Add extended privilege integration tests

Change-Id: Idf6054cefab577b99216daffa1436157484e96b8

diff --git a/src/ckm-integration/ckm-policy.cpp b/src/ckm-integration/ckm-policy.cpp
index 381a597444b2341abdde8f39d829ec3a80c2cc4c..e55258205251b51f7c6986ee9f9c1cf484ef8286 100644 (file)
--- a/src/ckm-integration/ckm-policy.cpp
+++ b/src/ckm-integration/ckm-policy.cpp
@@ -100,5 +100,7 @@ const ProcessSettings::PrivilegeVector PrivCKMControl {
     "http://tizen.org/privilege/keymanager.admin"};
 const ProcessSettings::PrivilegeVector PrivCKMStore {
     "http://tizen.org/privilege/keymanager"};
+const ProcessSettings::PrivilegeVector PrivCKMExtended {
+    "http://tizen.org/privilege/keymanager.extended"};
 
 

diff --git a/src/ckm-integration/ckm-policy.h b/src/ckm-integration/ckm-policy.h
index 967e5804262651e351498c17f458d816bc352d6c..2f37be805ec8f829322220f062e2c748d81bfc67 100644 (file)
--- a/src/ckm-integration/ckm-policy.h
+++ b/src/ckm-integration/ckm-policy.h
@@ -63,4 +63,5 @@ extern const ProcessSettings::PrivilegeVector PrivNone;
 extern const ProcessSettings::PrivilegeVector PrivCKMBoth;
 extern const ProcessSettings::PrivilegeVector PrivCKMControl;
 extern const ProcessSettings::PrivilegeVector PrivCKMStore;
+extern const ProcessSettings::PrivilegeVector PrivCKMExtended;
 

diff --git a/src/ckm-integration/group02.cpp b/src/ckm-integration/group02.cpp
index 23bbf4aa0820960788f33404d07b0624b13d2e16..7c6251ca0a7df22205907a41e2f97c988ebb3608 100644 (file)
--- a/src/ckm-integration/group02.cpp
+++ b/src/ckm-integration/group02.cpp
@@ -176,3 +176,60 @@ RUNNER_CHILD_TEST(G02T05_StorageNegative) {
         "Error=" << CKM::APICodeToString(temp));
 }
 
+RUNNER_CHILD_TEST(G02T06_ExtendedPositive) {
+    // We are oridinary user with proper privileges.
+    PS ps("PkgIdG02T06", "UserG02T06", PrivCKMExtended);
+    ps.Apply();
+
+    int temp;
+    auto manager = CKM::Manager::create();
+    const CKM::CryptoAlgorithm params;
+    const CKM::Alias wrappingKeyAlias;
+    const CKM::Password wrappingKeyPassword;
+    const CKM::Alias alias;
+    const CKM::Password password;
+    CKM::RawBuffer data;
+    CKM::RawBuffer wrappedKey;
+
+    // We pass invalid data so we expect an error but it should not be ACCESS_DENIED as we have
+    // proper privileges
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED != (temp = manager->wrapConcatenatedData(
+            params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)),
+        "Error=" << CKM::APICodeToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED != (temp = manager->unwrapConcatenatedData(
+            params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0, CKM::Policy(), data)),
+        "Error=" << CKM::APICodeToString(temp));
+}
+
+RUNNER_CHILD_TEST(G02T07_ExtendedNegative) {
+    // We have wrong privilege.
+    // Cynara should deny all accesses to the extended API.
+    PS ps("PkgIdG02T07", "UserG02T07", PrivCKMStore);
+    ps.Apply();
+
+    int temp;
+    auto manager = CKM::Manager::create();
+    const CKM::CryptoAlgorithm params;
+    const CKM::Alias wrappingKeyAlias;
+    const CKM::Password wrappingKeyPassword;
+    const CKM::Alias alias;
+    const CKM::Password password;
+    CKM::RawBuffer data;
+    CKM::RawBuffer wrappedKey;
+
+    // We expect to receive ACCESS_DENIED before the actual logic function is called (which would
+    // return a different error because we pass invalid parameters)
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->wrapConcatenatedData(
+            params, wrappingKeyAlias, wrappingKeyPassword, alias, password, data, wrappedKey)),
+        "Error=" << CKM::APICodeToString(temp));
+
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_ACCESS_DENIED == (temp = manager->unwrapConcatenatedData(
+            params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0,
+            CKM::Policy(), data)),
+        "Error=" << CKM::APICodeToString(temp));
+}