErrorToString(temp));
-}
-
-void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
- KeyShPtr key;
- int temp;
- RUNNER_ASSERT_MSG(
- expected == (temp = manager->getKey(alias, Password(), key)),
- "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
- ErrorToString(temp));
-}
-
-void read_keys(int expected)
-{
-// if mdpp is disabled at compilation time we expect that read_key always succeeds
-#ifndef DSECURITY_MDFPP_STATE_ENABLE
- expected = CKM_API_SUCCESS;
-#endif
- auto manager = Manager::create();
-
- read_key(manager, rsa_pri_alias, expected);
- read_key(manager, ecdsa_pri_alias, expected);
- read_key(manager, aes_alias, expected);
-}
-
-void update_cc_mode()
-{
- auto control = Control::create();
- int ret;
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
- "Error=" << ErrorToString(ret));
-}
-
-void restart_ckm(const char* const mdpp_setting)
-{
- stop_service(MANAGER);
- MdppState mdpp;
- mdpp.set(mdpp_setting);
- start_service(MANAGER);
-}
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
-
-RUNNER_TEST(TCC_0000_init)
-{
- remove_user_data(0);
-}
-
-// updatedCCMode should succeed regardless of mdpp setting
-RUNNER_TEST(TCC_0010_updateCCMode)
-{
- MdppState mdpp;
-
- mdpp.set(NULL);
- update_cc_mode();
-
- mdpp.set(ENABLED);
- update_cc_mode();
-
- mdpp.set(ENFORCING);
- update_cc_mode();
-
- mdpp.set(DISABLED);
- update_cc_mode();
-
- mdpp.set(READY);
- update_cc_mode();
-
- mdpp.set("whatever");
- update_cc_mode();
-}
-
-// tests without listener (ckm only)
-RUNNER_TEST(TCC_0020_noListener)
-{
- stop_service(LISTENER);
- MdppState mdpp;
-
- remove_user_data(0);
- save_keys();
-
- mdpp.set(NULL);
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(DISABLED);
- update_cc_mode();
- // MJK, it's counter-intuitive: Disabled does not mean
- // that CC mode is disabled, but that device
- // self-test failed "device DISABLED"
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set("whatever");
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENABLED);
- update_cc_mode();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(ENFORCING);
- update_cc_mode();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(READY);
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set("whatever");
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(DISABLED);
- update_cc_mode();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// when listener is started with mdpp key unset it should not update mdpp status in ckm
-RUNNER_TEST(TCC_0030_noCallbackRegistered)
-{
- // restart listener without vconf callback
- stop_service(LISTENER);
- remove_user_data(0);
- MdppState mdpp;
- mdpp.set(NULL);
- update_cc_mode();
- start_service(LISTENER);
-
- // save and read
- save_keys();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENABLED);
- usleep(SLEEP); // give some time for notification to reach ckm
-
- read_keys(CKM_API_SUCCESS);
-}
-
-// when listener is started with mdpp key set it should update mdpp status in ckm
-RUNNER_TEST(TCC_0040_callbackRegistered)
-{
- // restart listener with vconf callback
- stop_service(LISTENER);
- MdppState mdpp;
- mdpp.set(DISABLED);
- update_cc_mode();
- start_service(LISTENER);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set("whatever");
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENABLED);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(DISABLED);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(READY);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENFORCING);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(NULL);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_SUCCESS);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0050_manualCkmDisabled)
-{
- restart_ckm(DISABLED);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0060_manualCkmEnabled)
-{
- restart_ckm(ENABLED);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0070_manualCkmEnforcing)
-{
- restart_ckm(ENFORCING);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0075_manualCkmReady)
-{
- restart_ckm(READY);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_SUCCESS);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0080_manualCkmWhatever)
-{
- restart_ckm("whatever");
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_SUCCESS);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0090_manualCkmUnset)
-{
- restart_ckm(NULL);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_SUCCESS);
-}
-
-// make sure listener won't activate ckm to update mdpp
-RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
-{
- stop_service(MANAGER);
- stop_service(LISTENER);
-
- MdppState mdpp;
- mdpp.set(ENABLED);
-
- start_service(LISTENER);
-
- usleep(1000*1000); // by that time ckm would be already started
-
- int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
- RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
-
- int ret = lockf(lock, F_TEST, 0);
- close(lock);
- RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
-}
-
-RUNNER_TEST(TCC_9999_deinit)
-{
- remove_user_data(0);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-common.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-#include <string>
-#include <fstream>
-#include <sys/smack.h>
-#include <ckmc/ckmc-type.h>
-#include <ckm-common.h>
-#include <tests_common.h>
-#include <access_provider2.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-manager.h>
-#include <service_manager.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-const std::string SMACK_USER_APP_PREFIX = "User::App::";
-
-void generate_random(size_t random_bytes, char *output)
-{
- RUNNER_ASSERT(random_bytes>0 && output);
-
- std::ifstream is("/dev/urandom", std::ifstream::binary);
- RUNNER_ASSERT_MSG(is, "Failed to read /dev/urandom");
- is.read(output, random_bytes);
- if(static_cast<std::streamsize>(random_bytes) != is.gcount()) {
- RUNNER_ASSERT_MSG(false,
- "Not enough bytes read from /dev/urandom: " << random_bytes << "!=" <<
- is.gcount());
- }
-}
-
-const char* SERVICE[] = {
- "central-key-manager-listener.service",
- "central-key-manager.service" };
-
-void start_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.startService();
-}
-
-void stop_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.stopService();
-}
-
-std::string getLabel() {
- int ret;
- char* myLabel = NULL;
- RUNNER_ASSERT_MSG(0 <= (ret = smack_new_label_from_self(&myLabel)),
- "Failed to get smack label for self. Error: " << ret);
- RUNNER_ASSERT_MSG(myLabel, "NULL smack label");
- std::string result = myLabel;
- free(myLabel);
- return result;
-}
-
-std::string getOwnerIdFromSelf() {
- const std::string& prefix = SMACK_USER_APP_PREFIX;
- std::string smack = getLabel();
- if (0 == smack.compare(0, prefix.size(), prefix))
- return smack.substr(prefix.size(), std::string::npos);
- return "/" + smack;
-}
-
-std::string aliasWithLabel(const char *label, const char *alias)
-{
- if(label)
- {
- std::stringstream ss;
- ss << label << std::string(ckmc_label_name_separator) << alias;
- return ss.str();
- }
- return std::string(alias);
-}
-
-// changes process label
-void change_label(const char* label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
-}
-
-ScopedLabel::ScopedLabel(const char* label) : m_original_label(getLabel())
-{
- change_label(label);
-}
-
-ScopedLabel::~ScopedLabel()
-{
- /*
- * Let it throw. If we can't restore label then remaining tests results will be
- * unreliable anyway.
- */
- change_label(m_original_label.c_str());
-}
-
-const char * CKMCErrorToString(int error) {
-#define ERRORDESCRIBE(name) case name: return #name
- switch(error) {
- ERRORDESCRIBE(CKMC_ERROR_NONE);
- ERRORDESCRIBE(CKMC_ERROR_INVALID_PARAMETER);
- ERRORDESCRIBE(CKMC_ERROR_OUT_OF_MEMORY);
- ERRORDESCRIBE(CKMC_ERROR_PERMISSION_DENIED);
- ERRORDESCRIBE(CKMC_ERROR_SOCKET);
- ERRORDESCRIBE(CKMC_ERROR_BAD_REQUEST);
- ERRORDESCRIBE(CKMC_ERROR_BAD_RESPONSE);
- ERRORDESCRIBE(CKMC_ERROR_SEND_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_RECV_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_BUFFER_TOO_SMALL);
- ERRORDESCRIBE(CKMC_ERROR_SERVER_ERROR);
- ERRORDESCRIBE(CKMC_ERROR_DB_LOCKED);
- ERRORDESCRIBE(CKMC_ERROR_DB_ERROR);
- ERRORDESCRIBE(CKMC_ERROR_DB_ALIAS_EXISTS);
- ERRORDESCRIBE(CKMC_ERROR_DB_ALIAS_UNKNOWN);
- ERRORDESCRIBE(CKMC_ERROR_VERIFICATION_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_INVALID_FORMAT);
- ERRORDESCRIBE(CKMC_ERROR_FILE_ACCESS_DENIED);
- ERRORDESCRIBE(CKMC_ERROR_NOT_EXPORTABLE);
- ERRORDESCRIBE(CKMC_ERROR_FILE_SYSTEM);
- ERRORDESCRIBE(CKMC_ERROR_NOT_SUPPORTED);
- ERRORDESCRIBE(CKMC_ERROR_UNKNOWN);
- default: return "Error not defined";
- }
-#undef ERRORDESCRIBE
-}
-
-std::string CKMCReadableError(int error) {
- std::string output("Error: ");
- output += std::to_string(error);
- output += " Description: ";
- output += CKMCErrorToString(error);
- return output;
-}
-
-void save_data(const char* alias, const char *data, int expected_err)
-{
- save_data(alias, data, strlen(data), expected_err);
-}
-
-void save_data(const char* alias, const char *data, size_t len, int expected_err = CKMC_ERROR_NONE)
-{
- RUNNER_ASSERT(alias);
- RUNNER_ASSERT(data);
-
- ckmc_raw_buffer_s buffer;
- buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
- buffer.size = len;
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = true;
-
- int ret = ckmc_save_data(alias, buffer, policy);
- RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
- << CKMCErrorToString(ret) << " while expected: "
- << CKMCErrorToString(expected_err));
-
-}
-
-ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
-{
- save_data(alias, data, expected_err);
-}
-
-ScopedSaveData::~ScopedSaveData()
-{
- /*
- * Let it throw. If we can't remove data then remaining tests results will be
- * unreliable anyway.
- */
- check_remove_allowed(m_alias.c_str());
-}
-
-ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id)
-{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(user_id, passwd)), CKMCErrorToString(temp));
-}
-ScopedDBUnlock::~ScopedDBUnlock()
-{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp));
-}
-
-void check_remove_allowed(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- // remove, but ignore non existing
- RUNNER_ASSERT_MSG((CKMC_ERROR_NONE == ret) || (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret),
- "Removing data failed: " << CKMCErrorToString(ret));
-}
-
-void check_remove_denied(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_PERMISSION_DENIED == ret,
- "App with different label shouldn't have rights to remove this data. "
- << CKMCReadableError(ret));
-}
-
-void check_remove_not_visible(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "App with different label shouldn't have rights to see this data. "
- << CKMCReadableError(ret));
-}
-
-void check_read(const char* alias,
- const char *label,
- const char *test_data,
- size_t len,
- int expected_code)
-{
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
- RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. "
- "Expected " << CKMCErrorToString(expected_code) << ", "
- "while result " << CKMCErrorToString(ret));
-
- if(expected_code == CKMC_ERROR_NONE)
- {
- // compare data with expected
- RUNNER_ASSERT_MSG(
- buffer->size == len,
- "Extracted data length do not match expected data length (encrypted?):" <<
- buffer->size << "!=" << len);
-
- RUNNER_ASSERT_MSG(
- memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)),
- test_data, buffer->size) == 0,
- "Extracted data do not match expected data (encrypted?).");
-
- ckmc_buffer_free(buffer);
- }
-}
-
-void check_read(const char* alias, const char *label, const char *test_data, int expected_code)
-{
- check_read(alias, label, test_data, strlen(test_data), expected_code);
-}
-
-void check_read_allowed(const char* alias, const char *data)
-{
- // try to read previously saved data - label taken implicitly
- check_read(alias, NULL, data);
-}
-
-void check_read_not_visible(const char* alias)
-{
- // try to read previously saved data - label taken implicitly
- {
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(alias, NULL, &buffer);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "App with different label shouldn't have rights to see this data. " << CKMCErrorToString(ret));
- ckmc_buffer_free(buffer);
- }
-}
-
-void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type)
-{
- ckmc_key_s *test_key = NULL;
- int temp = ckmc_get_key(alias, 0, &test_key);
- RUNNER_ASSERT_MSG(
- expected_error == temp,
- "received: " << CKMCReadableError(temp) << " while expected: " << CKMCReadableError(expected_error));
- if(expected_type != CKMC_KEY_NONE)
- {
- RUNNER_ASSERT_MSG(
- test_key->key_type == expected_type,
- "received type: " << test_key->key_type << " while expected type: " << expected_type);
- }
- ckmc_key_free(test_key);
-}
-void check_key_allowed(const char *alias, ckmc_key_type_e expected_type)
-{
- check_key(alias, CKMC_ERROR_NONE, expected_type);
-}
-void check_key_not_visible(const char *alias)
-{
- check_key(alias, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-}
-void check_cert_allowed(const char *alias)
-{
- ckmc_cert_s *test_cert = NULL;
- int temp = ckmc_get_cert(alias, 0, &test_cert);
- ckmc_cert_free(test_cert);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp));
-
-}
-void check_cert_not_visible(const char *alias)
-{
- ckmc_cert_s *test_cert = NULL;
- int temp = ckmc_get_cert(alias, 0, &test_cert);
- ckmc_cert_free(test_cert);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == temp,
- "App with different label shouldn't have rights to see this cert. " << CKMCErrorToString(temp));
-}
-
-void allow_access(const char* alias, const char* accessor, int permissionMask)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: "
- << CKMCErrorToString(ret));
-}
-
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
- RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned "
- << CKMCErrorToString(ret) << ", while expected: "
- << CKMCErrorToString(expectedCode));
-}
-
-void deny_access(const char* alias, const char* accessor)
-{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: "
- << CKMCErrorToString(ret));
-}
-
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
-{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. "
- << CKMCErrorToString(ret) << ", while expected: "
- << CKMCErrorToString(expectedCode));
-}
-
-void unlock_user_data(uid_t user_id, const char *passwd)
-{
- int ret;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-void remove_user_data(uid_t user_id)
-{
- auto control = CKM::Control::create();
- control->lockUserKey(user_id);
- control->removeUserData(user_id);
-}
-
-void reset_user_data(uid_t user_id, const char *passwd)
-{
- remove_user_data(user_id);
- unlock_user_data(user_id, passwd);
-}
-
-ckmc_raw_buffer_s prepare_message_buffer(const char * input)
-{
- ckmc_raw_buffer_s retval;
- retval.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(input));
- retval.size = strlen(input);
- return retval;
-}
-
-void check_alias_list(const CKM::AliasVector& expected)
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ret = ckmc_get_data_alias_list(&aliasList);
- RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << ret << " / " << CKMCErrorToString(ret));
-
- CKM::AliasVector actual;
- ckmc_alias_list_s *plist = aliasList;
- while(plist)
- {
- actual.push_back(plist->alias);
- plist = plist->next;
- }
- ckmc_alias_list_all_free(aliasList);
-
- RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
-}
-
-size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ec;
- switch(type)
- {
- case ALIAS_KEY:
- ec = ckmc_get_key_alias_list(&aliasList);
- break;
-
- case ALIAS_CERT:
- ec = ckmc_get_cert_alias_list(&aliasList);
- break;
-
- case ALIAS_DATA:
- ec = ckmc_get_data_alias_list(&aliasList);
- break;
- default:
- RUNNER_ASSERT_MSG(false, "Unsupported value ALIAS_KEY == " << (int)type);
- }
-
- if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
- return 0;
-
- RUNNER_ASSERT_MSG(ec == CKMC_ERROR_NONE,
- "Error: alias list failed, ec: " << CKMCErrorToString(ec));
-
- ckmc_alias_list_s *plist = aliasList;
- size_t return_count = 0;
- while(plist)
- {
- plist = plist->next;
- return_count ++;
- }
- ckmc_alias_list_all_free(aliasList);
-
- RUNNER_ASSERT_MSG(
- return_count >= minimum_initial_element_count,
- "Error: alias list failed, current element count: " << return_count <<
- " while expected minimal count of " << minimum_initial_element_count <<
- " elements");
-
- return return_count;
-}
-
-std::string sharedDatabase(const CKM::Alias & alias)
-{
- return aliasWithLabel(ckmc_owner_id_system, alias.c_str());
-}
-
-ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes)
-{
- ckmc_raw_buffer_s* buffer = NULL;
- char* data = static_cast<char*>(malloc(random_bytes*sizeof(char)));
- RUNNER_ASSERT(data);
- generate_random(random_bytes, data);
- int ret = ckmc_buffer_new(reinterpret_cast<unsigned char*>(data), random_bytes, &buffer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Buffer creation failed: " << CKMCErrorToString(ret));
- return buffer;
-}
-
-CKM::RawBuffer createRandomBuffer(size_t random_bytes)
-{
- char buffer[random_bytes];
- generate_random(random_bytes, buffer);
- return CKM::RawBuffer(buffer, buffer + random_bytes);
-}
-
-ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd)
-{
- ckmc_key_s *retval = reinterpret_cast<ckmc_key_s *>(malloc(sizeof(ckmc_key_s)));
- RUNNER_ASSERT(retval != NULL);
-
- RUNNER_ASSERT(lengthBits%8 == 0);
- char *char_key_AES = reinterpret_cast<char*>(malloc(lengthBits/8));
- RUNNER_ASSERT(char_key_AES != NULL);
- generate_random(lengthBits/8, char_key_AES);
-
- retval->raw_key = reinterpret_cast<unsigned char *>(char_key_AES);
- retval->key_size = lengthBits/8;
- retval->key_type = CKMC_KEY_AES;
- retval->password = passwd?strdup(passwd):NULL;
-
- return retval;
-}
-
-void validate_AES_key(ckmc_key_s *analyzed)
-{
- RUNNER_ASSERT_MSG(analyzed, "provided key is NULL");
- RUNNER_ASSERT_MSG(analyzed->raw_key != NULL, "provided key is empty");
- RUNNER_ASSERT_MSG(analyzed->key_size==(128/8) ||
- analyzed->key_size==(192/8) ||
- analyzed->key_size==(256/8), "provided key length is invalid");
- RUNNER_ASSERT_MSG(analyzed->key_type = CKMC_KEY_AES, "expected AES key, while got: " << analyzed->key_type);
-}
-
-void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second)
-{
- validate_AES_key(first);
- validate_AES_key(second);
- RUNNER_ASSERT_MSG(
- (first->key_size==second->key_size) &&
- (memcmp(first->raw_key, second->raw_key, first->key_size)==0),
- "data has been modified in key manager");
- // bypassing password intentionally
-}
-
-ParamListPtr createParamListPtr()
-{
- ckmc_param_list_h list = NULL;
- assert_positive(ckmc_param_list_new, &list);
- return ParamListPtr(list, ckmc_param_list_free);
-}
-
-void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal)
-{
- if(equal) {
- RUNNER_ASSERT_MSG(b1.size == b2.size, "Buffer size differs: " << b1.size << "!=" << b2.size);
- RUNNER_ASSERT_MSG(0 == memcmp(b1.data, b2.data, b1.size), "Buffer contents differ");
- } else {
- RUNNER_ASSERT_MSG(b1.size != b2.size || 0 != memcmp(b1.data, b2.data, b1.size),
- "Buffers should be different");
- }
-}
-
-RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer)
-{
- return RawBufferPtr(buffer, ckmc_buffer_free);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-common.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <string>
-#include <memory>
-#include <stdexcept>
-#include <ckm/ckm-type.h>
-#include <ckm/ckm-manager-async.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-#include <tests_common.h>
-#include <sys/types.h>
-
-extern const std::string SMACK_USER_APP_PREFIX;
-
-// support for error printing
-const char * CKMCErrorToString(int error);
-std::string CKMCReadableError(int error);
-
-// RUNNER_ASSERT wrappers
-template <typename F, typename... Args>
-void assert_result(int expected, F&& func, Args... args)
-{
- int ret = func(args...);
- RUNNER_ASSERT_MSG(ret == expected,
- "Expected: " << CKMCErrorToString(expected) << "(" << expected << ")"
- " got: " << CKMCErrorToString(ret) << "(" << ret << ")");
-}
-
-template <typename F, typename... Args>
-void assert_positive(F&& func, Args... args)
-{
- assert_result(CKMC_ERROR_NONE, std::move(func), args...);
-}
-
-template <typename F, typename... Args>
-void assert_invalid_param(F&& func, Args... args)
-{
- assert_result(CKMC_ERROR_INVALID_PARAMETER, std::move(func), args...);
-}
-
-
-// list operations
-template <typename T>
-size_t list_size(const T* list)
-{
- size_t size = 0;
- while(list) {
- list = list->next;
- size++;
- }
- return size;
-}
-
-
-// service lifecycle management
-enum ServiceIdx {
- LISTENER,
- MANAGER
-};
-void start_service(ServiceIdx idx);
-void stop_service(ServiceIdx idx);
-
-// scoped free
-typedef std::unique_ptr<char, void (*)(void *)> CharPtr;
-
-// returns process owner id
-std::string getOwnerIdFromSelf();
-
-std::string aliasWithLabel(const char *label, const char *alias);
-
-// changes process label
-void change_label(const char* label);
-
-// changes process label upon construction and restores it upon destruction
-class ScopedLabel
-{
-public:
- ScopedLabel(const char* label);
- ~ScopedLabel();
-
-private:
- std::string m_original_label;
-};
-
-void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
-void save_data(const char* alias, const char *data, size_t len, int expected_err);
-class ScopedSaveData
-{
-public:
- ScopedSaveData(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
- virtual ~ScopedSaveData();
-
-private:
- std::string m_alias;
-};
-
-class ScopedDBUnlock
-{
-public:
- ScopedDBUnlock(uid_t user_id, const char* passwd);
- virtual ~ScopedDBUnlock();
-
-private:
- uid_t m_uid;
-};
-
-void check_remove_allowed(const char* alias);
-void check_remove_denied(const char* alias);
-void check_remove_not_visible(const char* alias);
-void check_read(const char* alias,
- const char *label,
- const char *test_data,
- size_t len,
- int expected_code = CKMC_ERROR_NONE);
-void check_read(const char* alias,
- const char *label,
- const char *test_data,
- int expected_code = CKMC_ERROR_NONE);
-void check_read_allowed(const char* alias, const char *data);
-void check_read_not_visible(const char* alias);
-void check_key(const char *alias,
- int expected_error = CKMC_ERROR_NONE,
- ckmc_key_type_e expected_type = CKMC_KEY_NONE);
-void check_key_allowed(const char *alias, ckmc_key_type_e expected_type = CKMC_KEY_NONE);
-void check_key_not_visible(const char *alias);
-void check_cert_allowed(const char *alias);
-void check_cert_not_visible(const char *alias);
-void allow_access(const char* alias, const char* accessor, int permissionMask);
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode);
-void deny_access(const char* alias, const char* accessor);
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode);
-
-void unlock_user_data(uid_t user_id, const char *passwd);
-void remove_user_data(uid_t user_id);
-void reset_user_data(uid_t user_id, const char *passwd);
-
-ckmc_raw_buffer_s prepare_message_buffer(const char * input);
-void check_alias_list(const CKM::AliasVector& expected);
-
-typedef enum {
- ALIAS_KEY,
- ALIAS_CERT,
- ALIAS_DATA
-} alias_type_;
-size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0);
-std::string sharedDatabase(const CKM::Alias & alias);
-CKM::RawBuffer createRandomBuffer(size_t random_bytes);
-ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes);
-
-ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd);
-void validate_AES_key(ckmc_key_s *analyzed);
-void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second); // true if equal
-
-// Test env class for database cleanup. Pass database uids to cleanup before and after test
-template <uid_t ...Args>
-class RemoveDataEnv;
-
-template <>
-class RemoveDataEnv<>
-{
-public:
- void init(const std::string&)
- {}
- void finish()
- {}
-};
-
-template <uid_t UID, uid_t ...Args>
-class RemoveDataEnv<UID, Args...> : public RemoveDataEnv<Args...>
-{
-public:
- void init(const std::string & str) {
- remove_user_data(UID);
- RemoveDataEnv<Args...>::init(str);
- }
- void finish() {
- RemoveDataEnv<Args...>::finish();
- remove_user_data(UID);
- }
-};
-
-typedef std::shared_ptr<ckmc_raw_buffer_s> RawBufferPtr;
-typedef std::shared_ptr<struct __ckmc_param_list> ParamListPtr;
-
-ParamListPtr createParamListPtr();
-
-void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal=true);
-
-RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer);
-
-
-template <typename F, typename... Args>
-void test_no_observer(F&& func, Args... args)
-{
- CKM::ManagerAsync::ObserverPtr obs;
- CKM::ManagerAsync mgr;
-
- try {
- (mgr.*func)(obs, args...);
- RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
- } catch (const std::invalid_argument& e) {
- RUNNER_ASSERT(true);
- } catch (...) {
- RUNNER_ASSERT_MSG(false, "Unexpected exception");
- }
-}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<DeviceKey version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="sw_key.xsd ">
- <RSAPrivateKey>
- <DERBase64>
- MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
- 1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
- S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
- OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
- DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
- yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
- MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
- koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
- IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
- HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
- mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
- l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
- u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
- 4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
- Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
- IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
- hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
- 38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
- 2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
- XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
- ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
- n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
- upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
- RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
- tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
- </DERBase64>
- </RSAPrivateKey>
-</DeviceKey>
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption-decryption-env.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <encryption-decryption-env.h>
-
-using namespace CKM;
-
-EncryptionError SyncApi::encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted)
-{
- return ckmcError2Result(ckmc_encrypt_data(params, key_alias, password, decrypted, ppencrypted));
-}
-
-EncryptionError SyncApi::decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted)
-{
- return ckmcError2Result(ckmc_decrypt_data(params, key_alias, password, encrypted, ppdecrypted));
-}
-
-EncryptionError SyncApi::ckmcError2Result(int error) {
- switch (error) {
- case CKMC_ERROR_NONE: return EncryptionError::SUCCESS;
- case CKMC_ERROR_INVALID_PARAMETER: return EncryptionError::INVALID_PARAM;
- case CKMC_ERROR_SERVER_ERROR: return EncryptionError::SERVER_ERROR;
- case CKMC_ERROR_DB_ALIAS_UNKNOWN: return EncryptionError::ALIAS_UNKNOWN;
- case CKMC_ERROR_AUTHENTICATION_FAILED: return EncryptionError::AUTH_FAILED;
- default: return EncryptionError::OTHER;
- }
-}
-
-
-
-void AsyncApi::Observer::ReceivedError(int error) {
- Finished(error);
-}
-void AsyncApi::Observer::ReceivedEncrypted(RawBuffer && buffer) {
- m_buffer = std::move(buffer);
- Finished();
-}
-
-void AsyncApi::Observer::ReceivedDecrypted(RawBuffer && buffer) {
- m_buffer = std::move(buffer);
- Finished();
-}
-
-void AsyncApi::Observer::WaitForResponse() {
- std::unique_lock<std::mutex> lock(m_mutex);
- m_cv.wait(lock, [this] {return m_finished;});
-}
-void AsyncApi::Observer::Finished(int error)
-{
- m_error = error;
- m_finished = true;
- m_cv.notify_one();
-}
-
-EncryptionError AsyncApi::crypt(cryptoFn operation,
- ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& in,
- ckmc_raw_buffer_s **ppout)
-{
- // C++ API doesn't have to check that
- if(!params || !key_alias || !ppout)
- return EncryptionError::INVALID_PARAM;
-
- CKM::ManagerAsync mgr;
- std::shared_ptr<Observer> obs = std::make_shared<Observer>();
-
- // params
- const CryptoAlgorithm* ca = reinterpret_cast<const CryptoAlgorithm*>(params);
-
- // password
- Password pass;
- if (password)
- pass = password;
-
- // buffer
- RawBuffer inBuffer(in.data, in.data + in.size);
-
- // crypto operation
- (mgr.*operation)(obs, *ca, key_alias, pass, inBuffer);
- obs->WaitForResponse();
- if(obs->m_error != CKM_API_SUCCESS)
- return ckmError2Result(obs->m_error);
-
- int ret = ckmc_buffer_new(obs->m_buffer.data(), obs->m_buffer.size(), ppout);
- if (ret != CKMC_ERROR_NONE)
- return EncryptionError::OTHER;
-
- return EncryptionError::SUCCESS;
-}
-
-EncryptionError AsyncApi::encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& plain,
- ckmc_raw_buffer_s **ppencrypted)
-{
- return crypt(&CKM::ManagerAsync::encrypt, params, key_alias, password, plain, ppencrypted);
-}
-
-EncryptionError AsyncApi::decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted)
-{
- return crypt(&CKM::ManagerAsync::decrypt, params, key_alias, password, encrypted, ppdecrypted);
-}
-
-EncryptionError AsyncApi::ckmError2Result(int error)
-{
- switch (error) {
- case CKM_API_SUCCESS: return EncryptionError::SUCCESS;
- case CKM_API_ERROR_INPUT_PARAM: return EncryptionError::INVALID_PARAM;
- case CKM_API_ERROR_SERVER_ERROR: return EncryptionError::SERVER_ERROR;
- case CKM_API_ERROR_DB_ALIAS_UNKNOWN: return EncryptionError::ALIAS_UNKNOWN;
- case CKM_API_ERROR_AUTHENTICATION_FAILED: return EncryptionError::AUTH_FAILED;
- default: return EncryptionError::OTHER;
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption-decryption-env.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <memory>
-#include <mutex>
-#include <condition_variable>
-
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-manager.h>
-#include <ckm/ckm-manager-async.h>
-
-enum EncryptionError{
- SUCCESS,
- INVALID_PARAM,
- SERVER_ERROR,
- ALIAS_UNKNOWN,
- AUTH_FAILED,
- OTHER,
-};
-
-struct EncryptionApi
-{
- virtual EncryptionError encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted) = 0;
-
- virtual EncryptionError decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted) = 0;
-};
-
-class SyncApi : public EncryptionApi
-{
-public:
- virtual EncryptionError encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted);
-
- virtual EncryptionError decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted);
-private:
- static EncryptionError ckmcError2Result(int error);
-};
-
-struct AsyncApi : public EncryptionApi
-{
-private:
- struct Observer : public CKM::ManagerAsync::Observer {
- Observer() : m_finished(false), m_error(CKM_API_SUCCESS) {}
-
- void ReceivedError(int error);
- void ReceivedEncrypted(CKM::RawBuffer && buffer);
- void ReceivedDecrypted(CKM::RawBuffer && buffer);
- void WaitForResponse();
- void Finished(int error = CKMC_ERROR_NONE);
-
- std::mutex m_mutex;
- std::condition_variable m_cv;
- bool m_finished;
- int m_error;
- CKM::RawBuffer m_buffer;
- };
-
-public:
- EncryptionError encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted);
-
- EncryptionError decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted);
-private:
- typedef void (CKM::ManagerAsync::*cryptoFn)(const CKM::ManagerAsync::ObserverPtr&,
- const CKM::CryptoAlgorithm&,
- const CKM::Alias&,
- const CKM::Password&,
- const CKM::RawBuffer&);
-
- EncryptionError crypt(cryptoFn operation,
- ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& in,
- ckmc_raw_buffer_s **ppout);
-
- static EncryptionError ckmError2Result(int error);
-};
-
-
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption-decryption.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-
-#include <string>
-#include <vector>
-#include <map>
-#include <sstream>
-
-#include <dpl/test/test_runner.h>
-#include <ckm-common.h>
-#include <ckmc/ckmc-manager.h>
-#include <ckm/ckm-type.h>
-#include <access_provider2.h>
-#include <encryption-decryption-env.h>
-
-using namespace CKM;
-
-namespace {
-
-const char* PASSWORD = "test-password";
-const uid_t UID = 5555;
-const gid_t GID = 5555;
-const size_t CTR_DEFAULT_LEN = 16*8;
-const size_t DEFAULT_IV_LEN = 16;
-const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
-
-// Environment
-SyncApi g_syncApi;
-AsyncApi g_asyncApi;
-
-EncryptionApi* g_api = &g_syncApi;
-
-EncryptionError apiEncrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s decrypted,
- ckmc_raw_buffer_s **ppencrypted) {
- RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
- return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
-}
-
-EncryptionError apiDecrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s encrypted,
- ckmc_raw_buffer_s **ppdecrypted) {
- RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
- return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
-}
-
-template <typename F, typename... Args>
-void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
-{
- EncryptionError ret = func(args...);
- RUNNER_ASSERT_MSG(ret == expected,
- "Expected: " << static_cast<int>(expected) <<
- " got: " << static_cast<int>(ret));
-}
-
-template <typename F, typename... Args>
-void assert_crypto_positive(F&& func, Args... args)
-{
- assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
-}
-
-template <typename F, typename... Args>
-void assert_crypto_invalid_param(F&& func, Args... args)
-{
- assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
-}
-
-struct TagTest {
- int tagLen;
- EncryptionError expected;
-};
-
-struct KeyAliasPair
-{
- Alias prv;
- Alias pub;
-};
-
-class EncEnv : public RemoveDataEnv<UID> {
-public:
- EncEnv() : m_dbu(NULL), m_sap(NULL) {}
- ~EncEnv() { delete m_sap; delete m_dbu; }
-
- void init(const std::string& str) {
- RemoveDataEnv<UID>::init(str);
- m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
- m_sap = new ScopedAccessProvider("my-label"); // setup label
-
- // setup smack rules and switch user
- m_sap->allowAPI("key-manager::api-storage", "rw");
- m_sap->allowAPI("key-manager::api-encryption", "rw");
- m_sap->applyAndSwithToUser(UID, GID);
- }
-
- void finish() {
- delete m_sap;
- m_sap = NULL;
- delete m_dbu;
- m_dbu = NULL;
- RemoveDataEnv<UID>::finish();
- g_api = NULL;
- }
-
- ScopedDBUnlock* m_dbu;
- ScopedAccessProvider* m_sap;
-};
-
-struct SyncEnv : public EncEnv {
- void init(const std::string& str) {
- EncEnv::init(str);
- g_api = &g_syncApi;
- }
-
- static std::string suffix() { return "_sync"; }
-};
-
-struct AsyncEnv : public EncEnv {
- void init(const std::string& str) {
- EncEnv::init(str);
- g_api = &g_asyncApi;
- }
-
- static std::string suffix() { return "_async"; }
-};
-
-struct AlgoBase {
- ckmc_algo_type_e m_type;
- size_t m_keyLen;
-
- AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
-
- virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
-};
-
-typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
-
-template <typename T>
-AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
- return AlgoBasePtr(new T(type, keyLen));
-}
-
-struct AlgoAes : public AlgoBase {
- AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
- KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
-};
-
-KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
-{
- KeyAliasPair aliases;
- std::ostringstream oss;
- std::string ownerId = getOwnerIdFromSelf();
- CharPtr passPtr(nullptr, free);
- if (pass)
- passPtr.reset(strdup(pass));
-
- oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
- if (suffix)
- oss << suffix;
- aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str());
- aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str());
-
- ckmc_policy_s policy;
- policy.extractable = false;
- policy.password = passPtr.get();
-
- assert_positive(ckmc_create_key_aes, m_keyLen, aliases.prv.c_str(), policy);
- return aliases;
-}
-
-struct AlgoRsa : public AlgoBase {
- AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
- KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
-};
-
-KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
-{
- std::ostringstream oss_prv, oss_pub;
- oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
- oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
- if (suffix) {
- oss_prv << suffix;
- oss_pub << suffix;
- }
- KeyAliasPair aliases = {
- aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()),
- aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str())
- };
- CharPtr passPtr(nullptr, free);
- if (pass)
- passPtr.reset(strdup(pass));
-
- ckmc_policy_s policyPrv;
- policyPrv.password = passPtr.get();
- policyPrv.extractable = 0;
-
- ckmc_policy_s policyPub;
- policyPub.password = passPtr.get();
- policyPub.extractable = 0;
-
- assert_positive(ckmc_create_key_pair_rsa,
- m_keyLen,
- aliases.prv.c_str(),
- aliases.pub.c_str(),
- policyPrv,
- policyPub);
- return aliases;
-}
-
-enum Algorithm {
- AES_CBC_128,
- AES_CBC_192,
- AES_CBC_256,
- AES_GCM_128,
- AES_GCM_192,
- AES_GCM_256,
- AES_CTR_128,
- AES_CTR_192,
- AES_CTR_256,
- AES_CFB_128,
- AES_CFB_192,
- AES_CFB_256,
- RSA_OAEP_1024,
- RSA_OAEP_2048,
- RSA_OAEP_4096,
-};
-
-std::map<Algorithm, AlgoBasePtr> g_algorithms = {
- { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
- { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
- { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
- { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
- { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
- { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
- { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
- { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
- { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
- { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
- { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
- { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
- { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
- { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
- { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
-};
-
-void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
-{
- int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
- "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
-}
-
-void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
-{
- int ret = ckmc_param_list_set_integer(params.get(), name, integer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
- "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
-}
-
-struct EncryptionResult
-{
- RawBufferPtr encrypted;
- ParamListPtr params;
- Alias prvKey;
- Alias pubKey;
-};
-
-EncryptionResult encrypt(const AlgoBasePtr& algo,
- const RawBufferPtr& plain,
- const char* pass = nullptr)
-{
- EncryptionResult ret;
- ckmc_raw_buffer_s* encrypted = nullptr;
- KeyAliasPair aliases = algo->keyGen(pass);
-
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ret.params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_positive(apiEncrypt,
- ret.params.get(),
- aliases.pub.c_str(),
- pass,
- *plain.get(),
- &encrypted);
-
- ret.encrypted = create_raw_buffer(encrypted);
- ret.prvKey = aliases.prv;
- ret.pubKey = aliases.pub;
- return ret;
-}
-
-void testAllAlgorithms(
- const std::function<void(const AlgoBasePtr& algo)>& test)
-{
- for(const auto& it : g_algorithms)
- test(it.second);
-}
-
-void testNoIvEnc(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // param list with algo type only
- ParamListPtr params = createParamListPtr();
- setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
-}
-
-void testNoIvDec(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt;
- auto ret = encrypt(algo, plain);
-
- // param list with algo type only
- ParamListPtr params = createParamListPtr();
- setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
- assert_crypto_invalid_param(apiDecrypt,
- params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-}
-
-void testInvalidIvEnc(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-
- // invalid encryption
- auto test = [&](){
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- };
- // invalid iv size
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
- test();
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
- test();
-};
-
-void testInvalidIvDec(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // valid encryption
- auto ret = encrypt(algo, plain);
-
- // decryption
- auto test2 = [&](){
- assert_crypto_invalid_param(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- decrypted = nullptr;
- };
-
- // invalid iv size
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
- test2();
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
- test2();
-};
-
-void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // set AAD
- setParam(params, name, createRandomBufferCAPI(64));
-
- // encrypt
- assert_crypto_positive(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
- RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
-
- // decrypt
- assert_crypto_positive(apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- *tmpEnc.get(),
- &decrypted);
- RawBufferPtr tmpDec = create_raw_buffer(decrypted);
-
- // check
- assert_buffers_equal(*plain.get(), *tmpDec.get());
- tmpDec.reset();
- decrypted = nullptr;
-
- // set wrong AAD
- setParam(params, name, createRandomBufferCAPI(32));
-
- // decrypt
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- *tmpEnc.get(),
- &decrypted);
-}
-
-void testGcmIvSize(size_t size,
- const KeyAliasPair& aliases,
- EncryptionError error = EncryptionError::SUCCESS)
-{
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- RawBufferPtr encrypted;
- RawBufferPtr decrypted;
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
- ckmc_raw_buffer_s* decryptedTmp = nullptr;
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
-
- // encryption
- assert_crypto_result(error,
- apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
-
- if(error != EncryptionError::SUCCESS)
- return;
- encrypted = create_raw_buffer(encryptedTmp);
-
- // decryption
- assert_crypto_positive(apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- *encrypted.get(),
- &decryptedTmp);
- decrypted = create_raw_buffer(decryptedTmp);
-
- assert_buffers_equal(*plain.get(), *decrypted.get());
-}
-
-void testIntegrity(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- // break the encrypted data
- ret.encrypted->data[BUF_LEN/2]++;
-
- // no data integrity check
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-
- RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted, false);
-}
-
-void testCtrEncryptionInvalidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add AES CTR key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // encryption
- auto test = [&](){
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- };
- // invalid counter size
- setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
- test();
-}
-
-void testCtrEncryptionValidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add AES CTR key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // encryption
- auto test = [&](){
- assert_crypto_positive(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- };
- // valid counter sizez
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
- test();
-}
-
-void testCtrDecryptionInvalidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add AES CTR key & encrypt
- auto ret = encrypt(algo, plain);
-
- // decryption
- auto test = [&](){
- assert_crypto_invalid_param(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- decrypted = nullptr;
- };
- // invalid counter size
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
- test();
-}
-
-void testCtrDecryptionValidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add AES CTR key & encrypt
- auto ret = encrypt(algo, plain);
-
- // decryption
- auto test = [&](){
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted);
- };
- // invalid counter size
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
- test();
-}
-
-void testGcmEncryptionTagLen(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add AES GCM key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- std::vector<TagTest> testData = {
- // illegal tag lengths
- { -1, EncryptionError::INVALID_PARAM },
- { 0, EncryptionError::INVALID_PARAM },
- { 16, EncryptionError::INVALID_PARAM },
- { 48, EncryptionError::INVALID_PARAM },
- { 72, EncryptionError::INVALID_PARAM },
- { 100, EncryptionError::INVALID_PARAM },
- { 108, EncryptionError::INVALID_PARAM },
- { 116, EncryptionError::INVALID_PARAM },
- { 124, EncryptionError::INVALID_PARAM },
- { 256, EncryptionError::INVALID_PARAM },
- // legal tag lengths
- { 32, EncryptionError::SUCCESS },
- { 64, EncryptionError::SUCCESS },
- { 96, EncryptionError::SUCCESS },
- { 104, EncryptionError::SUCCESS },
- { 112, EncryptionError::SUCCESS },
- { 120, EncryptionError::SUCCESS },
- { 128, EncryptionError::SUCCESS },
- };
-
- // encryption
- for(const auto& it : testData)
- {
- setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
- assert_crypto_result(it.expected,
- apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- }
-}
-
-void testGcmDecryptionTagLen(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add AES GCM key & encrypt
- auto ret = encrypt(algo, plain);
-
- std::vector<TagTest> testData = {
- // illegal tag lengths
- { -1, EncryptionError::INVALID_PARAM },
- { 0, EncryptionError::INVALID_PARAM },
- { 16, EncryptionError::INVALID_PARAM },
- { 48, EncryptionError::INVALID_PARAM },
- { 72, EncryptionError::INVALID_PARAM },
- { 100, EncryptionError::INVALID_PARAM },
- { 108, EncryptionError::INVALID_PARAM },
- { 116, EncryptionError::INVALID_PARAM },
- { 124, EncryptionError::INVALID_PARAM },
- { 256, EncryptionError::INVALID_PARAM },
- // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
- { 32, EncryptionError::SERVER_ERROR },
- { 64, EncryptionError::SERVER_ERROR },
- { 96, EncryptionError::SERVER_ERROR },
- { 104, EncryptionError::SERVER_ERROR },
- { 112, EncryptionError::SERVER_ERROR },
- { 120, EncryptionError::SERVER_ERROR },
- // legal tag length that was actually used for encryption (default)
- { 128, EncryptionError::SUCCESS },
- };
-
- // decryption
- for(const auto& it : testData)
- {
- setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
- assert_crypto_result(it.expected,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- decrypted = nullptr;
- }
-}
-
-void testGcmWrongTag(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt with AES GCM
- auto ret = encrypt(algo, plain);
-
- // modify tag (last 16B of encrypted message)
- ret.encrypted->data[ret.encrypted->size-1]++;
-
- // EVP_CipherFinal fails but we can't get error code
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-}
-
-void testGcmDifferentIvSizes(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // add AES GCM key
- KeyAliasPair aliases = algo->keyGen();
-
- testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
- testGcmIvSize(12, aliases);
- testGcmIvSize(17, aliases);
- testGcmIvSize(128, aliases);
-}
-
-void testEncryptDecryptBigData(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted);
-}
-
-void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- // add different key
- KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
-
-
- if (success) {
- // some algorithms don't verify key validity
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- differentKeys.prv.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted, false);
- } else {
- // different key should not be accepted
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiDecrypt,
- ret.params.get(),
- differentKeys.prv.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- }
-
- // Cleanup before testing next algorithm. Ignore results because not all keys are present
- ckmc_remove_alias(ret.prvKey.c_str());
- ckmc_remove_alias(ret.pubKey.c_str());
- ckmc_remove_alias(differentKeys.prv.c_str());
- ckmc_remove_alias(differentKeys.pub.c_str());
-}
-
-void testRsaLongestData(Algorithm type, size_t dataSize)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted);
-}
-
-void testRsaDataTooLong(Algorithm type, size_t dataSize)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
-
- // encrypt
- EncryptionResult ret;
- ckmc_raw_buffer_s* encrypted = nullptr;
- KeyAliasPair aliases = algo->keyGen();
-
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ret.params = ParamListPtr(handle, ckmc_param_list_free);
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiEncrypt,
- ret.params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
-}
-
-} // namespace anonymous
-
-
-RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
-
-/////////////////////////////////////////
-// Generic encryption decryption tests
-/////////////////////////////////////////
-
-RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // null param list
- assert_crypto_invalid_param(apiEncrypt,
- nullptr,
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
-
- // empty param list
- ParamListPtr params = createParamListPtr();
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
- apiEncrypt,
- params.get(),
- "non-existing-key-alias",
- nullptr,
- *plain.get(),
- &encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- ckmc_raw_buffer_s plain = { nullptr, 0 };
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- plain,
- &encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s** encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt;
- auto ret = encrypt(algo, plain);
-
- // null param list
- assert_crypto_invalid_param(apiDecrypt,
- nullptr,
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-
- // empty param list
- ParamListPtr params = createParamListPtr();
- assert_crypto_invalid_param(apiDecrypt,
- params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- // remove key
- assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
-
- // try to decrypt
- assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- ckmc_raw_buffer_s encrypted = { nullptr, 0 };
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_invalid_param(apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- encrypted,
- &decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s** decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_crypto_invalid_param(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptDifferentKeys(AES_CBC_128, false);
- testEncryptDecryptDifferentKeys(AES_CBC_192, false);
- testEncryptDecryptDifferentKeys(AES_CBC_256, false);
- testEncryptDecryptDifferentKeys(AES_GCM_128, false);
- testEncryptDecryptDifferentKeys(AES_GCM_192, false);
- testEncryptDecryptDifferentKeys(AES_GCM_256, false);
- testEncryptDecryptDifferentKeys(AES_CTR_128, true);
- testEncryptDecryptDifferentKeys(AES_CTR_192, true);
- testEncryptDecryptDifferentKeys(AES_CTR_256, true);
- testEncryptDecryptDifferentKeys(AES_CFB_128, true);
- testEncryptDecryptDifferentKeys(AES_CFB_192, true);
- testEncryptDecryptDifferentKeys(AES_CFB_256, true);
- testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
- testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
- testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain, PASSWORD);
-
- // wrong password
- assert_crypto_result(EncryptionError::AUTH_FAILED,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- "wrong-password",
- *ret.encrypted.get(),
- &decrypted);
-
- // correct password
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- PASSWORD,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
-
- assert_buffers_equal(*plain.get(), *decrypted);
- });
-}
-
-// long test split into smaller ones
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CBC_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CBC_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CBC_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_GCM_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_GCM_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CTR_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CTR_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CFB_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CFB_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CFB_256);
-}
-
-/////////////////////////////////////////
-// Algorithm specific tests
-/////////////////////////////////////////
-
-RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
-{
- testNoIvEnc(AES_CTR_128);
- testNoIvEnc(AES_CTR_192);
- testNoIvEnc(AES_CTR_256);
- testNoIvEnc(AES_CBC_128);
- testNoIvEnc(AES_CBC_192);
- testNoIvEnc(AES_CBC_256);
- testNoIvEnc(AES_CFB_128);
- testNoIvEnc(AES_CFB_192);
- testNoIvEnc(AES_CFB_256);
- testNoIvEnc(AES_GCM_128);
- testNoIvEnc(AES_GCM_192);
- testNoIvEnc(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
-{
- testInvalidIvEnc(AES_CTR_128);
- testInvalidIvEnc(AES_CTR_192);
- testInvalidIvEnc(AES_CTR_256);
- testInvalidIvEnc(AES_CBC_128);
- testInvalidIvEnc(AES_CBC_192);
- testInvalidIvEnc(AES_CBC_256);
- testInvalidIvEnc(AES_CFB_128);
- testInvalidIvEnc(AES_CFB_192);
- testInvalidIvEnc(AES_CFB_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
-{
- testNoIvDec(AES_CTR_128);
- testNoIvDec(AES_CTR_192);
- testNoIvDec(AES_CTR_256);
- testNoIvDec(AES_CBC_128);
- testNoIvDec(AES_CBC_192);
- testNoIvDec(AES_CBC_256);
- testNoIvDec(AES_CFB_128);
- testNoIvDec(AES_CFB_192);
- testNoIvDec(AES_CFB_256);
- testNoIvDec(AES_GCM_128);
- testNoIvDec(AES_GCM_192);
- testNoIvDec(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
-{
- testInvalidIvDec(AES_CTR_128);
- testInvalidIvDec(AES_CTR_192);
- testInvalidIvDec(AES_CTR_256);
- testInvalidIvDec(AES_CBC_128);
- testInvalidIvDec(AES_CBC_192);
- testInvalidIvDec(AES_CBC_256);
- testInvalidIvDec(AES_CFB_128);
- testInvalidIvDec(AES_CFB_192);
- testInvalidIvDec(AES_CFB_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
-{
- testIntegrity(AES_CTR_128);
- testIntegrity(AES_CTR_192);
- testIntegrity(AES_CTR_256);
- testIntegrity(AES_CBC_128);
- testIntegrity(AES_CBC_192);
- testIntegrity(AES_CBC_256);
- testIntegrity(AES_CFB_128);
- testIntegrity(AES_CFB_192);
- testIntegrity(AES_CFB_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
-{
- testCtrEncryptionInvalidLength(AES_CTR_128);
- testCtrEncryptionInvalidLength(AES_CTR_192);
- testCtrEncryptionInvalidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
-{
- RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
- testCtrEncryptionValidLength(AES_CTR_128);
- testCtrEncryptionValidLength(AES_CTR_192);
- testCtrEncryptionValidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
-{
- testCtrDecryptionInvalidLength(AES_CTR_128);
- testCtrDecryptionInvalidLength(AES_CTR_192);
- testCtrDecryptionInvalidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
-{
- RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
- testCtrDecryptionValidLength(AES_CTR_128);
- testCtrDecryptionValidLength(AES_CTR_192);
- testCtrDecryptionValidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
-{
- testGcmEncryptionTagLen(AES_GCM_128);
- testGcmEncryptionTagLen(AES_GCM_192);
- testGcmEncryptionTagLen(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
-{
- testGcmDecryptionTagLen(AES_GCM_128);
- testGcmDecryptionTagLen(AES_GCM_192);
- testGcmDecryptionTagLen(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
-{
- testGcmWrongTag(AES_GCM_128);
- testGcmWrongTag(AES_GCM_192);
- testGcmWrongTag(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
-{
- testGcmDifferentIvSizes(AES_GCM_128);
- testGcmDifferentIvSizes(AES_GCM_192);
- testGcmDifferentIvSizes(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
-{
- encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
- encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
- encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
-{
- RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
- encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
- encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
- encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
-{
- testRsaLongestData(RSA_OAEP_1024, 86);
- testRsaLongestData(RSA_OAEP_2048, 214);
- testRsaLongestData(RSA_OAEP_4096, 470);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
-{
- testRsaDataTooLong(RSA_OAEP_1024, 87);
- testRsaDataTooLong(RSA_OAEP_2048, 215);
- testRsaDataTooLong(RSA_OAEP_4096, 471);
-}
-
-/////////////////////////////////////////
-// Asynchronous only tests
-/////////////////////////////////////////
-RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBuffer plain = createRandomBuffer(BUF_LEN);
-
- // keys
- KeyAliasPair aliases = algo->keyGen(nullptr);
-
- // params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // encrypt
- test_no_observer(&ManagerAsync::encrypt,
- *reinterpret_cast<CryptoAlgorithm*>(params.get()),
- aliases.pub,
- Password(),
- plain);
- });
-}
-
-RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
-
- // encrypt
- auto ret = encrypt(algo, plain);
- RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
-
- // decrypt
- test_no_observer(&ManagerAsync::decrypt,
- *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),
- ret.prvKey,
- Password(),
- encrypted);
- });
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * @file system-db.cpp
- * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <ckm/ckm-control.h>
-#include <ckmc/ckmc-manager.h>
-#include <access_provider2.h>
-#include <fstream>
-#include <ios>
-#include <unistd.h>
-
-namespace
-{
-const uid_t USER_APP = 5070;
-const uid_t GROUP_APP = 5070;
-const char* APP_PASS = "user-pass";
-const char* TEST_WEB_APP_1 = "web_app1";
-const char* TEST_WEB_APP_2 = "web_app2";
-
-const char *XML_DEVICE_KEY = "device_key.xml";
-
-const char *XML_1_okay = "XML_1_okay.xml";
-std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
-std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
-std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2");
-// uncomment when AES is supported (+ usage in the tests)
-std::string XML_1_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
-std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
-std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
-const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
-// encrypted
-std::string XML_1_EXPECTED_KEY_3_RSA_PRV = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
-std::string XML_1_EXPECTED_KEY_3_RSA_PUB = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
-std::string XML_1_EXPECTED_ASCII_DATA = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
-std::string XML_1_EXPECTED_BIG_DATA = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
-
-const char *XML_2_okay = "XML_2_okay.xml";
-std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
-std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
-// uncomment when AES is supported
-std::string XML_2_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
-std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
-std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
-const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
-
-const char *XML_3_wrong = "XML_3_wrong.xml";
-std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
-std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
-// uncomment when AES is supported
-std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
-std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
-
-std::string format_src_path(const char *file)
-{
- return std::string(CKM_TEST_DIR) + std::string(file);
-}
-
-std::string format_dest_key_path(const char *file)
-{
- return std::string(CKM_RW_DATA_DIR) + std::string(file);
-}
-
-std::string format_dest_path(const char *file)
-{
- return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
-}
-
-void copy_file(const std::string &from, const std::string &to)
-{
- std::ifstream infile(from, std::ios_base::binary);
- RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
- std::ofstream outfile(to, std::ios_base::binary);
- RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
- outfile << infile.rdbuf();
-}
-
-void restart_key_manager()
-{
- stop_service(MANAGER);
- start_service(MANAGER);
-}
-
-void test_exists(const std::string& name, bool expected) {
- bool file_exists = (access( name.c_str(), F_OK ) != -1);
- RUNNER_ASSERT_MSG(file_exists == expected,
- "File " << name << " status: " << file_exists <<
- " while expected: " << expected);
-}
-
-}
-
-
-RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
-
-RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy to the initial-values folder
- // [test0]
- // check XML file exists
- // restart the key-manager
- // check XML file exists - should fail
- // [test1]
- // check items existence as system service
- // [test2]
- // check items existence as web_app1
- // [test3]
- // check items existence as web_app2
-
-
- // [prepare]
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
-
- // [test0]
- test_exists(format_dest_path(XML_1_okay), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_1_okay), false);
-
- // [test1]
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_1);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- }
-
- // [test3]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- }
-}
-
-RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy two files to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
- // check items existence as system service
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
-
- // [test0]
- test_exists(format_dest_path(XML_1_okay), true);
- test_exists(format_dest_path(XML_1_okay), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_2_okay), false);
- test_exists(format_dest_path(XML_2_okay), false);
-
- // [test1]
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
-}
-
-RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy failing XML file to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
- // check items existence as system service - nothing should be available
-
- // [prepare]
- copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
-
- // [test0]
- test_exists(format_dest_path(XML_3_wrong), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_3_wrong), false);
-
- // [test1]
- check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
- check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
- check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
- check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
-}
-
-RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test]
- // check if key can create & verify signature
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test]
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- XML_1_EXPECTED_KEY_2_RSA.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // invalid password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_1_RSA.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- // correct password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_1_RSA.c_str(),
- XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test0]
- // check if encrypted private key is present
- // check if public key is present
- // [test1]
- // extract the private, encrypted key
- // extract the public key
- // create signature using the public key
- // verify signature using the decrypted private key
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test0]
- check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
-
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // invalid password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test0]
- // extract data
- // check if data matches the expected size and content
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test0]
- ckmc_raw_buffer_s *testData1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
- CKMCReadableError(temp));
- size_t expected_len = 15;
- RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
- RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
- ckmc_buffer_free(testData1);
-}
-
-RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test0]
- // extract data
- // check if data matches the expected size
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test0]
- ckmc_raw_buffer_s *testData1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
- ckmc_buffer_free(testData1);
-}
+++ /dev/null
-My secret data
+++ /dev/null
-ÃŽÃ C\8e\9f)´[aÂN½Q®\~
\ No newline at end of file
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
-1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
-S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
-OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
-DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
-yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
-MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
-koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
-IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
-HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
-mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
-l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
-u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
-4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
-Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
-IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
-hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
-38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
-2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
-XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
-ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
-n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
-upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
-RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
-tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Vx4MBKFGalaRh+BzSYn
-W8am8ajbnyD6AaweHcH+oAAQX7Ll1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy
-+/X/pMBa4MHrjzH01gzzV0jyqEOrS6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLg
-jBkbrmKEMHMk6jT5NUtKhpBXo0/gOgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG
-1tFxGbeQkmBBxXVIr7u/z9WDG32RDiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspF
-y7ek0x0Lll3t1P7FMgF1V21PFhclyX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlc
-SQIDAQAB
------END PUBLIC KEY-----
+++ /dev/null
-_ThisIsIVForAES_
\ No newline at end of file
+++ /dev/null
-IVdiffersFrItems
\ No newline at end of file
+++ /dev/null
-__another_IV_2__
\ No newline at end of file
+++ /dev/null
-PNGIVPNGIVPNGIVP
\ No newline at end of file
+++ /dev/null
-ABCDEFGHIJKLMNOPRSTUVWXYZ0123456
\ No newline at end of file
+++ /dev/null
-* RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
-* encode base64: openssl enc -base64 -in encryption_AES_key.encrypted
-* encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in test.der.priv -out test.der.priv.enc
-* decrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -d -in test.der.priv.enc -out test.der.priv
+++ /dev/null
-BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
-6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
-0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
-tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
-+iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
-xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
-FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
-vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
-54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
-Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
-wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
-j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
-bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4
-x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x
-fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB
-AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx
-KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr
-sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN
-p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4
-Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj
-ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl
-oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/
-UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw
-iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2
-N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
-JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
-CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
-3Op0tEjy0jpmzeyNiQIDAQAB
------END PUBLIC KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx
-EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl
-c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx
-MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
-DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w
-HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j
-L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7
-nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc
-UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT
-thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6
-XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E
-FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/
-HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97
-Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v
-vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc
-4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB
-pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8
-SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm
-F2obL5qJSTN/RQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICqTCCAZECAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHzAdBgNVBAMMFlRlc3Qg
-SU0gQ0EgY2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDOYEXvyoKWCgp+csCdwxdnBnXhNb7mRqCzX5AJh6DdzuMv35G8PEhpfa0p/Wy6
-QlzBB9ipSVCTC37nwsw5vY5G2SmPw6vpYJYJnQHOd5Py6DufElPib35uiEwXQmgq
-OMHYfgo0wdqYsjBTFEq3qfJ+TzWRWEk6La/PPF35QI+Lo9xQBsk0fjx42A4iDnmf
-IWi9XNiPwYij/0a8cmPzc89r8qUln5nWpkBJln9ViiumVVO2Gwdcp96OEXLlgn23
-uf+/IBCzIGxqBmy9fX3GcfjV9thccp/xRtcbbes1pmVyGzpclUtB3M6mPdZOP+UK
-hxUeotpkhIuE1DdojuRQFR2LAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAOERz
-vFL+n7sPG3KdkWJFdIYKZvPHCOaJ6mdrNatAF1rHeRayeSgM6PYwQF4DwwKcPLyo
-IUi2B2sxabvKCCBZ9EjIrhG2fC2ocv7VawuQecB9QET6X4sbUcchcBCkGwL7evrZ
-LzWSs9lBr8wwkPdHwvujup5VTZ7+VYs1lVt38CrFERrAlY03v5VDwN1B1JUCqcDf
-wh69OJNPDgx7Y09GJLoRBfdXSpSVGznDmSB+VRCGb/JsiWAB+qtse1cN4Iwihx8I
-+hhfRFLsxBKo/iYncuovPY0riRYBJsop6g/hLqn6kXIhzNnaApKhpwxpmN1cO5N6
-hnsAlvR2v9u2bFMILQ==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7jL9+R
-vDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7nxJT
-4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6PcUAbJ
-NH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVTthsH
-XKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6XJVL
-QdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABAoIBAQCLidy/vZV+DVv7
-E2vZP8fbCSs7EzP4T1jo73xcdS/3yaMjA29ubvQnH6qt8YRKjARbIAsGq2OniOZN
-nhCoGdrRXJQVeKAMNBo+dcJ6769BVnS5oZLGT8yUv+Ny9punsKig0NflxA0hoZm7
-EsVSWb50WOpHVAJvK+Trok2H8nccWn6q3od9xSoDszexhGFgo1Q9qFVP/YUfT1Qg
-8ZwRu04JTZEHa9DXIRir10rkvhHTHJ0nb+9FeWd6CsCkOtdWRig3a+Vq+4MK/Yt3
-dstf0D1MQXG2WPaHxPB/DpJBOoU7jj4FxrIaJGPM7qVFnpHwRh0iCKtkGQfarKR6
-JjshtU7BAoGBAPywan5o9ZOD+NnfazglPlFrkBansXG329GP/2ag8+PWOadgin+0
-oyMqB81lBr6yI4ZmM+DgvXkb4yjHb9hGNoWjgttbtjU9eVaXzOg5laOd8nZIhmki
-aH/1yPa0sqmlsAlipUq3nqHKOSeG6pE2dg/R5Yu4TYFj6WV57AbLhxPXAoGBANEU
-guet7XZMAiAJKmEy3pRs22Qs0YcEywX44h09ShPz2OoNYpuSWzS2RgxRbSgs0f25
-ks94lYMNOnm6RMWawRgMPv0Z2Pbwpki6CR72ratvZKqYOoZkCg+UM9pMpvmOd4W3
-ZybxLa/4tJMdpVU4unhJ4v1ZIt2lThnC8d369k1tAoGAVF6rEA4HgPudiVF5wUNe
-LV1WvNm8+5VCBhSoWCIBjN8oXOR1GfK8Ta9o74F94QolpmhVhg5D9T4EeMcuZu36
-omBX/tn+WoRuESWaOyeO+RRxsmDA0DW24pK0SPtIdDBoOJoBSpNImgilULdRdq7S
-eLHCjQY6iqtLcKBm2FX4gf0CgYAW9qfCBmpUWdjJ5/fNoSatKp+WCw4gRDiAOWus
-RnUCZ//lBP9VkueNjI94/uB8Tx/pPB6Rxu607BkGEZ1IDs0ydPXeGp6n0JqS1kv2
-KKW+dIeb7QhQhmBMgbyIN28HbcxW1WPw9QBNmYVLuy/Tgl2IpKTXqpiXu3YugijK
-dqviqQKBgF+L6GJPZkVIA1YSy6E3ph2F6K1kxSamTuSA+48352PJ0QFapes8blVg
-vtnlku41CO383G3qk0zZIpgalE2SeF1p5UO/pT6M9mAmJJMY0iF8jTQkvJa9WUwD
-zxWFEfIgTFlU9PtOnPQZlZELS0nwlRXsGYsWJiwEcMbBrXCQNXXV
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD
-VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw
-HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET
-MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz
-dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC
-9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da
-eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W
-rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo
-5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs
-BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw
-TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk
-zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
-AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX
-ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus
-9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS
-Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV
-qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
-kOg11TpPdNDkhb1J4ZCh2gupDg==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr12w+a9jd0
-s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+
-g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzP
-GFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrG
-iiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAO
-cnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABAoIBAQDNI3YvrrRdfHfJ
-ZG9jp6q/dp/h2nGpeJBZ3XmtMbMpO/7tZwTKhkVXeIaRVJXxhBrCQQ6+KnaQBA9n
-2nbCnmXwqhBKaZy1whBYewbW2er/VPGijB5pG3zwUWPEBcqxPtSluM54ZcDUfKqg
-2kgWorCSnyLRwxzKz4G74qRG+XWsFncEaGSk7upv49LPrNMBrSQaiEy/HsNvR4gd
-viQ7E1RY3Tj9T0DFruv4RU9gIvXagCs+lole1fZDGupD3QBschJWGoNyyes4yjMS
-fWbGWquWMXfsrSi7CuwIrFoOVIErAjlU1m1CJqB+mZMubTOdmOnJMjNQOqXgvhN7
-0z/aKh6xAoGBAPyKYeVZUVC+wbIl3t0QEDtXaPaOnN6IJfMkHGQ+kCw2GjiUl628
-hqdR3eKZgu0nC9o9erlvOm3ItfKWMHrTtwE66ON1uFmGY1IzEEbgmHmiVtFdgk/C
-QVxIVz7ht66raqZ3ES0FMaFJvvQw3fT3pa7hCr0XA5xyfOBd99ylRhnlAoGBANMc
-peBk2HO29JPw+vcUeLJv4g4/EoE1gEWzUy8BKnqqP4vvh7hCMUuo+1U7IOy2MKXd
-TuXJ5tcuGSIfi02ID2darSlE2jZcYwahn4RTvYttfKksBw2ulf52g62Ig8vG4nkf
-sAOs9EOdRCyCVDomXxt4Oi+NFd0Wks5Rec9T3PwlAoGAexLpwL81rNc6SJrCMRP6
-BSGFStuXwa+yZvtLRuNimdlIEBkCjq4ZJYP1UdCkiPUFhrd9js+RNx2g5nehasqx
-Hk1aYDfnvuGKl+3A2fns9SJTkzcyIbK27cVnl4KjZOGvWS8f1MP6OvNYt2L1WMQ0
-H7UW6a5EmUMGbsX83LBDKK0CgYBXKgXm/1xLcqfLCX1lVMN80SshvLL0PFXI8YCP
-8MhMO0zfhzefQV0/Ivcaur4eXh757MUtpU41XCguaZ3Hljzd7JeAaZg7R6vvSf4l
-0bl5/uuwoagL4yC1HtPBa5MXKPfLEOVIrzlvTVifk/QYyk0Md3h2t6bmUPKuUv+b
-NcIRLQKBgQCQ56ygXw/DgrTk+QC+prA11UVUy5EYWSifhQZGRRZ/IOxjzVZ9NQf6
-lKxLg9QHQ3/FOk01pk3m2K8wz+bucCxJgXf38wIpJp9t9DWgnjrJqB2xw4tMzFvL
-AnBVXNYND8vdi51tIaziFuOgW81SroZFoX5XBv8wPv/HZT2KqxAMmg==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx
-HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0
-WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T
-dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV
-VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl
-z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq
-QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc
-bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E
-4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk
-4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp
-UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj
-CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/
-i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9
-HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF
-Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz
-6ON7PVe0ABN/AlwVQiFE
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICqDCCAZACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHjAcBgNVBAMMFVRlc3Qg
-bGVhZiBjZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM03QyGtrQ5kcRZyIIhvpgc/BqElTg7NCJjUBm6o/qS4QThUR/H7GoeCZc+WBfSs
-ITFS5J5xxhSxPzW+wHN+ZBM4TEDKU0caIVvN6McN3mfMzfxQaCqoOKh0akEfJEtd
-GF04KwUdHsf1afjlChMOoe8i9q+E6b65/f6h8LMbS8almwyFX9TvW9S33G5ZWDHZ
-leROtsjebXMKwz/ILx4xZ1Xi86xvME6XPRUfdP9CZH6eYwCXAKzgS609BOFUarPu
-B7sE/IwMBQJjZ3OyGF+ako7UlpJph3u9yv5cwfjoiNCRHP93llE1qsE0pOLTQokB
-gSid/S1z0wQSXc5sVR+wlA0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAI0DmU
-6E9XSs42wVqzKghvjuGwXH+SHIxSTQVaoXzMbFnsCPrt9F9FGTKjRq2IRBHb2yq/
-S+kW3ptSteKrqLzABxaQ8aCt//Xm/hYnpeJZV4WuDr2TWpEfT0U955iGRAOqpOzi
-E19J9h7F/+cX1FzVdP86mHhwQERTPWGg8jiwEPuApe3APmNBYlu7K4zMa2IB/LKh
-cItzpqi8sJ0wmGQrdRVHgNyBc7TC2IkyCVl5eJiD+gmQEOuy6agAVggWM9yQQlNg
-5WkqBDegPG/pLOxFvDtaV2SlxSuFAXKDoyRPeRC21w6pYEtc7aXzpgBWgcv2R0pT
-NrWNXibZ7aLImIhW
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH
-8fsah4Jlz5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBo
-Kqg4qHRqQR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf
-1O9b1LfcbllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcA
-rOBLrT0E4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eW
-UTWqwTSk4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABAoIBAQCTBhmhglVu70Ua
-KK/oL91KabwtLZXsArc7DwSAubCegKexXKii1B0goqqge8JOlhe9x76lSav5XTeF
-IOGunQnDv1zaOlpJoY3uwOoZ2nTR9yhIsa6/iP/2qFkLyOzu1YbEGp6vrjpEVi4T
-NLzwBFa+BlWoUFhK3eP8TzcsiszSRr8/vbvlRFzDyq4+YqLsAHpGsvaIZHScU3iG
-AjtCCCpV9HNW3TAAhGq9j/x3YPqt6edrsK1taR+dbLIeGoMnmMReaxgaKd7wWZCr
-dbvngGtpgyEXjONkXVpAcZrD2AaWoGWHjoik+14T4K2QU4OW8jQ2h2uljQa2JXDu
-+LMaTKCBAoGBAP6MPqMfcMmf4bYAhrgeZMwSq1F7ubBPu/YyOYiCF6J259jcdxjY
-HfdwtDeoNGKCwE8S8BMXMs33tlL8/AcVdYwbIMVmk6ZXmyFDAyUGB/fGq+QkFCwJ
-yVHb75uuiPpn8euIwg+Y9NBDQYt59oJI9TyCjNPy6Xd612u6AXBcFU1hAoGBAM5i
-+HM6lSuqNdp77awbDIzuuu/zTRzgF4bbodjGSxwn1cx7xb2iCPWiykiD5EU3XWWv
-68i15yud6ooIFjxGYP6oYjFIpfjRU7n+/UJpbnkTjMUbUqc4IpiP+ruU9hoMZZ3S
-ey+bLSYQfy6Jf8YnCLkroKtGsgFF30gi0EL6qjotAoGAFTPzZ70PtQvHTlS+5AlM
-Fh+b+56VuhT6MCjA2BkWBOdoqoy6suwVmu3dZSFys532jN+j9cMh7TwsCL+f8qsb
-7n63/RltRRbZCi09ztCwyzfWS5uhvoVWKqZqUAp6yHjuEtOCbrAr/EkN5aNUIEgZ
-fV/WgTUjs1sdJJEK26Qf9iECgYB2HmabbDfbmbrgpHTOP1zbe/Y5RkIn+Ij+gc0L
-R9HM92+BbIUrlwURsG2dOv72Lk2h2SFU6ea4K9UD0sUHEjCJDs3D7xQuZ39HwAwq
-ajTzzqCOXqjbU2FZd23E1ehT2CyAOuqNwH4CfwaLF96tBcIUWEfIPtm5qMe1fVc8
-PkIWsQKBgQCiwgARCIHhzXUoAY8U0k4Ng8cTj2ykISTf9HKXyKoInhBbuHRDvYsU
-oCPi8eYvz4Vwmwcf938CdtLAd5XHCMmTQ+96Xjt/QgJrkA3n04hWsgTMQM2E9QMv
-cxv8UfypFUzhMkUfj4b3EsaTHOxJVS3Ml5m8+YJdncKoZnz8lBKALA==
------END RSA PRIVATE KEY-----
+++ /dev/null
-#include <netdb.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <access_provider2.h>
-
-#include <ckm-common.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-#include <ckm/ckm-pkcs12.h>
-
-#include <fstream>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
-
-const int USER_APP_2 = 5020;
-const int USER_APP_3 = 5030;
-
-const char * const APP_PASS = "user-pass";
-const int USER_TEST = 5001;
-const char* TEST_LABEL = "test_label";
-
-const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
-const CKM::AliasVector EMPTY_ALIAS_VECTOR;
-} // namespace anonymous
-
-/*
- * How to numerate tests:
- * TABCD_NAME
- * T - test case (always T)
- * AB - number of test group (always two digits)
- * C - test number in group (all tests with same TABC must be run in the same time).
- * D - subtest.
- */
-
-RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
-RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
- stop_service(MANAGER);
- start_service(MANAGER);
-
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- // all further tests will start with newly started service,
- // OpenSSL on the service side will have to be properly initialized too
- stop_service(MANAGER);
- start_service(MANAGER);
-}
-
-RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
-
-RUNNER_TEST(T0011_Control)
-{
- int temp;
- auto control = CKM::Control::create();
-
- control->removeUserData(0);
- control->removeUserData(USER_APP_2);
- control->removeUserData(USER_APP);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0012_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0013_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0014_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0015_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0016_Control_negative_wrong_password)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T1010_init)
-{
- unlock_user_data(USER_APP, "user-pass");
-}
-
-RUNNER_TEST(T1011_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = sharedDatabase("mykey");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1012_certificate)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
- CKM::CertificateShPtr cert2;
- CKM::Alias alias = sharedDatabase("myCert");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- cert->getDER() == cert2->getDER(),
- "Data has been modified in key manager");
-}
-
-RUNNER_CHILD_TEST(T1013_user_app_save_key)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(), "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1014_save_with_label)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key_name, key_full_addr;
- CKM::Alias alias = "mykey-2";
- std::string top_label = getOwnerIdFromSelf();
- std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- // lookup by name
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key_name->getDER(),
- "Key value has been changed by service");
-
- // lookup by full address
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key_full_addr->getDER(),
- "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1015_deinit)
-{
- remove_user_data(0);
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
-
-RUNNER_TEST(T1020_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1021_save_keys_get_alias)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-}
-
-RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-}
-
-RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
- CKM::Policy notExportable(CKM::Password(), false);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1029_deinit)
-{
- remove_user_data(0);
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-RUNNER_TEST(T1030_init)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, APP_PASS);
-}
-
-RUNNER_TEST(T1031_save_get_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
- "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData = "My bin data";
-
- CKM::RawBuffer buffer(binData.begin(), binData.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-}
-
-RUNNER_TEST(T1033_remove_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data2";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- std::string invalid_address = sharedDatabase("i-do-not-exist");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num-2),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1034_app_remove_bin_data)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num-2),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1035_getData_wrong_password)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data4";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer1,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1036_deinit)
-{
- remove_user_data(0);
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
-
-RUNNER_TEST(T1040_init)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1041_create_RSA_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- ScopedAccessProvider ap("mylabel-rsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
-}
-
-RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- ScopedAccessProvider ap("mylabel-rsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1043_create_DSA_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- ScopedAccessProvider ap("mylabel-dsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
-}
-
-RUNNER_CHILD_TEST(T1044_create_AES_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- AccessProvider ap("mylabel-aes");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == (temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
-}
-
-RUNNER_TEST(T1049_deinit)
-{
- remove_user_data(USER_APP);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
-
-RUNNER_TEST(T1110_init)
-{
- unlock_user_data(USER_APP, "user-pass");
-}
-
-RUNNER_TEST(T1111_CreateKeyPairRSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("rsa-test-1");
- CKM::Alias a2 = sharedDatabase("rsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1112_CreateKeyPairDSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("dsa-test-1");
- CKM::Alias a2 = sharedDatabase("dsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1113_CreateKeyPairECDSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
- CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1114_deinit)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
-RUNNER_TEST(T12100_init)
-{
- reset_user_data(USER_APP, APP_PASS);
-}
-
-RUNNER_TEST(T12101_key_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "rsa-alias-duplication";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-/*
- * These test cases tests API when empty parameters are passed to functions
- */
-
-RUNNER_TEST(T12102_saveKey_empty_alias)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLc\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias; //alias is not initialized
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12103_saveKey_foreign_label)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "iamsomebodyelse alias";
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12104_saveKey_empty_key)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::KeyShPtr key; //key is not initialized
- CKM::Alias alias = "empty-key";
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12105_saveCertificate_empty_alias)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
- CKM::Alias alias; //alias is not initialized
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12106_saveCertificate_foreign_label)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
- CKM::Alias alias = "iamsomebodyelse alias";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12107_saveCertificate_empty_cert)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::CertificateShPtr cert; //cert is not initialized
- CKM::Alias alias = "empty-cert";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12108_saveData_empty_alias)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string testData = "test data test data test data";
- CKM::RawBuffer buffer(testData.begin(), testData.end());
- CKM::Alias alias;
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12109_saveData_foreign_label)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string testData = "test data test data test data";
- CKM::RawBuffer buffer(testData.begin(), testData.end());
- CKM::Alias alias = "iamsomebodyelse alias";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12110_saveData_empty_data)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::RawBuffer buffer;
- CKM::Alias alias = "empty-data";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-/*
- * These test cases tests API when trying to get data from not existing alias
- */
-
-RUNNER_TEST(T12111_getKey_alias_not_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::KeyShPtr key;
- CKM::Alias alias = "this-alias-not-exist";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12112_getCertificate_alias_not_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::CertificateShPtr certificate;
- CKM::Alias alias = "this-alias-not-exist";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12113_getData_alias_not_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
- CKM::RawBuffer buffer;
- CKM::Alias alias("some alias");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-/*
- * These test cases tests API when damaged keys are used
- */
-RUNNER_TEST(T12114_RSA_key_damaged)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- // "BROKENBROKENBROKENBROKENBROKENTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- // "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "damaged-rsa";
-
- RUNNER_ASSERT_MSG(
- NULL == key.get(), "Key is broken. It should be empty");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12115_RSA_key_too_short)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- //"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "short-rsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12116_DSA_key_too_short)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- const std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
- "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
- //"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
- "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
- //"AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
- "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
- "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
- "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
- "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
- "YMYCBhubtrVaLmc=\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "short-dsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12117_AES_key_too_short)
-{
- int ret;
- auto manager = CKM::Manager::create();
-
- size_t key_size = (128-1);
- CKM::RawBuffer key_AES = createRandomBuffer(key_size/8);
-
- auto key = CKM::Key::create(key_AES);
- CKM::Alias alias = "short-AES";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-/*
- * These test cases tests CKM service if malicious data is provided over the socket.
- */
-
-RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- // fake the client - let the service detect the problem
- class WrongKeyImpl : public CKM::Key
- {
- public:
- WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
- }
-
- virtual bool empty() const {
- return false;
- }
-
- virtual CKM::KeyType getType() const {
- return CKM::KeyType::KEY_RSA_PUBLIC;
- }
- virtual int getSize() const {
- return 1024;
- }
- virtual CKM::ElipticCurve getCurve() const {
- return CKM::ElipticCurve::prime192v1;
- }
- virtual CKM::RawBuffer getDER() const {
- return m_dummy;
- }
- virtual ~WrongKeyImpl() {}
- private:
- CKM::RawBuffer & m_dummy;
- };
- std::string dummyData = "my_cat_Berta\n";
- CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
- auto key = std::make_shared<WrongKeyImpl>(buffer);
- CKM::Alias alias = "damaged-rsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- // fake the client - let the service detect the problem
- class WrongCertImpl : public CKM::Certificate
- {
- public:
- WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
- m_x509 = X509_new();
- }
-
- bool empty() const {
- return false;
- }
-
- virtual X509 *getX509() const {
- return m_x509;
- }
-
- virtual CKM::RawBuffer getDER() const {
- return m_dummy;
- }
-
- virtual ~WrongCertImpl() {
- X509_free(m_x509);
- }
- private:
- X509* m_x509;
- CKM::RawBuffer & m_dummy;
- };
- std::string dummyData = "my_cat_Stefan\n";
- CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
- auto cert = std::make_shared<WrongCertImpl>(buffer);
- CKM::Alias alias = "damaged-cert";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12120_deinit)
-{
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T1311_init)
-{
- remove_user_data(0);
- RUNNER_ASSERT_MSG(time(0) > 1405343457,
- "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
-
- ScopedLabel sl("System");
- struct hostent* he = gethostbyname("google.com");
-
- RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
- "is not woking on the device. OCSP tests requires network access!");
-}
-
-RUNNER_TEST(T13121_get_chain_no_cert)
-{
- CKM::CertificateShPtrVector certChain;
- CKM::CertificateShPtr cert;
-
- auto manager = CKM::Manager::create();
-
- int ret = manager->getCertificateChain(cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
- "Function should fail for empty certificate");
-}
-
-RUNNER_TEST(T13122_get_chain_empty_cert)
-{
- CKM::CertificateShPtrVector certChain;
- CKM::CertificateShPtr cert = CKM::Certificate::create(CKM::RawBuffer(),
- CKM::DataFormat::FORM_PEM);
-
- auto manager = CKM::Manager::create();
-
- int ret = manager->getCertificateChain(cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
- "Function should fail for empty certificate");
-}
-
-RUNNER_TEST(T13129_get_chain)
-{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
-
- CKM::CertificateShPtrVector certVector = {cert1};
- CKM::CertificateShPtrVector certChain;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T1313_get_chain_with_alias)
-{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
-
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
- CKM::Alias alias = sharedDatabase("imcert");
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
- "Error=" << CKM::ErrorToString(tmp));
-
- aliasVector.push_back(alias);
-
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T13141_ocsp_check_valid_chain)
-{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
- CKM::CertificateShPtrVector certVector = {cert1};
- CKM::CertificateShPtrVector certChain;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
-}
-
-RUNNER_TEST(T13142_ocsp_check_empty)
-{
- CKM::CertificateShPtrVector certVector;
-
- auto manager = CKM::Manager::create();
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
- "ocspCheck should fail for empty certificate vector");
-}
-
-RUNNER_TEST(T13143_ocsp_check_empty_ptrs)
-{
- CKM::CertificateShPtrVector certVector = {
- CKM::CertificateShPtr(),
- CKM::CertificateShPtr(),
- CKM::CertificateShPtr()};
-
- auto manager = CKM::Manager::create();
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
- "ocspCheck should fail for empty certificate vector");
-}
-
-RUNNER_TEST(T13144_ocsp_check_root)
-{
- auto root = TestData::getTestCertificate(TestData::EQUIFAX);
- CKM::CertificateShPtrVector certVector = {root};
-
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
- "Ocsp should fail for single certificate");
-}
-
-RUNNER_TEST(T13145_ocsp_check_no_ocsp)
-{
- auto root = TestData::getTestCertificate(TestData::EQUIFAX);
- auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST);
- auto ca1 = TestData::getTestCertificate(TestData::GIAG2);
-
- CKM::CertificateShPtrVector certVector = {ca1, ca2, root};
-
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty");
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed");
-}
-
-RUNNER_TEST(T1315_deinit)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
-
-RUNNER_TEST(T1411_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T1412_RSA_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
- CKM::Password password = "1234";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1413_DSA_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
- "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
- "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
- "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
- "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
- "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
- "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
- "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
- "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
- "u1roOuaPY+Hl19BlTE2qdw==\n"
- "-----END DSA PRIVATE KEY-----";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
- "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
- "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
- "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
- "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
- "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
- "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
- "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
- "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
- "YMYCBhubtrVaLmc=\n"
- "-----END PUBLIC KEY-----";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T1414_ECDSA_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("ecpub2");
- CKM::Alias aliasPrv = sharedDatabase("ecprv2");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1415_RSA_key_create_verify_negative)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1416_DSA_key_create_verify_negative)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1417_RSA_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub1-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1418_DSA_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- const std::string pub = "-----BEGIN CERTIFICATE-----\n"
- "MIIDUzCCAxECCQCer/fKcXtJgTALBglghkgBZQMEAwIwgYsxCzAJBgNVBAYTAlBM\n"
- "MQ8wDQYDVQQIDAZQb2xhbmQxDzANBgNVBAcMBldhcnNhdzEQMA4GA1UECgwHU2Ft\n"
- "c3VuZzEMMAoGA1UECwwDS1NGMRMwEQYDVQQDDAptLmthcnBpdWsyMSUwIwYJKoZI\n"
- "hvcNAQkBFhZtLmthcnBpdWsyQHNhbXN1bmcuY29tMCAXDTE0MDkyNjEzNTQwN1oY\n"
- "DzIxNDAwOTA1MTM1NDA3WjCBizELMAkGA1UEBhMCUEwxDzANBgNVBAgMBlBvbGFu\n"
- "ZDEPMA0GA1UEBwwGV2Fyc2F3MRAwDgYDVQQKDAdTYW1zdW5nMQwwCgYDVQQLDANL\n"
- "U0YxEzARBgNVBAMMCm0ua2FycGl1azIxJTAjBgkqhkiG9w0BCQEWFm0ua2FycGl1\n"
- "azJAc2Ftc3VuZy5jb20wggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA9Bhh7ZA4onkY\n"
- "uDNQbYR4EwkJ6RpD505hB0GF6yppUNp2LanvNcQXcyXY88MB6OdP7Rikbu1H2zP4\n"
- "gONCtdxKW58Za7h9bFzYjxcObZsS52F9DP7sv3C4sX4xNWApfhUgbfzKaRCJOkOs\n"
- "06tV7teu3G/v26PdI8dlykIuQXQZmH8CFQCHsIV0njb2yC3ggfKz+exH+g5jAQKB\n"
- "gBVLYfVCMjUz5XJH+xYU3A8W8rpSLqZKIK2d9mbXqhpz8QK1bvNQUlSRZo+o1ZYV\n"
- "mJn3Mx2YuiifHZNKdBNweCqe5a+HV2RSl1Yv/TV9famZKlogGslsmPHUOJMlSIdh\n"
- "MfMwVny4/rNtjEtEFE1WnaTr1W6MKH1EBbizVo8fmWFrA4GFAAKBgQCaPjrlkAyX\n"
- "kBitWo+w0xZN4OSk13SsCzZ/PG+5zOgMRaFm2XbiC04YsGCi4NFOd9kaiP7w1CsP\n"
- "iqG6Vwv0T/VcoxBl/hp6jEqTDSrM6z0ungjDO9wGOdI+jZS0UjVahgC4ZLDHhrOa\n"
- "CjfxcHruO3e416b/Rm2CjhOzjKdoSFUWVzALBglghkgBZQMEAwIDLwAwLAIUHa+A\n"
- "5xo8O/tPuH9gXkr1mee6kRYCFGNycJ1xkc3nIJaEQOtGfDe7S71A\n"
- "-----END CERTIFICATE-----\n";
-
- const std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBuwIBAAKBgQD0GGHtkDiieRi4M1BthHgTCQnpGkPnTmEHQYXrKmlQ2nYtqe81\n"
- "xBdzJdjzwwHo50/tGKRu7UfbM/iA40K13EpbnxlruH1sXNiPFw5tmxLnYX0M/uy/\n"
- "cLixfjE1YCl+FSBt/MppEIk6Q6zTq1Xu167cb+/bo90jx2XKQi5BdBmYfwIVAIew\n"
- "hXSeNvbILeCB8rP57Ef6DmMBAoGAFUth9UIyNTPlckf7FhTcDxbyulIupkogrZ32\n"
- "ZteqGnPxArVu81BSVJFmj6jVlhWYmfczHZi6KJ8dk0p0E3B4Kp7lr4dXZFKXVi/9\n"
- "NX19qZkqWiAayWyY8dQ4kyVIh2Ex8zBWfLj+s22MS0QUTVadpOvVbowofUQFuLNW\n"
- "jx+ZYWsCgYEAmj465ZAMl5AYrVqPsNMWTeDkpNd0rAs2fzxvuczoDEWhZtl24gtO\n"
- "GLBgouDRTnfZGoj+8NQrD4qhulcL9E/1XKMQZf4aeoxKkw0qzOs9Lp4IwzvcBjnS\n"
- "Po2UtFI1WoYAuGSwx4azmgo38XB67jt3uNem/0Ztgo4Ts4ynaEhVFlcCFGMH+Z9l\n"
- "vonbjii3BYe4AIdkzOvp\n"
- "-----END DSA PRIVATE KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub2-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub3");
- CKM::Alias aliasPrv = sharedDatabase("prv3");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1420_deinit)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
-
-RUNNER_TEST(T14180_init)
-{
- int temp;
- remove_user_data(0);
-
- auto manager = CKM::Manager::create();
-
- // Prepare RSA Key Pair
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
- CKM::Password password = "1234";
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- // Prepare ECDSA Key Pair
- std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string ecpub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
-
- auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
- auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
-
- RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T14181_RSA_create_signatue_nohash)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T14184_ECDSA_create_signatue_nohash)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- int msgSize = 1024*1024;
- char big_msg[msgSize];
- for(int i =0; i<msgSize-1; i++) {
- big_msg[i] = 'a';
- }
- big_msg[msgSize-1]=0x00;
- std::string message(big_msg);
-
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T14189_deinit)
-{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1510_init_unlock_key)
-{
- reset_user_data(USER_TEST, APP_PASS);
-}
-
-RUNNER_TEST(T1511_insert_data)
-{
- auto certee = TestData::getTestCertificate(TestData::MBANK);
- auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- CKM::Alias certeeAlias("CertEE");
- CKM::Alias certimAlias("CertIM");
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
- }
-
- // restart CKM
- stop_service(MANAGER);
- start_service(MANAGER);
-
- // actual test
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
- }
-}
-
-RUNNER_TEST(T1519_deinit)
-{
- remove_user_data(USER_TEST);
-}
-
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1701_init_unlock_key)
-{
- unlock_user_data(USER_TEST+1, "t170-special-password");
-
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-}
-
-RUNNER_CHILD_TEST(T1702_insert_data)
-{
- int temp;
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- auto certee = TestData::getTestCertificate(TestData::MBANK);
-
- auto manager = CKM::Manager::create();
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-
- CKM::AliasVector av;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
-}
-
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1704_data_test)
-{
- int temp;
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_TEST(T1705_deinit)
-{
- remove_user_data(USER_TEST+1);
-}
-
-RUNNER_TEST(T17101_init)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17102_prep_data_01)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17103_prep_data_02)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17104_prep_data_03)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17105_prep_data_04)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T17106_remove_application)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17107_check_data_01)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17108_check_data_02)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17109_unlock_user2)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17110_check_data_03)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17111_check_data_04)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17112_deinit)
-{
- remove_user_data(USER_TEST+2);
- remove_user_data(USER_TEST+3);
-}
-
-RUNNER_TEST_GROUP_INIT(T180_PKCS12);
-
-namespace
-{
-CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
-CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
-CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
-CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
-}
-
-RUNNER_TEST(T1800_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T1801_parse_PKCS12) {
- std::ifstream is(CKM_TEST_DIR "/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 0 == caVector.size(),
- "Wrong size of vector");
-}
-
-RUNNER_TEST(T1802_negative_wrong_password) {
- std::ifstream is(CKM_TEST_DIR "/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, "error");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
-
-RUNNER_TEST(T1803_negative_broken_buffer) {
- std::ifstream is(CKM_TEST_DIR "/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
- buffer[4]=0;
-
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
-
-RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
-{
- auto manager = CKM::Manager::create();
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- // save private key
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string message = "message test";
-
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- int temp;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
-{
- auto manager = CKM::Manager::create();
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-
- // save to the CKM
- int tmp;
- CKM::Policy exportable;
- CKM::Policy notExportable(CKM::Password(), false);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // try to lookup key
- CKM::KeyShPtr key_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // try to lookup certificate
- CKM::CertificateShPtr cert_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1806_get_PKCS)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- CKM::PKCS12ShPtr pkcs;
-
- // fail - no entry
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- // fail - not exportable
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- // success - exportable
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-}
-
-RUNNER_TEST(T1807_create_and_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string message = "message test";
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
- "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
- "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
- "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
- "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
- "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
- "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
- "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
- "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
- "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
- "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
- "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
- "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
- "-----END RSA PRIVATE KEY-----";
- std::string message = "message test";
-
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- alias_PKCS_priv_key_copy,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string message = "message test";
-
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- alias_PKCS_priv_key_wrong,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1810_verify_get_certificate_chain)
-{
- // this certificate has been signed using PKCS chain
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIBozCCAQwCAQEwDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
- "c3RtZS5jb20wHhcNMTUxMjA5MTA0NjU0WhcNMjUxMjA2MTA0NjU0WjAYMRYwFAYD\n"
- "VQQDDA1lZUB0ZXN0bWUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP\n"
- "+fNsZB1Vlmhnk0IwYDs7Pw9E38KQfTt/egqqRFN6IvIt0CCDBXqnPTujuvlO2OyL\n"
- "XVuALnIBmTDm5Oz+oz+qiY6/XrVS/CoACNZyMo6ihG9OeocvDbU3jXEaPGL6ib/x\n"
- "jlms0aA9d5L9TO2lEzEP7bFKgHCB8FWINcxSP5zl1QIDAQABMA0GCSqGSIb3DQEB\n"
- "BQUAA4GBAKBpVJMkdK6/qnAz7d7Bul/BhhSLEYbNPdxRiUj3U2dt0GJgswMu2SNT\n"
- "/3NXB8V8mnnXR6cWn5bmjyA7ZpQEKAatS/KEQ9wfLXyCgYDRebX71mVKAI3XcyxB\n"
- "p2qsOWWaJhuHmC1GVjx3foL+RDrmRo6BiucNHMIuvrd1W36eKdhj\n"
- "-----END CERTIFICATE-----\n";
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert,
- EMPTY_ALIAS_VECTOR,
- EMPTY_ALIAS_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- aliasVector.push_back(alias_PKCS_exportable);
-
- tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
- RUNNER_ASSERT_MSG(
- 4 == certChain.size(),
- "Wrong size of certificate chain: " << certChain.size());
-}
-
-RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
-{
- auto manager = CKM::Manager::create();
- int tmp;
-
-
- // remove the whole PKCS12 bundles
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // expect lookup fails due to unknown alias
- // try to lookup key
- CKM::KeyShPtr key_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // try to lookup certificate
- CKM::CertificateShPtr cert_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1812_get_pkcs12_password_tests)
-{
- CKM::Alias alias = sharedDatabase("t1812alias1");
-
- auto manager = CKM::Manager::create();
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::PKCS12ShPtr pkcs12;
- CKM::Password pass1 = "easypass1";
- CKM::Password pass2 = "easypass2";
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- int temp;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::CertificateShPtr cert;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector certVect;
- certVect.push_back(alias);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1813_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-namespace {
-const char * const T190_PASSWD = "t190-special-password";
-}
-RUNNER_TEST(T1901_init_unlock_key)
-{
- reset_user_data(USER_APP, T190_PASSWD);
-}
-
-RUNNER_TEST(T1902_get_data)
-{
- ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-}
-
-RUNNER_TEST(T1903_lock_database)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1904_get_data_from_locked_database)
-{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == status1,
- "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
-}
-
-RUNNER_TEST(T1905_deinit)
-{
- remove_user_data(USER_APP);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * @file system-db.cpp
- * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <ckm/ckm-control.h>
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-type.h>
-#include <access_provider2.h>
-#include <unistd.h>
-#include <sys/types.h>
-
-namespace
-{
-const uid_t USER_SERVICE = 0;
-const uid_t USER_SERVICE_2 = 1234;
-const uid_t GROUP_SERVICE_2 = 1234;
-const uid_t USER_SERVICE_MAX = 4999;
-const uid_t GROUP_SERVICE_MAX = 4999;
-const uid_t USER_SERVICE_FAIL = 5000;
-const uid_t GROUP_SERVICE_FAIL = 5000;
-const uid_t USER_APP = 5050;
-const uid_t GROUP_APP = 5050;
-const char* APP_PASS = "user-pass";
-
-const char* TEST_ALIAS = "test-alias";
-const char* SYSTEM_LABEL = ckmc_owner_id_system;
-const char* INVALID_LABEL = "coco-jumbo";
-std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS);
-std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2");
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL_2 = "test-label-2";
-
-const char* TEST_DATA =
- "Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
- "qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores "
- "et quas molestias excepturi sint occaecati cupiditate non provident, "
- "similique sunt in culpa qui officia deserunt mollitia animi, id est "
- "laborum et dolorum fuga. ";
-}
-
-
-RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB);
-
-RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
-{
- RUNNER_IGNORED_MSG("This test is turn off because fix "
- "from tizen 2.4 that unlock db with empty password");
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, leave DB locked
- // try to access system DB item - expect success
-
- // [prepare]
- remove_user_data(USER_APP);
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
- }
-}
-
-RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB)
-{
- // [test]
- // switch to user app, unlock DB
- // when accessing private DB - owner==me
- // try to write to private DB - expect success
- // try to get item from private DB - expect success
-
- // [test]
- {
- remove_user_data(USER_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>)
-{
- // [test]
- // switch to user app, unlock DB
- // try to add item to system DB - expect fail
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION, RemoveDataEnv<0, USER_APP>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, unlock DB
- // try to access the system item - expect success
-
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION, RemoveDataEnv<0, USER_APP>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to user app, unlock DB
- // try to access the system item - expect fail
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL, RemoveDataEnv<0, USER_APP>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, unlock DB
- // try to access the system item - expect success
- // [prepare2]
- // as system service, remove the item (expecting to remove permission)
- // add item again, do not add permission
- // [test2]
- // switch to user app, unlock DB
- // try to access the system item - expect fail
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-
- // [prepare2]
- check_remove_allowed(TEST_SYSTEM_ALIAS.c_str());
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS, RemoveDataEnv<0, USER_APP>)
-{
- // [test]
- // switch to user app, unlock DB
- // try to write to private DB - expect success
- // try to write to system DB - expect fail
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM, RemoveDataEnv<0, USER_APP>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, unlock DB
- // try to remove item from system DB - expect fail
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
- }
-}
-
-RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS, RemoveDataEnv<0, USER_APP>)
-{
- // [prepare]
- // start as system service
- // add data A to the system DB
- // add data B to the system DB
- // add permission to data A to a user app
- // [test]
- // system service list items - expect both items to appear
- // [test2]
- // switch to user app, unlock DB
- // add data as user
- // user lists items - expect system item A and private item
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()});
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
-
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
- aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
- }
-}
-
-RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB, RemoveDataEnv<USER_APP>)
-{
- // [test]
- // switch to user app, unlock DB
- // try to generate a key in system DB - expect fail
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
- std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_PERMISSION_DENIED ==
- (temp = ckmc_create_key_pair_rsa(1024,
- private_key_alias.c_str(),
- public_key_alias.c_str(),
- policy_private_key,
- policy_public_key)),
- CKMCReadableError(temp));
- }
-}
-
-RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB, RemoveDataEnv<0,USER_APP>)
-{
- // [prepare]
- // start as system service
- // generate RSA key in system DB
- // [test]
- // try to create and verify signature in system DB - expect success
- // [test2]
- // switch to user app, unlock DB
- // try to create signature in system DB - expect fail
-
- // [prepare]
- std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
- std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE ==
- (temp = ckmc_create_key_pair_rsa(1024,
- private_key_alias.c_str(),
- public_key_alias.c_str(),
- policy_private_key,
- policy_public_key)),
- CKMCReadableError(temp));
-
- // [test]
- {
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- private_key_alias.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- public_key_alias.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
- }
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
- private_key_alias.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
- }
-}
-
-RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS, RemoveDataEnv<0>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // add remove permission to a user app - expect fail
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
-}
-
-RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB, RemoveDataEnv<0>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // try to access the item - expect success
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
-}
-
-RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB, RemoveDataEnv<0>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to another system service
- // try to access the item - expect success
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB)
-{
- // [prepare]
- // start as system service 1234
- // add resource to the system DB
- // [test]
- // switch to another system service
- // try to access the item - expect success
-
- // [prepare]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
-
- // [test]
- ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB, RemoveDataEnv<0>)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to system service having uid maximum for system svcs
- // try to access the item - expect success
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_MAX, GROUP_SERVICE_MAX);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB, RemoveDataEnv<0>)
-{
- RUNNER_IGNORED_MSG("This test is turn off because fix "
- "from tizen 2.4 that unlock db with empty password");
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to another, faulty system service with user-land uid==5000
- // try to access the item - expect fail (no system service)
-
- // [prepare]
- save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_FAIL, GROUP_SERVICE_FAIL);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
- }
-}
-
-RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL, RemoveDataEnv<0>)
-{
- // [prepare]
- // start as system service
- // [test]
- // try to add item to system DB using wrong label - expect fail
- // try to add item using explicit system label - expect success
-
- // [test]
- save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
- check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file test-certs.cpp
- * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-
-#include <map>
-#include <test-certs.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-using namespace std;
-
-namespace {
-typedef map<TestData::certificateID, pair<string, CKM::CertificateShPtr>> CertMap;
-
-CKM::CertificateShPtr createCert(const string& cert) {
- CKM::RawBuffer buffer_cert(cert.begin(), cert.end());
- CKM::CertificateShPtr cptr = CKM::Certificate::create(buffer_cert, CKM::DataFormat::FORM_PEM);
- return cptr;
-}
-
-CertMap initializeTestCerts()
-{
- CertMap cm;
-
- // TEST_ROOT_CA, expires 2035
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n"
- "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n"
- "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n"
- "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n"
- "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n"
- "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n"
- "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n"
- "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n"
- "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n"
- "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n"
- "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n"
- "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n"
- "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n"
- "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n"
- "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n"
- "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n"
- "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n"
- "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n"
- "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n"
- "kOg11TpPdNDkhb1J4ZCh2gupDg==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::TEST_ROOT_CA] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx\n"
- "EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl\n"
- "c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx\n"
- "MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI\n"
- "DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w\n"
- "HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF\n"
- "AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j\n"
- "L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7\n"
- "nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc\n"
- "UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT\n"
- "thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6\n"
- "XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E\n"
- "FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/\n"
- "HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97\n"
- "Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v\n"
- "vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc\n"
- "4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB\n"
- "pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8\n"
- "SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm\n"
- "F2obL5qJSTN/RQ==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::TEST_IM_CA] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // TEST_LEAF, signed by TEST_IM_CA, expires 2035
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV\n"
- "BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx\n"
- "HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0\n"
- "WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T\n"
- "dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV\n"
- "VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- "CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl\n"
- "z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq\n"
- "QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc\n"
- "bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E\n"
- "4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk\n"
- "4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp\n"
- "UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj\n"
- "CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/\n"
- "i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9\n"
- "HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF\n"
- "Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz\n"
- "6ON7PVe0ABN/AlwVQiFE\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::TEST_LEAF] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n"
- "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n"
- "YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG\n"
- "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy\n"
- "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP\n"
- "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv\n"
- "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE\n"
- "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ\n"
- "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC\n"
- "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7\n"
- "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD\n"
- "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig\n"
- "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF\n"
- "BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ\n"
- "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE\n"
- "+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6\n"
- "8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS\n"
- "etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i\n"
- "vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP\n"
- "WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8\n"
- "VOBHBw==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::GIAG2] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // MBANK, signed by SYMANTEC, expires 04 Feb 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n"
- "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n"
- "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n"
- "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n"
- "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n"
- "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n"
- "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n"
- "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n"
- "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n"
- "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n"
- "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n"
- "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n"
- "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n"
- "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n"
- "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n"
- "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n"
- "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
- "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n"
- "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n"
- "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n"
- "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n"
- "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n"
- "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n"
- "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n"
- "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n"
- "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n"
- "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n"
- "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n"
- "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n"
- "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n"
- "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n"
- "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n"
- "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n"
- "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::MBANK] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n"
- "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n"
- "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n"
- "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n"
- "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n"
- "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n"
- "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n"
- "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n"
- "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n"
- "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n"
- "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n"
- "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n"
- "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n"
- "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n"
- "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n"
- "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n"
- "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n"
- "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n"
- "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n"
- "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n"
- "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n"
- "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::SYMANTEC] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // GEOTRUST, signed by EQUIFAX, expires 21 Aug 2018
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"
- "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"
- "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"
- "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"
- "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"
- "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"
- "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"
- "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"
- "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"
- "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"
- "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"
- "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"
- "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"
- "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"
- "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"
- "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"
- "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"
- "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::GEOTRUST] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // EQUIFAX, (root CA), expires 22 Aug 2018
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n"
- "UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n"
- "dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n"
- "MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n"
- "dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n"
- "AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n"
- "BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n"
- "cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n"
- "AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n"
- "MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n"
- "aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n"
- "ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n"
- "IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n"
- "MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n"
- "A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n"
- "7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n"
- "1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGzzCCBbegAwIBAgIIG6xwxBtjtJEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMDE1MTY0MjQzWhcNMTYwMTEzMDAwMDAw\n"
- "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n"
- "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjZonqWEMpOM+v3cr\n"
- "rD/xj0L1lxUK2EaCmk3xckbEMFEMW992hnCa1CRjcOC3jb2bkmjHfVzfgt/mbCcX\n"
- "H2YYi6OCBGcwggRjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
- "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n"
- "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n"
- "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n"
- "ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds\n"
- "ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv\n"
- "b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q\n"
- "Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n\n"
- "bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou\n"
- "Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv\n"
- "b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv\n"
- "LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq\n"
- "Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq\n"
- "LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1\n"
- "YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5k\n"
- "cm9pZC5jb22CBGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv\n"
- "b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUu\n"
- "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n"
- "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n"
- "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n"
- "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTkzYJaSmLNPMENVN00b75rL11D/zAMBgNV\n"
- "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1Ud\n"
- "IAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYf\n"
- "aHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOC\n"
- "AQEAHj3svrvviu8X79HzVy6hPIoPUtjkYbgheBSZeWTAC0GgxdZ3cQTrZShZNXmL\n"
- "A9Pwfvs2Kv+iAWfDFuyG6WGD4YN2m2MItQRlBdGGib5aMl8N4vq/KQ1HU2Sw2KQA\n"
- "gBfgt3THooNzXdJ363K7NShV1SMbZYpYMJ3p+hgZe1ezymIM/yny/j/nhoHMqFUG\n"
- "KRNjp7n74bmj0HG9Upci8QL8oxCynKwCPs72Dw8WIFv+WjXoTkEgnfHfUklWBZ8n\n"
- "SpLyfbO8eRQkgXPZxau0BMof5tyetyzBe2QQ/OcvAkDUVhwZi2wIBf9rbhWnl2LE\n"
- "urbTa3K72M5I58jgb740XezcOQ==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- return cm;
-}
-
-CertMap TEST_CERTS = initializeTestCerts();
-}
-
-
-std::string TestData::getTestCertificateBase64(TestData::certificateID id)
-{
- RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
- RUNNER_ASSERT_MSG(TEST_CERTS[id].first.size()>0, "Certificate is empty (should never ever happen)!");
-
- return TEST_CERTS[id].first;
-}
-
-CKM::CertificateShPtr TestData::getTestCertificate(certificateID id)
-{
- RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
- RUNNER_ASSERT_MSG(TEST_CERTS[id].second, "Certificate is empty (should never ever happen)!");
-
- return TEST_CERTS[id].second;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file test-certs.h
- * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <string>
-#include <ckm/ckm-certificate.h>
-
-namespace TestData
-{
-
-enum certificateID {
- // test certificates
- TEST_ROOT_CA = 0, // TEST_ROOT_CA, expires 2035
- TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
- TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
-
- // third party
- GIAG2, // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
- MBANK, // MBANK, signed by SYMANTEC, expires 04 Feb 2016
- SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
- GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018
- EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018
- GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016
-
- // footer - last element in the set
- NO_CERT
-};
-
-std::string getTestCertificateBase64(certificateID id);
-CKM::CertificateShPtr getTestCertificate(certificateID id);
-}
-INCLUDE(FindPkgConfig)
-SET(COMMON_TARGET_TEST "tests-common")
-
-#dependencies
PKG_CHECK_MODULES(COMMON_TARGET_DEP
+ REQUIRED
libsmack
dbus-1
sqlite3
libgum
glib-2.0
- REQUIRED
)
-#files to compile
SET(COMMON_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/common/tests_common.cpp
- ${PROJECT_SOURCE_DIR}/src/common/access_provider.cpp
- ${PROJECT_SOURCE_DIR}/src/common/smack_access.cpp
- ${PROJECT_SOURCE_DIR}/src/common/dbus_connection.cpp
- ${PROJECT_SOURCE_DIR}/src/common/dbus_message_in.cpp
- ${PROJECT_SOURCE_DIR}/src/common/dbus_message_out.cpp
- ${PROJECT_SOURCE_DIR}/src/common/service_manager.cpp
- ${PROJECT_SOURCE_DIR}/src/common/memory.cpp
- ${PROJECT_SOURCE_DIR}/src/common/db_sqlite.cpp
- ${PROJECT_SOURCE_DIR}/src/common/fs_label_manager.cpp
- ${PROJECT_SOURCE_DIR}/src/common/passwd_access.cpp
- ${PROJECT_SOURCE_DIR}/src/common/uds.cpp
- ${PROJECT_SOURCE_DIR}/src/common/synchronization_pipe.cpp
- ${PROJECT_SOURCE_DIR}/src/common/timeout.cpp
- ${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp
+ tests_common.cpp
+ access_provider.cpp
+ smack_access.cpp
+ dbus_connection.cpp
+ dbus_message_in.cpp
+ dbus_message_out.cpp
+ service_manager.cpp
+ memory.cpp
+ db_sqlite.cpp
+ fs_label_manager.cpp
+ passwd_access.cpp
+ uds.cpp
+ synchronization_pipe.cpp
+ timeout.cpp
+ temp_test_user.cpp
)
#system and local includes
INCLUDE_DIRECTORIES(
${PROJECT_SOURCE_DIR}/src/framework/include
- ${PROJECT_SOURCE_DIR}/src/common
+ .
)
#output OBJECT format
-ADD_LIBRARY(${COMMON_TARGET_TEST} ${COMMON_TARGET_TEST_SOURCES})
+ADD_LIBRARY(${COMMON_TARGET_TEST} STATIC ${COMMON_TARGET_TEST_SOURCES})
TARGET_LINK_LIBRARIES(${COMMON_TARGET_TEST} ${COMMON_TARGET_DEP_LIBRARIES}
dpl-test-framework)
-INSTALL (FILES ${PROJECT_SOURCE_DIR}/src/common/security-tests.conf DESTINATION /etc/dbus-1/system.d)
+INSTALL (FILES security-tests.conf DESTINATION /etc/dbus-1/system.d)
#include <vector>
#include <algorithm>
-int DB::Transaction::db_result = PC_OPERATION_SUCCESS;
-
-const char *WGT_APP_ID = "QwCqJ0ttyS";
-
bool smack_check(void)
{
#ifndef WRT_SMACK_ENABLED
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <dpl/test/test_runner_multiprocess.h>
-#include <privilege-control.h>
#include <sys/smack.h>
#include <string>
#include <tuple>
} \
void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-namespace DB {
-
- class Transaction
- {
- public:
-
- static int db_result;
-
- Transaction() {
- db_result = perm_begin();
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == db_result,
- "perm_begin returned: " << db_result);
- }
-
- ~Transaction() {
- db_result = perm_end();
- }
- };
-} // namespace DB
-
-// Database Transaction macros
-// PLEASE NOTE Both DB_BEGIN and DB_END need to be called in the same scope.
-// They are used to prevent developer from forgetting to close transaction.
-// Also note that variables defined between these macros will not be visible
-// after DB_END.
-#define DB_BEGIN \
- { \
- DB::Transaction db_transaction;
-
-#define DB_END } \
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == DB::Transaction::db_result, \
- "perm_end returned: " << DB::Transaction::db_result);
-
-// Common macros and labels used in tests
-extern const char *WGT_APP_ID;
-
#endif
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-cmake_minimum_required(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-SET(CYNARA_TARGET_TEST "cynara-test")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_DEP
- REQUIRED
- libprivilege-control
- cynara-admin
- cynara-agent
- cynara-client
- cynara-client-async
- cynara-creds-socket
- cynara-plugin
- dbus-1
- )
-
-#files to compile
-SET(CYNARA_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_request.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_response.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_client.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_env.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_helpers.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/cynara-test.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_agent.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_async.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_db.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_helpers.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-
-#output format
-ADD_EXECUTABLE(${CYNARA_TARGET_TEST} ${CYNARA_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST}
- ${CYNARA_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${CYNARA_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/WRT_test_for_cynara_rules.smack
- DESTINATION /usr/share/privilege-control/
-)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/db_patterns
- DESTINATION /etc/security-tests/
-)
-
-ADD_SUBDIRECTORY(plugins)
+++ /dev/null
-~APP~ cynara_test_1 r
-~APP~ cynara_test_2 w
-~APP~ cynara_test_3 x
-~APP~ cynara_test_4 rw
-~APP~ cynara_test_5 rx
-~APP~ cynara_test_6 wx
-~APP~ cynara_test_7 rwx
-cynara_subject_1 ~APP~ r
-cynara_subject_2 ~APP~ w
-cynara_subject_3 ~APP~ x
-cynara_subject_4 ~APP~ rw
-cynara_subject_5 ~APP~ rx
-cynara_subject_6 ~APP~ wx
-cynara_subject_7 ~APP~ rwx
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_cynara_mask.h>
-#include <memory.h>
-#include <plugins.h>
-#include <tests_common.h>
-
-
-#include <algorithm>
-#include <cstring>
-#include <cstdlib>
-#include <memory>
-#include <ostream>
-#include <string>
-#include <sstream>
-
-namespace CynaraTestAdmin {
-
-namespace
-{
-
-std::ostream& operator<<(std::ostream& os, const cynara_admin_policy &policy)
-{
- os << "{";
- os << " " << formatCstr(policy.bucket) << ",";
- os << " " << formatCstr(policy.client) << ",";
- os << " " << formatCstr(policy.user) << ",";
- os << " " << formatCstr(policy.privilege) << ",";
- os << " " << policy.result << ",";
- os << " " << formatCstr(policy.result_extra);
- os << " }" << std::endl;
- return os;
-}
-
-std::ostream& operator<<(std::ostream& os, const cynara_admin_policy *const *policies)
-{
- os << "{" << std::endl;
- for (size_t i = 0; policies[i] != nullptr; ++i)
- os << *policies[i];
- os << "}";
- return os;
-}
-
-int string_compare(const char *s1, const char *s2)
-{
- if (!s2)
- {
- if (!s1)
- return 0;
- return 1;
- }
- if (!s1)
- return -1;
- return strcmp(s1, s2);
-}
-
-bool policy_less(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
-{
- auto sc = string_compare(p1.bucket, p2.bucket);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.client, p2.client);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.user, p2.user);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.privilege, p2.privilege);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.result_extra, p2.result_extra);
- if (sc != 0)
- return (sc < 0);
- return p1.result < p2.result;
-}
-
-bool policy_equal(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
-{
- return (p1.result == p2.result
- && string_compare(p1.bucket, p2.bucket) == 0
- && string_compare(p1.client, p2.client) == 0
- && string_compare(p1.user, p2.user) == 0
- && string_compare(p1.privilege, p2.privilege) == 0
- && string_compare(p1.result_extra, p2.result_extra) == 0);
-}
-
-std::ostream& operator<<(std::ostream& os, const CynaraTestPlugins::Descriptions &descriptions)
-{
- os << "{" << std::endl;
- for (const auto &desc : descriptions)
- os << "{ [" << desc.type << "], <" << desc.name << "> }" << std::endl;
- os << "}";
- return os;
-}
-
-} // namespace anonymous
-
-CynaraPoliciesContainer::CynaraPoliciesContainer()
-{
-}
-
-CynaraPoliciesContainer::CynaraPoliciesContainer(struct cynara_admin_policy **policies)
-{
- if (!policies)
- return;
-
- for (int i = 0; policies[i]; ++i) {
- auto policyPtr = policies[i];
- m_policies.push_back(*policyPtr);
- free(policyPtr);
- }
- free(policies);
-}
-
-CynaraPoliciesContainer::~CynaraPoliciesContainer()
-{
- for (struct cynara_admin_policy &policy : m_policies) {
- free(policy.bucket);
- free(policy.client);
- free(policy.user);
- free(policy.privilege);
- free(policy.result_extra);
- }
-}
-
-void CynaraPoliciesContainer::add(const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra)
-{
- m_policies.push_back({ nullptr, nullptr, nullptr, nullptr, 0, nullptr });
- struct cynara_admin_policy &policy = m_policies.back();
- if (bucket)
- policy.bucket = strdup(bucket);
- if (client)
- policy.client = strdup(client);
- if (user)
- policy.user = strdup(user);
- if (privilege)
- policy.privilege = strdup(privilege);
- policy.result = result;
- if (resultExtra)
- policy.result_extra = strdup(resultExtra);
-}
-
-void CynaraPoliciesContainer::add(const char *bucket,
- const CheckKey &checkKey,
- const int result,
- const char *resultExtra)
-{
- add(bucket, checkKey.m_client, checkKey.m_user, checkKey.m_privilege, result, resultExtra);
-}
-
-void CynaraPoliciesContainer::sort()
-{
- std::sort(m_policies.begin(), m_policies.end(), policy_less);
-}
-
-std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies)
-{
- os << "{" << std::endl;
- for (const auto & policy : policies.m_policies)
- os << policy;
- os << "}";
- return os;
-}
-
-Admin::Admin(bool isOnline)
- : m_admin(nullptr), m_online(isOnline)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
-
- int ret = cynara_admin_initialize(&m_admin);
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_admin_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_admin != nullptr, "cynara_admin struct was not initialized");
-}
-
-Admin::~Admin() noexcept(false)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
- cynara_admin_finish(m_admin);
-}
-
-void Admin::setPolicies(const CynaraPoliciesContainer &policiesContainer,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- const cynara_admin_policy *policies[policiesContainer.m_policies.size()+1];
-
- for (size_t i = 0; i < policiesContainer.m_policies.size(); ++i) {
- policies[i] = &policiesContainer.m_policies[i];
- }
- policies[policiesContainer.m_policies.size()] = nullptr;
-
- int ret = cynara_admin_set_policies(m_admin, policies);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_set_policies returned wrong value: "
- << ret << " != " << expectedResult << ". "
- << "policies:\n" << policies);
-}
-
-void Admin::setBucket(const char *bucket, int operation, const char *extra,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- int ret = cynara_admin_set_bucket(m_admin, bucket, operation, extra);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_set_bucket returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " bucket: " << formatCstr(bucket) << ","
- << " operation: " << operation << ","
- << " extra: " << formatCstr(extra));
-}
-
-void Admin::adminCheck(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedCheckResult, const char *expectedCheckResultExtra,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- int checkResult;
- char *checkResultExtra = nullptr;
-
- int ret = cynara_admin_check(m_admin,
- startBucket, recursive,
- client, user, privilege,
- &checkResult, &checkResultExtra);
- CStringPtr extra(checkResultExtra);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " recursive: " << recursive << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege) << ",";
-
- s << " checkResult: " << checkResult << ","
- << " expectedCheckResult: " << expectedCheckResult << ","
- << " checkResultExtra: " << formatCstr(checkResultExtra) << ","
- << " expectedCheckResultExtra: " << formatCstr(expectedCheckResultExtra);
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(checkResult == expectedCheckResult,
- "cynara_admin_check returned wrong check result: "
- << checkResult << " != " << expectedCheckResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(formatCstr(checkResultExtra) == formatCstr(expectedCheckResultExtra),
- "cynara_admin_check returned wrong check result extra: "
- << formatCstr(checkResultExtra) << " != "
- << formatCstr(expectedCheckResultExtra) << "."
- << dump());
-}
-
-void Admin::listPolicies(const char *startBucket,
- const char *client, const char *user, const char *privilege,
- CynaraPoliciesContainer &expectedPolicyList,
- int expectedResult) {
-
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- struct cynara_admin_policy **policies = nullptr;
-
- int ret = cynara_admin_list_policies(m_admin,
- startBucket,
- client, user, privilege,
- &policies);
-
- CynaraPoliciesContainer receivedPolicyList(policies);
- receivedPolicyList.sort();
- expectedPolicyList.sort();
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege) << ",";
-
- s << " receivedPolicyList: " << receivedPolicyList << ","
- << " expectedPolicyList: " << expectedPolicyList;
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_list_policies returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(receivedPolicyList.m_policies.size() == expectedPolicyList.m_policies.size(),
- "size of list returned by cynara_admin_list_policies: "
- << receivedPolicyList.m_policies.size()
- << " doesn't match expected list size: "
- << expectedPolicyList.m_policies.size() << "."
- << dump());
-
- RUNNER_ASSERT_MSG(std::equal(receivedPolicyList.m_policies.begin(),
- receivedPolicyList.m_policies.end(),
- expectedPolicyList.m_policies.begin(),
- policy_equal),
- "list returned by cynara_admin_list_policies doesn't match expected: "
- << dump());
-}
-
-void Admin::erasePolicies(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- int ret = cynara_admin_erase(m_admin,
- startBucket, recursive,
- client, user, privilege);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " recursive: " << recursive << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege);
-
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_erase returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-}
-
-CynaraTestPlugins::Descriptions parseAndRelease(cynara_admin_policy_descr **descriptions)
-{
- CynaraTestPlugins::Descriptions ret;
-
- if (descriptions) {
- for (size_t i = 0; descriptions[i] != nullptr; ++i) {
- auto descPtr = descriptions[i];
- ret.push_back({ static_cast<Cynara::PolicyType>(descPtr->result),
- std::string(descPtr->name) });
- free(descPtr->name);
- free(descPtr);
- }
- free(descriptions);
- }
- return ret;
-}
-
-void Admin::listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- struct cynara_admin_policy_descr **descriptions = nullptr;
-
- int ret = cynara_admin_list_policies_descriptions(m_admin, &descriptions);
-
- CynaraTestPlugins::Descriptions receivedDescriptions = parseAndRelease(descriptions);
-
- auto description_less = [](const Cynara::PolicyDescription &d1,
- const Cynara::PolicyDescription &d2) -> bool {
- return d1.type != d2.type ? d1.type < d2.type : d1.name < d2.name;
- };
-
- auto description_equal = [](const Cynara::PolicyDescription &d1,
- const Cynara::PolicyDescription &d2) -> bool {
- return d1.type == d2.type && d1.name == d2.name;
- };
-
- std::sort(receivedDescriptions.begin(), receivedDescriptions.end(), description_less);
- std::sort(expectedDescriptions.begin(), expectedDescriptions.end(), description_less);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " receivedPolicyDescriptionList: " << receivedDescriptions << ","
- << " expectedPolicyDescriptionList: " << expectedDescriptions << ".";
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_list_policies_descriptions returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(receivedDescriptions.size() == expectedDescriptions.size(),
- "size of list returned by cynara_admin_list_policies_descriptions: "
- << receivedDescriptions.size()
- << " doesn't match expected list size: "
- << expectedDescriptions.size() << "."
- << dump());
-
- RUNNER_ASSERT_MSG(std::equal(receivedDescriptions.begin(),
- receivedDescriptions.end(),
- expectedDescriptions.begin(),
- description_equal),
- "list returned by cynara_admin_list_policies_descriptions "
- "doesn't match expected. " << dump());
-}
-
-} // namespace CynaraTestAdmin
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_ADMIN_H
-#define CYNARA_TEST_ADMIN_H
-
-#include <cynara_test_commons.h>
-#include <plugins.h>
-
-#include <cynara-admin.h>
-#include <ostream>
-#include <vector>
-
-namespace CynaraTestAdmin {
-
-class Admin;
-
-class CynaraPoliciesContainer
-{
-public:
- CynaraPoliciesContainer();
-
-/**
- * \par Description:
- * A special constructor stealing all data from all structures cynara_admin_policy
- * arranged in a null-terminated list.
- * It moves all data from inside structures to own vector,
- * but release input list by freeing memory of list elements and list itself.
- */
- CynaraPoliciesContainer(struct cynara_admin_policy **policies);
- CynaraPoliciesContainer(const CynaraPoliciesContainer&) = delete;
- CynaraPoliciesContainer(const CynaraPoliciesContainer&&) = delete;
- virtual ~CynaraPoliciesContainer();
-
- void add(const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra);
- void add(const char *bucket,
- const CheckKey &checkKey,
- const int result,
- const char *resultExtra = nullptr);
- void sort();
-
- friend std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies);
-
-private:
- friend class Admin;
-
- std::vector<struct cynara_admin_policy> m_policies;
-};
-
-class Admin
-{
-public:
- Admin(bool isOnline = true);
- virtual ~Admin() noexcept(false);
-
- void setPolicies(const CynaraPoliciesContainer &policiesContainer,
- int expectedResult = CYNARA_API_SUCCESS);
- void setBucket(const char *bucket, int operation, const char *extra,
- int expectedResult = CYNARA_API_SUCCESS);
- void adminCheck(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedCheckResult, const char *expectedCheckResultExtra,
- int expectedResult = CYNARA_API_SUCCESS);
- void listPolicies(const char *startBucket,
- const char *client, const char *user, const char *privilege,
- CynaraPoliciesContainer &expectedPolicyList,
- int expectedResult = CYNARA_API_SUCCESS);
- void erasePolicies(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedResult = CYNARA_API_SUCCESS);
- void listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
- int expectedResult = CYNARA_API_SUCCESS);
-private:
- struct cynara_admin *m_admin;
- bool m_online;
-};
-
-} // namespace CynaraTestAdmin
-
-#endif // CYNARA_TEST_ADMIN_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstdlib>
-#include <string>
-
-#include <cynara_test_agent.h>
-#include <plugins.h>
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestAgent {
-
-Agent::Agent()
- : m_agent(nullptr)
-{
- int ret = cynara_agent_initialize(&m_agent, CynaraTestPlugins::TEST_AGENT_TYPE.c_str());
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_agent_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_agent != nullptr,
- "cynara_agent struct was not initialized");
-}
-
-Agent::~Agent()
-{
- cynara_agent_finish(m_agent);
-}
-
-void Agent::getRequest(AgentRequest &request, int expectedResult)
-{
- cynara_agent_msg_type type;
- cynara_agent_req_id id;
- void *data = nullptr;
- size_t dataSize;
-
- int ret = cynara_agent_get_request(m_agent, &type, &id, &data, &dataSize);
- if (ret == CYNARA_API_SUCCESS) {
- RUNNER_ASSERT_MSG(!data == !dataSize,
- "cynara_agent_get_request returned contradictory values: "
- << "data = " << data << " ,"
- << "size = " << dataSize << ".");
- request.set(type, id, data, dataSize);
- free(data);
- }
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_agent_get_request returned wrong value: "
- << ret << " != " << expectedResult << ".");
-}
-
-void Agent::putResponse(const AgentResponse &response, int expectedResult)
-{
- auto size = response.data().size();
- int ret = cynara_agent_put_response(m_agent,
- response.type(),
- response.id(),
- size ? static_cast<const void*>(response.data().data())
- : nullptr,
- size);
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_agent_put_response returned wrong value: "
- << ret << " != " << expectedResult << "."
- << "response = " << response);
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_H
-#define CYNARA_TEST_AGENT_H
-
-#include <cynara-agent.h>
-
-#include <cynara_test_agent_request.h>
-#include <cynara_test_agent_response.h>
-
-namespace CynaraTestAgent {
-
-class Agent
-{
-public:
- Agent();
- ~Agent();
-
- void getRequest(AgentRequest &request, int expectedResult = CYNARA_API_SUCCESS);
- void putResponse(const AgentResponse &response, int expectedResult = CYNARA_API_SUCCESS);
-
-private:
- struct cynara_agent *m_agent;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_agent_request.h>
-#include <plugins.h>
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestAgent {
-
-std::ostream& operator<<(std::ostream& os, const AgentRequest &request)
-{
- os << "{";
- os << " valid = " << request.m_valid << ",";
- os << " type = " << request.m_type << ",";
- os << " id = " << request.m_id << ",";
- os << " data = " << request.m_data << ",";
- os << " client = " << request.m_client << ",";
- os << " user = " << request.m_user << ",";
- os << " privilege = " << request.m_privilege;
- os << " }";
- return os;
-}
-
-void AgentRequest::set(cynara_agent_msg_type type, cynara_agent_req_id id,
- const void *data, size_t dataSize)
-{
- m_type = type;
- m_id = id;
- m_data = Cynara::PluginData(static_cast<const char*>(data), dataSize);
- m_client.clear();
- m_user.clear();
- m_privilege.clear();
-
- if (m_type == CYNARA_MSG_TYPE_ACTION) {
- CynaraTestPlugins::AgentDataVector parsedData;
-
- bool unwrapSuccess = CynaraTestPlugins::unwrapAgentData(m_data, parsedData);
- RUNNER_ASSERT_MSG(unwrapSuccess,
- "Format error. Cannot succesfully unwrap request. "
- << *this);
-
- RUNNER_ASSERT_MSG(parsedData.size() == 3,
- "Received unexpected [" << parsedData.size() << "] number of units,"
- << " while expecting 3."
- << " Cannot succesfully unwrap request. "
- << *this);
-
- m_client = parsedData[0];
- m_user = parsedData[1];
- m_privilege = parsedData[2];
- }
- m_valid = true;
-}
-
-void AgentRequest::assertAction(std::string client, std::string user, std::string privilege)
-{
- RUNNER_ASSERT_MSG(m_valid,
- "assertAction failed: request is not valid. "
- << *this);
- RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_ACTION,
- "assertAction failed: request's type is " << m_type
- << ", expected type is " << CYNARA_MSG_TYPE_ACTION << ". "
- << *this);
- RUNNER_ASSERT_MSG(!m_data.empty(),
- "assertAction failed: m_data is empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_client == client,
- "assertAction failed: unexpected client value " << m_client
- << ", expected value is " << client << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_user == user,
- "assertAction failed: unexpected user value " << m_user
- << ", expected value is " << user << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_privilege == privilege,
- "assertAction failed: unexpected privilege value " << m_privilege
- << ", expected value is " << privilege << ". "
- << *this);
-}
-
-void AgentRequest::assertCancel()
-{
- RUNNER_ASSERT_MSG(m_valid,
- "assertCancel failed: request is not valid. "
- << *this);
- RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_CANCEL,
- "assertCancel failed: request's type is " << m_type
- << ", expected type is " << CYNARA_MSG_TYPE_CANCEL << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_data.empty(),
- "assertCancel failed: m_data is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_client.empty(),
- "assertCancel failed: m_client is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_user.empty(),
- "assertCancel failed: m_user is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_privilege.empty(),
- "assertCancel failed: m_privilege is not empty. "
- << *this);
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_REQUEST_H
-#define CYNARA_TEST_AGENT_REQUEST_H
-
-#include <cynara_test_commons.h>
-
-#include <cynara-agent.h>
-#include <cynara-plugin.h>
-#include <ostream>
-#include <string>
-
-namespace CynaraTestAgent {
-
-class AgentRequest
-{
-public:
- AgentRequest() : m_valid(false), m_type(CYNARA_MSG_TYPE_ACTION), m_id(0)
- {}
-
- void set(cynara_agent_msg_type type, cynara_agent_req_id id, const void *data, size_t dataSize);
-
- bool valid() const
- {
- return m_valid;
- }
-
- cynara_agent_msg_type type() const
- {
- return m_type;
- }
-
- cynara_agent_req_id id() const
- {
- return m_id;
- }
-
- void assertAction(std::string client, std::string user, std::string privilege);
- void assertCancel();
-
- friend std::ostream& operator<<(std::ostream& os, const AgentRequest &request);
-
-private:
- bool m_valid;
- cynara_agent_msg_type m_type;
- cynara_agent_req_id m_id;
- Cynara::PluginData m_data;
- std::string m_client;
- std::string m_user;
- std::string m_privilege;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_REQUEST_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_agent_response.h>
-#include <plugins.h>
-#include <cynara-agent.h>
-
-namespace CynaraTestAgent {
-
-std::ostream& operator<<(std::ostream& os, const AgentResponse &response)
-{
- os << "{";
- os << " type = " << response.m_type << ",";
- os << " id = " << response.m_id << ",";
- os << " data = " << response.m_data;
- os << " }";
- return os;
-}
-
-AgentResponse AgentResponse::createAllow(cynara_agent_req_id id)
-{
- CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_ALLOW};
- return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
-}
-
-AgentResponse AgentResponse::createDeny(cynara_agent_req_id id)
-{
- CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_DENY};
- return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
-}
-
-AgentResponse AgentResponse::createCancel(cynara_agent_req_id id)
-{
- return AgentResponse(CYNARA_MSG_TYPE_CANCEL, id, Cynara::PluginData());
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_RESPONSE_H
-#define CYNARA_TEST_AGENT_RESPONSE_H
-
-#include <cynara_test_commons.h>
-
-#include <cynara-agent.h>
-#include <cynara-plugin.h>
-#include <ostream>
-
-namespace CynaraTestAgent {
-
-class AgentResponse
-{
-public:
- AgentResponse() = delete;
- static AgentResponse createAllow(cynara_agent_req_id id);
- static AgentResponse createDeny(cynara_agent_req_id id);
- static AgentResponse createCancel(cynara_agent_req_id id);
-
- cynara_agent_msg_type type() const
- {
- return m_type;
- }
-
- cynara_agent_req_id id() const
- {
- return m_id;
- }
-
- Cynara::PluginData data() const
- {
- return m_data;
- }
-
- friend std::ostream& operator<<(std::ostream& os, const AgentResponse &response);
-
-private:
- AgentResponse(cynara_agent_msg_type type, cynara_agent_req_id id, Cynara::PluginData data)
- : m_type(type), m_id(id), m_data(data)
- {}
-
- cynara_agent_msg_type m_type;
- cynara_agent_req_id m_id;
- Cynara::PluginData m_data;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_RESPONSE_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client.h>
-
-#include <tests_common.h>
-
-namespace CynaraTestClient {
-
-Client::Client()
- : m_cynara(nullptr)
-{
- int ret = cynara_initialize(&m_cynara, nullptr);
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara struct was not initialized");
-}
-
-Client::~Client()
-{
- cynara_finish(m_cynara);
-}
-
-void Client::check(const char *client, const char *session,
- const char *user, const char *privilege,
- int expectedResult)
-{
- int ret = cynara_check(m_cynara, client, session, user, privilege);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " client: " << formatCstr(client) << ","
- << " session: " << formatCstr(session) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege));
-}
-
-} //namespace CynaraTestClient
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_H
-#define CYNARA_TEST_CLIENT_H
-
-#include <cynara-client.h>
-
-namespace CynaraTestClient {
-
-class Client
-{
-public:
- Client();
- virtual ~Client();
-
- void check(const char *client, const char *session,
- const char *user, const char *privilege,
- int expectedResult = CYNARA_API_ACCESS_ALLOWED);
-
-private:
- struct cynara *m_cynara;
-};
-
-} //namespace CynaraTestClient
-
-#endif // CYNARA_TEST_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_client.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <cynara-client-async.h>
-
-#include <exception>
-#include <unistd.h>
-
-namespace CynaraTestClientAsync {
-
-static std::string suffix(const std::string &major, const std::string &minor)
-{
- if (minor.empty())
- return major;
- return "_" + major + "_" + minor;
-}
-
-CheckData::CheckData(const std::string &major, const std::string &minor) :
- m_client("client" + suffix(major, minor)),
- m_session("session" + suffix(major, minor)),
- m_user("user" + suffix(major, minor)),
- m_privilege("privilege" + suffix(major, minor))
-{
-}
-
-CheckData::CheckData(const std::string &major, int minor) : CheckData(major, std::to_string(minor))
-{
-}
-
-CheckKey CheckData::toAdminPolicy()
-{
- return {m_client.c_str(), m_user.c_str(), m_privilege.c_str()};
-}
-
-Client::Client(const StatusFunction &userFunction)
- : m_cynara(nullptr), m_statusMonitor(userFunction)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_initialize(&m_cynara, nullptr,
- StatusMonitor::updateStatus,
- static_cast<void*>(&m_statusMonitor)););
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_async_initialize() failed. ret = " << ret << ".");
- RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara_async struct was not initialized.");
-
- assertStatus(DISCONNECTED);
-}
-
-Client::~Client() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- RUNNER_DEFER_SCOPE(cynara_async_finish(m_cynara););
- assertStatus(DISCONNECTED);
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraTestAsync::Client.");
- }
-}
-
-void Client::assertStatus(enum SocketStatus expectedStatus)
-{
- enum SocketStatus currentStatus = m_statusMonitor.getStatus();
- RUNNER_ASSERT_MSG(currentStatus == expectedStatus,
- "SocketStatus mismatch: "
- << " currentStatus = " << currentStatus << ","
- << " expectedStatus = " << expectedStatus << ".");
-}
-
-void Client::checkCache(const CheckData &checkData, int expectedResult)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_check_cache(m_cynara, checkData.m_client.c_str(),
- checkData.m_session.c_str(),
- checkData.m_user.c_str(),
- checkData.m_privilege.c_str()););
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Cache check returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " client = " << checkData.m_client << ","
- << " sesion = " << checkData.m_session << ","
- << " user = " << checkData.m_user << ","
- << " privilege = " << checkData.m_privilege << ".");
-}
-
-void Client::createRequest(const CheckData &checkData, cynara_check_id &id,
- const RequestEntity &callbackData, int expectedResult)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_create_request(m_cynara, checkData.m_client.c_str(),
- checkData.m_session.c_str(),
- checkData.m_user.c_str(),
- checkData.m_privilege.c_str(), &id,
- RequestMonitor::updateResponse,
- static_cast<void*>(
- &m_requestMonitor)););
- if (ret == CYNARA_API_SUCCESS)
- m_requestMonitor.registerRequest(id, callbackData);
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Create request returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " client = " << checkData.m_client << ","
- << " sesion = " << checkData.m_session << ","
- << " user = " << checkData.m_user << ","
- << " privilege = " << checkData.m_privilege << ".");
-}
-
-void Client::process(int expectedResult,
- enum TimeoutExpectation timeoutExpectation,
- time_t timeoutSeconds) {
- if (m_statusMonitor.getStatus() == DISCONNECTED)
- return;
-
- int fd = m_statusMonitor.getFd();
- fd_set fds;
- timeval tv;
- FD_ZERO(&fds);
- FD_SET(fd, &fds);
- tv.tv_sec = timeoutSeconds;
- tv.tv_usec = 0;
-
- int ret;
- if (m_statusMonitor.getStatus() == READ)
- ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, NULL, NULL, &tv));
- else
- ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, &fds, NULL, &tv));
-
- if (ret == 0) {
- RUNNER_ASSERT_MSG(timeoutExpectation != EXPECT_NO_TIMEOUT,
- "Unexpected select timeout."
- << " ret = " << ret);
- return;
- }
- RUNNER_ASSERT_ERRNO_MSG(ret > 0,
- "Select returned error:"
- << " ret = " << ret);
- RUNNER_ASSERT_MSG(timeoutExpectation != EXPECT_TIMEOUT,
- "Select returned positive value, when timeout was expected."
- << " ret = " << ret);
-
- RUNNER_DEFER_SCOPE(ret = cynara_async_process(m_cynara););
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_async_process returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ".");
-}
-
-void Client::cancel(cynara_check_id id, int expectedResult)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_cancel_request(m_cynara, id););
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Cancel request returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " id = " << id << ".");
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
-#define CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
-
-#include <cynara_test_client_async_request_monitor.h>
-#include <cynara_test_client_async_status_monitor.h>
-#include <cynara_test_commons.h>
-
-#include <cynara-client-async.h>
-
-#include <string>
-#include <sys/types.h>
-
-namespace CynaraTestClientAsync {
-
-struct CheckData
-{
- std::string m_client;
- std::string m_session;
- std::string m_user;
- std::string m_privilege;
-
- CheckData(const std::string &major, const std::string &minor = "");
- CheckData(const std::string &major, int minor);
-
- CheckKey toAdminPolicy();
-};
-
-class Client
-{
-public:
- enum TimeoutExpectation {
- EXPECT_TIMEOUT,
- EXPECT_NO_TIMEOUT,
- IGNORE_TIMEOUT,
- };
-
- Client(const StatusFunction &userFunction = StatusFunction());
- ~Client() noexcept(false);
-
- void assertStatus(enum SocketStatus expectedStatus);
- void checkCache(const CheckData &checkData, int expectedResult);
- void createRequest(const CheckData &checkData, cynara_check_id &id,
- const RequestEntity &callbackData, int expectedResult = CYNARA_API_SUCCESS);
- void process(int expectedResult = CYNARA_API_SUCCESS,
- enum TimeoutExpectation timeoutExpectation = EXPECT_NO_TIMEOUT,
- time_t timeoutSeconds = 3);
- void cancel(cynara_check_id id, int expectedResult = CYNARA_API_SUCCESS);
-
-private:
- struct cynara_async *m_cynara;
-
- StatusMonitor m_statusMonitor;
- RequestMonitor m_requestMonitor;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_request_monitor.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <exception>
-
-namespace CynaraTestClientAsync {
-
-RequestMonitor::~RequestMonitor() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- for (auto ent : m_requests)
- {
- RUNNER_ERROR_MSG("There was no callback for request with:"
- << "id = " << ent.first << ","
- << "expectedResponse = " << ent.second.m_expectedResponse << ","
- << "expectedCause = " << ent.second.m_expectedCause << ".");
- }
- RUNNER_ASSERT_MSG(m_requests.empty(),
- m_requests.size() << "requests does not receive callback.");
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing"
- " CynaraTestAsync::RequestMonitor.");
- }
-}
-
-void RequestMonitor::registerRequest(cynara_check_id id, const RequestEntity &request)
-{
- auto p = m_requests.insert({id, request});
- RUNNER_ASSERT_MSG(p.second,
- "Request with id = " << p.first->first << " already exists.");
-}
-
-void RequestMonitor::updateResponse(cynara_check_id checkId, cynara_async_call_cause cause,
- int response, void *data)
-{
- RUNNER_DEFER_TRYCATCH(
- RequestMonitor *monitor = static_cast<RequestMonitor*>(data);
- if (!monitor) {
- RUNNER_FAIL_MSG("Bad user data (nullptr) in response callback.");
- return;
- }
-
- auto it = monitor->m_requests.find(checkId);
- if (it == monitor->m_requests.end()) {
- RUNNER_FAIL_MSG("Received unexpected callback for request:"
- << "id = " << checkId << ","
- << "response = " << response << ","
- << "cause = " << cause << ".");
- return;
- }
-
- //save request data and remove request from monitored requests
- auto expectedResponse = it->second.m_expectedResponse;
- auto expectedCause = it->second.m_expectedCause;
- auto userFunction = it->second.m_userFunction;
- monitor->m_requests.erase(it);
-
- RUNNER_ASSERT_MSG(cause == expectedCause,
- "Unexpected cause in response callback:"
- << "id = " << checkId << ","
- << "received response = " << response << ","
- << "expected response = " << expectedResponse << ","
- << "received cause = " << cause << ","
- << "expected cause = " << expectedCause << ".");
-
- if (cause == CYNARA_CALL_CAUSE_ANSWER)
- {
- RUNNER_ASSERT_MSG(response == expectedResponse,
- "Unexpected response in response callback:"
- << "id = " << checkId << ","
- << "received response = " << response << ","
- << "expected response = " << expectedResponse << ","
- << "received cause = " << cause << ","
- << "expected cause = " << expectedCause << ".");
- }
-
- if (userFunction)
- userFunction();
- );
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
-#define CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
-
-#include <cynara-client-async.h>
-
-#include <functional>
-#include <unordered_map>
-
-namespace CynaraTestClientAsync {
-
-typedef std::function<void(void)> RequestFunction;
-
-struct RequestEntity
-{
- RequestFunction m_userFunction;
- int m_expectedResponse;
- cynara_async_call_cause m_expectedCause;
-};
-
-class RequestMonitor
-{
-public:
- ~RequestMonitor() noexcept(false);
-
- void registerRequest(cynara_check_id id, const RequestEntity &request);
-
- static void updateResponse(cynara_check_id checkId, cynara_async_call_cause cause, int response,
- void *data);
-
-private:
- std::unordered_map<cynara_check_id, RequestEntity> m_requests;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_status_monitor.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestClientAsync {
-
-StatusMonitor::StatusMonitor(const StatusFunction &userFunction)
- : m_fd(-1), m_status(CYNARA_STATUS_FOR_READ), m_userFunction(userFunction)
-{
-}
-
-void StatusMonitor::updateStatus(int oldFd, int newFd, cynara_async_status status, void *data)
-{
- RUNNER_DEFER_TRYCATCH(
- StatusMonitor *monitor = static_cast<StatusMonitor*>(data);
- if (!monitor) {
- RUNNER_FAIL_MSG("Bad user data (nullptr) in status callback.");
- return;
- }
-
- RUNNER_ASSERT_MSG(monitor->m_fd == oldFd,
- "fd value mismatch: "
- << " last saved fd = " << monitor->m_fd << ","
- << " callback oldFd = " << oldFd << ".");
-
- monitor->m_fd = newFd;
- monitor->m_status = status;
- if (monitor->m_userFunction)
- monitor->m_userFunction(oldFd, newFd, status);
- );
-}
-
-int StatusMonitor::getFd(void) const
-{
- return m_fd;
-}
-
-enum SocketStatus StatusMonitor::getStatus(void) const
-{
- if (m_fd == -1)
- return DISCONNECTED;
-
- switch (m_status) {
- case CYNARA_STATUS_FOR_READ:
- return READ;
- case CYNARA_STATUS_FOR_RW:
- return READWRITE;
- }
- RUNNER_FAIL_MSG("Unknown cynara socket status = " << m_status << ","
- << " fd = " << m_fd << ".");
- return UNKNOWN;
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
-#define CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
-
-#include <cynara-client-async.h>
-
-#include <functional>
-
-namespace CynaraTestClientAsync {
-
-enum SocketStatus
-{
- READ,
- READWRITE,
- DISCONNECTED,
- UNKNOWN,
-};
-
-typedef std::function<void(int oldFd, int newFd, cynara_async_status status)> StatusFunction;
-
-class StatusMonitor
-{
-public:
-
- StatusMonitor(const StatusFunction &userFunction);
-
- static void updateStatus(int oldFd, int newFd, cynara_async_status status, void *data);
-
- int getFd(void) const;
- enum SocketStatus getStatus(void) const;
-
-private:
- int m_fd;
- cynara_async_status m_status;
- StatusFunction m_userFunction;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_commons.h>
-#include <cynara_test_file_operations.h>
-#include <cynara_test_cynara_mask.h>
-#include <service_manager.h>
-
-namespace CynaraTestConsts
-{
-
-const std::string DB_DIR(CYNARA_DB_DIR);
-const std::string USER("cynara");
-const std::string LABEL("System");
-const std::string SERVICE("cynara.service");
-const std::string SOCKET_CLIENT("cynara.socket");
-const std::string SOCKET_ADMIN("cynara-admin.socket");
-const std::string SOCKET_AGENT("cynara-agent.socket");
-
-const std::string SERVICE_PLUGINS_DIR("/usr/lib/cynara/plugin/service/");
-
-}
-
-void loadServicePlugins(const DirectoryPaths &pluginDirectories)
-{
- CynaraMask mask;
-
- FileOperations::removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- for (const auto &dir : pluginDirectories)
- FileOperations::copyCynaraFiles(dir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR);
-}
-
-void restartCynaraService()
-{
- ServiceManager service(CynaraTestConsts::SERVICE);
- service.restartService();
-}
-
-void restartCynaraServiceAndSockets()
-{
- ServiceManager service(CynaraTestConsts::SERVICE, { CynaraTestConsts::SOCKET_CLIENT,
- CynaraTestConsts::SOCKET_ADMIN,
- CynaraTestConsts::SOCKET_AGENT });
-
- service.restartService(true);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file cynara_test_commons.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Definition of environment wrap for test cases
- */
-
-#ifndef CYNARA_TEST_COMMONS_H_
-#define CYNARA_TEST_COMMONS_H_
-
-#include <string>
-#include <vector>
-
-#include <cynara_test_env.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestConsts
-{
-
-extern const std::string DB_DIR;
-extern const std::string USER;
-extern const std::string LABEL;
-extern const std::string SERVICE;
-extern const std::string SERVICE_PLUGINS_DIR;
-extern const std::string SOCKET_CLIENT;
-extern const std::string SOCKET_ADMIN;
-extern const std::string SOCKET_AGENT;
-
-}
-
-struct CheckKey
-{
- const char *m_client;
- const char *m_user;
- const char *m_privilege;
-};
-
-#define RUN_CYNARA_TEST(Proc) \
- RUNNER_TEST(Proc, CynaraTestEnv) \
- { \
- Proc##_func(); \
- }
-
-typedef std::vector<std::string> DirectoryPaths;
-void loadServicePlugins(const DirectoryPaths &pluginDirectories);
-
-void restartCynaraService();
-void restartCynaraServiceAndSockets();
-
-#endif /* CYNARA_TEST_COMMONS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_cynara_mask.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Implementation of scoped cynara service masker
- */
-
-#include <exception>
-
-#include <cynara_test_commons.h>
-#include <dpl/test/test_runner.h>
-
-#include <cynara_test_cynara_mask.h>
-
-CynaraMask::CynaraMask() : m_serviceManager(CynaraTestConsts::SERVICE)
-{
- m_serviceManager.maskService();
- m_serviceManager.stopService();
-}
-
-CynaraMask::~CynaraMask() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- m_serviceManager.unmaskService();
- m_serviceManager.startService();
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraMask.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_cynara_mask.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Definition of scoped cynara service masker
- */
-
-#ifndef CYNARA_TEST_CYNARA_MASK_H_
-#define CYNARA_TEST_CYNARA_MASK_H_
-
-#include <service_manager.h>
-
-class CynaraMask
-{
-public:
- CynaraMask();
- ~CynaraMask() noexcept(false);
-
-private:
- ServiceManager m_serviceManager;
-};
-
-#endif // CYNARA_TEST_CYNARA_MASK_H_
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_commons.h>
-#include <cynara_test_cynara_mask.h>
-#include <cynara_test_file_operations.h>
-#include <tests_common.h>
-
-#include <cynara_test_env.h>
-
-using namespace FileOperations;
-
-CynaraTestEnv::CynaraTestEnv()
- : m_dbPresent(false)
-{
-}
-
-CynaraTestEnv::~CynaraTestEnv()
-{
-}
-
-void CynaraTestEnv::init(const std::string &testName)
-{
- m_saveDir = TMP_DIR + "/" + testName;
- m_dbSaveDir = m_saveDir + "/db";
- m_pluginsSaveDir = m_saveDir + "/plugins";
- m_defaultDir = "/etc/security-tests/db_patterns/default";
-
- CynaraMask mask;
-
- removeDirFiles(m_dbSaveDir);
- removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
- removeDirIfExists(m_saveDir);
-
- makeDir(m_saveDir);
- m_dbPresent = dirExists(CynaraTestConsts::DB_DIR);
- if (m_dbPresent) {
- makeDir(m_dbSaveDir);
- copyCynaraFiles(CynaraTestConsts::DB_DIR, m_dbSaveDir);
- }
- makeDir(m_pluginsSaveDir);
- copyCynaraFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR, m_pluginsSaveDir);
- unmaskedLoadDefaultDatabase();
-}
-
-void CynaraTestEnv::finish()
-{
- CynaraMask mask;
-
- removeDirFiles(CynaraTestConsts::DB_DIR);
- if (m_dbPresent)
- copyCynaraFiles(m_dbSaveDir, CynaraTestConsts::DB_DIR);
- else
- removeDirIfExists(CynaraTestConsts::DB_DIR);
-
- removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- copyCynaraFiles(m_pluginsSaveDir, CynaraTestConsts::SERVICE_PLUGINS_DIR);
-
- removeDirFiles(m_dbSaveDir);
- removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
- removeDirIfExists(m_saveDir);
-}
-
-void CynaraTestEnv::unmaskedLoadDefaultDatabase()
-{
- if (m_dbPresent) {
- removeDirFiles(CynaraTestConsts::DB_DIR);
- copyCynaraFiles(m_defaultDir, CynaraTestConsts::DB_DIR);
- }
-}
-
-void CynaraTestEnv::loadDefaultDatabase()
-{
- CynaraMask mask;
- unmaskedLoadDefaultDatabase();
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_ENV_H
-#define CYNARA_TEST_ENV_H
-
-#include <string>
-
-class CynaraTestEnv
-{
-public:
- explicit CynaraTestEnv();
- ~CynaraTestEnv();
- void init(const std::string &testName);
- void finish();
- void loadDefaultDatabase();
-
-private:
- void unmaskedLoadDefaultDatabase();
- std::string m_saveDir;
- std::string m_dbSaveDir;
- std::string m_pluginsSaveDir;
- std::string m_defaultDir;
- bool m_dbPresent;
-};
-
-#endif // CYNARA_TEST_ENV_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstdlib>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <ftw.h>
-#include <pwd.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <cynara_test_commons.h>
-#include <dpl/test/test_runner.h>
-#include <memory.h>
-
-#include <cynara_test_file_operations.h>
-
-namespace FileOperations
-{
-
-static int removeFile(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW * /*ftwbuf*/)
-{
- if (tflag == FTW_F)
- RUNNER_ASSERT_ERRNO_MSG(!unlink(fpath), "Unable to unlink " << fpath << " file");
- else
- RUNNER_ASSERT_MSG(tflag == FTW_DP, "Visited file should not exist. Path: " << fpath);
- return 0;
-}
-
-bool dirExists(const std::string &directory)
-{
- struct stat st;
- int ret = stat(directory.c_str(), &st);
- if (ret == -1 && errno == ENOENT) {
- return false;
- } else if (ret == -1) {
- RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory
- << " not due to its nonexistence");
- }
- RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory");
- return true;
-}
-
-void copyCynaraFile(const std::string &src, const std::string &dst)
-{
- using PwBufPtr = CStringPtr;
- int inFd = TEMP_FAILURE_RETRY(open(src.c_str(), O_RDONLY));
- RUNNER_ASSERT_ERRNO_MSG(inFd > 0, "Opening " << src << " file failed");
- FdUniquePtr inFdPtr(&inFd);
-
- int outFd = TEMP_FAILURE_RETRY(creat(dst.c_str(), 0700));
- RUNNER_ASSERT_ERRNO_MSG(outFd > 0, "Creating " << dst << " file failed");
- FdUniquePtr outFdPtr(&outFd);
-
- long int len = sysconf(_SC_GETPW_R_SIZE_MAX);
- RUNNER_ASSERT_MSG(len != -1, "No suggested buflen");
- size_t buflen = len;
- char *buf = static_cast<char*>(malloc(buflen));
-
- PwBufPtr pwBufPtr(buf);
-
- struct passwd pwbuf, *pwbufp = nullptr;
- int ret = TEMP_FAILURE_RETRY(getpwnam_r(CynaraTestConsts::USER.c_str(),
- &pwbuf, buf, buflen, &pwbufp));
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "getpwnam_r failed on " << CynaraTestConsts::USER << " user");
- RUNNER_ASSERT_MSG(pwbufp, "User " << CynaraTestConsts::USER << " does not exist");
-
- ret = fchown(outFd, pwbufp->pw_uid, pwbufp->pw_gid);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fchown failed");
-
- ret = smack_fsetlabel(outFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
-
- struct stat statSrc;
- ret = fstat(inFd, &statSrc);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fstat failed");
-
- ret = sendfile(outFd, inFd, 0, statSrc.st_size);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "sendfile failed");
-
- ret = fsync(outFd);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed");
-}
-
-void copyCynaraFiles(const std::string &source, const std::string &destination)
-{
- DIR *dirPtr = nullptr;
- struct dirent *direntPtr;
-
- RUNNER_ASSERT_ERRNO_MSG(dirPtr = opendir(source.c_str()),
- "opening " << source << " dir failed");
- DirPtr dirScopedPtr(dirPtr);
-
- while((direntPtr = readdir(dirPtr)) != nullptr) {
- if (!strcmp(direntPtr->d_name, ".")
- || !strcmp(direntPtr->d_name, ".."))
- continue;
- std::string tempDest = destination + "/" + direntPtr->d_name;
- std::string tempSrc = source + "/" + direntPtr->d_name;
- copyCynaraFile(tempSrc, tempDest);
- }
-
- syncDir(destination);
-}
-
-void syncElem(const std::string &filename, int flags, mode_t mode)
-{
- int fileFd = TEMP_FAILURE_RETRY(open(filename.c_str(), flags, mode));
- RUNNER_ASSERT_ERRNO_MSG(fileFd != -1, "open failed name=" << filename);
- FdUniquePtr fdPtr(&fileFd);
-
- int ret = fsync(fileFd);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed name=" << filename);
-}
-
-void syncDir(const std::string &dirname, mode_t mode) {
- syncElem(dirname, O_DIRECTORY, mode);
-}
-
-void makeDir(const std::string &directory)
-{
- RUNNER_ASSERT_ERRNO_MSG(!mkdir(directory.c_str(), S_IRWXU | S_IRWXG | S_IRWXO),
- "Unable to make " << directory << " test directory");
-
- syncDir(directory);
-}
-
-void removeDirFiles(const std::string &dir)
-{
- int ret = nftw(dir.c_str(), removeFile, 2, FTW_DEPTH | FTW_PHYS);
- if (ret == -1)
- RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "nftw failed");
- else
- syncDir(dir);
-}
-
-void removeDirIfExists(const std::string &dir)
-{
- RUNNER_ASSERT_ERRNO_MSG(!rmdir(dir.c_str()) || errno == ENOENT,
- "Removing " << dir << " dir failed");
-}
-
-} // namespace FileOperations
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_FILE_OPERATIONS_H
-#define CYNARA_TEST_FILE_OPERATIONS_H
-
-#include <fcntl.h>
-#include <string>
-
-namespace FileOperations
-{
-
-bool dirExists(const std::string &directory);
-void copyCynaraFile(const std::string &src, const std::string &dst);
-void copyCynaraFiles(const std::string &source, const std::string &destination);
-void syncElem(const std::string &filename, int flags = O_RDONLY, mode_t mode = S_IRUSR | S_IWUSR);
-void syncDir(const std::string &dirname, mode_t mode = S_IRUSR | S_IWUSR);
-void makeDir(const std::string &directory);
-void removeDirFiles(const std::string &dir);
-void removeDirIfExists(const std::string &dir);
-
-} // namespace FileOperations
-
-#endif //CYNARA_TEST_FILE_OPERATIONS_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_helpers.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Helpers for cynara-helpers
- */
-
-#include <dpl/test/test_runner.h>
-
-#include <cynara-creds-socket.h>
-
-#include "cynara_test_helpers.h"
-
-namespace CynaraHelperCredentials {
-
-char *socketGetClient(int sock, cynara_client_creds method, int expectedResult) {
- char *buff;
- auto ret = cynara_creds_socket_get_client(sock, method, &buff);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_creds_socket_get_client failed, ret = " << ret
- << "; expected = " << expectedResult);
- return buff;
-}
-
-char *socketGetUser(int sock, cynara_user_creds method, int expectedResult) {
- char *buff;
- auto ret = cynara_creds_socket_get_user(sock, method, &buff);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_creds_socket_get_user failed, ret = " << ret
- << "; expected = " << expectedResult);
- return buff;
-}
-
-pid_t socketGetPid(int sock, int expectedResult) {
- pid_t pid;
- auto ret = cynara_creds_socket_get_pid(sock, &pid);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_creds_socket_get_pid failed, ret = " << ret << "; expected = "
- << expectedResult);
- return pid;
-}
-
-} //namespace CynaraHelperCredentials
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_helpers.h
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Helpers for cynara-helpers
- */
-
-#ifndef CYNARA_TEST_HELPERS_H_
-#define CYNARA_TEST_HELPERS_H_
-
-#include <sys/types.h>
-
-#include <cynara-creds-commons.h>
-#include <cynara-error.h>
-
-namespace CynaraHelperCredentials {
-
-char *socketGetClient(int sock, cynara_client_creds method,
- int expectedResult = CYNARA_API_SUCCESS);
-
-char *socketGetUser(int sock, cynara_user_creds method,
- int expectedResult = CYNARA_API_SUCCESS);
-
-pid_t socketGetPid(int sock, int expectedResult = CYNARA_API_SUCCESS);
-
-} // namespace CynaraHelperCredentials
-
-
-#endif // CYNARA_TEST_HELPERS_H_
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-buckets;$1$$6ZlVs5lw2nZgVmiw0BdY21
-_;$1$$qRPK7m23GJusamGpoGLby/
+++ /dev/null
-buckets;$1$$UYHKvrIkGoSTO5hIgvCLg0
-_;$1$$qRPK7m23GJusamGpoGLby/
+++ /dev/null
-client;user;privilege;0x0;
+++ /dev/null
-buckets;$1$$6ZlVs5lw2nZgVmiw0BdY21
-_;$1$$nssatAXP6yl4N8gjldhxf0
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file BaseCynaraTestPlugin.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of base class for cynara test plugins
- */
-
-#ifndef BASE_CYNARA_TEST_PLUGIN_H
-#define BASE_CYNARA_TEST_PLUGIN_H
-
-#include <string>
-
-#include <cynara-plugin.h>
-#include <cynara/types/PolicyDescription.h>
-#include <plugins.h>
-
-class BaseCynaraTestPlugin : public Cynara::ServicePluginInterface
-{
-public:
- BaseCynaraTestPlugin(const std::string &name)
- {
- m_descriptions = CynaraTestPlugins::POLICY_DESCRIPTIONS.at(name);
- }
-
- virtual ~BaseCynaraTestPlugin() {}
-
- virtual CynaraTestPlugins::Descriptions &getSupportedPolicyDescr()
- {
- return m_descriptions;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- Cynara::PolicyResult &result,
- Cynara::AgentType &requiredAgent,
- Cynara::PluginData &pluginData)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
- (void) requiredAgent;
- (void) pluginData;
-
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- const Cynara::PluginData &agentData,
- Cynara::PolicyResult &result)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
- (void) agentData;
-
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
- }
-
- virtual void invalidate()
- {
- }
-
-private:
- CynaraTestPlugins::Descriptions m_descriptions;
-};
-
-#endif // BASE_CYNARA_TEST_PLUGIN_H
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-ADD_SUBDIRECTORY(single-policy)
-ADD_SUBDIRECTORY(multiple-policy)
-ADD_SUBDIRECTORY(test-agent)
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY "cynara-test-plugin-multiple-policy")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/multiple-policy/plugin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling multiple policy type
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class MultiplePolicyPlugin : public BaseCynaraTestPlugin
-{
-public:
- MultiplePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::MULTIPLE_POLICY) {}
- virtual ~MultiplePolicyPlugin() {}
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new MultiplePolicyPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugins.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of types, constants and functions common for both tests and plugins
- */
-
-#include <vector>
-#include <sstream>
-#include <string>
-
-#include <plugins.h>
-
-namespace CynaraTestPlugins {
-
-Cynara::PluginData wrapAgentData(const AgentDataVector &data) {
- std::stringstream wrappedData;
- wrappedData << AGENT_DATA_RECORD_SEPARATOR;
- for (size_t i = 0; i < data.size(); ++i) {
- wrappedData << AGENT_DATA_UNIT_SEPARATOR
- << data[i]
- << AGENT_DATA_UNIT_SEPARATOR;
- }
- wrappedData << AGENT_DATA_RECORD_SEPARATOR;
- return wrappedData.str();
-}
-
-static bool unwrapAgentDataFromSeparator(const Cynara::PluginData &wrappedData,
- const std::string &separator,
- size_t &pos, std::string &unit) {
-//check if wrapped data starts with separator
- size_t separatorSize = separator.size();
- if (wrappedData.compare(pos, separatorSize, separator) != 0)
- return false;
-
-//find ending separator
- size_t unitStartIndex = pos + separatorSize;
- size_t endingSeparatorIndex = wrappedData.find(separator, unitStartIndex);
- if (endingSeparatorIndex == std::string::npos)
- return false;
-
-//return found unit
- pos = endingSeparatorIndex + separatorSize;
- size_t unitSize = endingSeparatorIndex - unitStartIndex;
- unit.assign(wrappedData, unitStartIndex, unitSize);
- return true;
-}
-
-bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data) {
- std::string record;
- size_t pos = 0;
- if (!unwrapAgentDataFromSeparator(wrappedData, AGENT_DATA_RECORD_SEPARATOR, pos, record))
- return false;
-
- pos = 0;
- while (pos < record.size()) {
- std::string unit;
- if (!unwrapAgentDataFromSeparator(record, AGENT_DATA_UNIT_SEPARATOR, pos, unit))
- return false;
- data.push_back(unit);
- }
- return true;
-}
-
-} // namespace CynaraTestPlugins
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugins.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of types, constants and functions common for both tests and plugins
- */
-
-#ifndef CYNARA_TEST_PLUGINS_H
-#define CYNARA_TEST_PLUGINS_H
-
-#include <cstdint>
-#include <vector>
-#include <map>
-#include <string>
-
-#include <cynara-plugin.h>
-#include <cynara/types/PolicyDescription.h>
-#include <cynara/types/PolicyType.h>
-
-namespace CynaraTestPlugins {
-
-typedef std::vector<Cynara::PolicyDescription> Descriptions;
-typedef std::pair<std::string, Descriptions> DescriptionsPair;
-typedef std::map<std::string, Descriptions> DescriptionsMap;
-
-static const std::string TEST_PLUGIN_PATH("/usr/lib/security-tests/cynara-tests/plugins/");
-
-static const std::string DEFAULT_POLICY("");
-static const std::string SINGLE_POLICY("single-policy");
-static const std::string MULTIPLE_POLICY("multiple-policy");
-static const std::string TEST_AGENT("test-agent");
-
-static const DescriptionsMap POLICY_DESCRIPTIONS = {
- DescriptionsPair(DEFAULT_POLICY, {
- { Cynara::PredefinedPolicyType::DENY, "Deny" },
- { Cynara::PredefinedPolicyType::ALLOW, "Allow" },
- }),
- DescriptionsPair(SINGLE_POLICY, {
- { 2001, "Single Policy Type 1" }
- }),
- DescriptionsPair(MULTIPLE_POLICY, {
- { 3001, "Multiple Policy Type 1" },
- { 3002, "Multiple Policy Type 2" },
- { 3003, "Multiple Policy Type 3" },
- }),
- DescriptionsPair(TEST_AGENT, {
- { 4001, "Test Agent Type 1" }
- }),
-};
-
-static const std::string TEST_AGENT_TYPE("SecurityCynaraTestsAgentType");
-
-static const std::string AGENT_DATA_UNIT_SEPARATOR("\31");
-static const std::string AGENT_DATA_RECORD_SEPARATOR("\30");
-static const std::string AGENT_DATA_ALLOW("Allow");
-static const std::string AGENT_DATA_DENY("Deny");
-
-typedef std::vector<std::string> AgentDataVector;
-
-Cynara::PluginData wrapAgentData(const AgentDataVector &data);
-bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data);
-
-} // namespace CynaraTestPlugins
-
-#endif // CYNARA_TEST_PLUGINS_H
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY "cynara-test-plugin-single-policy")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/single-policy/plugin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/single-policy/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling single policy type
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class SinglePolicyPlugin : public BaseCynaraTestPlugin
-{
-public:
- SinglePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::SINGLE_POLICY) {}
- virtual ~SinglePolicyPlugin() {}
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new SinglePolicyPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT "cynara-test-plugin-test-agent")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/test-agent/plugin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/test-agent/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling communication with test-agent
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class TestAgentPlugin : public BaseCynaraTestPlugin
-{
-public:
- TestAgentPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::TEST_AGENT) {}
- virtual ~TestAgentPlugin() {}
-
- virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- Cynara::PolicyResult &result,
- Cynara::AgentType &requiredAgent,
- Cynara::PluginData &pluginData)
- noexcept
- {
- (void) result;
-
- try {
- requiredAgent = CynaraTestPlugins::TEST_AGENT_TYPE;
- pluginData = CynaraTestPlugins::wrapAgentData({client, user, privilege});
- } catch (...) {
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_NOTREADY;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- const Cynara::PluginData &agentData,
- Cynara::PolicyResult &result)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
-
- try {
- CynaraTestPlugins::AgentDataVector data;
- if (!CynaraTestPlugins::unwrapAgentData(agentData, data))
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
-
- if (data.size() != 1)
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
-
- if (data[0] == CynaraTestPlugins::AGENT_DATA_ALLOW) {
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::ALLOW);
- return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
- }
- else if (data[0] == CynaraTestPlugins::AGENT_DATA_DENY) {
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
- }
- } catch (...) {
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new TestAgentPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.1
- * @brief Tests for libcynara-client and libcynara-admin
- */
-
-#include <cynara_test_commons.h>
-
-#include <tests_common.h>
-#include <cynara_test_client.h>
-#include <cynara_test_admin.h>
-#include <cynara_test_env.h>
-#include <plugins.h>
-
-#include <climits>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestClient;
-
-void tc01_cynara_initialize_func()
-{
- Client();
-}
-
-void tc02_admin_initialize_func(bool isOnline)
-{
- Admin admin(isOnline);
-}
-
-void tc03_cynara_check_invalid_params_func()
-{
- Client cynara;
-
- const char *client = "client03";
- const char *user = "user03";
- const char *privilege = "privilege03";
- const char *session = "session03";
-
- cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
-}
-
-void checkInvalidPolicy(Admin &admin,
- const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra)
-{
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, privilege, result, resultExtra);
-
- admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
-}
-
-void tc04_admin_set_policies_invalid_params_func(bool isOnline)
-{
- Admin admin(isOnline);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client04";
- const char *user = "user04";
- const char *privilege = "privilege04";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultBucket = CYNARA_ADMIN_BUCKET;
- const int resultNone = CYNARA_ADMIN_NONE;
- const char *resultExtra = nullptr;
-
- checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
-}
-
-void tc05_admin_set_bucket_invalid_params_func(bool isOnline)
-{
- Admin admin(isOnline);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const int operationAllow = CYNARA_ADMIN_ALLOW;
- const int operationDelete = CYNARA_ADMIN_DELETE;
- const int operationNone = CYNARA_ADMIN_NONE;
- const char *extra = nullptr;
-
- admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM);
- admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM);
- admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
- admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
-}
-
-void tc06_cynara_check_empty_admin1_func()
-{
- Client cynara;
-
- const char *client = "client06_1";
- const char *session = "session06_1";
- const char *user = "user06_1";
- const char *privilege = "privilege06_1";
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc06_cynara_check_empty_admin2_func()
-{
- Client cynara;
-
- const char *client = CYNARA_ADMIN_WILDCARD;
- const char *session = "session06_2";
- const char *user = CYNARA_ADMIN_WILDCARD;
- const char *privilege = CYNARA_ADMIN_WILDCARD;
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc07_admin_set_bucket_admin_allow_deny_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client07";
- const char *session = "session07";
- const char *user = "user07";
- const char *privilege = "privilege07";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove1_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_1";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_1_a", "user08_1_a", "privilege08_1_a" },
- { "client08_1_b", "user08_1_b", "privilege08_1_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove2_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_2";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_2_a", "user08_2_a", "privilege08_2_a" },
- { "client08_2_b", "user08_2_b", "privilege08_2_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // delete first, allow second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove3_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_3";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_3_a", "user08_3_a", "privilege08_3_a" },
- { "client08_3_b", "user08_3_b", "privilege08_3_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first and second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete first and second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void checkAllDeny(const std::vector< std::vector<const char *> > &data,
- const char *session)
-{
- Client cynara;
-
- for (auto it = data.begin(); it != data.end(); ++it) {
- RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
- }
-
- for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
- for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
- for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
- cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
- }
- }
- }
-}
-
-void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
-{
- RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
- for (auto it = data.begin(); it != data.end(); ++it) {
- RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
- }
-}
-
-void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
- const char *session)
-{
- Client cynara;
-
- checkSingleWildcardData(data);
-
- for (size_t c = 0; c < data.size(); ++c) {
- for (size_t u = 0; u < data.size(); ++u) {
- for (size_t p = 0; p < data.size(); ++p) {
- if ((u == 0 && p == 0)
- || (c == 1 && p == 1)
- || (c == 2 && u == 2)) {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
- } else {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
- }
- }
- }
- }
-}
-
-void setSingleWildcardPolicies(const char *bucket,
- const std::vector< std::vector<const char *> > &data,
- const int result, const char* resultExtra, bool isOnline)
-{
- Admin admin(isOnline);
- CynaraPoliciesContainer cp;
-
- checkSingleWildcardData(data);
-
- cp.add(bucket,
- CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
- result, resultExtra);
- cp.add(bucket,
- data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
- result, resultExtra);
- cp.add(bucket,
- data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
- result, resultExtra);
-
- admin.setPolicies(cp);
-}
-
-void tc09_admin_set_policies_wildcard_accesses_func(bool isOnline)
-{
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session09";
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client09_a", "user09_a", "privilege09_a" },
- { "client09_b", "user09_b", "privilege09_b" },
- { "client09_c", "user09_c", "privilege09_c" }
- };
-
- checkAllDeny(data, session);
-
- setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra, isOnline);
-
- checkSingleWildcardAllowRestDeny(data, session);
-
- setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra, isOnline);
-
- checkAllDeny(data, session);
-}
-
-void tc10_admin_change_extra_bucket_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket10";
- const char *session = "session10";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
-
- const std::vector< std::vector<const char *> > data = {
- { "client10_a", "user10_a", "privilege10_a" },
- { "client10_b", "user10_b", "privilege10_b" }
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- data[0][0], data[0][1], data[0][2],
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- data[0][0], data[0][1], data[0][2],
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
-}
-
-void tc11_admin_bucket_not_found_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket11";
- const char *client = "client11";
- const char *session = "session11";
- const char *user = "user11";
- const char *privilege = "privilege11";
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc12_admin_delete_bucket_with_policies_pointing_to_it_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket12";
- const char *client = "client12";
- const char *session = "session12";
- const char *user = "user12";
- const char *privilege = "privilege12";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc13_admin_set_policies_to_extra_bucket_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket13";
- const char *client = "client13";
- const char *session = "session13";
- const char *user = "user13";
- const char *privilege = "privilege13";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc14_admin_set_policies_integrity_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket14";
- const char *client = "client14";
- const char *session = "session14";
- const char *user = "user14";
- const char *privilege = "privilege14";
- const char *extraResult = nullptr;
-
- {
- Client cynara;
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
- }
-
- {
- Admin admin(isOnline);
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
- }
-
- {
- Client cynara;
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
- }
-}
-
-void tc15_admin_set_bucket_admin_none1_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_1";
- const char *client = "client15_1";
- const char *session = "session15_1";
- const char *user = "user15_1";
- const char *privilege = "privilege15_1";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc15_admin_set_bucket_admin_none2_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_2";
- const char *client = "client15_2";
- const char *session = "session15_2";
- const char *user = "user15_2";
- const char *privilege = "privilege15_2";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc15_admin_set_bucket_admin_none3_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_3";
- const char *client = "client15_3";
- const char *session = "session15_3";
- const char *user = "user15_3";
- const char *privilege = "privilege15_3";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucketDefault,
- client, user, CYNARA_ADMIN_WILDCARD,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc16_admin_check_single_bucket_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client16";
- const char *user = "user16";
- const char *privilege = "privilege16";
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
-
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc17_admin_check_nested_bucket_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket17";
- const char *client = "client17";
- const char *user = "user17";
- const char *privilege = "privilege17";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc18_admin_check_multiple_matches_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client18";
- const char *user = "user18";
- const char *privilege = "privilege18";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
-
- auto check = [&](int expected_result)
- {
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- expected_result, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- expected_result, nullptr, CYNARA_API_SUCCESS);
- };
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DENY, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-}
-
-void tc19_admin_check_none_bucket_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket1 = "bucket19_a";
- const char *bucket2 = "bucket19_b";
- const char *client = "client19";
- const char *user = "user19";
- const char *privilege = "privilege19";
- const char *extra = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
- admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
- admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket1);
- cp.add(bucket1,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket2);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc20_admin_list_empty_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket20";
- const char *client = "client20";
- const char *user = "user20";
- const char *privilege = "privilege20";
- const char *extra = nullptr;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- CynaraPoliciesContainer emptyPolicies;
-
- admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies);
-}
-
-void tc21_admin_list_no_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket21";
- const char *notExistingBucket = "not_existing_bucket21";
- const char *client = "client21";
- const char *user = "user21";
- const char *privilege = "privilege21";
- const char *extra = nullptr;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- CynaraPoliciesContainer emptyPolicies;
-
- admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies,
- CYNARA_API_BUCKET_NOT_FOUND);
-}
-
-void tc22_admin_list_bucket_func(bool isOnline)
-{
- const char *bucket = "bucket22";
- const char *emptyBucket = "empty_bucket22";
- const char *client = "client22";
- const char *user = "user22";
- const char *privilege = "privilege22";
- const char *client2 = "client22_2";
- const char *user2 = "user22_2";
- const char *privilege2 = "privilege22_2";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
-
- const char *extra = nullptr;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.setPolicies(cp);
- }
-
- CynaraPoliciesContainer expectedPolicies;
- expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
-
- admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
-}
-
-void tc23_admin_erase_empty_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket23";
- const char *client = "client23";
- const char *user = "user23";
- const char *privilege = "privilege23";
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- admin.erasePolicies(emptyBucket, recursive, client, user, privilege);
-}
-
-void tc24_admin_erase_no_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket24";
- const char *notExistingBucket = "not_existing_bucket24";
- const char *client = "client24";
- const char *user = "user24";
- const char *privilege = "privilege24";
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- admin.erasePolicies(notExistingBucket, recursive, client, user, privilege,
- CYNARA_API_BUCKET_NOT_FOUND);
-}
-
-void tc25_admin_erase_single_bucket_func(bool isOnline)
-{
- const char *bucket = "bucket25";
- const char *emptyBucket = "empty_bucket25";
- const char *client = "client25";
- const char *user = "user25";
- const char *privilege = "privilege25";
- const char *client2 = "client25_2";
- const char *user2 = "user25_2";
- const char *privilege2 = "privilege25_2";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, client, wildcard, any);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- // WAS ERASED (bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- // WAS ERASED (bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- // WAS ERASED (bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- admin.listPolicies(emptyBucket, any, any, any, expPolicies);
- }
-}
-
-void tc26_admin_erase_recursive_not_linked_buckets_func(bool isOnline)
-{
- const char *bucket = "bucket26";
- const char *subBucket = "sub_bucket26";
- const char *client = "client26";
- const char *user = "user26";
- const char *privilege = "privilege26";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc27_admin_erase_recursive_linked_buckets_func(bool isOnline)
-{
- const char *bucket = "bucket27";
- const char *subBucket = "sub_bucket27";
- const char *client = "client27";
- const char *user = "user27";
- const char *privilege = "privilege27";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc28_admin_erase_non_recursive_linked_buckets_func(bool isOnline)
-{
- const char *bucket = "bucket28";
- const char *subBucket = "sub_bucket28";
- const char *client = "client28";
- const char *user = "user28";
- const char *privilege = "privilege28";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 0;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc29_admin_erase_recursive_from_sub_bucket_func(bool isOnline)
-{
- const char *bucket = "bucket29";
- const char *subBucket = "sub_bucket29";
- const char *client = "client29";
- const char *user = "user29";
- const char *privilege = "privilege29";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(subBucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void testPlugins(const std::vector<std::string> &plugins, bool isOnline)
-{
- using namespace CynaraTestPlugins;
-
- DirectoryPaths paths;
- Descriptions expectedDescriptions(POLICY_DESCRIPTIONS.at(DEFAULT_POLICY));
-
- for (auto &plugin : plugins) {
- paths.push_back(TEST_PLUGIN_PATH + plugin);
-
- const Descriptions &pluginDescriptions = POLICY_DESCRIPTIONS.at(plugin);
- expectedDescriptions.insert(expectedDescriptions.end(),
- pluginDescriptions.begin(), pluginDescriptions.end());
- }
-
- loadServicePlugins(paths);
-
- Admin admin(isOnline);
- admin.listPoliciesDescriptions(expectedDescriptions);
-}
-
-void tc30_admin_list_descriptions_no_plugins_func(bool isOnline)
-{
- testPlugins({}, isOnline);
-}
-
-void tc31_admin_list_descriptions_1_plugin_single_policy_func(bool isOnline)
-{
- testPlugins({CynaraTestPlugins::SINGLE_POLICY}, isOnline);
-}
-
-void tc32_admin_list_descriptions_1_plugin_multiple_policy_func(bool isOnline)
-{
- testPlugins({CynaraTestPlugins::MULTIPLE_POLICY}, isOnline);
-}
-
-void tc33_admin_list_descriptions_multiple_plugins_func(bool isOnline)
-{
- testPlugins({CynaraTestPlugins::SINGLE_POLICY,
- CynaraTestPlugins::MULTIPLE_POLICY}, isOnline);
-}
-
-#define ONLINE(Proc) \
- RUNNER_TEST(Proc##_online, CynaraTestEnv) \
- { \
- Proc##_func(true); \
- }
-
-#define OFFLINE(Proc) \
- RUNNER_TEST(Proc##_offline, CynaraTestEnv) \
- { \
- Proc##_func(false); \
- }
-
-RUNNER_TEST_GROUP_INIT(cynara_tests_online)
-
-RUN_CYNARA_TEST(tc01_cynara_initialize)
-ONLINE(tc02_admin_initialize)
-RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
-ONLINE(tc04_admin_set_policies_invalid_params)
-ONLINE(tc05_admin_set_bucket_invalid_params)
-RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
-RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
-ONLINE(tc07_admin_set_bucket_admin_allow_deny)
-ONLINE(tc08_admin_set_policies_allow_remove1)
-ONLINE(tc08_admin_set_policies_allow_remove2)
-ONLINE(tc08_admin_set_policies_allow_remove3)
-ONLINE(tc09_admin_set_policies_wildcard_accesses)
-ONLINE(tc10_admin_change_extra_bucket)
-ONLINE(tc11_admin_bucket_not_found)
-ONLINE(tc12_admin_delete_bucket_with_policies_pointing_to_it)
-ONLINE(tc13_admin_set_policies_to_extra_bucket)
-ONLINE(tc14_admin_set_policies_integrity)
-ONLINE(tc15_admin_set_bucket_admin_none1)
-ONLINE(tc15_admin_set_bucket_admin_none2)
-ONLINE(tc15_admin_set_bucket_admin_none3)
-ONLINE(tc16_admin_check_single_bucket)
-ONLINE(tc17_admin_check_nested_bucket)
-ONLINE(tc18_admin_check_multiple_matches)
-ONLINE(tc19_admin_check_none_bucket)
-ONLINE(tc20_admin_list_empty_bucket)
-ONLINE(tc21_admin_list_no_bucket)
-ONLINE(tc22_admin_list_bucket)
-ONLINE(tc23_admin_erase_empty_bucket)
-ONLINE(tc24_admin_erase_no_bucket)
-ONLINE(tc25_admin_erase_single_bucket)
-ONLINE(tc26_admin_erase_recursive_not_linked_buckets)
-ONLINE(tc27_admin_erase_recursive_linked_buckets)
-ONLINE(tc28_admin_erase_non_recursive_linked_buckets)
-ONLINE(tc29_admin_erase_recursive_from_sub_bucket)
-ONLINE(tc30_admin_list_descriptions_no_plugins)
-ONLINE(tc31_admin_list_descriptions_1_plugin_single_policy)
-ONLINE(tc32_admin_list_descriptions_1_plugin_multiple_policy)
-ONLINE(tc33_admin_list_descriptions_multiple_plugins)
-
-
-RUNNER_TEST_GROUP_INIT(cynara_tests_offline)
-
-OFFLINE(tc02_admin_initialize)
-OFFLINE(tc04_admin_set_policies_invalid_params)
-OFFLINE(tc05_admin_set_bucket_invalid_params)
-OFFLINE(tc07_admin_set_bucket_admin_allow_deny)
-OFFLINE(tc08_admin_set_policies_allow_remove1)
-OFFLINE(tc08_admin_set_policies_allow_remove2)
-OFFLINE(tc08_admin_set_policies_allow_remove3)
-OFFLINE(tc09_admin_set_policies_wildcard_accesses)
-OFFLINE(tc10_admin_change_extra_bucket)
-OFFLINE(tc11_admin_bucket_not_found)
-OFFLINE(tc12_admin_delete_bucket_with_policies_pointing_to_it)
-OFFLINE(tc13_admin_set_policies_to_extra_bucket)
-OFFLINE(tc14_admin_set_policies_integrity)
-OFFLINE(tc15_admin_set_bucket_admin_none1)
-OFFLINE(tc15_admin_set_bucket_admin_none2)
-OFFLINE(tc15_admin_set_bucket_admin_none3)
-OFFLINE(tc16_admin_check_single_bucket)
-OFFLINE(tc17_admin_check_nested_bucket)
-OFFLINE(tc18_admin_check_multiple_matches)
-OFFLINE(tc19_admin_check_none_bucket)
-OFFLINE(tc20_admin_list_empty_bucket)
-OFFLINE(tc21_admin_list_no_bucket)
-OFFLINE(tc22_admin_list_bucket)
-OFFLINE(tc23_admin_erase_empty_bucket)
-OFFLINE(tc24_admin_erase_no_bucket)
-OFFLINE(tc25_admin_erase_single_bucket)
-OFFLINE(tc26_admin_erase_recursive_not_linked_buckets)
-OFFLINE(tc27_admin_erase_recursive_linked_buckets)
-OFFLINE(tc28_admin_erase_non_recursive_linked_buckets)
-OFFLINE(tc29_admin_erase_recursive_from_sub_bucket)
-OFFLINE(tc30_admin_list_descriptions_no_plugins)
-OFFLINE(tc31_admin_list_descriptions_1_plugin_single_policy)
-OFFLINE(tc32_admin_list_descriptions_1_plugin_multiple_policy)
-OFFLINE(tc33_admin_list_descriptions_multiple_plugins)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file test_cases_agent.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @author Radoslaw Bartosiak <r.bartosiak@samsung.com>
- * @version 1.0
- * @brief Tests for libcynara-agent
- */
-
-#include <chrono>
-#include <string>
-
-#include <cynara-error.h>
-#include <cynara-admin-types.h>
-#include <cynara-client-async.h>
-
-#include <dpl/test/test_runner.h>
-#include <cynara_test_admin.h>
-#include <cynara_test_agent.h>
-#include <cynara_test_agent_request.h>
-#include <cynara_test_agent_response.h>
-#include <cynara_test_client_async_client.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_env.h>
-#include <service_manager.h>
-#include <timeout.h>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestAgent;
-using namespace CynaraTestClientAsync;
-using namespace CynaraTestPlugins;
-
-void loadAgentPlugin()
-{
- DirectoryPaths paths;
- paths.push_back(TEST_PLUGIN_PATH + TEST_AGENT);
- loadServicePlugins(paths);
-}
-
-void setAgentPolicy(int expectedResult = CYNARA_API_SUCCESS)
-{
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *extra = nullptr;
-// collection of policy descriptions defined by plugin that causes use of TestAgent
- auto testAgentPolicies = POLICY_DESCRIPTIONS.at(TEST_AGENT);
-// any policy type from above collection
- auto policyType = testAgentPolicies[0].type;
-
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, policyType, extra);
-
- Admin admin;
- admin.setPolicies(cp, expectedResult);
-}
-
-void getAgentRequest(Agent &agent, AgentRequest &request, Client &client,
- int expectedResult = CYNARA_API_SUCCESS,
- Timeout::ExpectMode expectTimeoutMode = Timeout::ExpectMode::TIMEOUT)
-{
- auto timeLimit = std::chrono::seconds(2);
- auto hangOnGetRequest = [&agent, &request, &expectedResult]() {
- agent.getRequest(request, expectedResult);
- };
- Timeout::CancelFunction sendClientRequest = [&client]() {
- client.process();
- client.assertStatus(READ);
- };
-
- Timeout::callAndWait(timeLimit, expectTimeoutMode,
- sendClientRequest, hangOnGetRequest);
-}
-
-void tcag01_set_agent_type_policy_without_plugin_func()
-{
- loadServicePlugins(DirectoryPaths());
- setAgentPolicy(CYNARA_API_INVALID_PARAM);
-}
-
-void tcag02_set_agent_type_policy_with_plugin_loaded_func()
-{
- loadAgentPlugin();
- setAgentPolicy();
-}
-
-void tcag03_check_with_no_agent_func()
-{
- std::string testNo("03");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tcag04_agent_initialize_func()
-{
- Agent();
-}
-
-void tcag05_agent_request_timeout_func()
-{
- Agent agent;
- AgentRequest request;
-
- auto testTimeLimit = std::chrono::seconds(2);
- auto hangOnGetRequest = [&agent, &request]() {
- agent.getRequest(request, CYNARA_API_SERVICE_NOT_AVAILABLE);
- };
-
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT,
- restartCynaraServiceAndSockets, hangOnGetRequest);
-}
-
-void tcag06_check_with_unregistered_agent_func()
-{
- std::string testNo("06");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
-
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tcag07_get_request_func()
-{
- std::string testNo("07");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
-
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id()));
- client.process();
-}
-
-void tcag08_get_request_and_respond_with_wrong_id_func()
-{
- std::string testNo("08");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_SUCCESS,
- CYNARA_CALL_CAUSE_FINISH};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id() + 1));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_TIMEOUT, 2);
-}
-
-void tcag09_get_request_and_correct_responded_id_func()
-{
- std::string testNo("09");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id() + 1));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_TIMEOUT, 2);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id()));
- client.process();
-}
-
-void tcag10_cancel_request_func()
-{
- std::string testNo("10");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
-
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- client.cancel(id);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertCancel();
- agent.putResponse(AgentResponse::createCancel(id));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
-}
-
-void tcag11_cancel_processed_request_func()
-{
- std::string testNo("11");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
-
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createCancel(id));
- client.cancel(id);
- // we do not expect getting the cancel request in the agent
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SERVICE_NOT_AVAILABLE, Timeout::ExpectMode::TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
-}
-
-void tcag12_create_two_requests_func()
-{
- std::string testNo("12");
- CheckData data1(testNo, 1), data2(testNo, 2);
- cynara_check_id id1, id2;
- RequestEntity callbackData1 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest1, agentRequest2, agentRequest3;
- Client client;
- client.createRequest(data1, id1, callbackData1);
- client.assertStatus(READWRITE);
- client.createRequest(data2, id2, callbackData2);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest1), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest2), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::IGNORE);
- client.cancel(id2);
- client.assertStatus(READWRITE);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest3), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest1.assertAction(data1.m_client, data1.m_user, data1.m_privilege);
- agentRequest2.assertAction(data2.m_client, data2.m_user, data2.m_privilege);
- agentRequest3.assertCancel();
-
- agent.putResponse(AgentResponse::createDeny(id1));
- agent.putResponse(AgentResponse::createCancel(id2));
-
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 3);
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::IGNORE_TIMEOUT, 1);
-}
-
-void tcag13_create_many_requests_func()
-{
- const int numberOfRequests = 4;
- std::string testNo("13");
- cynara_check_id ids[numberOfRequests];
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequests[numberOfRequests];
- Client client;
- for (int i = 0; i < numberOfRequests; i++) {
- CheckData data(testNo, i);
- client.createRequest(data, ids[i], callbackData);
- client.assertStatus(READWRITE);
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequests[i]), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequests[i].assertAction(data.m_client, data.m_user, data.m_privilege);
- };
- for (int i = numberOfRequests - 1; i >= 0; i--) {
- agent.putResponse(AgentResponse::createDeny(ids[i]));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
- }
-}
-
-void tcag14_client_disconnects_func()
-{
- std::string testNo("14");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_FINISH};
-
- loadAgentPlugin();
- setAgentPolicy();
- Agent agent;
- AgentRequest agentRequest;
- auto testTimeLimit = std::chrono::seconds(5);
- {
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- };
- auto getAgentRequestWrap = [&agent, &agentRequest]() {
- agent.getRequest(agentRequest, CYNARA_API_SUCCESS);
- };
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequestWrap);
- agentRequest.assertCancel();
-}
-
-void tcag15_agent_disconnects_func()
-{
- std::string testNo("15");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
- AgentRequest agentRequest;
- {
- Agent agent;
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- };
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_agent_tests)
-
-RUN_CYNARA_TEST(tcag01_set_agent_type_policy_without_plugin)
-RUN_CYNARA_TEST(tcag02_set_agent_type_policy_with_plugin_loaded)
-RUN_CYNARA_TEST(tcag03_check_with_no_agent)
-RUN_CYNARA_TEST(tcag04_agent_initialize)
-RUN_CYNARA_TEST(tcag05_agent_request_timeout)
-RUN_CYNARA_TEST(tcag06_check_with_unregistered_agent)
-RUN_CYNARA_TEST(tcag07_get_request)
-RUN_CYNARA_TEST(tcag08_get_request_and_respond_with_wrong_id)
-RUN_CYNARA_TEST(tcag09_get_request_and_correct_responded_id)
-RUN_CYNARA_TEST(tcag10_cancel_request)
-RUN_CYNARA_TEST(tcag11_cancel_processed_request)
-RUN_CYNARA_TEST(tcag12_create_two_requests)
-RUN_CYNARA_TEST(tcag13_create_many_requests)
-RUN_CYNARA_TEST(tcag14_client_disconnects)
-RUN_CYNARA_TEST(tcag15_agent_disconnects)
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases_async.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Tests for libcynara-client-async
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_client_async_client.h>
-
-#include <service_manager.h>
-#include <dpl/test/test_runner.h>
-
-#include <cynara-client-async.h>
-
-#include <cstdint>
-#include <unistd.h>
-
-using namespace CynaraTestClientAsync;
-using namespace CynaraTestAdmin;
-
-void tca01_initialize_func()
-{
- Client client;
-}
-
-void tca02_empty_cache_miss_func()
-{
- std::string testNo("02");
- Client client;
-
- client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
- client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
-}
-
-void tca03_create_max_requests_func()
-{
- std::string testNo("03");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(), 0, CYNARA_CALL_CAUSE_FINISH};
-
- Client client;
-
- for (auto i = 0; i <= UINT16_MAX; ++i) {
- client.createRequest({testNo, i}, id, callbackData, CYNARA_API_SUCCESS);
- client.assertStatus(READWRITE);
- }
-
- client.createRequest({testNo}, id, callbackData, CYNARA_API_MAX_PENDING_REQUESTS);
- client.assertStatus(READWRITE);
-}
-
-void tca04_request_and_process_func()
-{
- std::string testNo("04");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- Client client;
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel1_func()
-{
- std::string testNo("05");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- //send request and cancel
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel2_func()
-{
- std::string testNo("05");
- int subtest = 2;
- cynara_check_id id1, id2;
- Client client;
-
- RequestEntity callbackData1 = {[&]()->void {client.cancel(id2);},
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- client.createRequest({testNo, subtest}, id1, callbackData1);
- client.createRequest({testNo, subtest}, id2, callbackData2);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel3_func()
-{
- std::string testNo("05");
- int subtest = 3;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.cancel(id, CYNARA_API_INVALID_PARAM);
-}
-
-void tca06_cancel_fail_func()
-{
- cynara_check_id id = 0xDEAD;
-
- Client client;
-
- client.cancel(id, CYNARA_API_INVALID_PARAM);
-}
-
-void tca07_request_with_data_insertion_func()
-{
- std::string testNo("07");
- Admin admin;
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- CheckData data[2] = {{testNo, 1}, {testNo, 2}};
- RequestEntity callbackAllow = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackDeny = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- cynara_check_id id;
- Client client;
-
- client.checkCache(data[0], CYNARA_API_CACHE_MISS);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- client.createRequest(data[0], id, callbackDeny);
- client.assertStatus(READWRITE);
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.checkCache(data[0], CYNARA_API_ACCESS_DENIED);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0].toAdminPolicy(), resultAllow);
- admin.setPolicies(cp);
- }
-
- client.checkCache(data[0], CYNARA_API_CACHE_MISS);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- client.createRequest(data[0], id, callbackAllow);
- client.assertStatus(READWRITE);
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.checkCache(data[0], CYNARA_API_ACCESS_ALLOWED);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-}
-
-void tca08_disconnect1_func()
-{
- std::string testNo("08");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- restartCynaraServiceAndSockets();
-
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca08_disconnect2_func()
-{
- std::string testNo("08");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- restartCynaraServiceAndSockets();
-
- client.process();
- client.assertStatus(READ);
-
- restartCynaraServiceAndSockets();
-
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca08_disconnect3_func()
-{
- std::string testNo("08");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {restartCynaraServiceAndSockets,
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.assertStatus(READ);
-
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca09_disconnect_and_cancel1_func()
-{
- std::string testNo("09");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- restartCynaraServiceAndSockets();
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- //send cancel
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-}
-
-void tca09_disconnect_and_cancel2_func()
-{
- std::string testNo("09");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- restartCynaraServiceAndSockets();
-
- //handle reconnect
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::EXPECT_TIMEOUT);
- client.assertStatus(READ);
-}
-
-void tca10_double_request_func()
-{
- std::string testNo("10");
- cynara_check_id id, id2;
- Client client;
-
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- RequestEntity callbackData = {[&](){client.createRequest({testNo}, id2, callbackData2);},
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca11_double_request_with_restart_func()
-{
- std::string testNo("11");
- cynara_check_id id, id2;
- Client client;
-
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- RequestEntity callbackData = {[&](){
- restartCynaraServiceAndSockets();
- client.createRequest({testNo}, id2, callbackData2);
- },
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca12_multiple_connections_without_requests_func()
-{
- std::string testNo("12");
-
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_FINISH};
-
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- pid_t before = serviceManager.getServicePid();
- timeval beforeTimestamp = serviceManager.getServiceStartTimestamp();
-
- for (int i = 0; i < 10; ++i)
- {
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
- }
-
-//wait until cynara possibly restarts
- sleep(3);
-
- pid_t after = serviceManager.getServicePid();
- timeval afterTimestamp = serviceManager.getServiceStartTimestamp();
- RUNNER_ASSERT_MSG(after != 0,
- "cynara service not running. After = " << after << ".");
- RUNNER_ASSERT_MSG(before == after
- && beforeTimestamp.tv_sec == afterTimestamp.tv_sec
- && beforeTimestamp.tv_usec == afterTimestamp.tv_usec,
- "cynara service was restarted during the test. Before pid / timestamp = "
- << before << " / " << beforeTimestamp.tv_sec << "."
- << beforeTimestamp.tv_usec << " and after pid / timestamp = "
- << after << " / " << afterTimestamp.tv_sec << "."
- << afterTimestamp.tv_usec);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_async_tests)
-
-RUN_CYNARA_TEST(tca01_initialize)
-RUN_CYNARA_TEST(tca02_empty_cache_miss)
-RUN_CYNARA_TEST(tca03_create_max_requests)
-RUN_CYNARA_TEST(tca04_request_and_process)
-RUN_CYNARA_TEST(tca05_request_and_cancel1)
-RUN_CYNARA_TEST(tca05_request_and_cancel2)
-RUN_CYNARA_TEST(tca05_request_and_cancel3)
-RUN_CYNARA_TEST(tca06_cancel_fail)
-RUN_CYNARA_TEST(tca07_request_with_data_insertion)
-RUN_CYNARA_TEST(tca08_disconnect1)
-RUN_CYNARA_TEST(tca08_disconnect2)
-RUN_CYNARA_TEST(tca08_disconnect3)
-RUN_CYNARA_TEST(tca09_disconnect_and_cancel1)
-RUN_CYNARA_TEST(tca09_disconnect_and_cancel2)
-RUN_CYNARA_TEST(tca10_double_request)
-RUN_CYNARA_TEST(tca11_double_request_with_restart)
-RUN_CYNARA_TEST(tca12_multiple_connections_without_requests)
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file test_cases_db.cpp
- * @author Pawel Wieczorek <p.wieczorek2@samsung.com>
- * @version 0.1
- * @brief Tests for Cynara's mechanism assuring integrity of database
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_client.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_env.h>
-#include <dpl/test/test_runner.h>
-#include <sys/smack.h>
-
-#include <service_manager.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <fstream>
-#include <glob.h>
-#include <iterator>
-#include <memory.h>
-#include <set>
-#include <string>
-#include <unistd.h>
-#include <vector>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestClient;
-
-namespace
-{
-
-const std::string defDb("default");
-const std::string defDbAllow("defaultAllowed");
-const std::string nonEmptyDb("nonEmptyDatabase");
-const std::string cynaraTestPatternsPath("/etc/security-tests/db_patterns/");
-const std::string directoryWildcard("/*");
-const char directorySeparator('/');
-
-void createDbFile(const std::string &filename)
-{
- int fileFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), 0000));
- RUNNER_ASSERT_ERRNO_MSG(fileFd > 0, "Creating " << filename << " file failed");
- FdUniquePtr fileFdPtr(&fileFd);
-
- int ret = smack_fsetlabel(fileFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
-}
-
-void deleteDbFile(const std::string &filename)
-{
- RUNNER_ASSERT_ERRNO_MSG(!unlink(filename.c_str()), "Unable to unlink " << filename << " file");
-}
-
-bool unordered_files_match(const std::string &patternFilePath, const std::string &resultFilePath) {
- std::ifstream patternFile(patternFilePath, std::ifstream::in | std::ifstream::binary);
- std::ifstream resultFile(resultFilePath, std::ifstream::in | std::ifstream::binary);
-
- RUNNER_ASSERT_MSG(patternFile.is_open(), "Failed to open " << patternFile << ".");
- RUNNER_ASSERT_MSG(resultFile.is_open(), "Failed to open " << resultFile << ".");
-
- auto patternRecords = std::multiset<std::string>(std::istream_iterator<std::string>(patternFile),
- std::istream_iterator<std::string>());
-
- auto resultRecords = std::multiset<std::string>(std::istream_iterator<std::string>(resultFile),
- std::istream_iterator<std::string>());
-
- return patternRecords == resultRecords;
-}
-
-size_t glob_count(const std::string &source, const std::string &wildcard) {
- //for counting files in directory
- glob_t globbuf;
- std::string pattern = source + wildcard;
-
- //for freeing allocated memory
- GlobPtr globbufPtr(&globbuf);
-
- //actually count files in directory - including dotfiles
- RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf),
- "Failed to search for requested pathnames in " << source << ".");
-
- return globbuf.gl_pathc;
-}
-
-size_t db_files_count(const std::string &source) {
- size_t dbFilesCount = 0;
-
- //database directory must not be empty
- RUNNER_ASSERT_MSG(0 != (dbFilesCount = glob_count(source, directoryWildcard)),
- "Unexpected condition: " << source << " was empty.");
-
- return dbFilesCount;
-}
-
-const std::set<std::string> dump_glob_filenames(const glob_t &globbuf) {
- std::set<std::string> set;
-
- for (unsigned i = 0; i < globbuf.gl_pathc; ++i) {
- std::string filename(globbuf.gl_pathv[i]);
- set.insert(filename.substr(filename.find_last_of(directorySeparator)+1));
- }
-
- return set;
-}
-
-const std::set<std::string> glob_filenames(const std::string &source, const std::string &wildcard) {
- //for finding files matching pattern in directory
- glob_t globbuf;
- std::string pattern = source + wildcard;
-
- //for freeing allocated memory
- GlobPtr globbufPtr(&globbuf);
-
- //actually find files matching pattern in directory - including dotfiles
- RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf),
- "Failed to search for requested pathnames in " << source << ".");
-
- return dump_glob_filenames(globbuf);
-}
-
-const std::set<std::string> db_files_pathnames(const std::string &source) {
- return glob_filenames(source, directoryWildcard);
-}
-
-std::ostream& operator<<(std::ostream& os, const std::set<std::string> &set)
-{
- os << "{";
- for (const auto &item : set) {
- os << " " << item;
- }
- os << " }";
- return os;
-}
-
-void compareDbs(const std::string &source)
-{
- //for accessing files in directory
- std::string patternDir = cynaraTestPatternsPath + source;
- std::string resultDir = CynaraTestConsts::DB_DIR;
- DIR *patternDirPtr = nullptr;
- struct dirent *direntPtr;
-
- size_t patternFileCount = db_files_count(patternDir);
- size_t resultFileCount = db_files_count(resultDir);
-
- //directories do not match if there is different number of files
- RUNNER_ASSERT_MSG(patternFileCount == resultFileCount,
- "No match in database and pattern directory file count: "
- << resultFileCount << " != " << patternFileCount << "." << std::endl
- << "Expected: " << db_files_pathnames(patternDir) << std::endl
- << "Actual: " << db_files_pathnames(resultDir));
-
- //compare files in database directory with pattern directory
- RUNNER_ASSERT_ERRNO_MSG(patternDirPtr = opendir(patternDir.c_str()),
- "Opening " << patternDir << " directory failed");
- DirPtr patternDirScopedPtr(patternDirPtr);
-
- while ((direntPtr = readdir(patternDirPtr)) != nullptr) {
- if (!strcmp(direntPtr->d_name, ".")
- || !strcmp(direntPtr->d_name, ".."))
- continue;
- std::string patternName = patternDir + directorySeparator + direntPtr->d_name;
- std::string resultName = CynaraTestConsts::DB_DIR + directorySeparator + direntPtr->d_name;
-
- //comparing file saved db dir with reference file from patterns dir
- RUNNER_ASSERT_MSG(true == unordered_files_match(patternName, resultName),
- "No match in stored file and pattern file: " << resultName);
- }
-}
-
-} // anonymous namespace
-
-
-/**
- * @brief Lockdown initialization failure caused by fake guard existence
- * @test Expected result: refuse to write data to storage as long as guard file creation fails
- * 1. Create fake guard file with 0000 attributes in policy database
- * 2. Try to make a change (ALLOW) in default bucket (data dump should fail)
- * 3. Delete fake guard file from policy database
- * 4. Retry to make a change (ALLOW) in default bucket (data dump should proceed)
- * 5. Check if database is saved correctly
- */
-void tcdb01_lockdown_init_failure_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto fakeBackupGuard = CynaraTestConsts::DB_DIR + directorySeparator + "guard";
-
- createDbFile(fakeBackupGuard);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
-
- deleteDbFile(fakeBackupGuard);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Failure during writing to backup (before lockdown)
- * @test Expected result: read from primary policy database
- * 1. Write ALLOW to default bucket
- * 2. Check if data is saved correctly
- * 3. Create fake backup file with 0000 attributes in policy database
- * 4. Try to make a change (DENY) in default bucket (data dump should fail)
- * 5. Reload Cynara - policies loaded from default bucket should still be ALLOW
- */
-void tcdb02_write_to_backup_failure_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto fakeBucketDumpFile = CynaraTestConsts::DB_DIR + directorySeparator + "_~";
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- compareDbs(defDbAllow);
-
- createDbFile(fakeBucketDumpFile);
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra, CYNARA_API_OPERATION_FAILED);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Check whether both invalid and valid backup databases are removed
- * @test Expected result: no unnecessary backup files in policy database directory
- * 1. Fail writing to backup database
- * 2. Reload Cynara - policies should be loaded from primary (valid) database
- * 3. Check if all backup files were removed
- * 4. Successfully write changes to database
- * 5. Reload Cynara - policies should be loaded from primary (revalidated) database
- * 6. Check if all backup files were removed
- */
-void tcdb03_invalid_and_valid_backup_removal_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto defaultBucketDumpFile = CynaraTestConsts::DB_DIR + directorySeparator + "_~";
-
- createDbFile(defaultBucketDumpFile);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDb);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Comparison between database modified by Cynara with expected one
- * @test Expected result: no differences between those files
- * 1. Write sample policy to database (and let it save to storage)
- * 2. Compare freshly saved files with samples from test patterns directory
- */
-void tcdb04_dumped_file_binary_comparison_func()
-{
- Admin admin;
- Client cynara;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client";
- const char *user = "user";
- const char *privilege = "privilege";
- const char *extra = nullptr;
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp, CYNARA_API_SUCCESS);
- }
-
- compareDbs(nonEmptyDb);
-}
-
-/**
- * @brief Invalid database files removal
- * @test Expected result: no unnecessary files in policy database directory
- * 1. Fill Cynara's policy database directory with garbage:
- * - Sample backup file which should be removed earlier
- * - Sample bucket file which is not mentioned in index (shouldn't exist at all)
- * - Sample files which don't belong to database
- * 2. Reload Cynara
- * 3. Check if any of mentioned above files still remained
- */
-void tcdb05_non_indexed_files_removal_func()
-{
- std::vector<std::string> filenames = { "_broken-backup~", "_non-indexed-bucket",
- "some-file-that-doesnt-belong-here" };
-
- for (const auto &filename : filenames) {
- auto garbageFilename = CynaraTestConsts::DB_DIR + directorySeparator + filename;
- createDbFile(garbageFilename);
- }
-
- restartCynaraServiceAndSockets();
- compareDbs(defDb);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_db_tests)
-
-RUN_CYNARA_TEST(tcdb01_lockdown_init_failure)
-RUN_CYNARA_TEST(tcdb02_write_to_backup_failure)
-RUN_CYNARA_TEST(tcdb03_invalid_and_valid_backup_removal)
-RUN_CYNARA_TEST(tcdb04_dumped_file_binary_comparison)
-RUN_CYNARA_TEST(tcdb05_non_indexed_files_removal)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file test_cases_helpers.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Tests for cynara-helper-credentials-socket
- */
-
-#include <cstdlib>
-#include <functional>
-#include <string>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <unistd.h>
-
-#include <access_provider.h>
-#include <dpl/test/test_runner.h>
-#include <memory.h>
-#include <synchronization_pipe.h>
-#include <tests_common.h>
-#include <uds.h>
-#include <passwd_access.h>
-
-#include <cynara_test_helpers.h>
-
-class ProcessCredentials {
-public:
- ProcessCredentials() {}
-
- const std::string &label(void) const {
- return m_label;
- }
-
- uid_t uid(void) const {
- return PasswdAccess::uid(APP_USER);
- }
-
- gid_t gid(void) const {
- return PasswdAccess::gid("users");
- }
-
-private:
- std::string m_label = "cynara_helpers";
-};
-
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
-
- return pid;
-}
-
-void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
- const struct ProcessCredentials &peerCredentials) {
- SecurityServer::AccessProvider ap(peerCredentials.label());
- ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
- pipe.claimChildEp();
-
- int sock = UDSHelpers::createServer(&sockaddr);
- SockUniquePtr sockPtr(&sock);
- pipe.post();
- int clientSock = UDSHelpers::acceptClient(sock);
-
- UDSHelpers::waitForDisconnect(clientSock);
-}
-
-typedef std::function<void(int sock, pid_t pid,
- const ProcessCredentials &peerCredentials)> SocketAssertionFn;
-
-void socketTestTemplate(SocketAssertionFn assertion, const std::string &scope) {
- const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_" + scope + ".socket");
- const ProcessCredentials peerCredentials;
-
- SynchronizationPipe pipe;
-
- pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
- std::cref(peerCredentials)));
-
- pipe.claimParentEp();
- pipe.wait();
- int sock = UDSHelpers::createClient(&sockaddr);
- SockUniquePtr sockPtr(&sock);
-
- assertion(sock, pid, peerCredentials);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_creds_socket)
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
- RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
- "Labels don't match ret = " << label.get()
- << "; expected = " << peerCredentials.label());
- }, "tccs01");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs02_socket_credentials_client_pid)
-{
- socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) {
- CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID));
- pid_t clientPid = std::stoi(clientPidStr.get());
- RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
- << "; expected = " << pid);
- }, "tccs02");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_user_uid)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID));
- uid_t uid = std::stoul(uidStr.get());
- RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
- << "; expected = "<< peerCredentials.uid());
- }, "tccs03");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs04_socket_credentials_user_gid)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID));
- gid_t gid = std::stoul(gidStr.get());
- RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
- << "; expected = "<< peerCredentials.gid());
- }, "tccs04");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs05_cynara_creds_socket_pid)
-{
- const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket");
- const ProcessCredentials peerCredentials;
-
- SynchronizationPipe pipe;
- pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
- std::cref(peerCredentials)));
-
- pipe.claimParentEp();
- pipe.wait();
- int sock = UDSHelpers::createClient(&sockaddr);
- SockUniquePtr sockPtr(&sock);
-
- pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock);
- RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
- << "; expected = " << expectedPid);
-}
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Jan Olszak (j.olszak@samsung.com)
-# @author Rafal Krypa (r.krypa@samsung.com)
-# @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-
-SET(TEST_APP_EFL "test-app-efl")
-SET(TEST_APP_WGT "test-app-wgt")
-SET(TEST_APP_OSP "test-app-osp")
-SET(HELLO_TIZEN_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/hello-tizen.cpp
- )
-ADD_EXECUTABLE( ${TEST_APP_EFL} ${HELLO_TIZEN_TEST_SOURCES} )
-INSTALL(TARGETS ${TEST_APP_EFL}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_OSP}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_WGT}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-SET(LPC_TARGET_TEST "libprivilege-control-test")
-
-#dependencies
-PKG_CHECK_MODULES(LPC_TARGET_DEP
- libsmack
- libprivilege-control
- sqlite3
- libtzplatform-config
- REQUIRED
- libiri
- )
-
-#files to compile
-SET(LPC_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/db.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/duplicates.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control-test.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_nosmack.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_incorrect_params.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_stress.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${LPC_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${LPC_TARGET_TEST} ${LPC_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${LPC_TARGET_TEST}
- ${LPC_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- -lcrypt
- )
-
-#place for output file
-INSTALL(TARGETS ${LPC_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-# Test SMACK rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_privilege_control_DIR
- DESTINATION /etc/smack/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac
- DESTINATION /usr/share/privilege-control/
- )
+++ /dev/null
-24567
-75678
+++ /dev/null
-~APP~ test_book_efl r
+++ /dev/null
-56789
-67890
+++ /dev/null
-~APP~ test_book_osp_8 r
-~APP~ test_book_osp_9 w
-~APP~ test_book_osp_10 x
-~APP~ test_book_osp_11 rw
-~APP~ test_book_osp_12 rx
-~APP~ test_book_osp_13 wx
-~APP~ test_book_osp_14 rwx
-~APP~ test_book_osp_15 rwxat
-test_subject_osp_8 ~APP~ r
-test_subject_osp_9 ~APP~ w
-test_subject_osp_10 ~APP~ x
-test_subject_osp_11 ~APP~ rw
-test_subject_osp_12 ~APP~ rx
-test_subject_osp_13 ~APP~ wx
-test_subject_osp_14 ~APP~ rwx
-test_subject_osp_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_1 r
-~APP~ test_book_2 w
-~APP~ test_book_3 x
-~APP~ test_book_4 rw
-~APP~ test_book_5 rx
-~APP~ test_book_6 wx
-~APP~ test_book_7 rwx
-test_subject_1 ~APP~ r
-test_subject_2 ~APP~ w
-test_subject_3 ~APP~ x
-test_subject_4 ~APP~ rw
-test_subject_5 ~APP~ rx
-test_subject_6 ~APP~ wx
-test_subject_7 ~APP~ rwx
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 rw
-~APP~ test_book_12 rx
-~APP~ test_book_13 wx
-~APP~ test_book_14 rwx
-~APP~ test_book_15 rwxat
-test_subject_8 ~APP~ r
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ rw
-test_subject_12 ~APP~ rx
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ rwx
-test_subject_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 w
-~APP~ test_book_12 x
-~APP~ test_book_13 wx
-~APP~ test_book_14 wx
-~APP~ test_book_15 wxat
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ w
-test_subject_12 ~APP~ x
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ wx
-test_subject_15 ~APP~ wxat
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_11 r
-~APP~ test_book_12 r
-~APP~ test_book_14 r
-~APP~ test_book_15 r
-test_subject_8 ~APP~ r
-test_subject_11 ~APP~ r
-test_subject_12 ~APP~ r
-test_subject_14 ~APP~ r
-test_subject_15 ~APP~ r
+++ /dev/null
-34567
-45678
+++ /dev/null
-~APP~ test_book_wgt_8 r
-~APP~ test_book_wgt_9 w
-~APP~ test_book_wgt_10 x
-~APP~ test_book_wgt_11 rw
-~APP~ test_book_wgt_12 rx
-~APP~ test_book_wgt_13 wx
-~APP~ test_book_wgt_14 rwx
-~APP~ test_book_wgt_15 rwxat
-test_subject_wgt_8 ~APP~ r
-test_subject_wgt_9 ~APP~ w
-test_subject_wgt_10 ~APP~ x
-test_subject_wgt_11 ~APP~ rw
-test_subject_wgt_12 ~APP~ rx
-test_subject_wgt_13 ~APP~ wx
-test_subject_wgt_14 ~APP~ rwx
-test_subject_wgt_15 ~APP~ rwxat
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#include <tests_common.h>
-#include <privilege-control.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include <string.h>
-#include "db.h"
-#include "db_sqlite.h"
-#include "duplicates.h"
-
-const std::string DBASE_PATH = tzplatform_mkpath(TZ_SYS_DB, ".rules-db.db3");
-const std::string ALL_APPS ="ALL_APPS";
-
-const int PERMISSION_VOLATILE = 1;
-const int PERMISSION_PERSISTENT = 0;
-
-const int PERMISSION_ENABLED = 1;
-const int PERMISSION_DISABLED = 0;
-
-using std::ostringstream;
-using std::string;
-
-TestLibPrivilegeControlDatabase::TestLibPrivilegeControlDatabase() : m_base(DBASE_PATH)
-{
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_install(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_label(name);
- app_permission(name, ALL_APPS, ALL_APPS, PERMISSION_PERSISTENT, PERMISSION_ENABLED);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_uninstall(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_not_label(name);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_enable_permissions(
- const char* name, app_type_t app_type, const char** perm_list, bool persistent)
-{
- if (!m_base.is_open())
- m_base.open();
-
- string permission_type_name = app_type_name(app_type);
- string permission_group_type_name = app_type_group_name(app_type);
- const int is_volatile = persistent ? PERMISSION_PERSISTENT : PERMISSION_VOLATILE;
- string permission_name;
- int ret;
-
- app_permission(name, permission_type_name, permission_type_name, is_volatile,
- PERMISSION_ENABLED);
-
- int i;
- for (i = 0; perm_list[i] != nullptr; ++i) {
- // Ignore empty lines
- if (strspn(perm_list[i], " \t\n") == strlen(perm_list[i]))
- continue;
-
- ret = base_name_from_perm(perm_list[i], permission_name);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "permission : <" << perm_list[i] <<
- "> cannot be converted to basename (iri parse error)");
- app_permission(name, permission_name, permission_group_type_name, is_volatile,
- PERMISSION_ENABLED);
- }
-}
-
-void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT app_id FROM app "
- "NATURAL JOIN label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 1, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_not_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT label_id FROM label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_permission(const std::string& app_name,
- const std::string& permission_name, const std::string& permission_type_name,
- int is_volatile, int is_enabled)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT * FROM app_permission "
- "INNER JOIN app USING(app_id) "
- "INNER JOIN permission USING(permission_id) "
- "INNER JOIN permission_type USING(permission_type_id)"
- "INNER JOIN label USING(label_id)"
- "WHERE "
- "label.name == '" << app_name << "' "
- "AND app_permission.is_enabled == " << is_enabled << " "
- "AND app_permission.is_volatile == " << is_volatile << " "
- "AND permission.name == '" << permission_name << "' "
- "AND permission_type.type_name == '" << permission_type_name << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DB_H_
-
-#include <privilege-control.h>
-#include "libprivilege-control_test_common.h"
-#include "db_sqlite.h"
-
-/**
- * @class TestLibPrivilegeControlDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestLibPrivilegeControlDatabase
-{
-public:
-/**
- * @brief A constructor
- */
- TestLibPrivilegeControlDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestLibPrivilegeControlDatabase() = default;
-
-/**
- * @brief Method for testing database after "perm_app_install" was run.
- *
- * It checks existence of proper: label, app records and permission for ALL_APPS for installed app.
- *
- * @param name name of installed app
- */
- void test_db_after__perm_app_install(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_uninstall" was run.
- *
- * It checks absence of proper: label for installed app.
- *
- * @param name name of uninstalled app
- */
- void test_db_after__perm_app_uninstall(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_enable_permissions" was run.
- *
- * It checks existence of proper permissions from perm_list and main permission for whole app_type.
- *
- * @param name name of application
- * @param app_type type of application (EFL, WRT, etc. )
- * @param perm_list list of permission to enable
- * @param persistent persistence or volatileness of permissions
- */
- void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type,
- const char** perm_list, bool persistent);
-
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestLibPrivilegeControlDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check existence of label related records for given app.
- *
- * @param app_name name of application
- */
- void app_label(const std::string& app_name);
-
-/**
- * @brief Check absence of label record for given app.
- *
- * @param app_name name of application
- */
- void app_not_label(const std::string& app_name);
-
-/**
- * @brief It checks existence of single permission.
- *
- * @param app_name name of application
- * @param permission_name name of permission
- * @param permission_type_name name of permission type
- * @param is_volatile persistence or volatileness of permissions
- * @param is_enabled permission enable flag
- */
- void app_permission(const std::string& app_name, const std::string& permission_name,
- const std::string& permission_type_name, int is_volatile, int is_enabled);
-};
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#include <stdlib.h>
-#include <iri.h>
-#include <algorithm>
-#include <string>
-#include <set>
-#include <sys/smack.h>
-#ifndef _XOPEN_SOURCE
-#define _XOPEN_SOURCE
-#endif
-#include <unistd.h>
-#include "duplicates.h"
-
-std::string app_type_name(app_type_t app_type)
-{
- switch(app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-std::string app_type_group_name(app_type_t app_type)
-{
- switch (app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-
-/*
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- */
-int base_name_from_perm(const char *perm, std::string& name)
-{
- iri_t *iris = iri_parse(perm);
- if (iris == nullptr || iris->host == nullptr)
- {
- iri_destroy(iris);
- return PC_ERR_INVALID_PARAM;
- }
-
- std::string host_dot;
- std::string host;
- std::string path;
- std::string::size_type pos;
-
- if (iris->path == nullptr)
- {
- path = iris->host;
- }
- else
- {
- path = iris->path;
- host = iris->host;
- pos = host.rfind('.');
- if (pos != std::string::npos)
- {
- host_dot = host.substr(pos + 1) + ".";
- host = host.substr(0, pos);
- }
- }
-
- iri_destroy(iris);
-
- std::replace(path.begin(), path.end(), '/', '.');
-
- name = host_dot + host + path;
-
- return PC_OPERATION_SUCCESS;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-
-#include <string>
-#include <privilege-control.h>
-
-/**
- * @brief Get the permission family type name.
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_name(app_type_t app_type);
-
-/**
- * @brief Get the permission type name
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_group_name(app_type_t app_type);
-
-/**
- * @brief URI to basename conversion
- *
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param perm permission URI
- * @param name created basename
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int base_name_from_perm(const char *perm, std::string& name);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests commons
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-#define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-
-#include <vector>
-#include <string>
-#include <set>
-#include <ftw.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <unistd.h>
-#include <tzplatform_config.h>
-
-// How many open file descriptors should ftw() function use?
-#define FTW_MAX_FDS 16
-
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
-#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-
-#define APP_ID "test_APP"
-#define APPID_DIR "test_APP_ID_dir"
-#define GENERATED_APP_ID "User" // TODO to be replaced in the future
-
-const uid_t TZ_APP_UID = tzplatform_getuid(TZ_USER_NAME);
-const gid_t TZ_APP_GID = tzplatform_getgid(TZ_USER_NAME);
-
-#define PERM_TO_REDEFINE "Test::RedefinePermission"
-#define PERM_SUB_TO_REDEFINE "Test::RedefinePermission::Sub"
-
-#define APP_1 "app_1"
-#define APP_1_DIR "/tmp/app_1"
-
-#define APP_2 "app_2"
-#define APP_2_DIR "/tmp/app_2"
-
-#define APP_TEST "app_test"
-
-#define EFL_APP_ID "hello-tizen"
-
-#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac"
-
-#define OSP_APP_ID "uqNfgEjqc7"
-
-#define WGT_APP_PATH "/usr/bin/test-app-wgt"
-#define OSP_APP_PATH "/usr/bin/test-app-osp"
-#define EFL_APP_PATH "/usr/bin/test-app-efl"
-
-#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
-
-extern const char *USER_APP_ID;
-
-extern const char *PRIVS1[];
-extern const char *PRIVS2[];
-extern const char *PRIVS2_NO_R[];
-extern const char *PRIVS2_R[];
-extern const char *PRIVS2_R_AND_NO_R[];
-
-extern const char *PRIVS_WGT[];
-extern const char *PRIVS_OSP[];
-extern const char *PRIVS_EFL[];
-
-extern const char *PRIV_APPSETTING[];
-extern const char *PRIV_APPSETTING_RULES[];
-
-typedef std::vector< std::vector<std::string> > rules_t;
-
-// Rules from WRT_test_privilege_control_rules1.smack for wgt
-const rules_t rules1 = {
- { USER_APP_ID, "test_book_1", "r" },
- { USER_APP_ID, "test_book_2", "w" },
- { USER_APP_ID, "test_book_3", "x" },
- { USER_APP_ID, "test_book_4", "rw" },
- { USER_APP_ID, "test_book_5", "rx" },
- { USER_APP_ID, "test_book_6", "wx" },
- { USER_APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", USER_APP_ID, "r" },
- { "test_subject_2", USER_APP_ID, "w" },
- { "test_subject_3", USER_APP_ID, "x" },
- { "test_subject_4", USER_APP_ID, "rw" },
- { "test_subject_5", USER_APP_ID, "rx" },
- { "test_subject_6", USER_APP_ID, "wx" },
- { "test_subject_7", USER_APP_ID, "rwx" }
-};
-
-// Rules from WRT_test_privilege_control_rules2.smack
-const rules_t rules2 = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "rw" },
- { USER_APP_ID, "test_book_12", "rx" },
- { USER_APP_ID, "test_book_13", "wx" },
- { USER_APP_ID, "test_book_14", "rwx" },
- { USER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "rw" },
- { "test_subject_12", USER_APP_ID, "rx" },
- { "test_subject_13", USER_APP_ID, "wx" },
- { "test_subject_14", USER_APP_ID, "rwx" },
- { "test_subject_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_no_r = {
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "w" },
- { USER_APP_ID, "test_book_12", "x" },
- { USER_APP_ID, "test_book_13", "x" },
- { USER_APP_ID, "test_book_14", "wx" },
- { USER_APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "w" },
- { "test_subject_12", USER_APP_ID, "x" },
- { "test_subject_13", USER_APP_ID, "x" },
- { "test_subject_14", USER_APP_ID, "wx" },
- { "test_subject_15", USER_APP_ID, "wxat" }
-};
-
-// Rules from test_privilege_control_rules.smack
-// minus WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_r = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_11", "r" },
- { USER_APP_ID, "test_book_12", "r" },
- { USER_APP_ID, "test_book_14", "r" },
- { USER_APP_ID, "test_book_15", "r" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_11", USER_APP_ID, "r" },
- { "test_subject_12", USER_APP_ID, "r" },
- { "test_subject_14", USER_APP_ID, "r" },
- { "test_subject_15", USER_APP_ID, "r" }
-};
-
-// Rules from EFL_test_privilege_control_rules_efl.smack for rpm
-const rules_t rules_efl = {
- { USER_APP_ID, "test_book_efl", "r" }
-};
-
-// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
-const rules_t rules_wgt = {
- { USER_APP_ID, "test_book_wgt_8", "r" },
- { USER_APP_ID, "test_book_wgt_9", "w" },
- { USER_APP_ID, "test_book_wgt_10", "x" },
- { USER_APP_ID, "test_book_wgt_11", "rw" },
- { USER_APP_ID, "test_book_wgt_12", "rx" },
- { USER_APP_ID, "test_book_wgt_13", "wx" },
- { USER_APP_ID, "test_book_wgt_14", "rwx" },
- { USER_APP_ID, "test_book_wgt_15", "rwxat" },
- { "test_subject_wgt_8", USER_APP_ID, "r" },
- { "test_subject_wgt_9", USER_APP_ID, "w" },
- { "test_subject_wgt_10", USER_APP_ID, "x" },
- { "test_subject_wgt_11", USER_APP_ID, "rw" },
- { "test_subject_wgt_12", USER_APP_ID, "rx" },
- { "test_subject_wgt_13", USER_APP_ID, "wx" },
- { "test_subject_wgt_14", USER_APP_ID, "rwx" },
- { "test_subject_wgt_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from OSP_test_privilege_control_rules_osp.smack for osp
-const rules_t rules_osp = {
- { USER_APP_ID, "test_book_osp_8", "r" },
- { USER_APP_ID, "test_book_osp_9", "w" },
- { USER_APP_ID, "test_book_osp_10", "x" },
- { USER_APP_ID, "test_book_osp_11", "rw" },
- { USER_APP_ID, "test_book_osp_12", "rx" },
- { USER_APP_ID, "test_book_osp_13", "wx" },
- { USER_APP_ID, "test_book_osp_14", "rwx" },
- { USER_APP_ID, "test_book_osp_15", "rwxat" },
- { "test_subject_osp_8", USER_APP_ID, "r" },
- { "test_subject_osp_9", USER_APP_ID, "w" },
- { "test_subject_osp_10", USER_APP_ID, "x" },
- { "test_subject_osp_11", USER_APP_ID, "rw" },
- { "test_subject_osp_12", USER_APP_ID, "rx" },
- { "test_subject_osp_13", USER_APP_ID, "wx" },
- { "test_subject_osp_14", USER_APP_ID, "rwx" },
- { "test_subject_osp_15", USER_APP_ID, "rwxat" }
-};
-
-int test_have_all_accesses(const rules_t &rules);
-int test_have_any_accesses(const rules_t &rules);
-int test_have_nosmack_accesses(const rules_t &rules);
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id);
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file);
-
-int file_exists(const char *path);
-void check_app_installed(const char *app_path);
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected);
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack);
-void test_revoke_permissions(int line_no, const char* app_id);
-void test_app_enable_permissions_efl(bool smack);
-void test_app_disable_permissions_efl(bool smack);
-void test_app_disable_permissions(bool smack);
-bool check_all_accesses(bool smack, const rules_t &rules);
-bool check_no_accesses(bool smack, const rules_t &rules);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */
+++ /dev/null
-#include <iostream>
-
-int main() {
- std::cout << "Hello Tizen!" << std::endl;
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-int main (int argc, char *argv[])
-{
- LogInfo("Starting libprivilege-control tests");
-
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <fcntl.h>
-#include <fstream>
-#include <iostream>
-#include <set>
-#include <string>
-#include <string.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <vector>
-#include <grp.h>
-#include <pwd.h>
-
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include "common/duplicates.h"
-#include <memory.h>
-
-#define CANARY_LABEL "tiny_yellow_canary"
-
-const char *USER_APP_ID = "User";
-
-const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr };
-const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr };
-const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr };
-const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr };
-const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr };
-
-const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr };
-const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr };
-const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr };
-
-const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr};
-const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
- "~APP~ ~ALL_APPS~ rx",
- nullptr};
-/**
- * Check if every rule is true.
- * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
- */
-int test_have_all_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access <= 0)
- return 0;
- }
- return 1;
-}
-
-/**
- * Check if every rule is true.
- * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
- */
-int test_have_any_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access > 0)
- return 1;
- }
- return 0;
-}
-
-/**
- * NOSMACK version of test_have_accesses functions.
- *
- * This will be used in many tests. Checks if for every rule smack_have_access returns error.
- * If for any of rules smack_have_access will return something different than error, this result
- * is being returned to caller.
- */
-int test_have_nosmack_accesses(const rules_t &rules)
-{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != -1)
- return result;
- }
- return -1;
-}
-
-bool check_all_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_all_accesses(rules) == 1;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-bool check_no_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_any_accesses(rules) == 0;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-void read_gids(std::set<unsigned> &set, const char *file_path)
-{
- FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path);
- unsigned gid;
- while (fscanf(f, "%u\n", &gid) == 1) {
- set.insert(gid);
- }
- fclose(f);
-}
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
-{
- int ret;
-
- errno = 0;
- struct passwd *pw = getpwuid(user_id);
- RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed");
-
- int groups_cnt = 0;
- gid_t *groups_list = nullptr;
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed.");
- if (groups_cnt == 0)
- return;
- groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
-
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- if (ret == -1) {
- free(groups_list);
- RUNNER_FAIL_MSG("getgrouplist() failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void read_current_gids(std::set<unsigned> &set)
-{
- int groups_cnt = getgroups(0, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups");
- gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
- if (getgroups(groups_cnt, groups_list) == -1){
- free(groups_list);
- RUNNER_FAIL_MSG("getgroups failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
-{
- std::set<unsigned> groups_check;
- std::set<unsigned> groups_current;
- if(dac_file != nullptr)
- read_gids(groups_check, dac_file);
- read_current_gids(groups_current);
-
- std::string groups_left;
- for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
- {
- (void)groups_check.erase(*it);
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application lost some groups: " << groups_left);
-
- for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
- {
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application doesn't belong to some required groups: " << groups_left);
-
- for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
- {
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application belongs to groups it should't belong to: " << groups_left);
-}
-
-int file_exists(const char *path)
-{
- FILE *file = fopen(path, "r");
- if (file) {
- fclose(file);
- return 0;
- }
- return -1;
-}
-
-void check_app_installed(const char *app_path)
-{
- RUNNER_ASSERT_MSG(file_exists(app_path) == 0,
- " App not installed: " << app_path);
-}
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected)
-{
- int result;
- bool is_enabled_result;
-
- result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error calling perm_app_has_permission. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected,
- " Result of perm_app_has_permission should be: " << is_enabled_expected);
-}
-
-int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID);
-}
-
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, "_");
-}
-
-int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char *label;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set");
- result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-
- RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}}));
-}
-
-void test_revoke_permissions(int line_no, const char* app_id)
-{
- int result;
-
- // Cleanup
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- // Close transaction to commit uninstallation before further actions
- DB_END
-
- DB_BEGIN
-
- // Install test apps
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_install returned " << result);
-
- // Close transaction to commit installation before further actions
- DB_END
-
- DB_BEGIN
-
- // TEST:
- // Revoke permissions
- result = perm_app_revoke_permissions(app_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- DB_BEGIN
-
- // Cleanup - uninstall test apps
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- DB_END
-}
-
-void test_app_enable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- // Register a permission:
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Register a permission
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Disable a permission
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2),
- "SMACK accesses not disabled.");
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1),
- "SMACK accesses not disabled.");
-
- DB_BEGIN
-
-/**
- * Test - disable all granted permissions.
- */
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions enabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
-
-/**
- * Test - disable some granted permissions leaving non complementary and then disabling those too.
- */
-
- DB_BEGIN
-
- // Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app first permissions. Result: " << result);
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app second permissions. Result: " << result);
-
- // Disable second permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app second permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
-
- // Are all first permissions not disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
-
- DB_BEGIN
-
- // Disable first permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
-
-/**
- * Test - disable only no r granted permissions.
- */
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app r permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app no r permissions. Result: " << result);
-
- // Disable same permissions without r
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- DB_END
-
- // Is any r permissions disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
- // Are all no r permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app no r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
-
- DB_BEGIN
-
- // Disable all permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
-
- DB_BEGIN
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <string>
-#include <vector>
-#include <fstream>
-#include <sstream>
-#include <set>
-
-#include <fcntl.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/smack.h>
-
-#include <privilege-control.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/duplicates.h"
-#include "common/db.h"
-#include "memory.h"
-
-// Error codes for test_libprivilege_strerror
-const std::vector<int> error_codes {
- PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
- PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
- PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
- PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
-};
-
-namespace {
-
-std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
-{
- std::vector<std::string> names;
- for(size_t i = 0; i < size; ++i) {
- names.push_back(prefix + "_" + std::to_string(i) + suffix);
- }
- return names;
-}
-
-const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
-const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
-const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
-const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
-const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
-
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
-{
- std::ifstream dac_file(dac_file_path);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
-
- auto it = gids.begin();
- std::string line;
- while (std::getline(dac_file,line)) {
- std::istringstream is(line);
- unsigned gid;
- is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
- it++;
- }
-
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
-
- dac_file.close();
-}
-
-void remove_smack_files()
-{
- // TODO array
- unlink(OSP_BLAHBLAH);
- unlink(WRT_BLAHBLAH);
- unlink(OTHER_BLAHBLAH);
- unlink(WRT_BLAHBLAH_DAC);
- unlink(OTHER_BLAHBLAH_DAC);
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-}
-
-} // namespace
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-
-RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
-{
- test_perm_app_setup_path_PUBLIC_RO(true);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-void test_set_app_privilege(
- const char* app_id, app_type_t APP_TYPE,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules) {
- check_app_installed(app_path);
-
- int result;
-
- /* Remove the group file to make sure other tests do not affect current one. This is because all
- apps get the same label "User" */
- const char* db_file = tzplatform_mkpath(TZ_SYS_DB,".privilege_control_app_gids.db");
- RUNNER_ASSERT_MSG(db_file, "Failed to get groups db path");
- result = unlink(db_file);
- RUNNER_ASSERT_MSG(result == 0, "Removing group db failed " << strerror(errno));
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_uninstall returned " << result << ". "
- "Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_install returned " << result << ". "
- "Errno: " << strerror(errno));
-
- // TEST:
- result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
-
- result = strcmp(USER_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label " << label << " is incorrect");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * Set APP privileges. wgt.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * Set APP privileges. osp app.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Add new API feature
- */
-RUNNER_TEST(privilege_control08_add_api_feature)
-{
- int result;
-
- remove_smack_files();
-
- DB_BEGIN
-
- // argument validation
- result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
- result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
-
- // Already existing feature:
- // TODO: Database will be malformed. (Rules for these features will be removed.)
- result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty features
- result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty rules
- const char *test1[] = { nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test2[] = { "", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // malformed rules
- const char *test4[] = { "malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test5[] = { "malformed malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test6[] = { "-malformed malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test8[] = { "subject object rwxat something else", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
-
- // correct rules
- const char *test9[] = {
- "~APP~ object\t rwxatl",
- " \t \n",
- "subject2\t~APP~ ltxarw",
- "",
- nullptr};
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
-
- // TODO For now identical/complementary rules are not merged.
- const char *test12[] = {
- "subject1 ~APP~ rwxatl",
- " \t \n",
- "subject2 ~APP~ ltxarw",
- "",
- nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty group ids
- const char *test13[] = { "~APP~ b a", nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
- RUNNER_ASSERT(result == -1);
- remove_smack_files();
-
-
- // valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
- remove_smack_files();
-
- DB_END
-}
-
-/**
- * Add new API feature, assign it to an app and redefine the API feature.
- * Check if app rules has changed after redefinition.
- */
-RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
-{
- int result;
- const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
-
- // Rules to be used with the first check
- const rules_t test_rules1 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules that contain differences - to be used with the second check (after re-def)
- const rules_t test_rules2 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
- };
-
- // Differences between rules1 and rules2 - should be revoked after re-def)
- const rules_t diff_rules = {
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules to be used with the first definition
- const char *perm_rules1[] = {
- "~APP~ " PERM_TO_REDEFINE " rx",
- PERM_TO_REDEFINE " ~APP~ rwx",
- "~APP~ " PERM_SUB_TO_REDEFINE " rx",
- nullptr
- };
-
- // Rules that contain differences - to be used with the second definition (re-def)
- const char *perm_rules2[] = {
- "~APP~ " PERM_TO_REDEFINE " rwx",
- PERM_TO_REDEFINE " ~APP~ rx",
- "~APP~ " PERM_SUB_TO_REDEFINE " watl",
- nullptr
- };
-
- DB_BEGIN
-
- // uninstall app to make sure that all rules and permissions are revoked
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << perm_strerror(result));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << perm_strerror(result));
-
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_enable_permissions failed: " << perm_strerror(result));
-
- DB_END
-
- // Check if rules are applied
- result = test_have_all_accesses(test_rules1);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Redefine the permission
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- DB_END
-
- // Check if rules are updated
- result = test_have_all_accesses(test_rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
- // The difference between rules1 and rules2 should be revoked!
- result = test_have_any_accesses(diff_rules);
- RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
-}
-
-/*
- * Check perm_app_uninstall function
- */
-void check_perm_app_uninstall(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_uninstall)
-{
- check_perm_app_uninstall(APP_ID);
-}
-
-/*
- * Check perm_app_install function
- */
-void check_perm_app_install(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_TEST(privilege_control01_app_install)
-{
- check_perm_app_uninstall(APP_ID);
- check_perm_app_install(APP_ID);
- // try install second time app with the same ID - it should pass.
- check_perm_app_install(APP_ID);
-}
-
-/*
- * Check perm_rollback function
- */
-RUNNER_TEST(privilege_control07_app_rollback)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_rollback_2)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- // install once again after the rollback
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-/**
- * Grant SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
-{
- int result;
-
- // Clean up after test:
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
-/**
- * Test - Enabling all permissions with persistant mode enabled
- */
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling all permissions with persistant mode disabled
- */
-
- DB_BEGIN
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Registering new permissions in two complementary files
- */
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling some permissions and then enabling complementary permissions
- */
-
- DB_BEGIN
-
- // Register permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Register permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app all permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-/**
- * Test - Enabling some permissions and then enabling all permissions
- */
-
- // Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions with only r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
-{
- test_app_enable_permissions_efl(true);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
-{
- test_app_disable_permissions_efl(true);
-}
-
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
-{
- test_app_disable_permissions(true);
-}
-
-/**
- * Reset SMACK permissions for an application by revoking all previously
- * granted rules and enabling them again from a rules file from disk.
- */
-// TODO: This test is incomplete.
-RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
-{
- int result;
-
-/**
- * Test - doing reset and checking if rules exist again.
- */
-
- DB_BEGIN
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions not disabled?
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-static void smack_set_random_label_based_on_pid_on_self(void)
-{
- int result;
- std::stringstream ss;
-
- ss << "s-" << getpid() << "-" << getppid();
- result = smack_set_label_for_self(ss.str().c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
- << ss.str().c_str() << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *smack_label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- if (fd < 0)
- return;
-
- FdUniquePtr fdPtr(&fd);
-
- result = smack_new_label_from_self(&smack_label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- SmackLabelPtr smackLabelPtr(smack_label);
-
- ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
- RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
- "write() failed");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- unlink(SOCK_PATH);
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- smack_set_random_label_based_on_pid_on_self();
-
- if (!pid) { /* child process, server */
- int sock, result;
-
- /* Set the process label before creating a socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = bind(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- /* Change the process label with listening socket */
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Now running two concurrent servers.
- Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- /* Let's give the two servers different labels */
- smack_unix_sock_server(sock);
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- int i;
- for (i = 0; i < 4; ++i) {
- int sock;
- int result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = connect(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
-
- smack_label1[result] = '\0';
- smack_label2 = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
- result = strcmp(smack_label1, smack_label2);
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "-" << random() << "'");
- }
- }
-}
-
-RUNNER_TEST(privilege_control20_perm_app_has_permission)
-{
- int result;
- const char *other_app_label = "test_other_app_label";
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-}
-
-RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
- int POSITIVE_ERROR_CODE = 1;
- int NONEXISTING_ERROR_CODE = -239042;
- const char *result;
-
- for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
- RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
- "Returned invalid error code description.");
- }
-
- result = perm_strerror(POSITIVE_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-
- result = perm_strerror(NONEXISTING_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-
-
-
-//////////////////////////////////////////////////////
-//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS
-//////////////////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_incorrect_params)
-
-RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege)
-{
- RUNNER_ASSERT_MSG(perm_app_set_privilege(nullptr, nullptr, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM,
- "perm_app_set_privilege didn't check if package name isn't nullptr.");
-}
-
-RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install)
-{
- RUNNER_ASSERT_MSG(perm_app_install(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall)
-{
- RUNNER_ASSERT_MSG(perm_app_uninstall(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, nullptr, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id is valid");
-}
-
-RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_reset_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path)
-{
- RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, nullptr, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if path isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path(nullptr, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature)
-{
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21m_incorrect_params_perm_app_has_permission)
-{
- bool has_permission;
- const char *app_label = "test_app_label";
-
- RUNNER_ASSERT_MSG(perm_app_has_permission(nullptr, APP_TYPE_WGT,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_OTHER,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission should not accept app_type = OTHER.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- nullptr, &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if permission_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- PRIVS2[0], nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if has_permission isn't nullptr.");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <memory>
-#include <functional>
-#include <fstream>
-#include <set>
-
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/db.h"
-#include <memory.h>
-
-#define APP_USER_NAME "app"
-#define APP_HOME_DIR "/opt/home/app"
-
-
-#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
-
-RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
-{
- test_perm_app_setup_path_PUBLIC_RO(false);
-}
-
-/**
- * NOSMACK version of privilege_control04 test.
- *
- * Tries to add permisions from test_privilege_control_rules template and checks if
- * smack_have_access returns -1 on check between every rule.
- */
-RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- //Add permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error adding app permissions. Result: " << result);
-
- DB_END
-
- //Check if smack_have_access always fails on every rule
- result = test_have_nosmack_accesses(rules_efl);
- RUNNER_ASSERT_MSG(result == -1,
- "Despite SMACK being off some accesses were added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling permissions: " << perm_strerror(result));
- DB_END
-}
-
-void test_set_app_privilege_nosmack(
- const char* app_id, app_type_t app_type,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules)
-{
- check_app_installed(app_path);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules);
- RUNNER_ASSERT_MSG(result == -1,
- " Permissions shouldn't be added. Result: " << result);
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- " new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr,
- " new_label_from_self shouldn't allocate memory for label.");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege test.
- *
- * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
- * expected to return different result.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
-{
- int result;
-
- check_app_installed(APP_SET_PRIV_PATH);
-
- //Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- DB_BEGIN
- perm_app_uninstall(APP_ID);
- DB_END
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- //Set app privileges
- result = perm_app_set_privilege(APP_ID, nullptr, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory for label.");
-
- //Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == TZ_APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == TZ_APP_GID, "Wrong GID");
-
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
-
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
-
- check_groups(groups_before, nullptr);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
- *
- * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
-{
- test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
-{
- test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack)
-{
- test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-/**
- * NOSMACK version of privilege_control11_app_enable_permissions test.
- *
- * Since the original test did the same thing around five times, there is no need to redo the
- * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
- * test_have_nosmack_accesses will check if smack_have_access still returns error and then
- * we will check if SMACK file was correctly created.
- */
-RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
-
- DB_END
-
- //Check if accesses aren't added
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
-
- DB_BEGIN
-
- //Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
-{
- test_app_enable_permissions_efl(false);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
-{
- test_app_disable_permissions_efl(false);
-}
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
-{
- test_app_disable_permissions(false);
-}
-
-/**
- * NOSMACK version of privilege_control13 test.
- *
- * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
- * changed.
- */
-RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-}
-
-/**
- * NOSMACK version of privilege_control15_app_id_from_socket.
- *
- * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
- * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
- * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
- * assumed to react correctly and are not tested in this test case.
- *
- * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
- * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
- * correct behavior for perm_app_id_from_socket would be returning nullptr label.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- //Clean up before creating socket
- unlink(SOCK_PATH);
-
- //Create our server and client with fork
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- if (!pid) { //child (server)
- int sock, result, fd;
-
- //Create a socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept connection
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed");
-
- //Wait a little bit for client to use perm_app_id_from_socket
- usleep(200);
-
- //cleanup
- exit(0);
- } else { //parent (client)
- // Give server some time to setup listening socket
- sleep(1);
- int sock, result;
- char* smack_label = nullptr;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Try connecting to address
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Use perm_app_id_from_socket. Should fail and return nullptr smack_label.
- smack_label = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail.");
-
- //cleanup
- RUNNER_ASSERT_MSG(smack_label == nullptr, "perm_app_id_from_socket should fail.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <vector>
-#include <ftw.h>
-#include <dpl/test/test_runner.h>
-#include <privilege-control.h>
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-
-// ---- Macros and arrays used in stress tests ----
-#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
-#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
-#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
-#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
-
-#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
-// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
-const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
- "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
- nullptr };
-const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, nullptr };
-// WGT Api Feature Test data - rwx access only to WGT app
-const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
- nullptr };
-const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, nullptr };
-
-rules_t rules_to_test_any_access1 = {
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
-};
-
-rules_t rules_to_test_any_access2 = {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
-};
-
-#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
- (const rules_t) { \
- { sub, obj, "r" }, \
- { sub, obj, "w" }, \
- { sub, obj, "x" }, \
- { sub, obj, "a" }, \
- { sub, obj, "t" }, \
- { sub, obj, "l" } }
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
-
-/**
- * Test - Simulation of 100 installations and uninstallations of one application.
- * Installed application will have various kind of permissions from api
- * features and shared folders.
- */
-void privilege_control22_app_installation_1x100(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- std::string shared_dir_auto_label;
-
- // Clear any previously created apps, files, labels and permissions
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_APP_DIR
- << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
- << ". Result: " << result);
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions. Result: " << result);
-
- // Install one additional app (used to check perm to shared directories)
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- const char *test1[] = { nullptr };
- result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
- APP_TYPE_OSP, test1, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling permissions. Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install app loop
- for (int i = 0; i < 100; ++i)
- {
- DB_BEGIN
-
- // Add application
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Loop index: " << i
- << ". Result: " << result);
-
- // Add persistent permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
- << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
- << i << ". Result: " << result);
-
- DB_END
-
- // add shared dirs
- switch (i%2) // separate odd and even loop runs
- {
- case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_PRIVATE
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Verify that some previously installed app does not have any access
- // to APP_ID private label
- result = check_no_accesses(smack, rules_to_test_any_access1);
- RUNNER_ASSERT_MSG(result == 1,
- "Error - other app has access to private label. Loop index: "
- << i);
-
- // Get autogenerated Public RO label
- char *label;
- result = smack_getlabel(TEST_NON_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
-
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- /* all apps are getting the label "User" at the moment. Calling smack_have_access with
- "User" as an argument is no different from previous call */
- /*result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);*/
-
- break;
- }
- case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_SETTINGS_RW
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Get autogenerated App-Setting label
- char *label;
- result = smack_getlabel(TEST_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app dir
- // and rx permissions to app
- result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
- << "Loop index: " << i);
-
- /* all apps are getting the label "User" at the moment. Calling smack_have_access with
- "User" as an argument is no different from previous call */
- /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
- << "Loop index: " << i);
-
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, GENERATED_APP_ID, "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << GENERATED_APP_ID << " rx"
- << "Loop index: " << i);*/
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(GENERATED_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- break;
- }
- } // END switch
-
- // check if api-features permissions are added properly
- result = check_all_accesses(smack,
- (const rules_t) {
- { GENERATED_APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { GENERATED_APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added. Loop index: "
- << i);
-
- // revoke permissions
- result = perm_app_revoke_permissions(GENERATED_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
-
- // check if api-features permissions are removed properly
- result = check_no_accesses(smack, rules_to_test_any_access2);
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Loop index: " << i);
-
- // remove labels from app folder
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
- // remove labels from shared folder
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
-
- // uninstall app
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Loop index: " << i
- << ". Result: " << result);
- } // END Install app loop
-
- DB_BEGIN
-
- // Uninstall setting app and additional app
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- DB_END
-}
-
-/**
- * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
- * Installed applications will have various kind of permissions to each other
- * from api-features and shared folders.
- *
- * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
- *
- * Permissions:
- * test_APP0-4 - receive test_osp_feature_rule_set2
- * test_APP5-9 - receive test_wgt_feature_rule_set2
- *
- * During this test there is one directory created for each app for each loop run,
- * dir name syntax is: /tmp/<app_name>_<i-loop_run>
- *
- * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
- * test_APP1, test_APP2 & test_APP6 register their directories as
- * APP_PATH_GROUP_RW using the same label
- * LABEL_FOR_PUBLIC_SHARED_DIRS
- * test_APP3, test_APP7 & test_APP8 register their directories as
- * APP_PATH_PUBLIC_RO
- * test_APP4 & test_APP9 register their directories as
- * APP_PATH_SETTINGS_RW
- */
-void privilege_control23_app_installation2_10x10(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- const int app_count = 10;
- std::string shared_dir3_auto_label;
- std::string shared_dir7_auto_label;
- std::string shared_dir8_auto_label;
- std::string setting_dir4_auto_label;
- std::string setting_dir9_auto_label;
- char app_ids[app_count][strlen(APP_ID) + 3];
- char app_dirs[app_count][strlen(APP_ID) + 12];
- const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
- "~APP~ " APP_ID "7 rxl",
- "~APP~ " APP_ID "8 rwxal",
- "~APP~ " APP_ID "9 rwxatl",
- nullptr };
- const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
- "~APP~ " APP_ID "2 rxl",
- "~APP~ " APP_ID "3 rwxal",
- "~APP~ " APP_ID "4 rwxatl",
- nullptr };
-
-
- // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
- for (int i = 0; i < app_count; ++i)
- {
- /* Libprivilege-control assigns "User" label to all apps. Replace it when individual labels
- are supported. */
- result = sprintf(app_ids[i], GENERATED_APP_ID);
- RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
- }
-
- DB_BEGIN
-
- // Clear any previously created apps, files, labels and permissions
- for (int i = 0; i < app_count; ++i)
- {
- result = perm_app_revoke_permissions(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for app: "
- << app_ids[i] << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[i] << ". Result: " << result);
- }
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions."
- << " Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall."
- << " Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install."
- << " Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering App-Setting permissions."
- << " Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install apps loop
- for (int i = 0; i < 10; ++i)
- {
- DB_BEGIN
-
- // Install 10 apps
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_install(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. App id: "
- << app_ids[j]
- << " Loop index: " << i
- << ". Result: " << result);
-
- // Create 10 directories
- result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
- RUNNER_ASSERT_MSG(result > 0,
- "Cannot generate directory name for app nr: " << j
- << " Loop index: " << i);
- result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_ERRNO_MSG(result == 0 || errno == EEXIST,
- "Cannot create directory: " << app_dirs[j]);
- result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << app_dirs[j]
- << ". Result: " << result);
- }
-
- // Give permissions from api-features
- for (int j = 0; j < (app_count/2); ++j)
- {
- // add persistent api feature permissions
- result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app__permissions from OSP Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
- }
-
- // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
- result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[0]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[5]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
- result = perm_app_setup_path(app_ids[1], app_dirs[1],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[2], app_dirs[2],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[2]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[6], app_dirs[6],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[6]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
- result = perm_app_setup_path(app_ids[3], app_dirs[3],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[7], app_dirs[7],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[7]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[8], app_dirs[8],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[8]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
- result = perm_app_setup_path(app_ids[4], app_dirs[4],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[4]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[9], app_dirs[9],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[9]
- << " Loop index: " << i << ". Result: " << result);
-
- DB_END
-
- // All apps have the same label "User" so this check makes no sense.
- // Verify that some previously installed app does not have
- // any acces to app 0 and app 5 PRIVATE folders
- /*for (int j = 0; j < app_count; ++j)
- {
- // Apps 1-9 should not have any access to app 0
- if (j != 0)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[0] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
-
- // Apps 0-4 and 6-9 should not have any access to app 5
- if (j != 5)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[5] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
- }*/ // End for Verify PRIVATE
-
- // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- // Get autogenerated Public_RO labels
- char *label;
- result = smack_getlabel(app_dirs[3], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[3]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir3_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[7], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[7]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir7_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[8], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[8]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir8_auto_label = label;
- free(label);
-
- // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
- // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
- for (int j = 0; j < app_count; ++j)
- {
- if (j == 3)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
- if (j == 7)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
- if (j == 8)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to other public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
-
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dirs are granted. App id: "
- << app_ids[j] << ". Loop index: " << i);
- } // End for Verify PUBLIC_RO
-
- // Get autogenerated SETTING_RW labels
- result = smack_getlabel(app_dirs[4], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[4] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir4_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[9], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[9] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir9_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[4] << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[9] << " " << setting_dir9_auto_label
- << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
- << " Loop index: " << i);*/
-
-
-
- // Check if api-features permissions are added properly
- for (int j = 0; j < 5; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[6], "r" },
- { app_ids[j], app_ids[7], "rxl" },
- { app_ids[j], app_ids[8], "rwxal" },
- { app_ids[j], app_ids[9], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- for (int j = 5; j < app_count; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[1], "r" },
- { app_ids[j], app_ids[2], "rxl" },
- { app_ids[j], app_ids[3], "rwxal" },
- { app_ids[j], app_ids[4], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- DB_BEGIN
-
- // Revoke permissions
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_revoke_permissions(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. App id: "
- << app_ids[j] << " Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // All apps have the same label "User" so this check makes no sense.
- // Check if permissions are removed properly
- /*for (int j = 0; j < app_count; ++j)
- {
- // To all other apps
- for (int k = 0; k < app_count; ++k)
- if (j != k)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Subject: " << app_ids[j]
- << " Object: " << app_ids[k] << " Loop index: " << i);
- }
- }*/
-
- DB_BEGIN
-
- // Remove labels from folders and uninstall all apps
- for (int j = 0; j < app_count; ++j)
- {
- result = nftw(app_dirs[j], &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: "
- << app_dirs[j] << " . Loop index: " << i
- << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[j] << " . Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // Remove created dirs
- for (int j = 0; j < app_count; ++j)
- {
- result = rmdir(app_dirs[j]);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Cannot remove directory: " << app_dirs[j]);
- }
- } // END Install app loop
-
- // Uninstall setting app
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
-}
-
-RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
-{
- privilege_control22_app_installation_1x100(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
-{
- privilege_control22_app_installation_1x100(false);
-}
-
-RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
-{
- privilege_control23_app_installation2_10x10(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
-{
- privilege_control23_app_installation2_10x10(false);
-}
+++ /dev/null
-.
\ No newline at end of file
+++ /dev/null
-../
\ No newline at end of file
+++ /dev/null
-../../
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-test_APP_REAL
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Pawel Polawski (p.polawski@samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-SET(TARGET_TEST "libsmack-test")
-
-#dependencies
-PKG_CHECK_MODULES(TARGET_DEP
- libsmack
- REQUIRED
- )
-
-#files to compile
-SET(TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/libsmack-test.cpp
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_cases.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${TARGET_TEST} ${TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${TARGET_TEST}
- ${TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-#place for additional files
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-#place for full rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules_full
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules2
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules2
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules3
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules3
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules4
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules4
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file libprivilege-test.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @version 1.0
- * @brief libsmack test runer
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief libsmack test runner
- */
-
-#include <string>
-#include <sstream>
-#include <fcntl.h>
-#include <unistd.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/xattr.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/file.h>
-#include <sys/wait.h>
-#include "tests_common.h"
-#include <access_provider.h>
-#include <fs_label_manager.h>
-#include "memory.h"
-
-const char* const TEST_SUBJECT = "test_subject";
-const char* const TEST_OBJECT = "test_object";
-const char* const TEST_OBJECT_2 = "test_object_2";
-
-const std::string testDir = "/tmp/";
-const std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
-
-//This one define is required for sockaddr_un initialization
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-RUNNER_TEST_GROUP_INIT(libsmack)
-/**
- * Helper method to reset privileges at the begginning of tests.
- */
-void clean_up()
-{
- smack_revoke_subject(TEST_SUBJECT);
-}
-
-/**
- * Checking if subject has any access to object
- */
-bool checkNoAccesses(const char *subject, const char *object)
-{
- int result;
-
- for(const auto &perm : std::vector<std::string> {"r", "w", "a","t", "l"}) {
- result = smack_have_access(subject, object, perm.c_str());
- if (result == 1) {
- return false;
- }
- }
- return true;
-}
-
-void removeAccessesAll()
-{
- for(int i = 1; i <=3; i++)
- //smack_revoke_subject will fail, when subject does not exist in kernel
- //as this function is called at test beginning we cannot check return value
- smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str());
-}
-
-/**
- * Add a new access with smack_accesses_add_modify()
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){
- int result;
-
- clean_up();
-
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify by empty rules");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr");
- RUNNER_ASSERT_MSG(result == 1, "Rule modified (added 'xr'), but no change made.");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Test if rules are applied in the right order, and modification works.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0,
- "Modification didn't work");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Test if rules are applied in the right order, and modification works.
- * Using different smack_accesses list to add and delete.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- // Add r privilage
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1,
- "Adding privileges didn't work");
-
- // Revoke r privilege
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result == 0, "Modification didn't work, rule has still 'r' privileges.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Add a list of privileges and then revoke just ONE of them.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Add a list of privileges and then revoke just ONE of them.
- * Without applying privileges in between those actions.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Add a list of privileges and then revoke just TWO of them.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'wax' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Run smack_accesses_add_modify with the same accesses_add and accesses_del.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_7){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str(), accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Error while checking smack access. Accesses exist.");
-
- // CLEAN UP
- clean_up();
- }
-}
-
-/**
- * Revoke subject with previously added rules and revoke it again.
- */
-RUNNER_TEST_SMACK(smack_revoke_subject_test_1){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str(),"");
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
- "Rule " << accessesBasic[i].c_str() << " does not exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
- "Rule " << accessesBasic[i].c_str() << " does not exist.");
-
- // Revoking subject
- result = smack_revoke_subject(TEST_SUBJECT);
- RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Revoke didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Revoke didn't work. Accesses exist.");
-
-
- // Revoking subject again
- result = smack_revoke_subject(TEST_SUBJECT);
- RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Revoke didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Revoke didn't work. Accesses exist.");
-
- }
-}
-
-/**
- * Clearing accesses
- */
-RUNNER_TEST_SMACK(smack_accesses_clear_test_1){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
-
- // Creating and clearing rules with TEST_OBJECT
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work. Rule "
- << accessesBasic[i].c_str() << " does exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Clearing rules didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
-
- // Creating and clearing rules with TEST_OBJECT
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Clear didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Clear didn't work. Accesses exist.");
- }
-}
-
-RUNNER_TEST(smack01_storing_and_restoring_rules)
-{
- /*
- * author: Pawel Polawski
- * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
- * smack_accesses_free, smack_accesses_save
- * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
- * stored and restored from file.
- * expect: Rules created and stored in file should be identical to predefined template.
- */
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- struct smack_accesses *import_test = nullptr; //rules imported from file
-
- int result; //result of each operation to be tested by RUNNER_ASSERT
- int fd, tmp, sample; //file descripptors for save / restore rules tests
-
- //int smack_accesses_new(struct smack_accesses **accesses);
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
- RUNNER_ASSERT(smack_accesses_new(&import_test) == 0);
- SmackAccessesPtr import_ptr(import_test);
-
- //opening files
- fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_rules");
- FdUniquePtr fd_ptr(&fd);
- tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp");
- FdUniquePtr tmp_ptr(&tmp);
- sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
- RUNNER_ASSERT_ERRNO_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
- FdUniquePtr sample_ptr(&sample);
-
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx");
- RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules");
-
- result = smack_accesses_save(rules_ptr.get(), fd);
- RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file");
-
- result = lseek(fd, 0, SEEK_SET);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
- result = smack_accesses_add_from_file(import_ptr.get(), fd);
- RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file");
-
- result = smack_accesses_save(import_ptr.get(), tmp);
- RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file");
-
- //comparing rules saved in file, restored from it and stored one more time
- result = files_compare(fd, tmp);
- RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules");
-
- //comparing rules stored in file with reference preinstalled rules
- result = files_compare(tmp, sample);
- RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file");
-}
-
-RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel)
-{
- /*
- * author: Pawel Polawski
- * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new,
- * smack_accesses_add, smack_accesses_free
- * description: In this test case aplying rules to kernel will be tested. After that function for test
- * accesses will be used.
- * expect: In case of correct rules access should be granted.
- */
-
- //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- int result; //for storing functions results
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules to struct
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel
- RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
-
- //should have access - rule exist
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
- //should have no access - wrong rule, should be "r" only
- result = smack_have_access("reader", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
- //should have no access - rule not exist
- result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
-
- //this subject do not exist in kernel rules
- result = smack_revoke_subject("s02nonexistinglabel");
- RUNNER_ASSERT_MSG(result == 0, "Error in removing not existing subject from kernel");
- result = smack_revoke_subject("spy"); //this subject exist in kernel rules
- RUNNER_ASSERT_MSG(result == 0, "Error in removing existing subject from kernel");
-
- //testing access after revoke_subject() from kernel
- result = smack_have_access("spy", "book", "rwx");
- //now spy should have no access
- RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
-
- //for create new rule as a consequence of use accesses_clear() below
- result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //"spy" removed before by using smack_revoke_subject()
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
-
- //testing acces after acces_clear()
- result = smack_have_access("writer", "book", "rwx");
- //now writer also should have no access
- RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
-
-}
-
-//pairs of rules for test with mixed cases, different length and mixed order
-std::vector< std::vector<std::string> > correct_rules = {
- { "reader1", "-", "------" },
- { "reader2", "--------", "------" },
- { "reader3", "RwXaTl", "rwxatl" },
- { "reader4", "RrrXXXXTTT", "r-x-t-" },
- { "reader5", "-r-w-a-t-", "rw-at-" },
- { "reader6", "", "------" },
- { "reader7", "xa--Rt---W--L", "rwxatl" },
-};
-
-RUNNER_TEST_SMACK(smack03_mixed_rule_string_add)
-{
- /*
- * author: Pawel Polawski
- * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free
- * description: In thist test case rules based on mixed string are added to kernel.
- * Strings are presented above and contains lower / upper case alpha, numbers and special signs.
- * expect: Rules should be parsed correct and aplied to kernel.
- */
-
- //In thist test case mixed string are used as rules applied to kernel, next they are
- //readed and compared with correct form of rules
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- int result; //for storing functions results
- int expected;
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules with mixed string
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- //using mixed rules from table
- result = smack_accesses_add(rules_ptr.get(),
- (*rule)[0].c_str(),
- "book",
- (*rule)[1].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- }
-
- //clearing
- //FIXME: Using clear() here can cover error in accesses_apply() function
- //result = smack_accesses_clear(rules);
- //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
-
- //applying rules to kernel
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
-
- //checking accesses using normal rules
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- if ((*rule)[2] == "------")
- expected = 0;
- else
- expected = 1;
- //using normal rules from table
- result = smack_have_access((*rule)[0].c_str(),
- "book",
- (*rule)[2].c_str());
- RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
- }
-}
-
-RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access)
-{
- /*
- * author: Pawel Polawski
- * test: smack_have_access
- * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings.
- * expect: Subjects should have accesses to the objects.
- */
-
- //In this test case we checking previous aplied rules but for compare mixed strings are used
-
- int result;
- int expected;
-
- //rules were added in previous RUNNER_TEST section
- //checking accesses using mixed rules
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- if ((*rule)[2] == "------")
- expected = 0;
- else
- expected = 1;
- //using mixed rules from table
- result = smack_have_access((*rule)[0].c_str(),
- "book",
- (*rule)[1].c_str());
- RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
- }
-}
-
-//RUNNER_TEST(smackXX_accesses_add_modify)
-//{
-//IDEAS FOR TESTS
-// - what if we want to apply rule that is already in kernel?
-// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule)
-// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule
-//}
-
-RUNNER_TEST_SMACK(smack05_self_label)
-{
- /*
- * author: Pawel Polawski
- * test: smack_set_label_for_self, smack_new_label_from_self
- * description: In this test case process test it own default label. Next label is changed
- * and tested one more time if change was successfull.
- * expect: Proces should have default "-" label and can change it to the oter one.
- */
-
- //In this test case process will manipulate it own label
-
- char *label = nullptr;
- int result;
- int fd;
-
- const int B_SIZE = 8;
- char buff[B_SIZE];
-
- const char *def_rule = "_";
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
- //comparing this label with default one "_"
- result = strcmp(label, def_rule);
- free(label);
- RUNNER_ASSERT_MSG(result == 0, "Wrong default process label");
-
- //comparing this rule with received from /proc/self/attr/current
- fd = open("/proc/self/attr/current", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /proc/self/attr/current");
- FdUniquePtr fd_ptr(&fd);
- result = read(fd, buff, B_SIZE);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
- result = strncmp(buff, def_rule, result);
- RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule");
-
- //now time for setting labels:
-
- result = smack_set_label_for_self("cola");
- RUNNER_ASSERT_MSG(result == 0, "Error in setting self label");
-
- //checking new label using smack function
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
- result = strcmp(label, "cola");
- free(label);
- RUNNER_ASSERT_MSG(result == 0, "Wrong process label");
-
- //checking new label using /proc/self/attr/current
- result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
- result = read(fd, buff, B_SIZE);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
- result = strncmp(buff, "cola", result);
- RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set");
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_0)
-{
- RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
- const std::string fsLabel = "smack06_setlabel_getlabel_test_0";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // reset labels first time
- fs.testSmackClearLabels(filePath);
-
- // reset labels second time
- fs.testSmackClearLabels(filePath);
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_1)
-{
- const std::string fsLabel = "smack06_setlabel_getlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // set and get labels first time
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- // set and get same labels second time
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_2)
-{
- RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
- const std::string fsLabel = "smack06_setlabel_getlabel_test_2";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
- const std::string linkPath = "link";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
- fs.createLink(linkPath, filePath);
-
- // set and get labels for file to which link points
- fs.testSmackSetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
-
- // link labels should not be changed
- fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_ACCESS);
- fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_lsetlabel_lgetlabel_test_1)
-{
- const std::string fsLabel = "smack06_lsetlabel_lgetlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "fileAccess";
- const char* testLabelExec = "fileExec";
- const char* testLinkLabelAccess = "linkAccess";
- const char* testLinkLabelExec = "linkExec";
- const std::string filePath = "file";
- const std::string linkPath = "link";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
- fs.createLink(linkPath, filePath);
-
- // set different labels for link and file
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackLSetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackLSetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
-
- // get those labels
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackLGetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackLGetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_fsetlabel_fgetlabel_test_1)
-{
- const std::string fsLabel = "smack06_fsetlabel_fgetlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // set and get labels for fd
- fs.testSmackFSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackFSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackFGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackFGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack10_adding_removing_rules)
-{
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i)
- {
- // Creating rules
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- clean_up();
- }
-
- for (i = 0; i < 3; ++i)
- {
- // --- Creating rules (r or w or x)
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- // --- Modifying accesses (r for wx or w for rx or x for rw)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- rules_ptr.release();
- // --- Creating complementary rules (r or w or x)
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // --- Modifying accesses (adding rwx and removing r or w or x)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx",
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- // --- Adding crossing accesses (rx or rw or wx)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[3 + ((i + 1) % 3)].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- clean_up();
- }
-}
-
-RUNNER_TEST_SMACK(smack11_saving_loading_rules)
-{
- int result;
- int fd;
-
- struct smack_accesses *rules = nullptr;
-
- // Pre-cleanup
- removeAccessesAll();
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Loading file with rwxat rules - test_smack_rules_full
- fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- result = smack_have_access("test_subject_01", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_01", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules2
- fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_01", "test_object_02", "rwatl");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_01", "test_object_03", "wat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_02", "test_object_02", "wa-lt");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_02", "test_object_03", "wr");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_01", "a");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_02", "rwat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_03", "w---l-");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules3
- fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules4
- fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
-
- // Removing rules
- removeAccessesAll();
-}
-
-//int smack_new_label_from_socket(int fd, char **label);
-
-
-static void smack_set_another_label_for_self(void)
-{
- static int number = time(nullptr);
-
- number++;
- std::string smack_label("s" + std::to_string(number));
-
- int result = smack_set_label_for_self(smack_label.c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << smack_label << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO(fd >= 0);
- FdUniquePtr fd_ptr(&fd);
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- CStringPtr label_ptr(label);
- result = write(fd, label, strlen(label));
- RUNNER_ASSERT_ERRNO_MSG(result == (int)strlen(label), "write() failed");
-
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- unlink(SOCK_PATH);
- smack_set_another_label_for_self();
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- if (!pid) { /* child process, server */
- int sock, result;
-
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- if (!pid) {
- usleep (100);
- smack_set_another_label_for_self();
- smack_unix_sock_server(sock);
- }
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- for (int i = 0; i < 4; ++i) {
- int sock, result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
- smack_label1[result] = '\0';
- result = smack_new_label_from_socket(sock, &smack_label2);
- SmackLabelPtr label2_ptr(smack_label2);
- RUNNER_ASSERT_MSG(result >= 0, "smack_label_from_socket failed");
- result = strcmp(smack_label1, label2_ptr.get());
- if (i < 3)
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "' i == " << i);
- else
- RUNNER_ASSERT_MSG(result != 0, "smack labels do not differ: '" << smack_label1
- << "' != '" << smack_label2 << "' i == " << i);
- }
- }
-}
-
-void createFileWithLabel(const std::string &filePath, const std::string &fileLabel)
-{
- //create temporary file and set label for it
- mode_t systemMask;
-
- unlink(filePath.c_str());
- //allow to create file with 777 rights
- systemMask = umask(0000);
- int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
- //restore system mask
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- //for descriptor protection
- FdUniquePtr fd_ptr(&fd);
-
- //change owner and group to user APP
- int ret = chown(filePath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-
- //set smack label on file
- ret = smack_setlabel(filePath.c_str(), fileLabel.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Unable to set label for file: " << ret);
-
- char *label = nullptr;
- ret = smack_getlabel(filePath.c_str(), &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Unable to get label from file");
- std::string label_str(label ? label : "");
- free(label);
- RUNNER_ASSERT_MSG(label_str == fileLabel, "File label not match set label");
-}
-
-void prepareEnvironment(const std::string &subject, const std::string &object, const std::string &access)
-{
- const std::string ruleAll = "x";
-
- SecurityServer::AccessProvider provider(subject);
- provider.addObjectRule("User", ruleAll);
- provider.addObjectRule(object, access);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-}
-
-//- Add "l" rule to system
-//
-//Should be able to add "l" rule to system
-RUNNER_CHILD_TEST_SMACK(smack13_0_checking_laccess_mode_enabled_on_device)
-{
- std::string selfLabel = "smack13_0";
- std::string filename = "smack13_0_file";
-
- //function inside checks if rule exist after add it
- SecurityServer::AccessProvider provider(selfLabel);
- provider.addObjectRule(filename, "l");
- provider.apply();
-
- int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");
- RUNNER_ASSERT_MSG(ret == 1, "Error in adding laccess rule - l");
-}
-
-//- Create file
-//- Set label for file and self
-//- Drop privileges
-//
-//Should have no access due to missing SMACK rule
-RUNNER_CHILD_TEST_SMACK(smack13_1_checking_laccess_mode)
-{
- std::string selfLabel = "smack13_1";
- std::string filename = "smack13_1_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- SecurityServer::AccessProvider provider(selfLabel);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//
-//Should be able to lock file even without "w" rule
-RUNNER_CHILD_TEST_SMACK(smack13_2_checking_laccess_mode_with_l_rule)
-{
- std::string selfLabel = "smack13_2";
- std::string filename = "smack13_2_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- prepareEnvironment(selfLabel, filename, "l");
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "w"
-//- Drop privileges
-//
-//Should be able to lock file even without "l" rule
-RUNNER_CHILD_TEST_SMACK(smack13_3_checking_laccess_mode_with_w_rule)
-{
- std::string selfLabel = "smack13_3";
- std::string filename = "smack13_3_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- prepareEnvironment(selfLabel, filename, "w");
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "rw"
-//- Drop privileges
-//- Lock file (shared lock)
-//- Spawn child process
-//- Child tries to lock file (shared)
-//
-//Child should be able to lock file due to shared lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child)
-{
- std::string selfLabel = "smack13_4_0";
- std::string filename = "smack13_4_0_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- prepareEnvironment(selfLabel, filename, "rw");
-
- int child_fd = open(filePath.c_str(), O_RDWR);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//- Lock file (shared lock)
-//- Spawn child process
-//- Child tries to lock file (shared)
-//
-//Child should be able to lock file due to shared lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child)
-{
- std::string selfLabel = "smack13_4_1";
- std::string filename = "smack13_4_1_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_str(&fd);
- int ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- //"r" is only for open in O_RDONLY mode
- prepareEnvironment(selfLabel, filename, "rl");
-
- int child_fd = open(filePath.c_str(), O_RDONLY, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "rw"
-//- Drop privileges
-//- Lock file (exclusive lock)
-//- Spawn child process
-//- Child tries to lock file (exclusive / shared)
-//
-//Child should not be able to lock file due to exclusive lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child)
-{
- std::string selfLabel = "smack13_4_2";
- std::string filename = "smack13_4_2_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- prepareEnvironment(selfLabel, filename, "rw");
-
- int child_fd = open(filePath.c_str(), O_RDWR, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with exclusive lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//- Lock file (exclusive lock)
-//- Spawn child process
-//- Child tries to lock file (exclusive / shared)
-//
-//Child should not be able to lock file due to exclusive lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child)
-{
- std::string selfLabel = "smack13_4_3";
- std::string filename = "smack13_4_3_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- //"r" is only for open in O_RDONLY mode
- prepareEnvironment(selfLabel, filename, "rl");
-
- int child_fd = open(filePath.c_str(), O_RDONLY, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with eclusive lock");
- }
-}
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-/**
- * NOSMACK version of smack02 test. Functions, that should return error instead of success:
- * - smack_accesses_apply
- * - smack_have_access
- * - smack_revoke_subject
- * - smack_acceesses_clear
- *
- * Tests smack03, smack04, smack10, smack_accesses_clear, smack_revoke_subject all use functions
- * tested in smack02 test. Results from those functions (smack_have_access, smack_accesses_apply,
- * smack_accesses_clear, smack_revoke_subject) would be the same as in this test. Tests mentioned
- * above doesn't make much sense on NOSMACK environment when test smack02 exists and passes
- * correctly, thus those tests are are not implemented.
- */
-RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack)
-{
-
- smack_accesses *rules = nullptr;
- int result;
-
- //init rules
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- //pass rules to unique_ptr
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules to struct (same as SMACK version of smack02 test)
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //applying rules to kernel (should fail)
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1, "Unable to apply rules into kernel");
-
- //calls from SMACK version of this test - all should fail because of SMACK being turned off
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("reader", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
-
- //testing subject revoking - should return error (no accesses applied = no subjects to revoke)
- result = smack_revoke_subject("s02nonexistinglabel");
- RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
- result = smack_revoke_subject("spy");
- RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
-
- //after revoking smack_have_access still should return error
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
-
- result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //smack_accesses_clear should return error aswell
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1, "Clearing rules should return error - no SMACK on system.");
-
- result = smack_have_access("writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
-}
-
-/**
- * NOSMACK version of smack11 test. Tests functions:
- * - smack_accesses_add_from_file
- *
- * Since other SMACK functions were tested in smack02 test, the only function needed to be checked
- * is applying rules loaded from file.
- */
-RUNNER_TEST_NOSMACK(smack03_saving_loading_rules_nosmack)
-{
- int result;
- int fd;
-
- smack_accesses* tmp = nullptr;
-
- RUNNER_ASSERT(smack_accesses_new(&tmp) == 0);
- SmackAccessesPtr rules(tmp);
-
- //open file with rules
- fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
-
- //load accesses from file
- result = smack_accesses_add_from_file(rules.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error while importing accesses from file. Result: " << result);
-}
-
-/**
- * NOSMACK version of smack05 test. Tests if functions getting, or
- * setting self label work correctly (that is, return error).
- */
-RUNNER_TEST_NOSMACK(smack04_self_label_nosmack)
-{
- char* label = nullptr;
- int result;
- int fd;
-
- char buff[SMACK_LABEL_LEN+1];
-
- //smack_new_label_from_self should fail
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
- //We don't need to remember about freeing label - smack_new_label_from_self must return nullptr
- //label if it's working properly.
-
- // /proc/self/attr/current shouldn't keep any rules inside
- fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "/proc/self/attr/current failed to open");
- FdUniquePtr fd_ptr(&fd);
-
- result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error
- RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
-
- //setting label for self should fail
- result = smack_set_label_for_self("s04testlabel");
- RUNNER_ASSERT_MSG(result == -1, "set_label_for_self should return error (SMACK is off).");
-
- //getting previously set label should also fail
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
-
- // /proc/self/attr/current still shouldn't keep any rules inside
- result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
-
- result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error
- RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
-}
-
-/**
- * NOSMACK version of smack_accesses_add_modify_x tests.
- *
- * Because all smack_accesses_add_modify tests are basically the same (all use smack_accesses_apply
- * and smack_have_access, which return -1 when SMACK is turned off), it makes much more sense to
- * write one test which will create rules using smack_accesses_add_modify and then check if
- * smack_accesses_apply and smack_have_access indeed return -1 when SMACK is turned off.
- */
-RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack)
-{
- int result;
- smack_accesses* rules = nullptr;
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
-
- SmackAccessesPtr rules_ptr(rules);
-
- //Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new
- //rule struct and removal of currenctly added and applied rules. clean_up() must be done only
- //after smack_accesses_apply().
- result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
-
- result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
-
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1,
- "smack_accesses_apply should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
- if(result != -1) {
- clean_up();
- RUNNER_FAIL_MSG("smack_have_access should return error (SMACK is off). Result: "
- << result);
- }
-
- clean_up();
-}
-
-/**
- * NOSMACK version of smack09 test.
- *
- * This test checks if smack_new_label_from_socket reacts correctly. Since label should be
- * acquired from getsockopt, and it should fail, we must only set up socket and call
- * smack_new_label_from_socket. It should return error.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- unlink(SOCK_PATH);
- char* smack_label;
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- if (!pid) { //child (server)
- int sock, result;
- int fd;
-
- //Create new socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
-
- //Bind it to sockaddr
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept client
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Failed when accepting connection from client");
- FdUniquePtr fd_ptr(&fd);
-
- //wait for smack_new_label_from_socket execution
- usleep(200);
-
- //Close server
- exit(0);
- }
- else { //parent (client)
- //Wait a little bit until server is set up
- sleep(1);
- int sock, result;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
-
- //Connect to sockaddr
- result = connect(sock, (struct sockaddr*) &sockaddr,
- sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Try getting label, should fail beacuse getsockopt won't get anything
- result = smack_new_label_from_socket(sock, &smack_label);
- RUNNER_ASSERT_MSG(result == -1, "smack_new_label_from_socket should fail.");
- }
-}
+++ /dev/null
-writer book rw----
-reader book r-----
+++ /dev/null
-test_subject_01 test_object_01 ---
-test_subject_01 test_object_02 rwatl
-test_subject_01 test_object_03 wat
-test_subject_02 test_object_01 -------
-test_subject_02 test_object_02 wa-lt
-test_subject_02 test_object_03 -rw--r------
-test_subject_03 test_object_01 aaaaaa ------
-test_subject_03 test_object_02 rwat
-test_subject_03 test_object_03 w---l-
+++ /dev/null
-test_subject_01 test_object_01 rwatl
-test_subject_01 test_object_02
-test_subject_01 test_object_03 xxxxx
+++ /dev/null
-test_subject_01 test_object_01 rwxatl
-test_subject_01 test_object_02 +rwh4r9d32!@#$ 49$%^x2 rwxat
-test_subject_01 test_object_03 aaaaaa xxxxxx
+++ /dev/null
-test_subject_01 test_object_01 rwxatl
-test_subject_01 test_object_02 rwxatl
-test_subject_01 test_object_03 rwxatl
-test_subject_02 test_object_01 rwxatl
-test_subject_02 test_object_02 rwxatl
-test_subject_02 test_object_03 rwxatl
-test_subject_03 test_object_01 rwxatl
-test_subject_03 test_object_02 rwxatl
-test_subject_03 test_object_03 rwxatl
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Dongsun Lee (ds73.lee@samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-SET(TARGET_WAE_TEST "libwebappenc-tests")
-
-#dependencies
-PKG_CHECK_MODULES(TARGET_WAE_DEP
- libwebappenc
- REQUIRED
- )
-
-#files to compile
-SET(TARGET_WAE_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libwebappenc-tests/libwebappenc-tests.cpp
- ${PROJECT_SOURCE_DIR}/src/libwebappenc-tests/test_cases.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${TARGET_WAE_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-#output format
-ADD_EXECUTABLE(${TARGET_WAE_TEST} ${TARGET_WAE_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${TARGET_WAE_TEST}
- ${TARGET_WAE_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${TARGET_WAE_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file libwebappenc-tests.cpp
- * @author Dongsun Lee (ds73.lee@samsung.com)
- * @version 1.0
- * @brief libwebappenc test runer
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Dongsun Lee (ds73.lee@samsung.com)
- * @version 1.0
- * @brief libwebappenc test cases
- */
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <string>
-#include <sstream>
-#include <fcntl.h>
-#include <unistd.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include "tests_common.h"
-#include <web_app_enc.h>
-
-#define TEST_PKGID_1 "testpkg_for_downloaded"
-#define TEST_PKGID_2 "testpkg_for_preloaded"
-#define TEST_PLAINTEXT "adbdfdfdfdfdererfdfdfererfdrerfdrer"
-#define PRELOADED_WAPP_FILE1 "/usr/share/wae/test/PRELOADED_WAPP_FILE1.enc"
-
-#define DOWNLOADED_ENC_FILE "/tmp/downloaded_enc_file"
-#define PRELOADED_ENC_FILE "/tmp/preloaded_enc_file"
-
-int _read_from_file(const char* path, unsigned char** data, size_t* len)
-{
- int ret = WAE_ERROR_NONE;
- FILE* f = NULL;
- int file_len = -1;
- unsigned char* file_contents = NULL;
- int ch = 0;
- int i = 0;
-
- f = fopen(path, "r");
- if( f == NULL) {
- ret = WAE_ERROR_FILE;
- goto error;
- }
-
- fseek(f, 0, SEEK_END); // move to the end of a file
- file_len = ftell(f);
- fseek(f, 0, SEEK_SET); // move to the start of a file
-
- file_contents = (unsigned char*) malloc(file_len);
- if(file_contents == NULL) {
- ret = WAE_ERROR_MEMORY;
- goto error;
- }
- memset(file_contents, 0x00, file_len);
-
- while( (ch = fgetc(f)) != EOF) {
- file_contents[i++]=(char)ch;
- }
-
- *data = file_contents;
- *len = file_len;
-
-error:
- if(f != NULL)
- fclose(f);
- if(ret != WAE_ERROR_NONE && file_contents != NULL)
- free(file_contents);
-
- return ret;
-}
-
-int _write_to_file(const char* path, const unsigned char* data, size_t len)
-{
- int ret = WAE_ERROR_NONE;
-
- FILE* f = NULL;
- int write_len = -1;
-
- f = fopen(path, "w");
- if( f == NULL) {
- ret = WAE_ERROR_FILE;
- goto error;
- }
-
- write_len = fwrite(data, 1, len, f);
- if(write_len != (int) len) {
- ret = WAE_ERROR_FILE;
- goto error;
- }
-error:
- if(f != NULL)
- fclose(f);
-
- return ret;
-}
-
-
-RUNNER_TEST_GROUP_INIT(libwebappenc)
-
-RUNNER_TEST(T01_init) {
- wae_remove_app_dek(TEST_PKGID_1, WAE_DOWNLOADED_GLOBAL_APP);
- wae_remove_app_dek(TEST_PKGID_2, WAE_PRELOADED_APP);
-}
-
-RUNNER_CHILD_TEST(T02_downloaded_web_app_enc){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_1;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
-
- wae_app_type_e appType = WAE_DOWNLOADED_GLOBAL_APP;
-
- ret = wae_encrypt_web_application(pkgId, appType,
- (const unsigned char*)plaintext, plaintextLen,
- &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_encrypt_web_application. ret=" << ret);
-
- ret = _write_to_file(DOWNLOADED_ENC_FILE, encrypted, encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _write_to_file. file=" << DOWNLOADED_ENC_FILE);
-}
-
-RUNNER_CHILD_TEST(T03_downloaded_web_app_dec){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_1;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
- unsigned char* decrypted = NULL;
- size_t decLen = 0;
-
- wae_app_type_e appType = WAE_DOWNLOADED_GLOBAL_APP;
-
- ret = _read_from_file(DOWNLOADED_ENC_FILE, &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _read_from_file. ret=" << ret);
-
- ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_decrypt_web_application. ret=" << ret);
-
- RUNNER_ASSERT_MSG(plaintextLen == decLen,
- "FAIL: plaintext_len("<<plaintextLen<<") != decrypted_len(" <<decLen<<")");
- RUNNER_ASSERT_MSG(strncmp(plaintext, (char *)decrypted, decLen) == 0,
- "FAIL: plaintext("<<plaintext <<") != decrypted("<<(char *)decrypted <<")");
-}
-
-
-RUNNER_CHILD_TEST(T04_preloaded_web_app_enc){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_2;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
-
- wae_app_type_e appType = WAE_PRELOADED_APP;
-
- ret = wae_encrypt_web_application(pkgId, appType,
- (const unsigned char*)plaintext, plaintextLen,
- &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_encrypt_web_application. ret=" << ret);
-
- ret = _write_to_file(PRELOADED_ENC_FILE, encrypted, encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _write_to_file. file=" << DOWNLOADED_ENC_FILE);
-}
-
-RUNNER_TEST(T05_reload_app_deks) {
- int ret = system("wae_initializer --reload");
- RUNNER_ASSERT_MSG(ret != -1, "FAIL: load_preloaded_app_deks. ret=" << ret);
-}
-
-RUNNER_CHILD_TEST(T06_preloaded_web_app_dec){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_2;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
- unsigned char* decrypted = NULL;
- size_t decLen = 0;
-
- wae_app_type_e appType = WAE_PRELOADED_APP;
-
- ret = _read_from_file(PRELOADED_ENC_FILE, &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _read_from_file. ret=" << ret);
-
- ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_decrypt_web_application. ret=" << ret);
-
- RUNNER_ASSERT_MSG(plaintextLen == decLen,
- "FAIL: plaintext_len("<<plaintextLen<<") != decrypted_len(" <<decLen<<")");
- RUNNER_ASSERT_MSG(strncmp(plaintext, (char *)decrypted, decLen) == 0,
- "FAIL: plaintext("<<plaintext <<") != decrypted("<<(char *)decrypted <<")");
-}
-
-
-RUNNER_CHILD_TEST(T07_remove_app_dek) {
- int ret = WAE_ERROR_NONE;
-
- ret = wae_remove_app_dek(TEST_PKGID_1, WAE_DOWNLOADED_GLOBAL_APP);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_remove_app_dek. ret=" << ret);
-
- ret = wae_remove_app_dek(TEST_PKGID_2, WAE_PRELOADED_APP);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_remove_app_dek. ret=" << ret);
-}
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Marcin Niesluchowski (m.niesluchow@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
- REQUIRED
- libsmack
- libprivilege-control
- cynara-client
- cynara-admin
- security-manager
- libtzplatform-config
- sqlite3
- libcap
- dbus-1
- libgum)
-
-
-SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
-
-SET(SEC_MGR_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_sharing_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SEC_MGR_TESTS_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-FIND_PACKAGE(Threads)
-
-ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
- ${SEC_MGR_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- ${CMAKE_THREAD_LIBS_INIT}
- )
-
-INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/app_files/
- DESTINATION /usr/apps/
-)
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#pragma once
-
-#include <unistd.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/smack.h>
-
-#include <string>
-
-
-struct AppInstallHelper {
- AppInstallHelper(const std::string &name)
- : m_name(name)
- {}
-
- std::string getInstallDir() {
- return "/usr/apps/" + getPkgId();
- }
-
- std::string getTrustedDir(int i = 0) {
- return getInstallDir() + "/trustedDir" + std::to_string(i);
- }
-
- std::string getPrivateDir() {
- return getInstallDir() + "/app_dir/";
- }
-
- std::string getSharedPath(int i = 0) {
- return getPrivateDir() + "shareme" + std::to_string(i);
- }
- std::string getAppId() {
- return m_name + "_app_id";
- }
-
- std::string getPkgId() {
- return m_name + "_pkg_id";
- }
-
- void createInstallDir() {
- if (mkdir(getInstallDir().c_str(), 0777) == 0) {
- m_dirs.push_back(getInstallDir());
- }
- }
-
- void createTrustedDir(int i = 0) {
- if (mkdir(getTrustedDir(i).c_str(), 0777) == 0) {
- m_dirs.push_back(getTrustedDir(i));
- }
- }
- void createPrivateDir() {
- if (mkdir(getPrivateDir().c_str(), 0777) == 0) {
- m_dirs.push_back(getPrivateDir());
- }
- }
-
- void createSharedFile(int i = 0) {
- if (creat(getSharedPath(i).c_str(), 0777) == 0) {
- m_files.push_back(getSharedPath(i));
- }
- }
-
- void revokeRules() {
- RUNNER_ASSERT_MSG(
- 0 == smack_revoke_subject(generateAppLabel().c_str()),
- "Revoking smack subject failed");
- RUNNER_ASSERT_MSG(
- 0 == smack_revoke_subject(generatePkgLabel().c_str()),
- "Revoking smack subject failed");
- }
-
- std::string generateAppLabel() {
- return "User::App::" + getAppId();
- }
-
- std::string generatePkgLabel() {
- return "User::Pkg::" + getPkgId();
- }
-
- virtual ~AppInstallHelper() {
- // TODO we should also remove trusted dirs created with custom params
- for (const auto &dir : m_dirs) {
- rmdir(dir.c_str());
- }
- for (const auto &file : m_files) {
- unlink(file.c_str());
- }
- }
-
-protected:
- std::string m_name;
- std::vector<std::string> m_dirs;
- std::vector<std::string> m_files;
-};
-
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_api.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-namespace Api {
-
-void install(const InstallRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "installing app returned wrong value."
- << " InstallRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void uninstall(const InstallRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "uninstalling app returned wrong value."
- << " InstallRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-std::string getPkgId(const char *appId, lib_retcode expectedResult)
-{
- char *pkgId = nullptr;
- int result = security_manager_get_app_pkgid(&pkgId, appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "getting pkg id from app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- if (expectedResult != SECURITY_MANAGER_SUCCESS)
- return std::string();
-
- RUNNER_ASSERT_MSG(pkgId != nullptr, "getting pkg id did not allocate memory");
- std::string str(pkgId);
- free(pkgId);
- return str;
-}
-
-void setProcessLabel(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_set_process_label_from_appid(appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting process label from app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void setProcessGroups(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_set_process_groups_from_appid(appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting process groups from app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void dropProcessPrivileges(lib_retcode expectedResult)
-{
- int result = security_manager_drop_process_privileges();
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "dropping process privileges returned wrong value."
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void prepareApp(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_prepare_app(appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "preparing app returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void addUser(const UserRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_user_add(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding user returned wrong value."
- << " UserRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void deleteUser(const UserRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_user_delete(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "deleting user returned wrong value."
- << " UserRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_policy_update_send(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "sending policy update for self returned wrong value."
- << " PolicyRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void getConfiguredPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult, bool forAdmin)
-{
- policy_entry **pp_privs_policy = NULL;
- size_t policy_size = 0;
- int result;
-
- if (forAdmin) {
- result = security_manager_get_configured_policy_for_admin(filter.get(), &pp_privs_policy, &policy_size);
- } else {
- result = security_manager_get_configured_policy_for_self(filter.get(), &pp_privs_policy, &policy_size);
- };
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "Unexpected result for filter: " << filter << std::endl
- << " Result: " << result << ";");
-
- for (unsigned int i = 0; i < policy_size; ++i) {
- PolicyEntry pe(*pp_privs_policy[i]);
- policyEntries.push_back(pe);
- };
-}
-
-void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
-{
- policy_entry **pp_privs_policy = NULL;
- size_t policy_size = 0;
- int result;
-
- result = security_manager_get_policy(filter.get(), &pp_privs_policy, &policy_size);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "Unexpected result" << std::endl
- << " Result: " << result << ";");
- for (unsigned int i = 0; i < policy_size; ++i) {
- PolicyEntry pe(*pp_privs_policy[i]);
- policyEntries.push_back(pe);
- };
-}
-
-void applySharing(const SharingRequest &req, lib_retcode expectedResult) {
- int result = security_manager_private_sharing_apply(req.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "Unexpected result from security_manager_private_sharing_apply" << std::endl
- << " Result: " << result << ";");
-}
-
-void dropSharing(const SharingRequest &req, lib_retcode expectedResult) {
- int result = security_manager_private_sharing_drop(req.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "Unexpected result from security_manager_private_sharing_drop" << std::endl
- << " Result: " << result << ";");
-}
-
-void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
-{
- getConfiguredPolicy(filter, policyEntries, expectedResult, false);
-}
-
-void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
-{
- getConfiguredPolicy(filter, policyEntries, expectedResult, true);
-}
-
-void getPkgIdBySocket(int socketFd, std::string *pkgId, std::string *appId, lib_retcode expectedResult)
-{
- char *pkg_Id = nullptr;
- char *app_Id = nullptr;
-
- int result = security_manager_identify_app_from_socket(socketFd,
- pkgId == nullptr ? nullptr : &pkg_Id,
- appId == nullptr ? nullptr : &app_Id);
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "getting pkg id from socket returned wrong value."
- << " socket: " << socketFd << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-
- if (pkgId && result == SECURITY_MANAGER_SUCCESS) {
- RUNNER_ASSERT_MSG(pkg_Id != nullptr, "getting pkg and app id did not allocate memory");
- }
-
- if (appId && result == SECURITY_MANAGER_SUCCESS) {
- RUNNER_ASSERT_MSG(app_Id != nullptr, "getting pkg and app id did not allocate memory");
- }
-
- if (pkg_Id) {
- *pkgId = pkg_Id;
- free(pkg_Id);
- }
-
- if (app_Id) {
- *appId = app_Id;
- free(app_Id);
- }
-}
-
-void getPkgIdByPid(pid_t pid, std::string *pkgId, std::string *appId, lib_retcode expectedResult)
-{
- char *pkg_Id = nullptr;
- char *app_Id = nullptr;
-
- int result = security_manager_identify_app_from_pid(pid,
- pkgId == nullptr ? nullptr : &pkg_Id,
- appId == nullptr ? nullptr : &app_Id);
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "getting pkg id from pid returned wrong value."
- << " pid: " << pid << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-
- if (pkgId && result == SECURITY_MANAGER_SUCCESS) {
- RUNNER_ASSERT_MSG(pkg_Id != nullptr, "getting pkg and app id did not allocate memory");
- }
-
- if (appId && result == SECURITY_MANAGER_SUCCESS) {
- RUNNER_ASSERT_MSG(app_Id != nullptr, "getting pkg and app id did not allocate memory");
- }
-
- if (pkg_Id) {
- *pkgId = pkg_Id;
- free(pkg_Id);
- }
-
- if (app_Id) {
- *appId = app_Id;
- free(app_Id);
- }
-}
-
-void appHasPrivilege(const char *appId, const char *privilege, uid_t user, int &value, lib_retcode expectedResult)
-{
- int result = security_manager_app_has_privilege(appId, privilege, user, &value);
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "checking application privilege returned wrong result."
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-} // namespace Api
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_API
-#define SECURITY_MANAGER_TEST_API
-
-#include <sm_request.h>
-#include <sm_user_request.h>
-#include <sm_policy_request.h>
-#include <sm_sharing_request.h>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-namespace Api {
-
-void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-std::string getPkgId(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void setProcessLabel(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void setProcessGroups(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void prepareApp(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void applySharing(const SharingRequest &req, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void dropSharing(const SharingRequest &req, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPkgIdBySocket(int socketFd, std::string *pkgId, std::string *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPkgIdByPid(pid_t pid, std::string *pkgId, std::string *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void appHasPrivilege(const char *appId, const char *privilege, uid_t user, int &value, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-} // namespace Api
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_API
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file sm_db.cpp
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-manager tests database record check functions
- */
-
-#include <tests_common.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include "sm_db.h"
-#include "db_sqlite.h"
-
-/* Keep this consistent with the database file path used in the security-manager */
-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-
-/* Initialize static constants */
-const bool TestSecurityManagerDatabase::NOT_REMOVED = false;
-const bool TestSecurityManagerDatabase::REMOVED = true;
-
-TestSecurityManagerDatabase::TestSecurityManagerDatabase() : m_base(PRIVILEGE_DB_PATH, SQLITE_OPEN_READWRITE)
-{
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
- const std::string &pkg_name)
-{
- const privileges_t dummy; /* just some empty privileges set */
-
- test_db_after__app_install(app_name, pkg_name, dummy);
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- if (!m_base.is_open())
- m_base.open();
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- check_app_and_pkg(app_name, pkg_name, NOT_REMOVED);
-
- if (!privileges.empty()) {
- check_privileges(app_name, pkg_name, privileges);
- }
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
- const std::string &pkg_name,
- const bool is_pkg_removed)
-{
- const privileges_t dummy; /* just some empty privileges set */
-
- test_db_after__app_uninstall(app_name, pkg_name, dummy, is_pkg_removed);
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges,
- const bool is_pkg_removed)
-{
- if (!m_base.is_open())
- m_base.open();
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- check_app_and_pkg(app_name, pkg_name, REMOVED);
- check_pkg(pkg_name, is_pkg_removed);
-
- if (!privileges.empty()) {
- check_privileges_removed(app_name, pkg_name, privileges);
- }
-}
-
-void TestSecurityManagerDatabase::check_privileges(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- bool result;
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- result = check_privilege(app_name, pkg_name, *it);
-
- RUNNER_ASSERT_MSG(result == true, "privilege: <" << *it << "> not added to app: <" <<
- app_name << "> from pkg_id: <" << pkg_name << ">");
- }
-}
-
-void TestSecurityManagerDatabase::check_privileges_removed(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- bool result;
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- result = check_privilege(app_name, pkg_name, *it);
-
- RUNNER_ASSERT_MSG(result == false, "privilege: <" << *it << "> not removed for app: <" <<
- app_name << "> from pkg_id: <" << pkg_name << ">");
- }
-}
-
-void TestSecurityManagerDatabase::check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
- const bool is_app_removed)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT app_name, pkg_name FROM app_pkg_view"
- " WHERE app_name == '" << app_name << "' "
- " AND pkg_name == '" << pkg_name << "' ;";
- m_base.execute(sql.str(), result);
-
- if (is_app_removed) /* expect 0 results */
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() <<
- "> returned [" << result.rows.size() << "] rows, expected [0]");
- else /* expect exactly 1 result with 2 columns */
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 2, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows, expected [1]");
-}
-
-void TestSecurityManagerDatabase::check_pkg(const std::string &pkg_name,
- const bool is_pkg_removed)
-{
- const unsigned expected_rows = is_pkg_removed ? 0 : 1;
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT pkg_id FROM pkg"
- " WHERE name == '" << pkg_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == expected_rows, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows, expected [" <<
- expected_rows << "] rows");
-}
-
-bool TestSecurityManagerDatabase::check_privilege(const std::string &app_name,
- const std::string &pkg_name,
- const std::string &privilege)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT privilege_id FROM app_privilege_view"
- " WHERE app_name == '" << app_name << "' "
- " AND pkg_name == '" << pkg_name << "' "
- " AND privilege_name == '" << privilege << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- /* only 0 or 1 resulting rows are alowed */
- RUNNER_ASSERT_MSG(result.rows.size() == 0 || result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-
- return result.rows.size() == 1;
-}
-
-void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &privilege,
- const std::vector<std::string> &groups)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
-
- if (!m_base.is_open())
- m_base.open();
-
- for (const auto &group : groups) {
- sql.clear();
- sql.str("");
- sql << "INSERT INTO privilege_group_view (privilege_name, group_name) "
- "VALUES ("
- << "'" << privilege << "'" << ","
- << "'" << group << "'" << ")";
- m_base.execute(sql.str(), result);
- }
-}
-
-int64_t TestSecurityManagerDatabase::get_author_id(const std::string &authorName)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
-
- if (!m_base.is_open())
- m_base.open();
-
- sql.clear();
- sql.str("SELECT author_id FROM author where name=\"" + authorName + "\"");
- m_base.execute(sql.str(), result);
-
- if(result.rows.empty())
- return 0;
-
- std::istringstream os(result.rows[0][0]);
- int64_t id;
- os >> id;
- return id;
-}
-
-std::string TestSecurityManagerDatabase::get_path_label(const std::string &path)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- if (!m_base.is_open())
- m_base.open();
- sql.clear();
- sql.str("SELECT path_label FROM shared_path WHERE path=\"" + path + "\"");
- m_base.execute(sql.str(), result);
-
- if(result.rows.empty())
- return "";
-
- return result.rows[0][0];
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file sm_db.h
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-manager tests database record check functions
- */
-
-#ifndef SECURITY_MANAGER_TEST_DB_H_
-#define SECURITY_MANAGER_TEST_DB_H_
-
-#include <string>
-#include "db_sqlite.h"
-
-typedef std::vector<std::string> privileges_t;
-
-/**
- * @class TestSecurityManagerDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestSecurityManagerDatabase
-{
-public:
-/**
- * @brief A usefull constant to indicate that app/pkg should be present in db
- */
- const static bool NOT_REMOVED;
-/**
- * @brief A usefull constant to indicate that app/pkg should not be present in db
- */
- const static bool REMOVED;
-/**
- * @brief A constructor
- */
- TestSecurityManagerDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestSecurityManagerDatabase() = default;
-
-/**
- * @brief Method for testing database after "security_manager_app_install" was run.
- *
- * It checks existence of proper: - app_name
- * - pkg_name
- *
- * @param app_name name of the app previously used in security_manager_app_install.
- * @param pkg_name name of the pkg previously used in security_manager_app_install.
- */
- void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name);
-
-/**
- * @brief Method for testing database after "security_manager_app_install" was run.
- *
- * It checks existence of proper: - app_name
- * - pkg_name
- * - privileges
- * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
- *
- * @param app_name name of the app previously used in security_manager_app_install.
- * @param pkg_name name of the pkg previously used in security_manager_app_install.
- * @param privileges vector of privileges previously used in security_manager_app_install.
- */
- void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief Method for testing database after "security_manager_app_uninstall" was run.
- *
- * It checks absence of proper: - app_name
- * - optionally pkg_name
- *
- * @param app_name name of the app previously used in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
- * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
- */
- void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
- const bool is_pkg_removed);
-
-/**
- * @brief Method for testing database after "security_manager_app_uninstall" was run.
- *
- * It checks absence of proper: - app_name
- * - optionally pkg_name
- * - app privileges
- * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
- *
- * @param app_name name of the app previously used in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
- * @param privileges vector of privileges previously used in security_manager_app_uninstall.
- * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
- */
- void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges, const bool is_pkg_removed);
-
-/**
- * @brief It checks db for existence of a all privileges from install request.
- *
- * @param app_name name of the app previously used i.e. in security_manager_app_install.
- * @param pkg_name name of the pkg previously used i.e. in security_manager_app_install.
- * @param privileges vector of privileges previously used i.e. in security_manager_app_install.
- */
- void check_privileges(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief It checks in db if all app privileges from install request are removed.
- *
- * @param app_name name of the app previously used i.e. in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used i.e. in security_manager_app_uninstall.
- * @param privileges vector of privileges previously used i.e. in security_manager_app_uninstall.
- */
- void check_privileges_removed(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief Method for setting privilege to groups mapping in security-manager database
- *
- * @param privilege name of the privilege
- * @param groups vector of group names
- */
- void setup_privilege_groups(const std::string &privilege,
- const std::vector<std::string> &groups);
-
-/**
- * @brief Method for getting author id from database.
- */
- int64_t get_author_id(const std::string &authorName);
-/**
- * @brief Method for path label from database.
- */
- std::string get_path_label(const std::string &path);
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestSecurityManagerDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check db for [non]existence of given app_name in pkg_name
- *
- * @param app_name name of application
- * @param pkg_name name of package
- * @param is_app_removed tells if app is expected in db
- */
- void check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
- const bool is_app_removed);
-
-/**
- * @brief Check db for [non]existence of given pkg_name
- *
- * @param pkg_name name of the package
- * @param is_pkg_removed tells if pkg is expected in db
- */
- void check_pkg(const std::string &pkg_name,
- const bool is_pkg_removed);
-
-/**
- * @brief Check db for existence of a single privilege.
- *
- * @param app_name name of application
- * @param pkg_name application's package name
- * @param privilege name of the privilege
- *
- * @return true when privilege present
- * false when privilege not present
- */
- bool check_privilege(const std::string &app_name, const std::string &pkg_name,
- const std::string &privilege);
-};
-
-#endif /* SECURITY_MANAGER_TEST_DB_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_policy_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-PolicyEntry::PolicyEntry()
- : m_appId(true, std::string(SECURITY_MANAGER_ANY))
- , m_user(true, std::string(SECURITY_MANAGER_ANY))
- , m_privilege(true, std::string(SECURITY_MANAGER_ANY))
- , m_currentLevel(false, std::string(""))
- , m_maxLevel(false, std::string(""))
-{
- int result = security_manager_policy_entry_new(&m_entry);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new policy entry failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
-
- security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
- security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
- security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
-}
-
-PolicyEntry::PolicyEntry(const std::string &appId, const std::string &user,
- const std::string &privilege)
- : m_appId(true, std::string(appId))
- , m_user(true, std::string(user))
- , m_privilege(true, std::string(privilege))
- , m_currentLevel(false, std::string(""))
- , m_maxLevel(false, std::string(""))
-{
- int result = security_manager_policy_entry_new(&m_entry);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new policy entry failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
-
- security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
- security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
- security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
-}
-
-PolicyEntry::PolicyEntry(policy_entry &entry): m_entry(&entry)
-{
- m_appId.first = true;
- m_appId.second = std::string(security_manager_policy_entry_get_application(m_entry));
-
- m_user.first = true;
- m_user.second = std::string(security_manager_policy_entry_get_user(m_entry));
-
- m_privilege.first = true;
- m_privilege.second = std::string(security_manager_policy_entry_get_privilege(m_entry));
-
- m_currentLevel.first = true;
- m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
-
- m_maxLevel.first = true;
- m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
-};
-
-void PolicyEntry::setLevel(const std::string &level)
-{
- m_currentLevel.first = true;
- m_currentLevel.second = level;
- security_manager_policy_entry_set_level(m_entry, level.c_str());
- m_maxLevel.first = true;
- m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
-};
-
-void PolicyEntry::setMaxLevel(const std::string &level)
-{
- m_maxLevel.first = true;
- m_maxLevel.second = level;
- security_manager_policy_entry_admin_set_level(m_entry, level.c_str());
- m_currentLevel.first = true;
- m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
-};
-
-
-std::ostream& operator<<(std::ostream &os, const PolicyEntry &request)
-{
- if (request.m_appId.first)
- os << "appId: " << request.m_appId.second << "; ";
-
- if (request.m_user.first)
- os << "user: " << request.m_user.second << "; ";
-
- if (request.m_privilege.first)
- os << "privilege: " << request.m_privilege.second << "; ";
-
- if (request.m_currentLevel.first)
- os << "current: " << request.m_currentLevel.second << "; ";
-
- if (request.m_maxLevel.first)
- os << "max: " << request.m_maxLevel.second << "; ";
-
- return os;
-}
-
-PolicyEntry::~PolicyEntry()
-{
-}
-
-void PolicyEntry::free(void)
-{
- security_manager_policy_entry_free(m_entry);
-}
-
-
-PolicyRequest::PolicyRequest()
- : m_req(nullptr),
- m_entries()
-{
- int result = security_manager_policy_update_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new policy request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new policy request did not allocate memory");
-}
-
-PolicyRequest::~PolicyRequest()
-{
- for(std::vector<PolicyEntry>::iterator it = m_entries.begin(); it != m_entries.end(); ++it) {
- it->free();
- }
- security_manager_policy_update_req_free(m_req);
-}
-
-void PolicyRequest::addEntry(PolicyEntry &entry,
- lib_retcode expectedResult)
-{
- int result = 0;
-
- result = security_manager_policy_update_req_add_entry(m_req, entry.get());
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding policy entry to request returned wrong value."
- << " entry: " << entry << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-
- m_entries.push_back(entry);
-}
-
-std::ostream& operator<<(std::ostream &os, const PolicyRequest &request)
-{
- if (request.m_entries.size() != 0)
- {
- os << "PolicyRequest m_entries size: " << request.m_entries.size() << "; ";
-
- for(unsigned int i = 0; i != request.m_entries.size(); i++) {
- os << "entry " << i << ": " << request.m_entries[i] << "; ";
- }
- }
-
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_POLICYREQUEST
-#define SECURITY_MANAGER_TEST_POLICYREQUEST
-
-#include <iostream>
-#include <sys/types.h>
-#include <utility>
-#include <vector>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class PolicyEntry
-{
-public:
- PolicyEntry();
-
- PolicyEntry(const std::string &appId,
- const std::string &user,
- const std::string &privilege
- );
- ~PolicyEntry();
-
- PolicyEntry(policy_entry &entry);
-
- policy_entry *get() const { return m_entry; }
- std::string getUser() const { return m_user.second; }
- std::string getAppId() const { return m_appId.second; }
- std::string getPrivilege() const { return m_privilege.second; }
- std::string getCurrentLevel() const { return m_currentLevel.second; }
- std::string getMaxLevel() const { return m_maxLevel.second; }
- void setLevel(const std::string &level);
- void setMaxLevel(const std::string &level);
- void free(void);
-
- friend std::ostream& operator<<(std::ostream &, const PolicyEntry&);
-
-private:
- policy_entry *m_entry;
- std::pair<bool, std::string> m_appId;
- std::pair<bool, std::string> m_user;
- std::pair<bool, std::string> m_privilege;
- std::pair<bool, std::string> m_currentLevel;
- std::pair<bool, std::string> m_maxLevel;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyEntry &request);
-
-class PolicyRequest
-{
-public:
- PolicyRequest();
- PolicyRequest(const PolicyRequest&) = delete;
- PolicyRequest& operator=(const PolicyRequest&) = delete;
- ~PolicyRequest();
-
- void addEntry(PolicyEntry &entry, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-
- policy_update_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const PolicyRequest&);
-
-private:
- policy_update_req *m_req;
- std::vector<PolicyEntry> m_entries;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_USERREQUEST
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-InstallRequest::InstallRequest()
- : m_req(nullptr)
- , m_tizenVer("3.0")
- , m_uid(false, 0)
-{
- int result = security_manager_app_inst_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
-}
-
-InstallRequest::~InstallRequest()
-{
- security_manager_app_inst_req_free(m_req);
-}
-
-void InstallRequest::setAppTizenVersion(std::string tizenVer, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_target_version(m_req, tizenVer.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting app id returned wrong value."
- << " Tizen version: " << tizenVer << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_tizenVer = std::move(tizenVer);
-}
-
-void InstallRequest::setAppId(std::string appId, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_app_id(m_req, appId.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_appId = std::move(appId);
-}
-
-void InstallRequest::setPkgId(std::string pkgId, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_pkg_id(m_req, pkgId.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting pkg id returned wrong value."
- << " Pkg id: " << pkgId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_pkgId = std::move(pkgId);
-}
-
-void InstallRequest::addPrivilege(const char *privilege, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_add_privilege(m_req, privilege);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding privilege returned wrong value."
- << " Privilege: " << privilege << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_privileges.push_back(strdup(privilege));
-}
-
-void InstallRequest::addPath(std::string path, app_install_path_type pathType, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_add_path(m_req, path.c_str(), pathType);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding path returned wrong value."
- << " Path: " << path << ";"
- << " Path type: " << pathType << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_paths.emplace_back(std::pair<std::string, app_install_path_type>(std::move(path), pathType));
-}
-
-void InstallRequest::setUid(const uid_t uid, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_uid(m_req, uid);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting uid returned wrong value."
- << " Uid: " << uid << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_uid.first = true;
- m_uid.second = uid;
-}
-
-void InstallRequest::setAuthorId(std::string authorId, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_author_id(m_req, authorId.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting author id returned wrong value."
- << " Author id: " << m_authorId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_authorId = std::move(authorId);
-}
-
-std::ostream& operator<<(std::ostream &os, const InstallRequest &request)
-{
- if (!request.m_appId.empty())
- os << "app id: " << request.m_appId << "; ";
- if (!request.m_pkgId.empty())
- os << "pkg id: " << request.m_pkgId << "; ";
- if (!request.m_privileges.empty()) {
- os << "privileges: [ " << request.m_privileges[0];
- for (size_t i=1; i < request.m_privileges.size(); ++i) {
- os << "; " << request.m_privileges[i];
- }
- os << " ]";
- }
- if (!request.m_paths.empty()) {
- os << "paths: [ " << "< " << request.m_paths[0].first << "; "
- << request.m_paths[0].second << " >";
- for (size_t i=1; i < request.m_paths.size(); ++i) {
- os << "; < " << request.m_paths[i].first << "; "
- << request.m_paths[i].second << " >";
- }
- os << " ]";
- }
- if (request.m_uid.first)
- os << "uid: " << request.m_uid.second << "; ";
- if (!request.m_authorId.empty()) {
- os << "author id: " << request.m_authorId << "; ";
- }
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_INSTALLREQUEST
-#define SECURITY_MANAGER_TEST_INSTALLREQUEST
-
-#include <iostream>
-#include <string>
-#include <sys/types.h>
-#include <utility>
-#include <vector>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class InstallRequest
-{
-public:
- InstallRequest();
- InstallRequest(const InstallRequest&) = delete;
- InstallRequest& operator=(const InstallRequest&) = delete;
- ~InstallRequest();
-
- void setAppTizenVersion(std::string tizenVer,
- lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setAppId(std::string appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setPkgId(std::string pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void addPath(std::string path, app_install_path_type pathType,
- lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
- void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setAuthorId(std::string authorId, lib_retcode expectedResult= SECURITY_MANAGER_SUCCESS);
-
- std::string getAppTizenVersion() const { return m_tizenVer; }
- app_inst_req *get() { return m_req; }
- const app_inst_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const InstallRequest&);
-
-private:
- app_inst_req *m_req;
-
- std::string m_tizenVer;
- std::string m_appId;
- std::string m_pkgId;
- std::string m_authorId;
- std::vector<std::string> m_privileges;
- std::vector<std::pair<std::string, app_install_path_type> > m_paths;
- std::pair<bool, uid_t> m_uid;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::InstallRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_INSTALLREQUEST
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_sharing_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-SharingRequest::SharingRequest()
- : m_req(nullptr)
-{
- int result = security_manager_private_sharing_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
-}
-
-SharingRequest::~SharingRequest()
-{
- security_manager_private_sharing_req_free(m_req);
-}
-
-void SharingRequest::setOwnerAppId(const std::string &appId, lib_retcode expectedResult)
-{
- int result = security_manager_private_sharing_req_set_owner_appid(m_req, appId.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_appId = appId;
-}
-
-void SharingRequest::setTargetAppId(const std::string &appId, lib_retcode expectedResult)
-{
- int result = security_manager_private_sharing_req_set_target_appid(m_req, appId.c_str());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_appId = appId;
-}
-
-void SharingRequest::addPaths(const char **paths, size_t pathCount, lib_retcode expectedResult)
-{
- int result = security_manager_private_sharing_req_add_paths(m_req, paths, pathCount);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding path returned wrong value."
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- for (size_t i = 0; i < pathCount; i++) {
- m_paths.push_back(paths[i]);
- }
-}
-
-std::ostream& operator<<(std::ostream &os, const SharingRequest &request)
-{
-
- os << "app id: " << request.m_appId << "; ";
- os << "pkg id: " << request.m_pkgId << "; ";
-
- if (!request.m_paths.empty()) {
- os << "paths: [ " << "< " << request.m_paths[0] << ">";
- for (size_t i=1; i < request.m_paths.size(); ++i) {
- os << "; < " << request.m_paths[i] << ">";
- }
- os << " ]";
- }
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_SHARINGREQUEST
-#define SECURITY_MANAGER_TEST_SHARINGREQUEST
-
-#include <iostream>
-#include <string>
-#include <sys/types.h>
-#include <utility>
-#include <vector>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class SharingRequest
-{
-public:
- SharingRequest();
- SharingRequest(const SharingRequest&) = delete;
- SharingRequest& operator=(const SharingRequest&) = delete;
- ~SharingRequest();
-
- void setOwnerAppId(const std::string &appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setTargetAppId(const std::string &pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void addPaths(const char **paths, size_t path_count,
- lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
- const private_sharing_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const SharingRequest&);
-
-private:
- private_sharing_req *m_req;
-
- std::string m_appId;
- std::string m_pkgId;
- std::vector<std::string> m_paths;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::SharingRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_SHARINGREQUEST
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_user_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-UserRequest::UserRequest()
- : m_req(nullptr)
- , m_uid(false, 0)
- , m_utype(false, static_cast<security_manager_user_type>(0))
-{
- int result = security_manager_user_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
-}
-
-UserRequest::~UserRequest()
-{
- security_manager_user_req_free(m_req);
-}
-
-void UserRequest::setUid(const uid_t uid, lib_retcode expectedResult)
-{
- int result = security_manager_user_req_set_uid(m_req, uid);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting uid returned wrong value."
- << " Uid: " << uid << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_uid.first = true;
- m_uid.second = uid;
-}
-
-void UserRequest::setUserType(const security_manager_user_type utype, lib_retcode expectedResult)
-{
- int result = security_manager_user_req_set_user_type(m_req, utype);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting user type returned wrong value."
- << " User type: " << utype << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_utype.first = true;
- m_utype.second = utype;
-}
-
-std::ostream& operator<<(std::ostream &os, const UserRequest &request)
-{
- if (request.m_uid.first)
- os << "uid: " << request.m_uid.second << "; ";
-
- if (request.m_utype.first)
- os << "utype: " << request.m_utype.second << "; ";
-
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_USERREQUEST
-#define SECURITY_MANAGER_TEST_USERREQUEST
-
-#include <iostream>
-#include <sys/types.h>
-#include <utility>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class UserRequest
-{
-public:
- UserRequest();
- UserRequest(const UserRequest&) = delete;
- UserRequest& operator=(const UserRequest&) = delete;
- ~UserRequest();
-
- void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setUserType(const security_manager_user_type utype,
- lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
-
- const user_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const UserRequest&);
-
-private:
- user_req *m_req;
-
- std::pair<bool, uid_t> m_uid;
- std::pair<bool, security_manager_user_type> m_utype;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::UserRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_USERREQUEST
+++ /dev/null
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <memory.h>
-#include <semaphore.h>
-#include <unistd.h>
-
-#include <attr/xattr.h>
-#include <linux/xattr.h>
-#include <sys/capability.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-#include <sys/smack.h>
-
-#include <algorithm>
-#include <fstream>
-#include <string>
-#include <unordered_set>
-
-#include <grp.h>
-#include <pwd.h>
-
-#include <tzplatform_config.h>
-#include <security-manager.h>
-
-#include <access_provider.h>
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
-#include <libprivilege-control_test_common.h>
-#include <passwd_access.h>
-#include <tests_common.h>
-#include <sm_api.h>
-#include <sm_db.h>
-#include <sm_request.h>
-#include <sm_sharing_request.h>
-#include <sm_user_request.h>
-#include <app_install_helper.h>
-#include <synchronization_pipe.h>
-#include <temp_test_user.h>
-#include <uds.h>
-#include <cynara_test_client.h>
-#include <cynara_test_admin.h>
-#include <service_manager.h>
-#include <cynara_test_admin.h>
-#include "memory.h"
-
-using namespace SecurityManagerTest;
-
-DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr);
-
-static const privileges_t SM_ALLOWED_PRIVILEGES = {
- "http://tizen.org/privilege/location",
- "http://tizen.org/privilege/nfc"
-};
-
-static const privileges_t SM_DENIED_PRIVILEGES = {
- "http://tizen.org/privilege/bluetooth",
- "http://tizen.org/privilege/power"
-};
-
-static const privileges_t SM_NO_PRIVILEGES = {
-};
-
-static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
-
-void changeSecurityContext(const std::string& label, uid_t uid, gid_t gid)
-{
- RUNNER_ASSERT_ERRNO_MSG(0 == smack_set_label_for_self(label.c_str()),
- "Error in smack_set_label_for_self(" << label << ")");
-
- RUNNER_ASSERT_ERRNO_MSG(0 == setgid(gid), "Error in setgid.");
- RUNNER_ASSERT_ERRNO_MSG(0 == setuid(uid), "Error in setuid.");
-}
-
-std::string genPath(int app_num, const char *postfix) {
- char buf[16];
- sprintf(buf, "%02d", app_num);
- return std::string("/usr/apps/sm_test_") + std::string(buf) + std::string("_pkg_id_full/") + std::string(postfix);
-}
-std::string genRWPath(int app_num) {
- return genPath(app_num, "app_dir");
-}
-std::string genROPath(int app_num) {
- return genPath(app_num, "app_dir_ro");
-}
-std::string genPublicROPath(int app_num) {
- return genPath(app_num, "app_dir_public_ro");
-}
-std::string genOwnerRWOthersROPath(int app_num) {
- return genPath(app_num, "app_dir_rw_others_ro");
-}
-
-static const char *const SM_RW_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir";
-
-static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir";
-static const char *const SM_TRUSTED_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_trusted";
-
-static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
-static const std::string EXEC_FILE("exec");
-static const std::string NORMAL_FILE("normal");
-static const std::string LINK_PREFIX("link_to_");
-
-static const std::string PRIVILEGE_MANAGER_APP = "privilege_manager";
-static const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager";
-static const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings";
-static const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin";
-
-static const std::vector<std::string> MANY_APPS = {
- "security_manager_10_app_1",
- "security_manager_10_app_2",
- "security_manager_10_app_3",
- "security_manager_10_app_4",
- "security_manager_10_app_5"
-};
-
-struct app_attributes {
- std::string package;
- std::string Tizen_ver;
-};
-static const std::map<std::string, struct app_attributes> MANY_APPS_PKGS = {
- {"security_manager_10_app_1", {"security_manager_10_pkg_1", "2.1"}},
- {"security_manager_10_app_2", {"security_manager_10_pkg_2", "3.0"}},
- {"security_manager_10_app_3", {"security_manager_10_pkg_3", "2.1.1"}},
- {"security_manager_10_app_4", {"security_manager_10_pkg_4", "3.1"}},
- {"security_manager_10_app_5", {"security_manager_10_pkg_5", "2.2"}},
- {PRIVILEGE_MANAGER_APP, {PRIVILEGE_MANAGER_PKG, "3.0"}}
-};
-
-static const std::vector<privileges_t> MANY_APPS_PRIVILEGES = {
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/location"
- },
- {
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/camera"
- },
- {
- "http://tizen.org/privilege/contact.read",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- },
- {
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email",
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/camera"
- },
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/location",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- }
-};
-
-static std::string generateAppLabel(const std::string &appId)
-{
- return "User::App::" + appId;
-}
-
-static std::string generatePkgLabelOwnerRWothersRO(const std::string &pkgId)
-{
- return "User::Pkg::" + pkgId + "::SharedRO";
-}
-
-static std::string generatePkgLabel(const std::string &pkgId)
-{
- return "User::Pkg::" + pkgId;
-}
-
-static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel, bool transmute_test, bool exec_test)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
- " (should be '" << correctLabel << "' and is '" << label << "')");
-
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
-
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
-
- if (S_ISDIR(sb->st_mode) && transmute_test == true) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
- RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
- "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
- } else {
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
- }
-
- return 0;
-}
-
-// nftw doesn't allow passing user data to functions. Work around by using global variable
-static std::string nftw_expected_label;
-bool nftw_expected_transmute;
-bool nftw_expected_exec;
-
-static int nftw_check_sm_labels(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_sm_labels_app_dir(fpath, sb,
- nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec);
-}
-
-static void prepare_app_path(int app_num, bool others_enabled = false)
-{
- std::string SM_RW_PATH = genRWPath(app_num);
- std::string SM_RO_PATH = genROPath(app_num);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num);
- int result;
-
- result = nftw(SM_RW_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH);
-
- result = nftw(SM_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
-
- result = nftw(SM_PUBLIC_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
-
- if(others_enabled) {
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(app_num);
- result = nftw(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_OWNER_RW_OTHERS_RO_PATH);
- }
-
- result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
-}
-
-static void prepare_app_env(int app_num, bool others_enabled = false)
-{
- prepare_app_path(app_num, others_enabled);
-}
-
-static void check_app_path_after_install(int app_num, const char *pkgId, bool others_enabled=false)
-{
- std::string SM_RW_PATH = genRWPath(app_num);
- std::string SM_RO_PATH = genROPath(app_num);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(app_num);
- int result;
-
- nftw_expected_label = generatePkgLabel(pkgId);
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_RW_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
-
- nftw_expected_label = generatePkgLabel(pkgId) + "::RO";
- nftw_expected_transmute = false;
- nftw_expected_exec = false;
-
- result = nftw(SM_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
-
- nftw_expected_label = "User::Home";
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_PUBLIC_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
-
- result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
-
- // owner RW, others RO
- if(others_enabled) {
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(app_num);
- nftw_expected_label = generatePkgLabelOwnerRWothersRO(pkgId);
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_OWNER_RW_OTHERS_RO_PATH);
- }
-}
-
-
-static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
- const privileges_t &allowed_privs, const privileges_t &denied_privs)
-{
- (void) pkg_id;
- std::string smackLabel = generateAppLabel(app_id);
-
- CynaraTestClient::Client ctc;
-
- for (auto &priv : allowed_privs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
- }
-
- for (auto &priv : denied_privs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
- }
-}
-
-static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
-{
- int ret;
- gid_t main_gid = getgid();
- std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
-
- // Reset supplementary groups
- ret = setgroups(0, NULL);
- RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
-
- Api::setProcessGroups(app_id);
-
- ret = getgroups(0, nullptr);
- RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
-
- std::vector<gid_t> actual_gids(ret);
- ret = getgroups(ret, actual_gids.data());
- RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
-
- for (const auto &gid : actual_gids) {
- RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
- "Application shouldn't get access to group " << gid);
- reference_gids.erase(gid);
- }
-
- RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
-}
-
-static void check_app_after_install(const char *const app_id, const char *const pkg_id,
- const privileges_t &allowed_privs,
- const privileges_t &denied_privs,
- const std::vector<std::string> &allowed_groups)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
- dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
-
- /*Privileges should be granted to all users if root installs app*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
-
- /* Setup mapping of gids to privileges */
- /* Do this for each privilege for extra check */
- for (const auto &privilege : allowed_privs) {
- dbtest.setup_privilege_groups(privilege, allowed_groups);
- }
-
- std::vector<gid_t> allowed_gids;
-
- for (const auto &groupName : allowed_groups) {
- errno = 0;
- struct group* grp = getgrnam(groupName.c_str());
- RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found");
- allowed_gids.push_back(grp->gr_gid);
- }
-
- check_app_gids(app_id, allowed_gids);
-}
-
-static void check_app_after_install(const char *const app_id, const char *const pkg_id)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_install(app_id, pkg_id);
-}
-
-static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
- const privileges_t &privileges, const bool is_pkg_removed)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
-
-
- /*Privileges should not be granted anymore to any user*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
-}
-
-static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
- const bool is_pkg_removed)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
-}
-
-static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
-{
- InstallRequest request;
- request.setAppId(app_id);
- request.setPkgId(pkg_id);
- request.setUid(uid);
- Api::install(request);
-
- check_app_after_install(app_id, pkg_id);
-}
-
-static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
-{
- InstallRequest request;
- request.setAppId(app_id);
-
- Api::uninstall(request);
-
- check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
-}
-
-static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false)
-{
- InstallRequest request;
- request.setAppId(PRIVILEGE_MANAGER_APP.c_str());
- request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str());
- request.setUid(uid);
- request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str());
- if (forAdmin)
- request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str());
- Api::install(request);
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
-};
-
-static inline struct passwd *getUserStruct(const std::string &userName) {
- struct passwd *pw = nullptr;
- errno = 0;
-
- while(!(pw = getpwnam(userName.c_str()))) {
- RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- };
-
- return pw;
-};
-
-static inline struct passwd *getUserStruct(const uid_t uid) {
- struct passwd *pw = nullptr;
- errno = 0;
-
- while(!(pw = getpwuid(uid))) {
- RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- };
-
- return pw;
-};
-
-void check_exact_access(const std::string& subject, const std::string& object, const std::string& access)
-{
- // check access
- if (!access.empty()) {
- int result = smack_have_access(subject.c_str(), object.c_str(), access.c_str());
- RUNNER_ASSERT_MSG(result >= 0, "smack_have_access failed");
- RUNNER_ASSERT_MSG(result == 1,
- "No smack access: " << subject << " " << object << " " << access);
- }
- // check excessive access
- auto foundInAccess = [&access](std::string::value_type c) {
- return access.find(c) != std::string::npos; };
-
- std::string negative = "rwxatl";
- auto end = std::remove_if(negative.begin(), negative.end(), foundInAccess);
- negative.erase(end, negative.end());
-
- for(const auto& c : negative) {
- int result = smack_have_access(subject.c_str(), object.c_str(), std::string(1, c).c_str());
- RUNNER_ASSERT_MSG(result >= 0, "smack_have_access failed");
- RUNNER_ASSERT_MSG(result == 0,
- "Unexpected smack access: " << subject << " " << object << " " << c);
- }
-}
-
-std::string access_opposite(std::string &access) {
- static const std::map<char, int> access_mapping = {{'r', 0}, {'w', 1}, {'x', 2}, {'a', 3},
- {'t', 4}, {'l', 5}};
- //May write implies may lock
- if (access.find('w') != std::string::npos && access.find('l') == std::string::npos) {
- access.append("l");
- }
- std::string access_opposite = "rwxatl";
- for (char c : access) {
- access_opposite[access_mapping.at(c)] = '-';
- }
- auto it = std::remove_if(access_opposite.begin(), access_opposite.end(), [](char c) {return c == '-';});
- access_opposite.erase(it, access_opposite.end());
- return access_opposite;
-}
-
-void check_exact_smack_accesses(const std::string &subject, const std::string &object, const std::string &access) {
- std::string access_str(access);
- auto no_access = access_opposite(access_str);
- for (char c : access_str) {
- int ret = smack_have_access(subject.c_str(), object.c_str(), std::string(1, c).c_str());
- RUNNER_ASSERT_MSG(ret >= 0, "smack_have_access failed: <" << subject << ">, <" << object << ">, <" << c << "> errno=" << strerror(errno));
- RUNNER_ASSERT_MSG(ret == 1, "Access " << c << " from " << subject << " to "
- << object << " not given");
- }
-
- for (char c : no_access) {
- int ret = smack_have_access(subject.c_str(), object.c_str(), std::string(1, c).c_str());
- RUNNER_ASSERT_MSG(ret >= 0, "smack_have_access failed: <" << subject << ">, <" << object << ">, <" << c << "> errno=" << strerror(errno));
- RUNNER_ASSERT_MSG(ret == 0, "Access " << c << " from " << subject << " to "
- << object << " unnecessarily given");
- }
-}
-
-
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
-
-
-RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
-{
- const char *const sm_app_id = "sm_test_01a_app_id_double";
- const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
- Api::install(requestInst);
-
- // Check records in the security-manager database
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
- Api::uninstall(requestUninst);
-
- // Check records in the security-manager database
- check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
-}
-
-
-RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
-{
- const char *const sm_app_id = "sm_test_01b_app";
- const char *const sm_pkg_id = "sm_test_01b_pkg";
- const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- InstallRequest requestInst2;
- requestInst2.setAppId(sm_app_id);
- requestInst2.setPkgId(sm_pkg_id_wrong);
-
- Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
-
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-
-
- /* Check records in the security-manager database */
- check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
-
-}
-
-RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
-{
- const char * const sm_app_id = "SM_TEST_01c_APPID";
- const char * const sm_pkg_id = "SM_TEST_01c_PKGID";
- const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
- requestUninst.setPkgId(sm_pkg_id_wrong);
-
- Api::uninstall(requestUninst);
-
- check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
-
-}
-
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
-{
- std::string SM_RW_PATH = genRWPath(2);
- std::string SM_RO_PATH = genROPath(2);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(2);
-
- const char *const sm_app_id = "sm_test_02_app_id_full";
- const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
-
- prepare_app_env(2);
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(2, sm_pkg_id, false);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_id, sm_pkg_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
-}
-
-RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
-{
- const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
- const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
- const char *const socketLabel = "not_expected_label";
- std::string expected_label = generateAppLabel(app_id);
- char *label = nullptr;
- CStringPtr labelPtr;
- int result;
-
- uninstall_app(app_id, pkg_id, true);
- install_app(app_id, pkg_id);
-
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- //Clean up before creating socket
- unlink(SOCK_PATH);
- int sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
- //Set socket label to something different than expecedLabel
- result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Can't set socket label. Result: " << result);
- result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Can't set socket label. Result: " << result);
-
- Api::setProcessLabel(app_id);
-
- result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label);
- RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
- labelPtr.reset(label);
- result = expected_label.compare(label);
- RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- expected_label << " Actual: " << label);
-
- result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label);
- RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
- labelPtr.reset(label);
- result = expected_label.compare(label);
- RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- expected_label << " Actual: " << label);
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
- labelPtr.reset(label);
-
- result = expected_label.compare(label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label is incorrect. Expected: \"" << expected_label <<
- "\" Actual: \"" << label << "\"");
-
- uninstall_app(app_id, pkg_id, true);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
-{
- const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
- const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
-
- uninstall_app(app_id, pkg_id, true);
- install_app(app_id, pkg_id);
-
- Api::setProcessLabel(app_id);
-
- uninstall_app(app_id, pkg_id, true);
-}
-
-static void prepare_request(InstallRequest &request,
- const char *const app_id,
- const char *const pkg_id,
- app_install_path_type pathType,
- const char *const path,
- uid_t uid)
-{
- request.setAppId(app_id);
- request.setPkgId(pkg_id);
- request.addPath(path, pathType);
-
- if (uid != 0)
- request.setUid(uid);
-}
-
-static uid_t getGlobalUserId(void)
-{
- return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
-}
-
-static const std::string appDirPath(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- struct tzplatform_context *tzCtxPtr = nullptr;
-
- RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr));
- TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
-
- RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()),
- "Unable to set user <" << user.getUserName() << "> for tzplatform context");
-
- const char *appDir = tzplatform_context_getenv(tzCtxPtr,
- getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP);
- RUNNER_ASSERT_MSG(nullptr != appDir,
- "tzplatform_context_getenv failed"
- << "for getting sys rw app of user <" << user.getUserName() << ">");
-
- return std::string(appDir) + "/" + pkgId + "/" + appId;
-}
-
-static const std::string nonAppDirPath(const TemporaryTestUser &user)
-{
- return TMP_DIR + "/" + user.getUserName();
-}
-
-static const std::string uidToStr(const uid_t uid)
-{
- return std::to_string(static_cast<unsigned int>(uid));
-}
-
-static void install_and_check(const char *const sm_app_id,
- const char *const sm_pkg_id,
- const TemporaryTestUser& user,
- const std::string &appDir,
- bool requestUid)
-{
- InstallRequest requestPrivate;
-
- //install app for non-root user
- //should fail (users may only register folders inside their home)
- prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_RW, SM_RW_PATH,
- requestUid ? user.getUid() : 0);
-
- Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
-
- InstallRequest requestPrivateUser;
-
- //install app for non-root user
- //should succeed - this time i register folder inside user's home dir
- prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_RW, appDir.c_str(),
- requestUid ? user.getUid() : 0);
-
- for (auto &privilege : SM_ALLOWED_PRIVILEGES)
- requestPrivateUser.addPrivilege(privilege.c_str());
-
- Api::install(requestPrivateUser);
-
- check_app_permissions(sm_app_id, sm_pkg_id,
- uidToStr(user.getUid()).c_str(),
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
-}
-
-static void createTestDir(const std::string &dir)
-{
- mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
- mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
- mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
-
- mktreeSafe(dir, dirMode);
- creatSafe(dir + "/" + EXEC_FILE, execFileMode);
- creatSafe(dir + "/" + NORMAL_FILE, normalFileMode);
- symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE);
- symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE);
-}
-
-static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir)
-{
- createTestDir(dir);
-
- symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir");
- symlinkSafe(nonAppDir + "/" + EXEC_FILE,
- dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE);
- symlinkSafe(nonAppDir + "/" + NORMAL_FILE,
- dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE);
-}
-
-static void generateAppDir(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- const std::string dir = appDirPath(user, appId, pkgId);
- const std::string nonAppDir = nonAppDirPath(user);
-
- createInnerAppDir(dir, nonAppDir);
- createInnerAppDir(dir + "/.inner_dir", nonAppDir);
- createInnerAppDir(dir + "/inner_dir", nonAppDir);
-}
-
-static void generateNonAppDir(const TemporaryTestUser &user)
-{
- const std::string dir = nonAppDirPath(user);
-
- createTestDir(dir);
- createTestDir(dir + "/.inner_dir");
- createTestDir(dir + "/inner_dir");
-}
-
-static void createTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- generateAppDir(user, appId, pkgId);
- generateNonAppDir(user);
-}
-
-static void removeTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- removeDir(appDirPath(user, appId, pkgId));
- removeDir(nonAppDirPath(user));
-}
-
-RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
-{
- int result;
- const char *const sm_app_id = "sm_test_04a_app_id_uid";
- const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
- const std::string new_user_name = "sm_test_04a_user_name";
-
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- testUser.create();
-
- removeTestDirs(testUser, sm_app_id, sm_pkg_id);
- createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
- const std::string userAppDirPath = appDirPath(testUser, sm_app_id, sm_pkg_id);
-
- //switch user to non-root
- result = drop_root_privileges(testUser.getUid(), testUser.getGid());
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false);
-
- //uninstall app as non-root user
- InstallRequest request;
- request.setAppId(sm_app_id);
-
- Api::uninstall(request);
-
- check_app_permissions(sm_app_id, sm_pkg_id,
- uidToStr(testUser.getUid()).c_str(),
- SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-}
-
-RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
-{
- int result;
- const char *const sm_app_id = "sm_test_04b_app_id_uid";
- const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
- const std::string new_user_name = "sm_test_04b_user_name";
-
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- testUser.create();
-
- removeTestDirs(testUser, sm_app_id, sm_pkg_id);
- createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
- install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser, sm_app_id, sm_pkg_id), true);
-
- //switch user to non-root - root may not uninstall apps for specified users
- result = drop_root_privileges(testUser.getUid(), testUser.getGid());
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- //uninstall app as non-root user
- InstallRequest request;
- request.setAppId(sm_app_id);
-
- Api::uninstall(request);
-
- check_app_permissions(sm_app_id, sm_pkg_id,
- uidToStr(testUser.getUid()).c_str(),
- SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-}
-
-
-RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
-{
- int result;
- CapsSetsUniquePtr caps, caps_empty(cap_init());
-
- caps.reset(cap_from_text("all=eip"));
- RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
- result = cap_set_proc(caps.get());
- RUNNER_ASSERT_MSG(result == 0,
- "can't set capabilities. Result: " << result);
-
- Api::dropProcessPrivileges();
-
- caps.reset(cap_get_proc());
- RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
-
- result = cap_compare(caps.get(), caps_empty.get());
- RUNNER_ASSERT_MSG(result == 0,
- "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
-}
-
-RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
-{
- const char *const app_id = "sm_test_06_app_id_install_app_offline";
- const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
-
- // Uninstall app on-line, off-line mode doesn't support it
- uninstall_app(app_id, pkg_id, true);
-
- ServiceManager("security-manager.service").stopService();
-
- ServiceManager serviceManager("security-manager.socket");
- serviceManager.stopService();
-
- install_app(app_id, pkg_id);
-
- serviceManager.startService();
-
- uninstall_app(app_id, pkg_id, true);
-}
-
-RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
-{
- const char *const sm_app_id = "sm_test_07_app_id_user";
- const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
- const std::string new_user_name = "sm_test_07_user_name";
- std::string uid_string;
- TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
- test_user.create();
- test_user.getUidString(uid_string);
-
- removeTestDirs(test_user, sm_app_id, sm_pkg_id);
- createTestDirs(test_user, sm_app_id, sm_pkg_id);
-
- install_app(sm_app_id, sm_pkg_id, test_user.getUid());
-
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- test_user.remove();
-
- check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-
- check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
-}
-
-RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
-{
- UserRequest addUserRequest;
-
- const char *const sm_app_id = "sm_test_08_app_id_user";
- const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
- const std::string new_user_name = "sm_test_08_user_name";
- std::string uid_string;
-
- // gumd user add
- TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
- test_user.create();
- test_user.getUidString(uid_string);
-
- removeTestDirs(test_user, sm_app_id, sm_pkg_id);
- createTestDirs(test_user, sm_app_id, sm_pkg_id);
-
- addUserRequest.setUid(test_user.getUid());
- addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
-
- //sm user add
- Api::addUser(addUserRequest);
-
- install_app(sm_app_id, sm_pkg_id, test_user.getUid());
-
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- test_user.remove();
-
- UserRequest deleteUserRequest;
- deleteUserRequest.setUid(test_user.getUid());
-
- Api::deleteUser(deleteUserRequest);
-
- check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-
- check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
-}
-
-RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
-{
- const char *const app_id = "security_manager_09_add_user_offline_app";
- const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
- const std::string new_user_name("sm_test_09_user_name");
-
- ServiceManager("security-manager.service").stopService();
-
- ServiceManager serviceManager("security-manager.socket");
- serviceManager.stopService();
-
- TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true);
- test_user.create();
-
- removeTestDirs(test_user, app_id, pkg_id);
- createTestDirs(test_user, app_id, pkg_id);
-
- install_app(app_id, pkg_id, test_user.getUid());
-
- check_app_after_install(app_id, pkg_id);
-
- serviceManager.startService();
-
- test_user.remove();
-
- check_app_after_uninstall(app_id, pkg_id, true);
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self)
-{
- //TEST DATA
- const std::string username("sm_test_10_user_name");
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
- ++privileges_count;
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- //TEST DATA END
-
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
- pid_t pid = fork();
-
- if (pid != 0) { //parent process
- TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false);
- tmpUser.create();
-
- for(const auto &user : users2AppsMap) {
-
- for(const auto &app : user.second) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(tmpUser.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
- //Start child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
-
- int status;
- wait(&status);
-
- tmpUser.remove();
- };
-
- if (pid == 0) { //child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
- //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
-
- struct passwd *pw = getUserStruct(username);
- register_current_process_as_privilege_manager(pw->pw_uid);
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter;
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
-
- for (const auto &policyEntry : policyEntries) {
- std::string user = policyEntry.getUser();
- std::string app = policyEntry.getAppId();
- std::string privilege = policyEntry.getPrivilege();
-
- try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
- };
- };
- exit(0);
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"};
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
- //Only entries for one of the users will be listed
- privileges_count = 0;
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(0)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
-
- ++privileges_count;
- //TEST DATA END
-
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
- pid_t pid = fork();
-
- if (pid != 0) { //parent process
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
-
- //Install apps for both users
- for(const auto &user : users) {
- for(const auto &app : users2AppsMap.at(user.getUserName())) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(user.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
- //Start child
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
-
- int status;
- wait(&status);
-
- for(auto &user : users) {
- user.remove();
- };
- };
-
- if (pid == 0) {
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
- struct passwd *pw = getUserStruct(usernames.at(0));
- register_current_process_as_privilege_manager(pw->pw_uid);
-
- //change uid to normal user
- errno = 0;
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter;
-
- //this call should only return privileges belonging to the current uid
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
-
- for (const auto &policyEntry : policyEntries) {
- std::string user = policyEntry.getUser();
- std::string app = policyEntry.getAppId();
- std::string privilege = policyEntry.getPrivilege();
-
- try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
- };
- };
- exit(0);
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"};
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE}));
-
- privileges_count += 2;
- //TEST DATA END
-
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
- pid_t pid = fork();
-
- if (pid != 0) { //parent process
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
- //Install apps for both users
- for(const auto &user : users) {
- for(const auto &app : users2AppsMap.at(user.getUserName())) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(user.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
-
- //Start child
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
-
- //Wait for child to finish
- int status;
- wait(&status);
-
- for(auto &user : users) {
- user.remove();
- };
- };
-
- if (pid == 0) { //child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
-
- struct passwd *pw = getUserStruct(usernames.at(1));
- register_current_process_as_privilege_manager(pw->pw_uid, true);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter;
- //this call should succeed as the calling user is privileged
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
-
- for (const auto &policyEntry : policyEntries) {
- std::string user = policyEntry.getUser();
- std::string app = policyEntry.getAppId();
- std::string privilege = policyEntry.getPrivilege();
-
- try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
- };
- };
-
- exit(0);
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"};
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
-
- //TEST DATA END
-
- pid_t pid[2];
- sem_t *mutex[2];
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex[0] = sem_open("mutex_1", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #1, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex[1] = sem_open("mutex_2", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #2, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex[0], 1, 0) == 0, "failed to setup mutex #1, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex[1], 1, 0) == 0, "failed to setup mutex #2, errno: " << errno);
- std::vector<PolicyEntry> policyEntries;
-
- pid[0] = fork();
-
- if(pid[0] == 0) { //child #1 process
- RUNNER_ASSERT_MSG(sem_wait(mutex[0]) == 0, "sem_wait in child #1 failed, errno: " << errno);
- struct passwd *pw = getUserStruct(usernames.at(0));
- register_current_process_as_privilege_manager(pw->pw_uid);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry filter;
- PolicyRequest policyRequest;
- //this call should succeed as the calling user is privileged
- Api::getPolicyForSelf(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
-
- PolicyEntry policyEntry(
- MANY_APPS[0],
- std::to_string(pw->pw_uid),
- "http://tizen.org/privilege/internet"
- );
- policyEntry.setLevel("Deny");
-
- policyRequest.addEntry(policyEntry);
- policyEntry = PolicyEntry(
- MANY_APPS[1],
- std::to_string(pw->pw_uid),
- "http://tizen.org/privilege/location"
- );
- policyEntry.setLevel("Deny");
-
- policyRequest.addEntry(policyEntry);
- Api::sendPolicy(policyRequest);
- Api::getPolicyForSelf(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
- exit(0);
- };
-
- if (pid[0] != 0) {//parent process
- pid[1] = fork();
-
- if (pid[1] == 0) { //child #2 process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex[1]) == 0, "sem_wait in child #2 failed, errno: " << errno);
- struct passwd *pw_target = getUserStruct(usernames.at(0));
- struct passwd *pw = getUserStruct(usernames.at(1));
- register_current_process_as_privilege_manager(pw->pw_uid);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry filter = PolicyEntry(
- SECURITY_MANAGER_ANY,
- std::to_string(pw_target->pw_uid),
- SECURITY_MANAGER_ANY
- );
-
- //U2 requests contents of U1 privacy manager - should fail
- Api::getPolicyForSelf(filter, policyEntries);
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
-
- filter = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY
- );
-
- policyEntries.clear();
-
- //U2 requests contents of ADMIN bucket - should fail
- Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
- exit(0);
- };
-
- if (pid[1] != 0) { //parent
-
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
-
- //Install apps for both users
- for(const auto &user : users2AppsMap) {
-
- for(const auto &app : user.second) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(users.at(0).getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
-
- int status;
- //Start child #1
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex[0]) == 0, "Error while opening mutex #1, errno: " << errno);
-
- //Wait until child #1 finishes
- pid_t ret = wait(&status);
- RUNNER_ASSERT_MSG((ret != -1) && WIFEXITED(status), "Updating privileges failed");
-
- //Start child #2
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex[1]) == 0, "Error while opening mutex #2, errno: " << errno);
- //Wait until child #2 finishes
- ret = wait(&status);
- RUNNER_ASSERT_MSG((ret =-1) && WIFEXITED(status), "Listing privileges failed");
-
- for(auto &user : users) {
- user.remove();
- };
-
- sem_close(mutex[0]);
- sem_close(mutex[1]);
- };
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"};
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
-
- privileges_count += 2;
- //TEST DATA END
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
-
- pid_t pid = fork();
- if (pid != 0) {
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
-
- //Install apps for both users
- for(const auto &user : users) {
-
- for(const auto &app : users2AppsMap.at(user.getUserName())) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).package.c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(user.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
- };
- //Start child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
- int status;
- //Wait for child process to finish
- wait(&status);
-
- //switch back to root
- for(auto &user : users) {
- user.remove();
- };
-
- sem_close(mutex);
- }
-
- if (pid == 0) { //child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
-
- struct passwd *pw = getUserStruct(usernames.at(0));
- register_current_process_as_privilege_manager(pw->pw_uid, true);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyRequest *policyRequest = new PolicyRequest();
- PolicyEntry filter;
- std::vector<PolicyEntry> policyEntries;
- //this call should succeed as the calling user is privileged
- Api::getPolicyForSelf(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
-
- PolicyEntry policyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/internet"
- );
- policyEntry.setMaxLevel("Deny");
-
- policyRequest->addEntry(policyEntry);
- policyEntry = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/location"
- );
- policyEntry.setMaxLevel("Deny");
-
- policyRequest->addEntry(policyEntry);
- Api::sendPolicy(*policyRequest);
- Api::getPolicyForAdmin(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
-
- delete policyRequest;
- policyRequest = new PolicyRequest();
- policyEntry = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/internet"
- );
- policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
- policyRequest->addEntry(policyEntry);
-
- policyEntry = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/location"
- );
- policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
-
- policyRequest->addEntry(policyEntry);
- Api::sendPolicy(*policyRequest);
-
- policyEntries.clear();
- Api::getPolicyForAdmin(filter, policyEntries);
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size());
-
- delete policyRequest;
-
- exit(0);
- };
-
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- const char *const update_app_id = "security_manager_15_update_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "ADMIN";
- const std::string username("sm_test_15_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), true);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setMaxLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- const char *const update_other_app_id = "security_manager_15_update_other_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "ADMIN";
- const std::string username("sm_test_15_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), true);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // use wildcard as appId
- PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setMaxLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- const char *const update_app_id = "security_manager_15_update_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "";
- const std::string username("sm_test_15_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), false);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get)
-{
- const std::string username("sm_test_16_user_cynara_policy");
- CynaraTestAdmin::Admin admin;
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- }
- if(pid == 0)
- {
- int ret;
- char** levels;
- std::string allow_policy, deny_policy;
- size_t count;
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // without plugins there should only be 2 policies - Allow and Deny
- ret = security_manager_policy_levels_get(&levels, &count);
-
- RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS,
- "Invlid return code: " << ret);
-
- RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast<int>(count));
-
- deny_policy = std::string(levels[0]);
- allow_policy = std::string(levels[count-1]);
-
- // first should always be Deny
- RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0,
- "Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
-
- // last should always be Allow
- RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0,
- "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
-
- security_manager_policy_levels_free(levels, count);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
-{
- const char *const update_app_id = "security_manager_17_update_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "";
- const std::string username("sm_test_17_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- int pipefd2[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
- RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), false);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
-
- pid = fork();
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd2+1);
- close(pipefd2[0]);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- //wait for child
- waitpid(-1, &result, 0);
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd2);
- close(pipefd2[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // delete this entry
- PolicyRequest deletePolicyRequest;
- PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
-
- deletePolicyRequest.addEntry(deleteEntry);
- Api::sendPolicy(deletePolicyRequest);
- exit(0);
- }
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
-{
- const std::string username("sm_test_17_user_name");
-
- struct message {
- uid_t uid;
- gid_t gid;
- unsigned int privileges_count;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- TemporaryTestUser user(username, static_cast<GumUserType>(GUM_USERTYPE_NORMAL), false);
- user.create();
-
- unsigned int privileges_count = 0;
-
- register_current_process_as_privilege_manager(user.getUid(), false);
- //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
- ++privileges_count;
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- InstallRequest requestInst;
- requestInst.setAppId(MANY_APPS[i].c_str());
- requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).package.c_str());
- requestInst.setUid(user.getUid());
-
- for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) {
- requestInst.addPrivilege(priv.c_str());
- };
-
- Api::install(requestInst);
- privileges_count += MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
- msg.privileges_count = privileges_count;
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // filter by privilege
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet");
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
-
- // filter by other privilege
- policyEntries.clear();
- PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email");
- Api::getPolicy(filter2, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size());
-
- // filter by appId
- policyEntries.clear();
- PolicyEntry filter3(MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY);
- Api::getPolicy(filter3, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
- }
-}
-
-RUNNER_CHILD_TEST(security_manager_18_user_cynara_policy)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- const char *const MAIN_BUCKET = "MAIN";
- const char *const MANIFESTS_BUCKET = "MANIFESTS";
- const char *const ADMIN_BUCKET = "ADMIN";
- const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
- const std::string username("sm_test_10_user_cynara_policy");
- CynaraTestAdmin::Admin admin;
- std::string uid_string;
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
- user.create();
- user.getUidString(uid_string);
-
- CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer;
- nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET);
- admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS);
-
- user.remove();
- CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
-
- admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
- admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
- admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
- admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
-}
-
-RUNNER_CHILD_TEST(security_manager_19_security_manager_cmd_install)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- int ret;
- const int SUCCESS = 0;
- const int FAILURE = 256;
- const std::string app_id = "security_manager_10_app";
- const std::string pkg_id = "security_manager_10_pkg";
- const std::string username("sm_test_10_user_name");
- std::string uid_string;
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
- user.create();
- user.getUidString(uid_string);
- const std::string path1 = appDirPath(user, app_id, pkg_id) + "/p1";
- const std::string path2 = appDirPath(user, app_id, pkg_id) + "/p2";
- const std::string pkgopt = " --pkg=" + pkg_id;
- const std::string appopt = " --app=" + app_id;
- const std::string uidopt = " --uid=" + uid_string;
-
- mktreeSafe(path1.c_str(), 0);
- mktreeSafe(path2.c_str(), 0);
-
- const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
-
- struct operation {
- std::string command;
- int expected_result;
- };
- std::vector<struct operation> operations = {
- {"security-manager-cmd", FAILURE},//no option
- {"security-manager-cmd --blah", FAILURE},//blah option is not known
- {"security-manager-cmd --help", SUCCESS},
- {"security-manager-cmd --install", FAILURE},//no params
- {"security-manager-cmd -i", FAILURE},//no params
- {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid
- {installcmd, SUCCESS},
- {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS},
- {installcmd + " --path " + path1 + " writable", SUCCESS},
- {installcmd + " --path " + path1, FAILURE},//no path type
- {installcmd + " --path " + path1 + " writable" + " --path " + path2 + " readable", SUCCESS},
- {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " readable", FAILURE},//wrong path type
- {installcmd + " --path " + path1 + " writable" + " --privilege somepriv --privilege somepriv2" , SUCCESS},
- };
-
- for (auto &op : operations) {
- ret = system(op.command.c_str());
- RUNNER_ASSERT_MSG(ret == op.expected_result,
- "Unexpected result for command '" << op.command <<"': "
- << ret << " Expected was: "<< op.expected_result);
- }
-}
-
-RUNNER_CHILD_TEST(security_manager_20_security_manager_cmd_users)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- int ret;
- const int SUCCESS = 0;
- const int FAILURE = 256;
- const std::string username("sm_test_11_user_name");
- std::string uid_string;
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
- user.create();
- user.getUidString(uid_string);
- const std::string uidopt = " --uid=" + uid_string;
-
- struct operation {
- std::string command;
- int expected_result;
- };
- std::vector<struct operation> operations = {
- {"security-manager-cmd --manage-users=remove", FAILURE},//no params
- {"security-manager-cmd -m", FAILURE},//no params
- {"security-manager-cmd -mr", FAILURE},//no uid
- {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid
- {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj?
- {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf?
- {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed
- {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah
- {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added
- {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added
- {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added
- };
-
- for (auto &op : operations) {
- ret = system(op.command.c_str());
- RUNNER_ASSERT_MSG(ret == op.expected_result,
- "Unexpected result for command '" << op.command <<"': "
- << ret << " Expected was: "<< op.expected_result);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_21_security_manager_admin_deny_user_priv)
-{
- const int BUFFER_SIZE = 128;
- struct message {
- uid_t uid;
- gid_t gid;
- char buf[BUFFER_SIZE];
- } msg;
-
- privileges_t admin_required_privs = {
- "http://tizen.org/privilege/systemsettings.admin",
- "http://tizen.org/privilege/systemsettings"};
- privileges_t manifest_privs = {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/camera"};
- privileges_t real_privs_allow = {"http://tizen.org/privilege/camera"};
- privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
-
- const std::string pirivman_id = "sm_test_13_ADMIN_APP";
- const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
- const std::string app_id = "sm_test_13_SOME_APP";
- const std::string pkg_id = "sm_test_13_SOME_PKG";
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- std::string childuidstr;
- TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, true);
- TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, true);
-
- InstallRequest request,request2;
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- admin.create();
- child.create();
- child.getUidString(childuidstr);
-
- //install privacy manager for admin
- request.setAppId(pirivman_id.c_str());
- request.setPkgId(pirivman_pkg_id.c_str());
- request.setUid(admin.getUid());
- for (auto &priv: admin_required_privs)
- request.addPrivilege(priv.c_str());
- Api::install(request);
-
- //install app for child that has internet privilege
- request2.setAppId(app_id.c_str());
- request2.setPkgId(pkg_id.c_str());
- request2.setUid(child.getUid());
- for (auto &priv: manifest_privs)
- request2.addPrivilege(priv.c_str());
- Api::install(request2);
-
- check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
- manifest_privs, SM_NO_PRIVILEGES);
-
- //send info to child
- msg.uid = admin.getUid();
- msg.gid = admin.getGid();
- strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
- real_privs_allow, real_privs_deny);
- }
- if (pid == 0)//child
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(pirivman_id.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- PolicyRequest addPolicyReq;
- //change rights
- for (auto &denypriv:real_privs_deny) {
- /*this entry will deny some privileges for user whose uid (as c string)
- was sent in message's buf field.
- That user would be denying internet for child in this case*/
- PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
- entry.setMaxLevel("Deny");
- addPolicyReq.addEntry(entry);
- }
- Api::sendPolicy(addPolicyReq);
- exit(0);
- }
-}
-
-namespace {
-const int sm_app_shared_test_id = 27;
-const char *const sm_app_shared_id = "sm_test_27_app_id_full";
-const char *const sm_app_shared_another_in_package_id = "sm_test_27_app_2_id_full";
-const char *const sm_pkg_shared_id = "sm_test_27_pkg_id_full";
-
-void test_success_worker(const std::string &appName, int test_num)
-{
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
-
- changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1,
- "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName << " failed " << " to " << SM_OWNER_RW_OTHERS_RO_PATH );
-}
-
-void test_fail_worker(const std::string &appName, int test_num)
-{
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(test_num);
-
- changeSecurityContext(generateAppLabel(appName), APP_UID, APP_GID);
-
- RUNNER_ASSERT_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) == -1,
- "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") from " << appName
- << " surprisingly succeeded, while expecting fail");
-}
-}
-
-RUNNER_TEST(security_manager_27a_API2X_app_install)
-{
- std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
- std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
- prepare_app_env(sm_app_shared_test_id, true);
-
- // install other apps
- for(const auto &app : MANY_APPS_PKGS) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- requestInst.setPkgId(app.second.package.c_str());
- requestInst.setAppTizenVersion(app.second.Tizen_ver.c_str());
-
- Api::install(requestInst);
- };
-
- // install
- {
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("2.4");
- Api::install(requestInst);
- }
-
- // another app in package
- {
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_another_in_package_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("2.4");
- Api::install(requestInst);
- }
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
-}
-
-RUNNER_CHILD_TEST(security_manager_27b_owner_1_have_access)
-{
- test_success_worker(sm_app_shared_id, sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27c_owner_2_have_access)
-{
- test_success_worker(sm_app_shared_another_in_package_id, sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27d_API2X_apps_have_access_app_1)
-{
- test_success_worker("security_manager_10_app_1", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27e_API2X_apps_dont_have_access_app_2)
-{
- test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27f_API2X_apps_have_access_app_3)
-{
- test_success_worker("security_manager_10_app_3", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27g_API2X_apps_dont_have_access_app_4)
-{
- test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27h_API2X_apps_have_access_app_5)
-{
- test_success_worker("security_manager_10_app_5", sm_app_shared_test_id);
-}
-
-
-RUNNER_TEST(security_manager_27i_API2X_app_uninstall)
-{
- {
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_id);
- Api::uninstall(requestUninst);
- }
- {
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_another_in_package_id);
- Api::uninstall(requestUninst);
- }
-
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
- check_app_after_uninstall(sm_app_shared_another_in_package_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
-}
-
-RUNNER_TEST(security_manager_27j_API30_app_install)
-{
- std::string SM_RW_PATH = genRWPath(sm_app_shared_test_id);
- std::string SM_RO_PATH = genROPath(sm_app_shared_test_id);
- std::string SM_PUBLIC_RO_PATH = genPublicROPath(sm_app_shared_test_id);
- std::string SM_OWNER_RW_OTHERS_RO_PATH = genOwnerRWOthersROPath(sm_app_shared_test_id);
- prepare_app_env(sm_app_shared_test_id, true);
-
- // install
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_shared_id);
- requestInst.setPkgId(sm_pkg_shared_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
- requestInst.addPath(SM_OWNER_RW_OTHERS_RO_PATH, SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
- requestInst.setAppTizenVersion("3.0");
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_app_shared_test_id, sm_pkg_shared_id, true);
-
- RUNNER_ASSERT_ERRNO_MSG(::access(SM_OWNER_RW_OTHERS_RO_PATH.c_str(), R_OK|X_OK) != -1, "access (" << SM_OWNER_RW_OTHERS_RO_PATH << ") failed");
-}
-
-RUNNER_CHILD_TEST(security_manager_27k_API30_apps_dont_have_access_app_1)
-{
- test_fail_worker("security_manager_10_app_1", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27l_API30_apps_dont_have_access_app_2)
-{
- test_fail_worker("security_manager_10_app_2", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27m_API30_apps_dont_have_access_app_3)
-{
- test_fail_worker("security_manager_10_app_3", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27n_API30_apps_dont_have_access_app_4)
-{
- test_fail_worker("security_manager_10_app_4", sm_app_shared_test_id);
-}
-
-RUNNER_CHILD_TEST(security_manager_27o_API30_apps_dont_have_access_app_5)
-{
- test_fail_worker("security_manager_10_app_5", sm_app_shared_test_id);
-}
-
-RUNNER_TEST(security_manager_27p_API30_app_uninstall)
-{
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_shared_id);
-
- Api::uninstall(requestUninst);
-
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_shared_id, sm_pkg_shared_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
-
- // install other apps
- for(const auto &app : MANY_APPS_PKGS) {
- InstallRequest requestUninst;
- requestUninst.setAppId(app.first);
-
- Api::uninstall(requestUninst);
- };
-}
-
-namespace {
-const char *const owner_access = "rwxat";
-const char *const target_path_access = "rxl";
-const char *const target_dir_access = "x";
-const char *const no_access = "";
-
-void check_system_access(const std::string pathLabel, bool apply = true) {
- check_exact_smack_accesses("User", pathLabel, (apply ? owner_access : no_access));
- check_exact_smack_accesses("System", pathLabel, (apply ? owner_access : no_access));
-}
-
-void check_owner_access(const std::string &ownerLabel, const std::string &pathLabel, bool apply = true) {
- check_exact_smack_accesses(ownerLabel, pathLabel, (apply ? owner_access : no_access));
-}
-
-void check_target_access(const std::string &ownerPkgLabel, const std::string &targetLabel,
- const std::string &pathLabel, bool pathShared = true, bool anyPathShared = true) {
- check_exact_smack_accesses(targetLabel, pathLabel, (pathShared ? target_path_access : no_access));
- check_exact_smack_accesses(targetLabel, ownerPkgLabel, (anyPathShared ? target_dir_access : no_access));
-}
-
-void check_path_label(const std::string &path, const std::string &expectedLabel) {
- char *label = nullptr;
- int ret = smack_new_label_from_path(path.c_str(), XATTR_NAME_SMACK, 0, &label);
- RUNNER_ASSERT_MSG(ret > 0, "smack_new_label_from_path failed for " << path);
- SmackLabelPtr realLabel(label);
- RUNNER_ASSERT_MSG(realLabel.get() == expectedLabel, "Fetched label from " << path << " different"
- " than expected, is : " << realLabel.get() << " should be " << expectedLabel);
-}
-
-void createFile(const std::string &filePath)
-{
- //create temporary file and set label for it
- mode_t systemMask;
-
- unlink(filePath.c_str());
- //allow to create file with 777 rights
- systemMask = umask(0000);
- int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
- //restore system mask
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- //for descriptor protection
- FdUniquePtr fd_ptr(&fd);
-
- //change owner and group to user APP
- int ret = chown(filePath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-}
-
-}
-
-RUNNER_TEST(security_manager_30a_send_incomplete_req1)
-{
- SharingRequest request;
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setOwnerAppId("someOwner");
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setTargetAppId("someTarget");
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
-}
-
-RUNNER_TEST(security_manager_30b_send_incomplete_req2)
-{
- SharingRequest request;
- request.setTargetAppId("someTarget");
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setOwnerAppId("someOwner");
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
-}
-
-RUNNER_TEST(security_manager_30c_send_incomplete_req3)
-{
- SharingRequest request;
- const char *somePaths[] = {"path1", "path2"};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- request.setOwnerAppId("someOwner");
- Api::applySharing(request, SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
-}
-
-RUNNER_TEST(security_manager_30d_unknown_owner)
-{
- // This test depends on order of checks in security-manager service implementation
- SharingRequest request;
- request.setOwnerAppId("ImPrettySureIDontExist");
- request.setTargetAppId("IDontMatter");
- const char *somePaths[] = {"path1", "path2"};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
- Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
-}
-
-RUNNER_TEST(security_manager_30e_unknown_target)
-{
- // This test depends on order of checks in security-manager service implementation
- AppInstallHelper owner("installedApp");
- owner.revokeRules();
- owner.createInstallDir();
- InstallRequest ownerInst;
- ownerInst.setAppId(owner.getAppId());
- ownerInst.setPkgId(owner.getPkgId());
- Api::install(ownerInst);
-
- SharingRequest request;
- request.setOwnerAppId(owner.getAppId());
- request.setTargetAppId("NowImPrettySureIDontExist");
- const char *somePaths[] = {"path1", "path2"};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
- Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_UNKNOWN);
-
- Api::uninstall(ownerInst);
-}
-
-RUNNER_TEST(security_manager_30f_bad_paths)
-{
- // This test depends on order of checks in security-manager service implementation
- AppInstallHelper owner("installedApp");
- owner.revokeRules();
- owner.createInstallDir();
- InstallRequest ownerInst;
- ownerInst.setAppId(owner.getAppId());
- ownerInst.setPkgId(owner.getPkgId());
- Api::install(ownerInst);
-
- AppInstallHelper target("secondInstalledApp");
- target.revokeRules();
- target.createInstallDir();
- InstallRequest targetInst;
- targetInst.setAppId(target.getAppId());
- targetInst.setPkgId(target.getPkgId());
- Api::install(targetInst);
-
- SharingRequest request;
- request.setOwnerAppId(owner.getAppId());
- request.setTargetAppId(target.getAppId());
-
- const char *somePath = "/tmp/somePath";
- createFile(somePath);
- const char *somePaths[] = {somePath};
- request.addPaths(somePaths, sizeof(somePaths)/sizeof(somePaths[0]));
- Api::applySharing(request, SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER);
-
- Api::uninstall(ownerInst);
-}
-
-RUNNER_TEST(security_manager_31_simple_share)
-{
- std::vector<AppInstallHelper> helper {{"app30a"}, {"app30b"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- for (auto &e : helper) {
- e.revokeRules();
- e.createInstallDir();
- }
-
- owner.createPrivateDir();
- owner.createSharedFile();
-
- InstallRequest ownerReq;
- ownerReq.setAppId(owner.getAppId());
- ownerReq.setPkgId(owner.getPkgId());
- ownerReq.addPath(owner.getSharedPath(), SECURITY_MANAGER_PATH_RW);
- int result = nftw(owner.getInstallDir().c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << owner.getInstallDir());
- Api::install(ownerReq);
-
- InstallRequest targetReq;
- targetReq.setAppId(target.getAppId());
- targetReq.setPkgId(target.getAppId());
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath();
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath, pathLabel1);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq);
-}
-
-RUNNER_TEST(security_manager_32_double_share)
-{
- std::vector<AppInstallHelper> helper {{"app31a"}, {"app31b"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- e.createInstallDir();
- }
- owner.createPrivateDir();
- owner.createSharedFile();
-
- InstallRequest ownerReq;
- ownerReq.setAppId(owner.getAppId());
- ownerReq.setPkgId(owner.getPkgId());
- ownerReq.addPath(owner.getSharedPath(), SECURITY_MANAGER_PATH_RW);
-
- int result = nftw(owner.getInstallDir().c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << owner.getInstallDir());
- Api::install(ownerReq);
-
- InstallRequest targetReq;
- targetReq.setAppId(target.getAppId());
- targetReq.setPkgId(target.getAppId());
- Api::install(targetReq);
-
- SharingRequest share1;
- std::string sharedPath = owner.getSharedPath(0);
- share1.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- Api::applySharing(share1);
-
- TestSecurityManagerDatabase db;
- std::string pathLabel = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::applySharing(share1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel, false);
- check_owner_access(owner.generateAppLabel(), pathLabel, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq);
-}
-RUNNER_TEST(security_manager_33_share_two_with_one)
-{
- std::vector<AppInstallHelper> helper {{"app32a"}, {"app32b"}};
- auto &owner = helper[0];
- auto &target = helper[1];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- e.createInstallDir();
- }
- owner.createPrivateDir();
- owner.createSharedFile(0);
- owner.createSharedFile(1);
-
- InstallRequest ownerReq;
- ownerReq.setAppId(owner.getAppId());
- ownerReq.setPkgId(owner.getPkgId());
- ownerReq.addPath(owner.getSharedPath(0), SECURITY_MANAGER_PATH_RW);
- ownerReq.addPath(owner.getSharedPath(1), SECURITY_MANAGER_PATH_RW);
-
- int result = nftw(owner.getInstallDir().c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << owner.getInstallDir());
- Api::install(ownerReq);
-
- InstallRequest targetReq;
- targetReq.setAppId(target.getAppId());
- targetReq.setPkgId(target.getAppId());
- Api::install(targetReq);
-
- SharingRequest share1, share2;
- std::string sharedPath1 = owner.getSharedPath(0);
- std::string sharedPath2 = owner.getSharedPath(1);
- share1.setOwnerAppId(owner.getAppId());
- share2.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target.getAppId());
- share2.setTargetAppId(target.getAppId());
- const char *path1[] = {sharedPath1.c_str()};
- const char *path2[] = {sharedPath2.c_str()};
- share1.addPaths(path1, 1);
- share2.addPaths(path2, 1);
-
- Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath1.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath1);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath1, pathLabel1);
-
- Api::applySharing(share2);
- std::string pathLabel2 = db.get_path_label(sharedPath2.c_str());
- RUNNER_ASSERT_MSG(!pathLabel2.empty(), "Couldn't fetch path label from database for file " << sharedPath2);
- RUNNER_ASSERT_MSG(pathLabel1 != pathLabel2, "Labels for private shared paths should be unique!");
-
- check_system_access(pathLabel1);
- check_system_access(pathLabel2);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel2);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2);
- check_path_label(sharedPath1, pathLabel1);
- check_path_label(sharedPath2, pathLabel2);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel1, false);
- check_system_access(pathLabel2);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2);
- check_path_label(sharedPath1, owner.generatePkgLabel());
- check_path_label(sharedPath2, pathLabel2);
-
- Api::dropSharing(share2);
- check_system_access(pathLabel1, false);
- check_system_access(pathLabel2, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel2, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel1, false, false);
- check_target_access(owner.generatePkgLabel(), target.generateAppLabel(), pathLabel2, false, false);
- check_path_label(sharedPath1, owner.generatePkgLabel());
- check_path_label(sharedPath2, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- Api::uninstall(targetReq);
-}
-
-RUNNER_TEST(security_manager_34_share_one_with_two)
-{
- std::vector<AppInstallHelper> helper {{"app33a"}, {"app33b"}, {"app33c"}};
- auto &owner = helper[0];
- auto &target1 = helper[1];
- auto &target2 = helper[2];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- e.createInstallDir();
- }
- owner.createPrivateDir();
- owner.createSharedFile();
-
- InstallRequest ownerReq;
- ownerReq.setAppId(owner.getAppId());
- ownerReq.setPkgId(owner.getPkgId());
- ownerReq.addPath(owner.getSharedPath(), SECURITY_MANAGER_PATH_RW);
- int result = nftw(owner.getInstallDir().c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << owner.getInstallDir());
- Api::install(ownerReq);
-
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq;
- targetReq.setAppId(helper[i].getAppId());
- targetReq.setPkgId(helper[i].getAppId());
- Api::install(targetReq);
- }
-
- SharingRequest share1, share2;
- std::string sharedPath = owner.getSharedPath(0).c_str();
- share1.setOwnerAppId(owner.getAppId());
- share2.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target1.getAppId());
- share2.setTargetAppId(target2.getAppId());
-
- const char *path[] = {sharedPath.c_str()};
- share1.addPaths(path, 1);
- share2.addPaths(path, 1);
-
- Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel = db.get_path_label(sharedPath.c_str());
- RUNNER_ASSERT_MSG(!pathLabel.empty(), "Couldn't fetch path label from database for file " << sharedPath);
-
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::applySharing(share2);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::dropSharing(share1);
- check_system_access(pathLabel);
- check_owner_access(owner.generateAppLabel(), pathLabel);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel);
- check_path_label(sharedPath, pathLabel);
-
- Api::dropSharing(share2);
- check_system_access(pathLabel, false);
- check_owner_access(owner.generateAppLabel(), pathLabel, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel, false, false);
- check_path_label(sharedPath, owner.generatePkgLabel());
-
- Api::uninstall(ownerReq);
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq;
- targetReq.setAppId(helper[i].getAppId());
- targetReq.setPkgId(helper[i].getAppId());
- Api::uninstall(targetReq);
- }
-}
-
-RUNNER_TEST(security_manager_35_share_two_with_two)
-{
- std::vector<AppInstallHelper> helper {{"app34a"}, {"app34b"}, {"app34c"}};
- auto &owner = helper[0];
- auto &target1 = helper[1];
- auto &target2 = helper[2];
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- e.createInstallDir();
- }
- owner.createPrivateDir();
- owner.createSharedFile(0);
- owner.createSharedFile(1);
-
- InstallRequest ownerReq;
- ownerReq.setAppId(owner.getAppId());
- ownerReq.setPkgId(owner.getPkgId());
- ownerReq.addPath(owner.getSharedPath(0), SECURITY_MANAGER_PATH_RW);
- ownerReq.addPath(owner.getSharedPath(1), SECURITY_MANAGER_PATH_RW);
-
- int result = nftw(owner.getInstallDir().c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to remove Smack labels in " << owner.getInstallDir());
- Api::install(ownerReq);
-
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq;
- targetReq.setAppId(helper[i].getAppId());
- targetReq.setPkgId(helper[i].getAppId());
- Api::install(targetReq);
- }
-
- SharingRequest share1, share2;
- std::string sharedPath1 = owner.getSharedPath(0).c_str();
- std::string sharedPath2 = owner.getSharedPath(1).c_str();
- share1.setOwnerAppId(owner.getAppId());
- share2.setOwnerAppId(owner.getAppId());
- share1.setTargetAppId(target1.getAppId());
- share2.setTargetAppId(target2.getAppId());
-
- const char *path1[] = {sharedPath1.c_str()};
- const char *path2[] = {sharedPath2.c_str()};
- share1.addPaths(path1, 1);
- share2.addPaths(path2, 1);
-
- Api::applySharing(share1);
- TestSecurityManagerDatabase db;
- std::string pathLabel1 = db.get_path_label(sharedPath1.c_str());
- RUNNER_ASSERT_MSG(!pathLabel1.empty(), "Couldn't fetch path label from database for file " << sharedPath1);
-
- check_system_access(pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
- check_path_label(sharedPath1, pathLabel1);
-
- Api::applySharing(share2);
- std::string pathLabel2 = db.get_path_label(sharedPath2.c_str());
- RUNNER_ASSERT_MSG(!pathLabel2.empty(), "Couldn't fetch path label from database for file " << sharedPath2);
- RUNNER_ASSERT_MSG(pathLabel1 != pathLabel2, "Labels for shared files should be unique!");
-
- check_system_access(pathLabel1);
- check_system_access(pathLabel2);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel2);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2);
- check_path_label(sharedPath1, pathLabel1);
- check_path_label(sharedPath2, pathLabel2);
-
- Api::dropSharing(share2);
- check_system_access(pathLabel1);
- check_system_access(pathLabel2, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1);
- check_owner_access(owner.generateAppLabel(), pathLabel2, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2, false, false);
- check_path_label(sharedPath1, pathLabel1);
- check_path_label(sharedPath2, owner.generatePkgLabel());
-
- Api::dropSharing(share1);
- check_system_access(pathLabel1, false);
- check_system_access(pathLabel2, false);
- check_owner_access(owner.generateAppLabel(), pathLabel1, false);
- check_owner_access(owner.generateAppLabel(), pathLabel2, false);
- check_target_access(owner.generatePkgLabel(), target1.generateAppLabel(), pathLabel1, false, false);
- check_target_access(owner.generatePkgLabel(), target2.generateAppLabel(), pathLabel2, false, false);
- check_path_label(sharedPath1, owner.generatePkgLabel());
- check_path_label(sharedPath2, owner.generatePkgLabel());
- Api::uninstall(ownerReq);
- for (size_t i = 1; i < helper.size(); i++) {
- InstallRequest targetReq;
- targetReq.setAppId(helper[i].getAppId());
- targetReq.setPkgId(helper[i].getAppId());
- Api::uninstall(targetReq);
- }
-}
-
-RUNNER_TEST(security_manager_40_set_wrong_author_id)
-{
- InstallRequest requestInst;
-
- RUNNER_ASSERT(SECURITY_MANAGER_ERROR_INPUT_PARAM ==
- security_manager_app_inst_req_set_author_id(requestInst.get(), NULL));
-
- RUNNER_ASSERT(SECURITY_MANAGER_ERROR_INPUT_PARAM ==
- security_manager_app_inst_req_set_author_id(requestInst.get(), ""));
-}
-
-RUNNER_TEST(security_manager_41_set_author_id_multiple_times)
-{
- for(unsigned int i=0; i<10; ++i) {
- std::string authorId = "some-author-id" + std::to_string(i);
-
- InstallRequest requestInst;
- requestInst.setAuthorId(authorId);
- }
-}
-
-RUNNER_TEST(security_manager_43_app_install_with_trusted_path)
-{
- std::vector<AppInstallHelper> helper {{"app43a"}, {"app43b"}, {"app43c"}};
- auto &provider = helper[0];
- auto &user = helper[1];
- auto &untrusted = helper[2];
-
- TestSecurityManagerDatabase dbtest;
- const char *author_id = "custom_author_id_test 41";
-
- const char *const trusted_access = "rwxatl";
- const char *const system_access = "rwxatl";
-
- int result;
-
- // cleanup
- for (auto &e : helper) {
- e.revokeRules();
- e.createInstallDir();
- e.createTrustedDir();
- }
-
- result = nftw(provider.getInstallDir().c_str(), &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_TRUSTED_PATH);
-
- // install app with shared/trusted dir
- InstallRequest trustingApp;
- trustingApp.setAppId(provider.getAppId());
- trustingApp.setPkgId(provider.getPkgId());
- trustingApp.setAuthorId("author id to be overwritten");
- trustingApp.setAuthorId(author_id);
- trustingApp.addPath(provider.getTrustedDir().c_str(), SECURITY_MANAGER_PATH_TRUSTED_RW);
- Api::install(trustingApp);
-
- int64_t authorDb = dbtest.get_author_id(author_id);
- const std::string trusted_label = std::string("User::Author::") + std::to_string(authorDb);
-
- // check trusted path label
- nftw_expected_label = trusted_label;
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- // check labels
- result = nftw(provider.getTrustedDir().c_str(), &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_TRUSTED_PATH);
-
- // check rules
- check_exact_access("System", trusted_label, system_access);
- check_exact_access("User", trusted_label, system_access);
- check_exact_access(generateAppLabel(provider.getAppId()), trusted_label, trusted_access);
- check_exact_access(generatePkgLabel(provider.getPkgId()), trusted_label, "");
-
- // install trusted app
- InstallRequest trustedApp;
- trustedApp.setAppId(user.getAppId());
- trustedApp.setPkgId(user.getPkgId());
- trustedApp.setAuthorId(author_id);
- Api::install(trustedApp);
-
- // check rules
- check_exact_access(generateAppLabel(user.getAppId()), trusted_label, trusted_access);
- check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, "");
-
- // install untrusted app
- InstallRequest untrustedApp;
- untrustedApp.setAppId(untrusted.getAppId());
- untrustedApp.setPkgId(untrusted.getPkgId());
- Api::install(untrustedApp);
-
- // check rules
- check_exact_access(generateAppLabel(untrusted.getAppId()), trusted_label, "");
- check_exact_access(generatePkgLabel(untrusted.getPkgId()), trusted_label, "");
-
- // uninstall trusting app
- Api::uninstall(trustingApp);
-
- // there's still one app with author id, rules should be kept
- check_exact_access("System", trusted_label, system_access);
- check_exact_access("User", trusted_label, system_access);
- check_exact_access(generateAppLabel(provider.getAppId()), trusted_label, "");
- check_exact_access(generatePkgLabel(provider.getPkgId()), trusted_label, "");
- check_exact_access(generateAppLabel(user.getAppId()), trusted_label, trusted_access);
- check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, "");
-
- Api::uninstall(trustedApp);
-
- // no more apps with author id
- check_exact_access("System", trusted_label, "");
- check_exact_access("User", trusted_label, "");
- check_exact_access(generateAppLabel(user.getAppId()), trusted_label, "");
- check_exact_access(generatePkgLabel(user.getPkgId()), trusted_label, "");
-
- Api::uninstall(untrustedApp);
-}
-
-
-RUNNER_TEST(security_manager_44_app_install_with_trusted_path_no_author_id)
-{
- AppInstallHelper help("app44");
- help.createInstallDir();
- help.createTrustedDir();
-
- // install app with shared/trusted dir but without authors id
- InstallRequest app;
- app.setAppId(help.getAppId());
- app.setPkgId(help.getPkgId());
- app.addPath(help.getTrustedDir(), SECURITY_MANAGER_PATH_TRUSTED_RW);
- Api::install(app, SECURITY_MANAGER_ERROR_INPUT_PARAM);
-}
-
-class ProcessCredentials {
-public:
- ProcessCredentials(const std::string &smackLabel) : m_label(smackLabel) {}
-
- const std::string &label(void) const {
- return m_label;
- }
-
- uid_t uid(void) const {
- return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
- }
-
- gid_t gid(void) const {
- return PasswdAccess::gid("users");
- }
-
-private:
- std::string m_label;
-};
-
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
-
- return pid;
-}
-
-void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
- const struct ProcessCredentials &peerCredentials) {
- SecurityServer::AccessProvider ap(peerCredentials.label());
- ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
- pipe.claimChildEp();
-
- int sock = UDSHelpers::createServer(&sockaddr);
- SockUniquePtr sockPtr(&sock);
- pipe.post();
- int clientSock = UDSHelpers::acceptClient(sock);
-
- UDSHelpers::waitForDisconnect(clientSock);
-}
-
-typedef std::function<void(int sock, pid_t pid)> SocketAssertionFn;
-
-void clientTestTemplate(SocketAssertionFn assertion, const std::string &scope, const std::string &smackLabel) {
- const auto sockaddr = UDSHelpers::makeAbstractAddress("test_sm_" + scope + ".socket");
- const ProcessCredentials peerCredentials(smackLabel);
-
- SynchronizationPipe pipe;
-
- pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
- std::cref(peerCredentials)));
-
- pipe.claimParentEp();
- pipe.wait();
- int sock = UDSHelpers::createClient(&sockaddr);
- SockUniquePtr sockPtr(&sock);
-
- assertion(sock, pid);
-}
-
-RUNNER_CHILD_TEST(security_manager_45a_get_id_by_socket)
-{
- const char *const sm_app_id = "sm_test_45a_app";
- const char *const sm_pkg_id = "sm_test_45a_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int sock, pid_t) {
- std::string rcvPkgId, rcvAppId;
- Api::getPkgIdBySocket(sock, &rcvPkgId, &rcvAppId);
- RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
- << "; expected = " << sm_pkg_id);
- RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
- << "; expected = " << sm_app_id);
- }, "tcsm27a", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_45b_get_id_by_socket)
-{
- const char *const sm_app_id = "sm_test_45b_app";
- const char *const sm_pkg_id = "sm_test_45b_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int sock, pid_t) {
- std::string rcvPkgId, rcvAppId;
- Api::getPkgIdBySocket(sock + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
- }, "tcsm27b", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_45c_get_id_by_socket)
-{
- const char *const sm_app_id = "sm_test_45c_app";
- const char *const sm_pkg_id = "sm_test_45c_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int sock, pid_t) {
- std::string rcvPkgId;
- Api::getPkgIdBySocket(sock, &rcvPkgId, nullptr);
- RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
- << "; expected = " << sm_pkg_id);
- }, "tcsm27c", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_45d_get_id_by_socket)
-{
- const char *const sm_app_id = "sm_test_45d_app";
- const char *const sm_pkg_id = "sm_test_45d_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int sock, pid_t) {
- std::string rcvAppId;
- Api::getPkgIdBySocket(sock, nullptr, &rcvAppId);
- RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
- << "; expected = " << sm_app_id);
- }, "tcsm27d", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_45e_get_id_by_socket)
-{
- const char *const sm_app_id = "sm_test_45e_app";
- const char *const sm_pkg_id = "sm_test_45e_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int sock, pid_t) {
- Api::getPkgIdBySocket(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
- }, "tcsm27e", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_46a_get_id_by_pid)
-{
- const char *const sm_app_id = "sm_test_46a_app";
- const char *const sm_pkg_id = "sm_test_46a_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int, pid_t pid) {
- std::string rcvPkgId, rcvAppId;
- Api::getPkgIdByPid(pid, &rcvPkgId, &rcvAppId);
- RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
- << "; expected = " << sm_pkg_id);
- RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
- << "; expected = " << sm_app_id);
- }, "tcsm28a", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_46b_get_id_by_pid)
-{
- const char *const sm_app_id = "sm_test_46b_app";
- const char *const sm_pkg_id = "sm_test_46b_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int, pid_t pid) {
- std::string rcvPkgId, rcvAppId;
- Api::getPkgIdByPid(pid + 1, &rcvPkgId, &rcvAppId, SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT);
- }, "tcsm28b", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_46c_get_id_by_pid)
-{
- const char *const sm_app_id = "sm_test_46c_app";
- const char *const sm_pkg_id = "sm_test_46c_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int, pid_t pid) {
- std::string rcvPkgId;
- Api::getPkgIdByPid(pid, &rcvPkgId, nullptr);
- RUNNER_ASSERT_MSG(rcvPkgId == sm_pkg_id, "pkgIds don't match ret = " << rcvPkgId
- << "; expected = " << sm_pkg_id);
- }, "tcsm28c", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_46d_get_id_by_pid)
-{
- const char *const sm_app_id = "sm_test_46d_app";
- const char *const sm_pkg_id = "sm_test_46d_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int, pid_t pid) {
- std::string rcvAppId;
- Api::getPkgIdByPid(pid, nullptr, &rcvAppId);
- RUNNER_ASSERT_MSG(rcvAppId == sm_app_id, "appIds don't match ret = " << rcvAppId
- << "; expected = " << sm_app_id);
- }, "tcsm28d", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_46e_get_id_by_pid)
-{
- const char *const sm_app_id = "sm_test_46e_app";
- const char *const sm_pkg_id = "sm_test_46e_pkg";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- std::string smackLabel = generateAppLabel(sm_app_id);
-
- clientTestTemplate([&] (int sock, pid_t) {
- Api::getPkgIdByPid(sock, nullptr, nullptr, SECURITY_MANAGER_ERROR_INPUT_PARAM);
- }, "tcsm28e", smackLabel);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-}
-
-RUNNER_CHILD_TEST(security_manager_47_app_has_privilege)
-{
- const char *const sm_app_id = "sm_test_47_app";
- const char *const sm_pkg_id = "sm_test_47_pkg";
- const std::string new_user_name = "sm_test_47_user_name";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
- for (auto const &privilege : SM_ALLOWED_PRIVILEGES)
- requestInst.addPrivilege(privilege.c_str());
- Api::install(requestInst);
-
- for (auto const &privilege : SM_ALLOWED_PRIVILEGES) {
- int result;
- Api::appHasPrivilege(sm_app_id, privilege.c_str(), getGlobalUserId(), result);
- RUNNER_ASSERT_MSG(result == 1, "Application " << sm_app_id <<
- " should have access to privilege " << privilege);
- }
-
- for (auto const &privilege : SM_DENIED_PRIVILEGES) {
- int result;
- Api::appHasPrivilege(sm_app_id, privilege.c_str(), getGlobalUserId(), result);
- RUNNER_ASSERT_MSG(result == 0, "Application " << sm_app_id <<
- " should not have access to privilege " << privilege);
- }
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
- Api::uninstall(requestUninst);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
printf "\n"
}
-runTest smack
-runTest smack-dbus
-runTest libprivilege-control
-#runTest ss-clientsmack
-#runTest ss-server
-#runTest ss-password
-#runTest ss-privilege
-#runTest ss-stress
-runTest security-manager
-runTest cynara
-runTest ckm
+runTest auth-fw-passwd
printSummary
case $1 in
-"smack")
+"auth-fw-passwd")
echo "========================================================================="
echo $1
echo
- libsmack-test "${@:2}" # propagate all remaining arguments (except first)
- ;;
-"smack-dbus")
- echo "========================================================================="
- echo "SMACK DBUS TEST"
- echo
- smack-dbus-tests "${@:2}"
- ;;
-"libprivilege-control")
- echo "========================================================================="
- echo $1
- echo
- libprivilege-control-test "${@:2}"
- ;;
-"security-manager")
- echo "========================================================================="
- echo "SECURITY MANAGER TESTS"
- echo
- security-manager-tests "${@:2}"
- ;;
-"cynara")
- echo "========================================================================="
- echo "CYNARA TEST"
- echo
- cynara-test "${@:2}"
- ;;
-"ckm")
- echo "========================================================================="
- echo "KEY MANAGER TESTS"
- echo
- ckm-tests "${@:2}"
+ auth-fw-passwd-test "${@:2}" # propagate all remaining arguments (except first)
;;
*)
echo "Correct using:"
echo " security_test.sh <module> <args_for_module>"
echo
- echo "modules: smack, smack-dbus, libprivilege-control, ss-clientsmack"
- echo " ss-server, ss-api-speed, ss-password, ss-stress"
- echo " ss-privilege, security-manager, cynara, ckm"
+ echo "modules: auth-fw-paswd"
;;
esac
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Michal Eljasiewicz (m.eljasiewic@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SMACK_DBUS_TESTS_DEP
- libsmack
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SMACK_DBUS_TESTS_DEP_INCLUDE_DIRS}
- )
-
-SET(TARGET_SMACK_DBUS_TESTS "smack-dbus-tests")
-
-# Sources definition
-
-SET(SMACK_DBUS_SOURCES
- ${PROJECT_SOURCE_DIR}/src/smack-dbus-tests/smack_dbus_tests.cpp
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-ADD_EXECUTABLE(${TARGET_SMACK_DBUS_TESTS} ${SMACK_DBUS_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SMACK_DBUS_TESTS}
- ${SMACK_DBUS_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SMACK_DBUS_TESTS} DESTINATION /usr/bin)
+++ /dev/null
-#include <cstring>
-#include <unistd.h>
-#include <sys/smack.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dbus/dbus.h>
-#include "tests_common.h"
-
-#define DBUS_SERVER_NAME "test.method.server"
-#define DBUS_CALLER_NAME "test.method.caller"
-
-#define DBUS_SMACK_NAME "org.freedesktop.DBus"
-#define DBUS_SMACK_OBJECT "/org/freedesktop/DBus"
-#define DBUS_SMACK_INTERFACE "org.freedesktop.DBus"
-#define DBUS_SMACK_METHOD "GetConnectionCredentials"
-
-RUNNER_TEST_GROUP_INIT(SMACK_DBUS);
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tc01_smack_context_from_DBus)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char *subject_parent = "subject_parent";
- const char *subject_child = "subject_child";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
- ret = smack_set_label_for_self(subject_child);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set__label_for_self() failed, ret: " << ret);
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(nullptr != msg,
- "dbus_message_new_method_call() failed, ret: " << ret);
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
- RUNNER_ASSERT_MSG(nullptr != pending, "Pending call null");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(nullptr != msg, "Reply null");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(0 != ret, "Message has no arguments");
-
- dbus_message_iter_recurse(&iter, &var);
-
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(0 == ret,
- "Context mismatch! context from dbus: " << smack_context);
-
- exit(0);
-
- } else {
- // parent
- ret = smack_set_label_for_self(subject_parent);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set_label_for_self() failed, ret: " << ret);
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-///////////////////////////////////////
-//////NOSMACK ENV TESTS////////////////
-///////////////////////////////////////
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc01_smack_context_from_DBus_nosmack)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char* subject_parent = "subject_parent";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors; failure = exit with result 1
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to connect to system bus. Ret " << ret);
- }
-
- // request our name on the bus; failure = exit with result 2
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to request name on the bus. Ret " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(msg != nullptr, "dbus_message_new_method_call() failed.");
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
- RUNNER_ASSERT_MSG(pending != nullptr, "Pending call is nullptr.");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(msg != nullptr, "Failed to get the reply from bus.");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(ret != 0, "DBus message has no arguments. Ret " << ret);
-
- dbus_message_iter_recurse(&iter, &var);
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(ret == 0, "Context mismatch. Context " << smack_context);
-
- exit(0);
-
- } else {
- // parent
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
projects / platform / core / test / security-tests.git / commitdiff
