+# cscope/ctag data #
+####################
+cscope.files
+cscope.out
+tags
+
+# Temporary files #
+###################
+*.swp
+*~
build
GPATH
GRTAGS
GTAGS
.dir-locals.el
+
############################# Targets names ###################################
+SET(TARGET_CKM_TEST_COMMON "ckm-test-common")
SET(TARGET_CKM_TESTS "ckm-tests")
+SET(TARGET_CKM_PRIVILEGED_TESTS "ckm-privileged-tests")
SET(TARGET_CKMI_TESTS "ckm-integration-tests")
SET(COMMON_TARGET_TEST "tests-common")
<manifest>
<assign>
- <filesystem path="/usr/bin/security-tests.sh" exec_label="_" />
- <filesystem path="/usr/bin/security-tests-all.sh" exec_label="_" />
-
- <filesystem path="/usr/bin/tests-summary.sh" exec_label="_" />
<filesystem path="/usr/bin/test-performance-check.sh" exec_label="_" />
<filesystem path="/usr/bin/libsmack-test" exec_label="_" />
<filesystem path="/usr/bin/security-manager-tests" exec_label="System::Privileged" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
- <filesystem path="/usr/bin/ckm-tests" exec_label="System" />
+ <filesystem path="/usr/bin/ckm-privileged-tests" exec_label="System::Privileged" />
</assign>
<request>
<domain name="_" />
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(libwebappenc)
+BuildRequires: pkgconfig(openssl)
BuildRequires: cynara-devel
BuildRequires: libcynara-creds-dbus-devel
BuildRequires: libcynara-creds-gdbus-devel
%attr(755, security_test_user,users) %{TZ_SYS_HOME}/security_test_user/apps_rw/*
/usr/bin/cynara-test
/usr/bin/ckm-tests
+/usr/bin/ckm-privileged-tests
+/usr/bin/ckm-tests-on-onlycap.sh
/usr/bin/ckm-integration-tests
/usr/bin/yaca-test
/usr/bin/ode-tests
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2013-2018 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
ADD_DEFINITIONS("-DCKM_TEST_DIR=\"${CKM_TEST_DIR}\"")
ADD_DEFINITIONS("-DCKM_RW_DATA_DIR=\"${CKM_RW_DATA_DIR}\"")
-# Dependencies
-PKG_CHECK_MODULES(CKM_DEP
- libsmack
+PKG_CHECK_MODULES(CKM_TEST_COMMON_DEP
+ REQUIRED
+ openssl
key-manager
- dbus-1
- vconf
- REQUIRED)
-
-# Targets definition
-
-SET(CKM_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/access_provider2.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/main.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-certificate-chains.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-access_control.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/algo-params.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption-env.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption.cpp
+ libtzplatform-config
)
-INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm/ )
-
-ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
-
-# Installation
+SET(CKM_TEST_COMMON_SRCS
+ ckm-common.cpp
+ test-certs.cpp
+)
-INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
-INSTALL(FILES
- test1801.pkcs12
- pkcs.p12
- capi-t3096.p12
- XML_1_okay.xml
- XML_2_okay.xml
- XML_3_wrong.xml
- device_key.xml
- DESTINATION ${CKM_TEST_DIR}
- )
+INCLUDE_DIRECTORIES(SYSTEM ${CKM_TEST_COMMON_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(
+ .
+ ${PROJECT_SOURCE_DIR}/src/common
+)
-# C compilation
-SET(TARGET_C_COMPILATION_TEST "ckm-c-compilation-test")
+ADD_LIBRARY(${TARGET_CKM_TEST_COMMON} ${CKM_TEST_COMMON_SRCS})
-SET(C_COMPILATION_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/c-compilation.c
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TEST_COMMON}
+ ${CKM_TEST_COMMON_DEP_LIBRARIES}
+ ${COMMON_TARGET_TEST}
)
-PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP
- key-manager
- REQUIRED)
-
+# C compilation test
+SET(TARGET_C_COMPILATION_TEST "ckm-c-compilation-test")
+SET(C_COMPILATION_SOURCES c-compilation.c)
+PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP REQUIRED key-manager)
ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES})
-
TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES})
+
+INSTALL(DIRECTORY resource/ DESTINATION ${CKM_TEST_DIR})
+
+ADD_SUBDIRECTORY(privileged)
+ADD_SUBDIRECTORY(unprivileged)
#include <ckmc/ckmc-type.h>
#include <ckm-common.h>
#include <tests_common.h>
-#include <access_provider2.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-manager.h>
#include <ckmc/ckmc-control.h>
#include <ckmc/ckmc-manager.h>
-#include <service_manager.h>
#include <fcntl.h>
#include <unistd.h>
-const std::string SMACK_USER_APP_PREFIX = "User::App::";
+const std::string SMACK_USER_APP_PREFIX = "User::Pkg::";
+const char *SYSTEM_LABEL = ckmc_owner_id_system;
+const char *TEST_LABEL = "test_label";
+const char *TEST_LABEL_2 = "test_label_2";
+const char *TEST_LABEL_3 = "test_label_3";
+const char *TEST_LABEL_4 = "test_label_4";
+const char *TEST_LABEL_5 = "test_label_5";
void generate_random(size_t random_bytes, char *output)
{
}
}
-const char* SERVICE[] = {
- "central-key-manager-listener.service",
- "central-key-manager.service" };
-
-void start_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.startService();
-}
-
-void stop_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.stopService();
-}
-
std::string getLabel() {
int ret;
char* myLabel = NULL;
return std::string(alias);
}
-ScopedLabel::ScopedLabel(const char* label) : m_original_label(getLabel())
+std::string aliasWithLabelFromSelf(const char *alias)
{
- change_label(label);
-}
+ std::ostringstream oss;
+ oss << getOwnerIdFromSelf() << ckmc_label_name_separator << alias;
-ScopedLabel::~ScopedLabel()
-{
- /*
- * Let it throw. If we can't restore label then remaining tests results will be
- * unreliable anyway.
- */
- change_label(m_original_label.c_str());
+ return oss.str();
}
#define ERRORDESCRIBE(name) case name: return #name
#include <sys/types.h>
extern const std::string SMACK_USER_APP_PREFIX;
+extern const char *SYSTEM_LABEL;
+extern const char *TEST_LABEL;
+extern const char *TEST_LABEL_2;
+extern const char *TEST_LABEL_3;
+extern const char *TEST_LABEL_4;
+extern const char *TEST_LABEL_5;
// support for error printing
const char * CKMCErrorToString(int error);
return size;
}
-
-// service lifecycle management
-enum ServiceIdx {
- LISTENER,
- MANAGER
-};
-void start_service(ServiceIdx idx);
-void stop_service(ServiceIdx idx);
-
// scoped free
typedef std::unique_ptr<char, void (*)(void *)> CharPtr;
+std::string getLabel();
// returns process owner id
std::string getOwnerIdFromSelf();
std::string aliasWithLabel(const char *label, const char *alias);
-// changes process label upon construction and restores it upon destruction
-class ScopedLabel
-{
-public:
- ScopedLabel(const char* label);
- ~ScopedLabel();
-
-private:
- std::string m_original_label;
-};
+std::string aliasWithLabelFromSelf(const char *alias);
void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
void save_data(const char* alias, const char *data, size_t len, int expected_err);
--- /dev/null
+# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+PKG_CHECK_MODULES(CKM_DEP
+ REQUIRED
+ libsmack
+ dbus-1
+)
+
+SET(CKM_SOURCES
+ access_provider2.cpp
+ async-api.cpp
+ capi-access_control.cpp
+ ckm-privileged-common.cpp
+ initial-values.cpp
+ main.cpp
+ system-db.cpp
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common
+ ..
+ .
+)
+
+ADD_EXECUTABLE(${TARGET_CKM_PRIVILEGED_TESTS} ${CKM_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKM_PRIVILEGED_TESTS}
+ ${TARGET_CKM_TEST_COMMON}
+ ${CKM_DEP_LIBRARIES}
+ ${COMMON_TARGET_TEST}
+)
+
+INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin)
+INSTALL(FILES ckm-tests-on-onlycap.sh
+ DESTINATION bin
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE
+ GROUP_READ GROUP_EXECUTE
+ WORLD_READ WORLD_EXECUTE
+)
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file async-api.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <mutex>
+#include <utility>
+#include <condition_variable>
+#include <cassert>
+
+#include <ckmc/ckmc-type.h>
+#include <ckm/ckm-manager-async.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-raw-buffer.h>
+
+#include <fstream>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <test-certs.h>
+#include <ckm-common.h>
+#include <access_provider2.h>
+#include <random>
+
+using namespace CKM;
+using namespace std;
+using namespace TestData;
+
+namespace {
+
+const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+
+const char* TEST_PASS = "test-pass";
+
+const CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CertificateShPtrVector NULL_PTR_VECTOR = {
+ CertificateShPtr(),
+ CertificateShPtr(),
+ CertificateShPtr()
+};
+const AliasVector EMPTY_ALIAS_VECTOR;
+const Alias alias_PKCS_exportable = "async-test-PKCS-export";
+const Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
+
+class MyObserver: public ManagerAsync::Observer
+{
+public:
+ MyObserver() :
+ m_finished(false), m_error(0)
+ {
+ }
+
+ void ReceivedError(int error)
+ {
+ m_finished = true;
+ m_error = error;
+ m_cv.notify_one();
+ }
+
+ void ReceivedSaveKey() { Succeeded(); }
+ void ReceivedSaveCertificate() { Succeeded(); }
+ void ReceivedSaveData() { Succeeded(); }
+ void ReceivedSavePKCS12() { Succeeded(); }
+
+ void ReceivedRemovedAlias() { Succeeded(); }
+
+ void ReceivedKey(Key &&) { Succeeded(); }
+ void ReceivedCertificate(Certificate &&) { Succeeded(); }
+ void ReceivedData(RawBuffer &&) { Succeeded(); }
+ void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
+
+ void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+
+ void ReceivedCreateKeyAES() { Succeeded(); }
+ void ReceivedCreateKeyPair() { Succeeded(); }
+
+ void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
+ { m_certChain = move(chain); Succeeded(); }
+
+ void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
+ void ReceivedVerifySignature() { Succeeded(); }
+
+ void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
+
+ void ReceivedSetPermission() { Succeeded(); }
+
+ void WaitForResponse()
+ {
+ unique_lock < mutex > lock(m_mutex);
+
+ m_cv.wait(lock, [this] {return m_finished;});
+ }
+
+ bool m_finished;
+ int m_error;
+ AliasVector m_aliases;
+ CertificateShPtrVector m_certChain;
+ PKCS12ShPtr m_pkcs;
+ RawBuffer m_signed;
+ int m_ocspStatus;
+
+protected:
+ void Succeeded()
+ {
+ m_finished = true;
+ m_cv.notify_one();
+ }
+
+ mutex m_mutex;
+ condition_variable m_cv;
+};
+
+typedef shared_ptr<MyObserver> MyObserverPtr;
+
+enum Type {
+ RSA,
+ DSA,
+ ECDSA,
+ AES
+};
+
+struct KeyContainer
+{
+ // assymetric
+ KeyContainer(const std::string& prv_pem, const std::string& pub_pem) {
+ RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
+ prv = Key::create(buffer_prv);
+ assert(prv);
+
+ RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
+ pub = Key::create(buffer_pub);
+ assert(pub);
+ }
+
+ // symmetric
+ KeyContainer(const RawBuffer& key_raw) {
+ prv = pub = Key::createAES(key_raw);
+ assert(prv);
+ assert(pub);
+ }
+
+ KeyShPtr prv;
+ KeyShPtr pub;
+};
+
+typedef map<Type, vector<KeyContainer> > KeyMap;
+
+
+KeyMap initializeKeys()
+{
+ KeyMap km;
+
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
+ "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
+ "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
+ "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
+ "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
+ "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
+ "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
+ "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
+ "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
+ "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
+ "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
+ "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
+ "-----END RSA PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
+ "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
+ "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
+ "3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "-----END PUBLIC KEY-----"
+ );
+
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6\n"
+ "YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6T\n"
+ "AQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7m\n"
+ "Tus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2QNv3kBPuYdQQrXhoxCcIVtSIl8pU\n"
+ "fI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8SGjA6mSpmrp7lPlKE\n"
+ "9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWpxOzb\n"
+ "lliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37J\n"
+ "IudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4\n"
+ "V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDes\n"
+ "NBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ4rsmBqOwuglHFW52dIZEG9u/20ta\n"
+ "QMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLiBLx0Yr/RXKf6gJUCAwEA\n"
+ "AQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh18pva5Kzh\n"
+ "EU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh\n"
+ "9u236vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXN\n"
+ "GF5JjNcCOQxO1Em8pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG\n"
+ "5DPb19r9XjQhUPjbcq3/4qmLwtLT9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+\n"
+ "fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK6wX2IQ+7vJoWQyg2w6DbpSRq\n"
+ "cyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxeeRpNqFU9OCw0B\n"
+ "d3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O\n"
+ "bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBW\n"
+ "gUyLSdxR5RoEjBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbP\n"
+ "ggFZ8JnuwgtNo0soVKsWGATH65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX8\n"
+ "0jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H1TYDjwA1iBFku/O/xx7Jag7Y0A2l\n"
+ "1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MOGFTs5r9QyM//sm5D\n"
+ "2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDOUCx6\n"
+ "xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0\n"
+ "/zX4MFMD/Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWd\n"
+ "kKpm9xcFddATlT0CggEBAOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvE\n"
+ "qgKHOgZO9ztD6/UgX41uc+3rKfvmY5AsldGZgd0ov/DyeF0N834LeBVayG1fdcEt\n"
+ "amqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9TwoUWS2xmldc+nehCdHs\n"
+ "WQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ETjKemdK\n"
+ "HQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5\n"
+ "ZB7ev8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FW\n"
+ "Nqvwp9PQzxwTv8wuxBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o\n"
+ "1Rad6jtb1SiV9KcPk83wIeoUk/xp0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7L\n"
+ "qpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8eTEywu5yrMGeAjVpLFfKlmGI\n"
+ "pYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk2kuGLYXISfUG\n"
+ "j0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a\n"
+ "xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8W\n"
+ "X4+ZEW7S4heLsUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/a\n"
+ "W22I0REV5UU8bS1F7taV93EwWmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVy\n"
+ "FjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4igfJpPcUFYOazZ3Y7q53RdCgIPKKy\n"
+ "iVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GHW93TUDTKWlTXyUFm\n"
+ "C2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltYG08t\n"
+ "fEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL6\n"
+ "06qeBC8xoVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQ\n"
+ "pyVWfB+F2ppBOYtKvNubyKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+I\n"
+ "Qj8I06c1T31kzfJ71Vx1DUWZW/65xmFD4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rq\n"
+ "uPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+Vx676FQrM4EzjSSqgA==\n"
+ "-----END RSA PRIVATE KEY-----\n",
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3\n"
+ "+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui\n"
+ "tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB\n"
+ "x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2\n"
+ "QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8\n"
+ "9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4\n"
+ "m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA\n"
+ "+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp\n"
+ "f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4\n"
+ "+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ\n"
+ "4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+\n"
+ "8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==\n"
+ "-----END PUBLIC KEY-----");
+ km[DSA].emplace_back(
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
+ "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
+ "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
+ "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
+ "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
+ "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
+ "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
+ "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
+ "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
+ "yAKPlW7WQzgV5jLLNUW7\n"
+ "-----END DSA PRIVATE KEY-----\n",
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMixBFiCdTiablWszLKSk03N4dNAA7wT\n"
+ "aEkBw7A08Gt2izxqZqStwmfIFo2HnpmyVy5c0Qom7GIOzLhUz0pRHx8dOpOIXmz7\n"
+ "g0CvN2t3A1CkpaMCok1+CkJ1otkfD2jznt+VxDh3Jg2cDPX9I0ae/TcObwRhE1EU\n"
+ "1oU3DvME+PJXAhUA3KPuKMt+sJsNkOLqid3k2nU2zSECgYEAhxLVx5a3DoMAaZjD\n"
+ "Dbuv/WUu2qOuryPTDRoXovL6ln/L5ZPD0pPXx5Eo+ZWCu5VKfdVVUl43TRdqgq98\n"
+ "9IeRNEgTmuujZkQieGneDRVqTsRclZ7sooFFepIw0WSd2Mq/WfI0p5ZISr1eqXpI\n"
+ "+fwnxN+ZvJSk9IiCVlG8nYMfAckDgYQAAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkB\n"
+ "eukXzeZGqNWEjgzLAjMZEVYMDLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23\n"
+ "ToR8fQuiBu+KvtAP/QuCOJ/LS0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6\n"
+ "J2+fygnWcOOSo6s=\n"
+ "-----END PUBLIC KEY-----\n"
+ );
+ km[ECDSA].emplace_back(
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
+ "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
+ "sQ==\n"
+ "-----END EC PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
+ "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
+ "-----END PUBLIC KEY-----"
+ );
+
+ CKM::RawBuffer AES_key = createRandomBuffer(256/8);
+ km[AES].emplace_back(AES_key);
+
+ return km;
+}
+
+KeyMap keys = initializeKeys();
+typedef vector<CertificateShPtr> CertVector;
+
+const RawBuffer raw_buffer(const char* buffer)
+{
+ return RawBuffer(buffer, buffer + strlen(buffer));
+}
+
+const RawBuffer test_buffer = raw_buffer("test_string");
+
+template <typename F, typename... Args>
+void test_negative(F&& func, int expected, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
+
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
+ obs->WaitForResponse();
+
+ RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
+ RUNNER_ASSERT_MSG(
+ obs->m_error == expected,
+ "Expected " << expected << "/" << CKMErrorToString(expected) <<
+ " got: " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+}
+
+template <typename F, typename... Args>
+void test_invalid_param(F&& func, Args... args)
+{
+ test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
+}
+
+template <typename F, typename... Args>
+MyObserverPtr test_positive(F&& func, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
+
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
+ obs->WaitForResponse();
+
+ RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
+ RUNNER_ASSERT_MSG(obs->m_error == 0,
+ "Request failed " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+ return obs;
+}
+
+template <typename F, typename... Args>
+void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
+}
+
+template <typename F, typename... Args>
+void test_check_cert_chain(F&& func, size_t expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(
+ obs->m_certChain.size() == expected,
+ "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
+}
+
+typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const CertificateShPtrVector&,
+ const CertificateShPtrVector&,
+ bool);
+
+typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const AliasVector&,
+ const AliasVector&,
+ bool);
+
+class UserEnv : public RemoveDataEnv<APP_UID>
+{
+public:
+ void init(const std::string & str) {
+ RemoveDataEnv<APP_UID>::init(str);
+ unlock_user_data(APP_UID, TEST_PASS);
+ m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID));
+ }
+ void finish() {
+ m_ap.reset();
+ // lock is performed by remove_user_data() in RemoveDataEnv
+ RemoveDataEnv<APP_UID>::finish();
+ }
+ std::unique_ptr<ScopedAccessProvider> m_ap;
+};
+
+} // namespace anonymous
+
+RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+
+// setPermission
+RUNNER_TEST(TA1810_allow_access_invalid_param, UserEnv)
+{
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
+}
+
+RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
+{
+ ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
+ std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ save_data(alias1.c_str(), TEST_DATA);
+ save_data(alias2.c_str(), TEST_DATA);
+ save_data(alias3.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL_2,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ }
+
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
+
+ // test from allowed label, but without properly addressing alias (coming from default label)
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
+
+ // now test with appropriate addressing
+ test_positive(&ManagerAsync::getData, alias2, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
+
+ test_positive(&ManagerAsync::getData, alias3, "");
+ test_positive(&ManagerAsync::removeAlias, alias3);
+ }
+}
+
+// denyAccess
+RUNNER_TEST(TA1910_deny_access_invalid_param, UserEnv)
+{
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
+}
+
+RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
+{
+ ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ save_data(alias1.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::NONE);
+ }
+
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
+ }
+}
const int GROUP_2 = 6200;
const char * const APP_PASS_1 = "app-pass-1";
const char * const APP_PASS_2 = "app-pass-2";
-const char* APP_LABEL_1 = "APP_LABEL_1";
-const char* APP_LABEL_2 = "APP_LABEL_2";
-const char* APP_LABEL_3 = "APP_LABEL_3";
-const char* APP_LABEL_4 = "APP_LABEL_4";
+const char* APP_LABEL_1 = TEST_LABEL;
+const char* APP_LABEL_2 = TEST_LABEL_2;
+const char* APP_LABEL_3 = TEST_LABEL_3;
+const char* APP_LABEL_4 = TEST_LABEL_4;
const char* NO_ALIAS = "definitely-non-existent-alias";
// deny non existing access to existing alias
int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
"Denying non existing access returned: " << CKMCErrorToString(ret));
}
}
// tries to deny non existing access
-RUNNER_TEST(T3105_control_
deny_access_non_existing_access, RemoveDataEnv<APP_1>)
+RUNNER_TEST(T3105_control_
remove_non_existing_access, RemoveDataEnv<APP_1>)
{
// prepare: add data
{
}
int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret,
"Denying non existing access returned: " << CKMCErrorToString(ret));
}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ckm-privileged-common.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+#include "ckm-privileged-common.h"
+
+#include <dpl/test/test_runner.h>
+
+#include <service_manager.h>
+#include <ckm-common.h>
+
+namespace {
+
+const char *SERVICE[] = {
+ "central-key-manager-listener.service",
+ "central-key-manager.service"
+};
+
+void changeLabel(const char *label)
+{
+ int ret = smack_set_label_for_self(label);
+ RUNNER_ASSERT_MSG(0 == ret,
+ "Error in smack_set_label_for_self(" << label << "). Error: " << ret);
+}
+
+} // namespace anonymous
+
+ScopedLabel::ScopedLabel(const char *label) : m_original_label(getLabel())
+{
+ changeLabel(label);
+}
+
+ScopedLabel::~ScopedLabel()
+{
+ /*
+ * Let it throw. If we can't restore label then remaining tests results will be
+ * unreliable anyway.
+ */
+ changeLabel(m_original_label.c_str());
+}
+
+void start_service(ServiceIdx idx)
+{
+ ServiceManager sm(SERVICE[idx]);
+ sm.startService();
+}
+
+void stop_service(ServiceIdx idx)
+{
+ ServiceManager sm(SERVICE[idx]);
+ sm.stopService();
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ckm-privileged-common.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <string>
+
+// service lifecycle management
+enum ServiceIdx {
+ LISTENER,
+ MANAGER
+};
+
+void start_service(ServiceIdx idx);
+void stop_service(ServiceIdx idx);
+
+// changes process label upon construction and restores it upon destruction
+class ScopedLabel
+{
+public:
+ ScopedLabel(const char* label);
+ ~ScopedLabel();
+
+private:
+ std::string m_original_label;
+};
--- /dev/null
+#!/bin/sh
+
+# Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file ckm-tests-on-onlycap.sh
+# @author Kyungwook Tak (k.tak@samsung.com)
+# @brief Run ckm-tests on onlycap environment
+#
+
+# save old label and onlycap
+OLD_LABEL=`cat /proc/self/attr/current`
+OLD_ONLYCAP=`cat /sys/fs/smackfs/onlycap`
+
+# make sure we're in onlycap so original state can be restored later
+# (assume that OLD_LABEL is allowed to change the label)
+echo "System::Privileged" > /proc/self/attr/current || exit
+
+# push test app lables to onlycap label list
+echo "System::Privileged \
+ User::Pkg::test_label \
+ User::Pkg::test_label_2 \
+ User::Pkg::test_label_3 \
+ User::Pkg::test_label_4 \
+ User::Pkg::test_label_5 \
+ System" > /sys/fs/smackfs/onlycap || exit
+
+# set capability for changing smack label of self and add/remove smack rules
+setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests || exit
+
+# run test
+ckm-privileged-tests "${@}" # propagate all arguments
+
+# restore old onlycap
+echo -n $OLD_ONLYCAP > /sys/fs/smackfs/onlycap
+
+# restore old label
+# (assume that System::Privileged is allowed to do it with $OLD_ONLYCAP)
+echo $OLD_LABEL > /proc/self/attr/current
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <ckm-common.h>
+#include <ckm-privileged-common.h>
#include <ckm/ckm-control.h>
#include <ckmc/ckmc-manager.h>
#include <access_provider2.h>
const uid_t USER_APP = 5070;
const uid_t GROUP_APP = 5070;
const char* APP_PASS = "user-pass";
-const char* TEST_WEB_APP_1 = "web_app1";
-const char* TEST_WEB_APP_2 = "web_app2";
const char *XML_DEVICE_KEY = "device_key.xml";
RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
-RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
+RUNNER_TEST(T6001_init)
{
// [prepare]
// remove database 0
// copy to the initial-values folder
- // [test0]
// check XML file exists
// restart the key-manager
- // check XML file exists - should fail
- // [test1]
- // check items existence as system service
- // [test2]
- // check items existence as web_app1
- // [test3]
- // check items existence as web_app2
-
+ // check XML file doesn't exist
- // [prepare]
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
+ copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+ copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
+ copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
- // [test0]
test_exists(format_dest_path(XML_1_okay), true);
+ test_exists(format_dest_path(XML_2_okay), true);
+ test_exists(format_dest_path(XML_3_wrong), true);
+
restart_key_manager();
+
test_exists(format_dest_path(XML_1_okay), false);
+ test_exists(format_dest_path(XML_2_okay), false);
+ test_exists(format_dest_path(XML_3_wrong), false);
+}
+RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
+{
// [test1]
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ // check items existence as system service
+ // [test2]
+ // check items existence as TEST_LABEL
+ // [test3]
+ // check items existence as TEST_LABEL_2
+
+ // [test1]
+ {
+ check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
+ check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
+ check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
+ check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
+ check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ }
// [test2]
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_1);
- ap.allowAPI("key-manager::api-storage", "rw");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
// [test3]
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_2);
- ap.allowAPI("key-manager::api-storage", "rw");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
}
}
-RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
+RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
{
- // [prepare]
- // remove database 0
- // copy two files to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
+ // [test]
// check items existence as system service
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
-
- // [test0]
- test_exists(format_dest_path(XML_1_okay), true);
- test_exists(format_dest_path(XML_1_okay), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_2_okay), false);
- test_exists(format_dest_path(XML_2_okay), false);
-
- // [test1]
check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
}
-RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>)
+RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
{
- // [prepare]
- // remove database 0
- // copy failing XML file to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
+ // [test]
// check items existence as system service - nothing should be available
-
- // [prepare]
- copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
-
- // [test0]
- test_exists(format_dest_path(XML_3_wrong), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_3_wrong), false);
-
- // [test1]
check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
}
-RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
+RUNNER_TEST(T6040_CHECK_KEYS_VALID)
{
- // [prepare]
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test]
// check if key can create & verify signature
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test]
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
ckmc_buffer_free(signature);
}
-RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>)
+RUNNER_TEST(T6050_ENCRYPTED_KEY)
{
// [prepare]
// to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
// to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test0]
// check if encrypted private key is present
// check if public key is present
// create signature using the public key
// verify signature using the decrypted private key
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
// [test0]
check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
ckmc_buffer_free(signature);
}
-RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>)
+RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA)
{
// [prepare]
// to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
// to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test0]
// extract data
// check if data matches the expected size and content
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
// [test0]
ckmc_raw_buffer_s *testData1;
int temp;
ckmc_buffer_free(testData1);
}
-RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>)
+RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA)
{
// [prepare]
// to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
// to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test0]
// extract data
// check if data matches the expected size
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
// [test0]
ckmc_raw_buffer_s *testData1;
int temp;
RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
ckmc_buffer_free(testData1);
}
+
+RUNNER_TEST(T6999_deinit)
+{
+ remove_user_data(0);
+}
--- /dev/null
+/*
+ * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <fstream>
+#include <iostream>
+
+#include <netdb.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <test-certs.h>
+#include <access_provider2.h>
+#include <ckm-common.h>
+#include <ckm-privileged-common.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-pkcs12.h>
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+
+const int USER_APP_2 = 5020;
+const int USER_APP_3 = 5030;
+
+const char * const APP_PASS = "user-pass";
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
+
+/*
+ * How to numerate tests:
+ * TABCD_NAME
+ * T - test case (always T)
+ * AB - number of test group (always two digits)
+ * C - test number in group (all tests with same TABC must be run in the same time).
+ * D - subtest.
+ */
+
+RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1510_init_unlock_key)
+{
+ reset_user_data(USER_TEST, APP_PASS);
+}
+
+RUNNER_TEST(T1511_insert_data)
+{
+ auto certee = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
+ auto certim = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ CKM::Alias certeeAlias("CertEE");
+ CKM::Alias certimAlias("CertIM");
+ {
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
+ }
+
+ // restart CKM
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ // actual test
+ {
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
+ int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+ "Certificate should be in database already. Error=" << CKMErrorToString(status1));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+ "Certificate should be in database already. Error=" << CKMErrorToString(status2));
+ }
+}
+
+RUNNER_TEST(T1519_deinit)
+{
+ remove_user_data(USER_TEST);
+}
+
+RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1701_init_unlock_key)
+{
+ unlock_user_data(USER_TEST+1, "t170-special-password");
+
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+}
+
+RUNNER_CHILD_TEST(T1702_insert_data)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ auto certee = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+
+ auto manager = CKM::Manager::create();
+ size_t current_aliases_num = count_aliases(ALIAS_CERT);
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKMErrorToString(status1));
+
+ CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
+}
+
+RUNNER_TEST(T1703_removeApplicationData)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1704_data_test)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_TEST(T1705_deinit)
+{
+ remove_user_data(USER_TEST+1);
+}
+
+RUNNER_TEST(T17101_init)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
+ "Error=" << CKMErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17102_prep_data_01)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17103_prep_data_02)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17104_prep_data_03)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17105_prep_data_04)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_TEST(T17106_remove_application)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17107_check_data_01)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17108_check_data_02)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17109_unlock_user2)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17110_check_data_03)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17111_check_data_04)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17112_deinit)
+{
+ remove_user_data(USER_TEST+2);
+ remove_user_data(USER_TEST+3);
+}
+
+int main(int argc, char *argv[])
+{
+ if (geteuid() != 0)
+ {
+ std::cerr << argv[0] << " should be executed as root. Aborting" << std::endl;
+ return -1;
+ }
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
* @version 1.0
*/
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <ckm-common.h>
+#include <ckm-privileged-common.h>
#include <ckm/ckm-control.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-type.h>
const char* APP_PASS = "user-pass";
const char* TEST_ALIAS = "test-alias";
-const char* SYSTEM_LABEL = ckmc_owner_id_system;
const char* INVALID_LABEL = "coco-jumbo";
-std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS);
-std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2");
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL_2 = "test-label-2";
+std::string TEST_SYSTEM_ALIAS = sharedDatabase(TEST_ALIAS);
+std::string TEST_SYSTEM_ALIAS_2 = sharedDatabase("test-alias-2");
const char* TEST_DATA =
"Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
-----END PUBLIC KEY-----
</PEM>
- <Permission accessor="web_app1"/>
+ <Permission accessor="test_label"/>
</Key>
<Key name="test-key2" type="RSA_PRV" exportable="true">
<DER>
4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
Vx676FQrM4EzjSSqgA==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Key>
<Cert exportable="true" name="test-cert1">
<DER>
7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
kOg11TpPdNDkhb1J4ZCh2gupDg==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Cert>
<Data name="test-data1" exportable="true">
<ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Data>
<Key name="test-aes1" type="AES" exportable="true">
<Base64>
QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Key>
<!-- key below is encrypted using AES-CBC algorithm.
The key used is decrypted <EncryptionKey> provided above.
8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
-----END PUBLIC KEY-----
</PEM>
- <Permission accessor="web_app1"/>
+ <Permission accessor="test_label"/>
</Key>
<Key name="test2-key2" type="RSA_PRV" exportable="true">
<DER>
4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
Vx676FQrM4EzjSSqgA==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Key>
<Cert exportable="true" name="test2-cert1">
<DER>
7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
kOg11TpPdNDkhb1J4ZCh2gupDg==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Cert>
<Data name="test2-data1" exportable="true">
<ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Data>
<Key name="test2-aes1" type="AES" exportable="true">
<Base64>
QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Key>
</InitialValues>
<?xml version="1.0" encoding="UTF-8"?>
<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
<Key name="test3-key1" type="RSA_PUB" password="123">
- <Permission accessor="web_app1"/>
+ <Permission accessor="test_label"/>
<PEM>
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
Vx676FQrM4EzjSSqgA==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Key>
<Cert exportable="true" name="test3-cert1">
<DER>
7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
kOg11TpPdNDkhb1J4ZCh2gupDg==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Cert>
<Data name="test3-data1" exportable="true">
<ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Data>
<Key name="test3-aes1" type="AES">
<Base64>
QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Key>
</InitialValues>
*/
#include <map>
+#include <memory>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
#include <test-certs.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
using namespace std;
+namespace TestData {
namespace {
-typedef map<TestData::certificateID, pair<string, CKM::CertificateShPtr>> CertMap;
+
+enum RawCertificateID {
+ // test certificates
+ TEST_ROOT_CA = 0, // TEST_ROOT_CA, expires 2035
+ TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
+ TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
+
+ // third party
+ DIGICERT_ROOT_CA, // DIGICERT_ROOT_CA, (root CA), expires 10 Nov 2031
+ DIGICERT_IM_CA, // DIGICERT_IM_CA, signed by DIGICERT_ROOT_CA,
+ // expires 22 Oct 2028
+ FACEBOOK_COM, // FACEBOOK_COM, *.facebook.com - signed by DIGICERT_IM_CA,
+ // expires 22 Mar 2019
+
+ // ocsp available chain on third party
+ MICROSOFT_IM_CA, // MICROSOFT_IM_CA, signed by Baltimore CyberTrust Root, expires 20 May 2024
+ BING_COM, // BING, signed by MICROSOFT_IM_CA, expires 10 Jul 2019
+
+ // footer - last element in the set
+ NO_CERT
+};
+
+
+struct TestCert {
+ enum Validity {
+ UNKNOWN,
+ VALID,
+ NOT_YET_VALID,
+ EXPIRED
+ };
+
+ TestCert() : valid(UNKNOWN) {}
+
+ string raw_base64;
+ CKM::CertificateShPtr certPtr;
+ Validity valid;
+};
+
+typedef map<RawCertificateID, TestCert> CertMap;
CKM::CertificateShPtr createCert(const string& cert) {
CKM::RawBuffer buffer_cert(cert.begin(), cert.end());
return cptr;
}
+RawCertificateID toRawCertificateID(certificateID id)
+{
+ switch (id) {
+ case certificateID::TEST_ROOT_CA: return RawCertificateID::TEST_ROOT_CA;
+ case certificateID::TEST_IM_CA: return RawCertificateID::TEST_IM_CA;
+ case certificateID::TEST_LEAF: return RawCertificateID::TEST_LEAF;
+
+ case certificateID::THIRD_PARTY_ROOT_CA: return RawCertificateID::DIGICERT_ROOT_CA;
+ case certificateID::THIRD_PARTY_IM_CA: return RawCertificateID::DIGICERT_IM_CA;
+ case certificateID::THIRD_PARTY_LEAF: return RawCertificateID::FACEBOOK_COM;
+
+ case certificateID::OCSP_AVAILABLE_IM: return RawCertificateID::MICROSOFT_IM_CA;
+ case certificateID::OCSP_AVAILABLE_LEAF: return RawCertificateID::BING_COM;
+
+ case certificateID::NO_CERT: return RawCertificateID::NO_CERT;
+ default: throw std::invalid_argument("Invalid raw certificat ID!");
+ }
+}
+
CertMap initializeTestCerts()
{
CertMap cm;
"qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n"
"kOg11TpPdNDkhb1J4ZCh2gupDg==\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::TEST_ROOT_CA] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::TEST_ROOT_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::TEST_ROOT_CA].certPtr = createCert(raw_base64);
}
// TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
"SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm\n"
"F2obL5qJSTN/RQ==\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::TEST_IM_CA] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::TEST_IM_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::TEST_IM_CA].certPtr = createCert(raw_base64);
}
// TEST_LEAF, signed by TEST_IM_CA, expires 2035
"Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz\n"
"6ON7PVe0ABN/AlwVQiFE\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::TEST_LEAF] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::TEST_LEAF].raw_base64 = raw_base64;
+ cm[RawCertificateID::TEST_LEAF].certPtr = createCert(raw_base64);
}
- // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
+ // BING.COM, signed by MICROSOFT_IM_CA, expires 10 Jul 2019
{
- std::string raw_base64 = std::string(
+ std::string raw_base64(
"-----BEGIN CERTIFICATE-----\n"
- "MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n"
- "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n"
- "YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG\n"
- "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy\n"
- "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP\n"
- "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv\n"
- "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE\n"
- "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ\n"
- "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC\n"
- "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7\n"
- "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD\n"
- "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig\n"
- "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF\n"
- "BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ\n"
- "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE\n"
- "+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6\n"
- "8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS\n"
- "etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i\n"
- "vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP\n"
- "WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8\n"
- "VOBHBw==\n"
+ "MIIMAjCCCeqgAwIBAgITLQAAMpnXBx230XCKQgAAAAAymTANBgkqhkiG9w0BAQsF\n"
+ "ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT\n"
+ "B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE\n"
+ "CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDUw\n"
+ "HhcNMTcwNzIwMTc0NzA4WhcNMTkwNzEwMTc0NzA4WjAXMRUwEwYDVQQDEwx3d3cu\n"
+ "YmluZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6jsg+/7Dl\n"
+ "IrdgFOcaDlK3RQ9sIgkJsgpj+ZxAbIe3ziyimIxjVlHX87pqgXcNhaYNbCFD0iPm\n"
+ "+aUfbv4GDTLR+AIr8eSegqxZ+CBToYM67NhpVYra1KAvY4XgqxorO4FB9IWYJRqh\n"
+ "I3SZeZ3lLK5t9XuUMicG8l52nJfpPdXXvBca2wUCq8FHEObG81vJzESA0htLLPTj\n"
+ "dUWBQnXPiW5bqzlGHzzv8ISV6jtDLNNa5JRlhSlXho+6pCedhNF7MP4yTaantPvA\n"
+ "ELLRWX13VhjgoCcRCCu0s8rxW5DuVWl2Pb2iw35MFnNWlcoVwq0AjAfGA+xEba/W\n"
+ "Lid6qfkQctYjAgMBAAGjggfQMIIHzDAdBgNVHQ4EFgQUCYflhSl4MCAls91+3Gzt\n"
+ "pSmoA3AwCwYDVR0PBAQDAgSwMB8GA1UdIwQYMBaAFAj+JZ906ocEwry7jqg4XzPG\n"
+ "0WxlMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3Nv\n"
+ "ZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0El\n"
+ "MjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3Js\n"
+ "L01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDCBhQYIKwYBBQUHAQEE\n"
+ "eTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21z\n"
+ "Y29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNS5jcnQwIgYIKwYBBQUH\n"
+ "MAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wPgYJKwYBBAGCNxUHBDEwLwYnKwYB\n"
+ "BAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEQMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBNBgNVHSAERjBEMEIGCSsGAQQBgjcq\n"
+ "ATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21z\n"
+ "Y29ycC9jcHMwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcD\n"
+ "ATCCBW0GA1UdEQSCBWQwggVgggx3d3cuYmluZy5jb22CEGRpY3QuYmluZy5jb20u\n"
+ "Y26CEyoucGxhdGZvcm0uYmluZy5jb22CCiouYmluZy5jb22CCGJpbmcuY29tghZp\n"
+ "ZW9ubGluZS5taWNyb3NvZnQuY29tghMqLndpbmRvd3NzZWFyY2guY29tghljbi5p\n"
+ "ZW9ubGluZS5taWNyb3NvZnQuY29tghEqLm9yaWdpbi5iaW5nLmNvbYINKi5tbS5i\n"
+ "aW5nLm5ldIIOKi5hcGkuYmluZy5jb22CGGVjbi5kZXYudmlydHVhbGVhcnRoLm5l\n"
+ "dIINKi5jbi5iaW5nLm5ldIINKi5jbi5iaW5nLmNvbYIQc3NsLWFwaS5iaW5nLmNv\n"
+ "bYIQc3NsLWFwaS5iaW5nLm5ldIIOKi5hcGkuYmluZy5uZXSCDiouYmluZ2FwaXMu\n"
+ "Y29tgg9iaW5nc2FuZGJveC5jb22CFmZlZWRiYWNrLm1pY3Jvc29mdC5jb22CG2lu\n"
+ "c2VydG1lZGlhLmJpbmcub2ZmaWNlLm5ldIIOci5iYXQuYmluZy5jb22CECouci5i\n"
+ "YXQuYmluZy5jb22CEiouZGljdC5iaW5nLmNvbS5jboIPKi5kaWN0LmJpbmcuY29t\n"
+ "gg4qLnNzbC5iaW5nLmNvbYIQKi5hcHBleC5iaW5nLmNvbYIWKi5wbGF0Zm9ybS5j\n"
+ "bi5iaW5nLmNvbYINd3AubS5iaW5nLmNvbYIMKi5tLmJpbmcuY29tgg9nbG9iYWwu\n"
+ "YmluZy5jb22CEXdpbmRvd3NzZWFyY2guY29tgg5zZWFyY2gubXNuLmNvbYIRKi5i\n"
+ "aW5nc2FuZGJveC5jb22CGSouYXBpLnRpbGVzLmRpdHUubGl2ZS5jb22CDyouZGl0\n"
+ "dS5saXZlLmNvbYIYKi50MC50aWxlcy5kaXR1LmxpdmUuY29tghgqLnQxLnRpbGVz\n"
+ "LmRpdHUubGl2ZS5jb22CGCoudDIudGlsZXMuZGl0dS5saXZlLmNvbYIYKi50My50\n"
+ "aWxlcy5kaXR1LmxpdmUuY29tghUqLnRpbGVzLmRpdHUubGl2ZS5jb22CCzNkLmxp\n"
+ "dmUuY29tghNhcGkuc2VhcmNoLmxpdmUuY29tghRiZXRhLnNlYXJjaC5saXZlLmNv\n"
+ "bYIVY253ZWIuc2VhcmNoLmxpdmUuY29tggxkZXYubGl2ZS5jb22CDWRpdHUubGl2\n"
+ "ZS5jb22CEWZhcmVjYXN0LmxpdmUuY29tgg5pbWFnZS5saXZlLmNvbYIPaW1hZ2Vz\n"
+ "LmxpdmUuY29tghFsb2NhbC5saXZlLmNvbS5hdYIUbG9jYWxzZWFyY2gubGl2ZS5j\n"
+ "b22CFGxzNGQuc2VhcmNoLmxpdmUuY29tgg1tYWlsLmxpdmUuY29tghFtYXBpbmRp\n"
+ "YS5saXZlLmNvbYIObG9jYWwubGl2ZS5jb22CDW1hcHMubGl2ZS5jb22CEG1hcHMu\n"
+ "bGl2ZS5jb20uYXWCD21pbmRpYS5saXZlLmNvbYINbmV3cy5saXZlLmNvbYIcb3Jp\n"
+ "Z2luLmNud2ViLnNlYXJjaC5saXZlLmNvbYIWcHJldmlldy5sb2NhbC5saXZlLmNv\n"
+ "bYIPc2VhcmNoLmxpdmUuY29tghJ0ZXN0Lm1hcHMubGl2ZS5jb22CDnZpZGVvLmxp\n"
+ "dmUuY29tgg92aWRlb3MubGl2ZS5jb22CFXZpcnR1YWxlYXJ0aC5saXZlLmNvbYIM\n"
+ "d2FwLmxpdmUuY29tghJ3ZWJtYXN0ZXIubGl2ZS5jb22CE3dlYm1hc3RlcnMubGl2\n"
+ "ZS5jb22CFXd3dy5sb2NhbC5saXZlLmNvbS5hdYIUd3d3Lm1hcHMubGl2ZS5jb20u\n"
+ "YXUwDQYJKoZIhvcNAQELBQADggIBADTpW/UWeupk40OP6k4yxihKStswxwqPAfMR\n"
+ "mx4XyqmTAawAKRNM+6EZth1BQdPdOplwRTvs69kkmUHJH+ZjYXBezEACWkzEiNUQ\n"
+ "nzkRWajdSQIz08Ubj/mBD6U8xLYD+NXgiB0xNWabd8aiPsqPaj6I3qkNw4JvtgtH\n"
+ "ZQG1zlwC5/Lu6yV3DM3sKpQMyBmOnX6nVUiS0MTOzLgZOQzRk07nO7EXWGcKTmDB\n"
+ "jE8cqv5IA/jQ6gtaxCI5pDxfXK4ct7oQyoChfxOXcEDKMmMndFmg9ch5c4an/FRM\n"
+ "2cgzDfjR01A71LNUpLUdOjNV0T+ZEStqEpdyDFfjrHGDtzLyqEz3iyvvQFyjmlGh\n"
+ "6OtZXwjCPpnVSrKCmfJKio0kUxyq+6t5tZAQbPVgFKiMrVnU+sgvmNVip1toijyz\n"
+ "8vMVCkwJ2G++7xjJukoELMxZ50W4/SAMZLy1Asx02NBwYCu9+CTQPVnmPe7rmxhl\n"
+ "QRBOfDNa1+5jwRHY64YudEzKhWR1uqS3ABd/fk+TL86yuNYGAgxnOm1FtOGieRgV\n"
+ "iV3+NzC+bDbuUOtmbD/GvDGmRwJRcCTHL7jBmkHePh2ABY93NE/IbkaDP6l1Kw98\n"
+ "AfqkzSUxhqHXuThe7KIoX9/0zv4AA1WZFis1QvAG7dpl9eio6vCdC/73HvBAlqRL\n"
+ "+7Mb1uu0\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::GIAG2] = std::make_pair(raw_base64, createCert(raw_base64));
- }
+ cm[RawCertificateID::BING_COM].raw_base64 = raw_base64;
+ cm[RawCertificateID::BING_COM].certPtr = createCert(raw_base64);
- // MBANK, signed by SYMANTEC, expires 04 Feb 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n"
- "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n"
- "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n"
- "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n"
- "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n"
- "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n"
- "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n"
- "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n"
- "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n"
- "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n"
- "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n"
- "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n"
- "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n"
- "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n"
- "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n"
- "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n"
- "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
- "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n"
- "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n"
- "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n"
- "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n"
- "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n"
- "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n"
- "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n"
- "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n"
- "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n"
- "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n"
- "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n"
- "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n"
- "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n"
- "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n"
- "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n"
- "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n"
- "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::MBANK] = std::make_pair(raw_base64, createCert(raw_base64));
}
- // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
+ // MICROSOFT_IM_CA, expires 20 May 2024
{
- std::string raw_base64 = std::string(
+ std::string raw_base64(
"-----BEGIN CERTIFICATE-----\n"
- "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n"
- "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n"
- "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n"
- "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n"
- "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n"
- "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n"
- "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n"
- "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n"
- "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n"
- "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n"
- "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n"
- "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n"
- "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n"
- "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n"
- "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n"
- "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n"
- "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n"
- "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n"
- "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n"
- "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n"
- "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n"
- "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==\n"
+ "MIIFtDCCBJygAwIBAgIQCIjNUl8ZJERNFKWCkd65UjANBgkqhkiG9w0BAQsFADBa\n"
+ "MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl\n"
+ "clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2\n"
+ "MDUyMDEyNTMwM1oXDTI0MDUyMDEyNTMwM1owgYsxCzAJBgNVBAYTAlVTMRMwEQYD\n"
+ "VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy\n"
+ "b3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UE\n"
+ "AxMVTWljcm9zb2Z0IElUIFRMUyBDQSA1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n"
+ "MIICCgKCAgEAmt+BXDuPrul5lrmaeaeB8jnaVShGIwLFgmYHthXe/Zw6GpuRCdJm\n"
+ "jwuJF/hxhyF/ONM/miUAtzXQq/gIejbzUFvfKykn3qTdJJL69MZwjTYqmvCA3jX6\n"
+ "HkKdCYGq1QcKFqXFWkJtQr4eQoK0VzCZW0Ur1I/TCgbGc5Ok4YPvxb8FJ6d4zbML\n"
+ "4J4iFvOY3KYU6MyU1yP50FCZu7ULEJXx3wLpj46dVpk82I/TWPtckn49e/hQSVr3\n"
+ "EHt3+OZKkEpVUt6UrXQJoGRXLM0HkJ8WrZXD0Qa68e9sBbUErKncGzGbDi0ZlQRP\n"
+ "3mbLrTVyrxmCCLIUOhZfsDyb240MsALWJh/oFXHE7/ljOUOM6cKSLqHCoDAlDpYn\n"
+ "X56jK4LWEL08GR6mh/5VITpcQfwBmMwvkv9mOLS4ZpwPEmhLSqyGu16Y/56mnFNs\n"
+ "MxGk0K5SR9eLj/GWrLkpmo8s8a1kGMMmuwBk3lBwwLvsxmuu06DvwPFcDfLMelna\n"
+ "GDMvWRCtZxQsXyJDSkTh6N3g51UWTgnvA0wMSFBa8APfju9jyltnh0NALAa2Hw8+\n"
+ "U8BmP9cUFeYIYphIfoPlp7VdUS1ULWH9NF3Ut4DN0n3OsSQ785dsbBPeihfJivVI\n"
+ "lUL3EpDjEBf2oQDFNiplkZ4F7EIuWriZG//UTrX6ZlXZg46/CCmN+gsCAwEAAaOC\n"
+ "AUIwggE+MB0GA1UdDgQWBBQI/iWfdOqHBMK8u46oOF8zxtFsZTAfBgNVHSMEGDAW\n"
+ "gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud\n"
+ "DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUF\n"
+ "BwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln\n"
+ "aWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0\n"
+ "LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsG\n"
+ "AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEB\n"
+ "CwUAA4IBAQA+8s8wpXq/HmrfOVgYKDzDne7ngcVL/Gf2vx9ON9re8K/uivkDe2Bn\n"
+ "dMc72v8rSuv9VHUTi+XCgRK6UhIguimKOs1DJMzVFwX+nBY/c+BtQcB2PfKrSMVZ\n"
+ "YmS6RE8KGII/Qeo/GDpY56AwV3X10WoxFLaUmWXatugB3uSr+7Xz5RkKGF+kAlfe\n"
+ "tlwmb3P+Lgn1CEPED8ckf50oZ2Wh3FvwOv34cIXnpU8k3kI/HUQ7XYUGhR0eHNTZ\n"
+ "TlHk/R4RFsyeANmXGpfjZceGNRtTdr4y0SxBSUujPpMMW3dXBzA8NYuM0WmiJ/pV\n"
+ "6KudEB7RF9+6bInTyVvXC5SIqdi0ldeO\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::SYMANTEC] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::MICROSOFT_IM_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::MICROSOFT_IM_CA].certPtr = createCert(raw_base64);
+
}
- // GEOTRUST, signed by EQUIFAX, expires 21 Aug 2018
+ // DIGICERT_ROOT_CA, (root CA), expires 10 Nov 2031
{
std::string raw_base64 = std::string(
"-----BEGIN CERTIFICATE-----\n"
- "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"
- "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"
- "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"
- "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"
- "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"
- "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"
- "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"
- "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"
- "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"
- "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"
- "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"
- "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"
- "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"
- "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"
- "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"
- "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"
- "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"
- "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"
+ "MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\n"
+ "RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n"
+ "+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\n"
+ "PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\n"
+ "xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\n"
+ "Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\n"
+ "hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\n"
+ "EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\n"
+ "MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\n"
+ "FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\n"
+ "nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\n"
+ "eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\n"
+ "hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\n"
+ "Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\n"
+ "vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n"
+ "+OkuE6N36B9K\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::GEOTRUST] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::DIGICERT_ROOT_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::DIGICERT_ROOT_CA].certPtr = createCert(raw_base64);
}
- // EQUIFAX, (root CA), expires 22 Aug 2018
+ // DIGICERT_IM_CA, signed by DIGICERT_ROOT_CA, expires 22 Oct 2028
{
std::string raw_base64 = std::string(
"-----BEGIN CERTIFICATE-----\n"
- "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n"
- "UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n"
- "dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n"
- "MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n"
- "dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n"
- "AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n"
- "BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n"
- "cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n"
- "AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n"
- "MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n"
- "aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n"
- "ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n"
- "IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n"
- "MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n"
- "A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n"
- "7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n"
- "1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n"
+ "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n"
+ "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n"
+ "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n"
+ "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n"
+ "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n"
+ "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n"
+ "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n"
+ "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n"
+ "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
+ "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
+ "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n"
+ "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n"
+ "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n"
+ "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n"
+ "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n"
+ "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n"
+ "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n"
+ "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n"
+ "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n"
+ "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n"
+ "cPUeybQ=\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::DIGICERT_IM_CA].raw_base64 = raw_base64;
+ cm[RawCertificateID::DIGICERT_IM_CA].certPtr = createCert(raw_base64);
}
- // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016
+ // FACEBOOK_COM, *.facebook.com - signed by DIGICERT_IM_CA, expires 22 Mar 2019
{
std::string raw_base64 = std::string(
"-----BEGIN CERTIFICATE-----\n"
- "MIIGzzCCBbegAwIBAgIIG6xwxBtjtJEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMDE1MTY0MjQzWhcNMTYwMTEzMDAwMDAw\n"
- "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n"
- "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjZonqWEMpOM+v3cr\n"
- "rD/xj0L1lxUK2EaCmk3xckbEMFEMW992hnCa1CRjcOC3jb2bkmjHfVzfgt/mbCcX\n"
- "H2YYi6OCBGcwggRjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
- "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n"
- "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n"
- "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n"
- "ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds\n"
- "ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv\n"
- "b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q\n"
- "Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n\n"
- "bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou\n"
- "Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv\n"
- "b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv\n"
- "LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq\n"
- "Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq\n"
- "LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1\n"
- "YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5k\n"
- "cm9pZC5jb22CBGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv\n"
- "b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUu\n"
- "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n"
- "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n"
- "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n"
- "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTkzYJaSmLNPMENVN00b75rL11D/zAMBgNV\n"
- "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1Ud\n"
- "IAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYf\n"
- "aHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOC\n"
- "AQEAHj3svrvviu8X79HzVy6hPIoPUtjkYbgheBSZeWTAC0GgxdZ3cQTrZShZNXmL\n"
- "A9Pwfvs2Kv+iAWfDFuyG6WGD4YN2m2MItQRlBdGGib5aMl8N4vq/KQ1HU2Sw2KQA\n"
- "gBfgt3THooNzXdJ363K7NShV1SMbZYpYMJ3p+hgZe1ezymIM/yny/j/nhoHMqFUG\n"
- "KRNjp7n74bmj0HG9Upci8QL8oxCynKwCPs72Dw8WIFv+WjXoTkEgnfHfUklWBZ8n\n"
- "SpLyfbO8eRQkgXPZxau0BMof5tyetyzBe2QQ/OcvAkDUVhwZi2wIBf9rbhWnl2LE\n"
- "urbTa3K72M5I58jgb740XezcOQ==\n"
+ "MIIGsjCCBZqgAwIBAgIQCzw7YBoY9Z7itrsFYF7ywDANBgkqhkiG9w0BAQsFADBw\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n"
+ "dXJhbmNlIFNlcnZlciBDQTAeFw0xNzEyMTUwMDAwMDBaFw0xOTAzMjIxMjAwMDBa\n"
+ "MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpN\n"
+ "ZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5m\n"
+ "YWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIA87IjqqM6JBX\n"
+ "puN20BXCVsDjoP9wnF2rSV60qC130oLTrgfOQ3Uk1dv1R6LFCx4gs2pJUu6iDKBS\n"
+ "/b+BXOUbo4IEGDCCBBQwHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjsw\n"
+ "HQYDVR0OBBYEFMD9dPV9y8Yn8QPTYqJF14QcFSEIMIHHBgNVHREEgb8wgbyCDiou\n"
+ "ZmFjZWJvb2suY29tgg4qLnh4LmZiY2RuLm5ldIILKi5mYnNieC5jb22CDioueHou\n"
+ "ZmJjZG4ubmV0gg4qLmZhY2Vib29rLm5ldIIOKi54eS5mYmNkbi5uZXSCDyoubWVz\n"
+ "c2VuZ2VyLmNvbYIGZmIuY29tggsqLmZiY2RuLm5ldIIIKi5mYi5jb22CECoubS5m\n"
+ "YWNlYm9vay5jb22CDW1lc3Nlbmdlci5jb22CDGZhY2Vib29rLmNvbTAOBgNVHQ8B\n"
+ "Af8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRu\n"
+ "MGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZl\n"
+ "ci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhh\n"
+ "LXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEF\n"
+ "BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMG\n"
+ "CCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\n"
+ "Y29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln\n"
+ "aUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAA\n"
+ "MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWY\n"
+ "BPkb37jjd80OyA3cEAAAAWBXnEHoAAAEAwBHMEUCIBC3Rn4i2bhLyR344u3vl7be\n"
+ "vxoi+WPJBhGT+j1gJmg5AiEAwQ3rzH1mmMSYNYKtVNDZMo+l6e8Z35t+X9NDR7Du\n"
+ "gWAAdwCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWBXnEL7AAAE\n"
+ "AwBIMEYCIQCRjvvPARW3J1ENmo2Nz1cxisa1BcbDuqvSrfuXkz8btAIhAPmllqgF\n"
+ "8JjlVHUChiFzghsKVBeTxRagi55tgsAciaoZAHUAu9nfvB+KcbWTlCOXqpJ7RzhX\n"
+ "lQqrUugakJZkNo4e0YUAAAFgV5xCUgAABAMARjBEAiBY6qdNgMoQAqVTl3zRrTmy\n"
+ "+X/1f/esBUczsb3MWdZ1ZgIgXdxZNTrDBgyTzxgbVRObkqU3tZZdaiwsw4WI0xI0\n"
+ "BtQwDQYJKoZIhvcNAQELBQADggEBAGu0uxZD+IRXXlFWLPvknRkXA7J08NyVKG70\n"
+ "M2vDi2xF2YB8qlZgoxW8YiiV86IpwtOhYLZinSO0iCBDQmTf627LTPfuDcF6qOuO\n"
+ "WFTvj1IbplPvGWIu5tNBiFWNQxFAIL2Rf+5vmIe+YezUHTLGGqwRtFa2ImS17IMk\n"
+ "YjZ90LYXXO5qb1RKkFJtAvEBTbJsv8kr+J6Rx+YNJy17LnBX+MbWiyBbvUQoM3sY\n"
+ "MmcWmcaQmECz9ZHWYjZeufSHbHKG6KDYLU8x6DyhgtxK2rsoIMlNnJkNHaLjw+b8\n"
+ "7VCYa+EMWppvVuNyXOk9Jkbx7Q3SEoodT77kkHUX0bF2OkZy6cc=\n"
"-----END CERTIFICATE-----\n");
- cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64));
+ cm[RawCertificateID::FACEBOOK_COM].raw_base64 = raw_base64;
+ cm[RawCertificateID::FACEBOOK_COM].certPtr = createCert(raw_base64);
}
return cm;
}
CertMap TEST_CERTS = initializeTestCerts();
-}
+} // namespace TestData::anonymous
+
+void checkCertificateValidity(std::map<RawCertificateID, TestCert>::iterator& it)
+{
+ if (it->second.valid == TestCert::UNKNOWN)
+ {
+ auto buff = BIO_new(BIO_s_mem());
+ BIO_write(buff, it->second.raw_base64.c_str(), it->second.raw_base64.size());
+
+ X509* x509 = PEM_read_bio_X509(buff, nullptr, nullptr, nullptr);
+ BIO_free_all(buff);
+
+ RUNNER_ASSERT_MSG(x509 != NULL, "Test certificate " << it->first << " can't be parsed");
+
+ if (X509_cmp_current_time(X509_get_notBefore(x509)) > 0)
+ it->second.valid = TestCert::NOT_YET_VALID;
+ else if (X509_cmp_current_time(X509_get_notAfter(x509)) < 0)
+ it->second.valid = TestCert::EXPIRED;
+ else
+ it->second.valid = TestCert::VALID;
+
+ X509_free(x509);
+ }
+
+ switch (it->second.valid)
+ {
+ case TestCert::NOT_YET_VALID:
+ RUNNER_FAIL_MSG(
+ "Test certificate " << it->first <<
+ " is not yet valid. Check the certificate and the system date.");
+ break;
+ case TestCert::EXPIRED:
+ RUNNER_FAIL_MSG(
+ "Test certificate " << it->first <<
+ " has expired. Check the certificate and the system date.");
+ break;
+ default:
+ break;
+ }
+}
-std::string TestData::getTestCertificateBase64(TestData::certificateID id)
+std::string getTestCertificateBase64(certificateID id)
{
- RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
- RUNNER_ASSERT_MSG(TEST_CERTS[id].first.size()>0, "Certificate is empty (should never ever happen)!");
+ auto cert = TEST_CERTS.find(toRawCertificateID(id));
+
+ RUNNER_ASSERT_MSG(cert != TEST_CERTS.end(), "Unknown certificate index!");
+
+ auto &certStruct = cert->second;
+ RUNNER_ASSERT_MSG(certStruct.raw_base64.size() > 0, "Certificate is empty!");
- return TEST_CERTS[id].first;
+ checkCertificateValidity(cert);
+
+ return certStruct.raw_base64;
}
-CKM::CertificateShPtr TestData::getTestCertificate(certificateID id)
+CKM::CertificateShPtr getTestCertificate(certificateID id)
{
- RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
- RUNNER_ASSERT_MSG(TEST_CERTS[id].second, "Certificate is empty (should never ever happen)!");
+ auto cert = TEST_CERTS.find(toRawCertificateID(id));
+
+ RUNNER_ASSERT_MSG(cert != TEST_CERTS.end(), "Unknown certificate index!");
+
+ auto &certStruct = cert->second;
+ RUNNER_ASSERT_MSG(certStruct.certPtr != nullptr, "Certificate is empty!");
- return TEST_CERTS[id].second;
+ checkCertificateValidity(cert);
+
+ return certStruct.certPtr;
}
+
+} // namespace TestData
{
enum certificateID {
- // test certificates
- TEST_ROOT_CA = 0, // TEST_ROOT_CA, expires 2035
- TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
- TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
+ // test certificates which made by us
+ TEST_ROOT_CA = 0,
+ TEST_IM_CA,
+ TEST_LEAF,
// third party
- GIAG2, // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
- MBANK, // MBANK, signed by SYMANTEC, expires 04 Feb 2016
- SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
- GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018
- EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018
- GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016
-
- // footer - last element in the set
+ THIRD_PARTY_ROOT_CA,
+ THIRD_PARTY_IM_CA,
+ THIRD_PARTY_LEAF,
+
+ // ocsp available certificate chain, thirt party
+ OCSP_AVAILABLE_IM,
+ OCSP_AVAILABLE_LEAF,
+
+ // footer
NO_CERT
};
--- /dev/null
+# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+SET(CKM_SOURCES
+ algo-params.cpp
+ async-api.cpp
+ capi-certificate-chains.cpp
+ capi-testcases.cpp
+ encryption-decryption-env.cpp
+ encryption-decryption.cpp
+ main.cpp
+)
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common
+ ..
+ .
+)
+
+ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS}
+ ${TARGET_CKM_TEST_COMMON}
+ ${COMMON_TARGET_TEST}
+)
+
+INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
#include <fstream>
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
#include <ckm-common.h>
-#include <access_provider2.h>
#include <random>
using namespace CKM;
namespace {
-const char* TEST_LABEL = "test_label";
-const char* TEST_LABEL_2 = "test_label-2";
-
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
const char* TEST_PASS = "test-pass";
void init(const std::string & str) {
RemoveDataEnv<APP_UID>::init(str);
unlock_user_data(APP_UID, TEST_PASS);
- m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID));
}
void finish() {
- m_ap.reset();
// lock is performed by remove_user_data() in RemoveDataEnv
RemoveDataEnv<APP_UID>::finish();
}
- std::unique_ptr<ScopedAccessProvider> m_ap;
};
CKM::PKCS12ShPtr loadPkcs()
RUNNER_TEST(TA0120_save_cert_already_exists, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
test_negative(&ManagerAsync::saveCertificate,
CKM_API_ERROR_DB_ALIAS_EXISTS,
"alias",
- getTestCertificate(MBANK),
+ getTestCertificate(OCSP_AVAILABLE_LEAF),
Policy());
}
RUNNER_TEST(TA0150_save_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
}
RUNNER_TEST(TA0450_remove_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
test_positive(&ManagerAsync::removeAlias, "alias");
}
{
test_positive(&ManagerAsync::saveCertificate,
"alias",
- getTestCertificate(MBANK),
+ getTestCertificate(OCSP_AVAILABLE_LEAF),
Policy("password"));
test_negative(&ManagerAsync::getCertificate,
CKM_API_ERROR_AUTHENTICATION_FAILED,
RUNNER_TEST(TA0750_get_cert_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy("password"));
+ test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy("password"));
test_positive(&ManagerAsync::getCertificate, "alias", "password");
}
RUNNER_TEST(TA0950_get_key_alias_vector_positive, UserEnv)
{
test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA") });
test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA"),
+ aliasWithLabelFromSelf("alias_DSA") });
test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA"),
+ aliasWithLabelFromSelf("alias_DSA"),
+ aliasWithLabelFromSelf("alias_AES") });
// remove DSA key
test_positive(&ManagerAsync::removeAlias, "alias_DSA");
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES")});
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA"),
+ aliasWithLabelFromSelf("alias_AES")});
}
RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(MBANK), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
+ test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1") });
- test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(SYMANTEC), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
+ test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(OCSP_AVAILABLE_IM), Policy());
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1"),
+ aliasWithLabelFromSelf("alias2") });
test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias2") });
}
RUNNER_TEST(TA1150_get_data_alias_vector_positive, UserEnv)
{
test_positive(&ManagerAsync::saveData, "alias1", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabelFromSelf("alias1") });
test_positive(&ManagerAsync::saveData, "alias2", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabelFromSelf("alias1"),
+ aliasWithLabelFromSelf("alias2") });
test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabelFromSelf("alias2") });
}
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_prv"),
+ aliasWithLabelFromSelf("alias_pub") });
}
// createKeyPairDSA
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_prv"),
+ aliasWithLabelFromSelf("alias_pub") });
}
// createKeyPairECDSA
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_prv"),
+ aliasWithLabelFromSelf("alias_pub") });
}
// createKeyAES
"alias_AES",
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_AES")});
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_AES")});
}
// getCertificateChain
RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
+ CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
cert,
certv,
RUNNER_TEST(TA1420_get_certificate_chain_negative, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(MBANK) };
+ CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_LEAF) };
test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
EMPTY_CERT_VECTOR,
true);
AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(OCSP_AVAILABLE_LEAF), Policy());
test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
CKM_API_ERROR_VERIFICATION_FAILED,
cert,
RUNNER_TEST(TA1450_get_certificate_chain_positive, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
+ CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
3,
cert,
true);
AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
+ test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(OCSP_AVAILABLE_IM), Policy());
test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
3,
cert,
RUNNER_TEST(TA1720_ocsp_check_negative, UserEnv)
{
- CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_LEAF), getTestCertificate(OCSP_AVAILABLE_LEAF) };
auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
RUNNER_TEST(TA1750_ocsp_check_positive, UserEnv)
{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
+ CertificateShPtr cert = getTestCertificate(OCSP_AVAILABLE_LEAF);
+ CertificateShPtrVector certv = { getTestCertificate(OCSP_AVAILABLE_IM) };
auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
cert,
certv,
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
}
-RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
+RUNNER_TEST(TA1820_allow_access, UserEnv)
{
ScopedDBUnlock dbu(APP_UID, TEST_PASS);
// prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
- std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
- save_data(alias2.c_str(), TEST_DATA);
- save_data(alias3.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias2,
- TEST_LABEL_2,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- alias3,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- }
-
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
-
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
+ const char *alias1 = "alias-1";
+ const char *alias2 = "alias-2";
+ const char *alias3 = "alias-3";
- // test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
+ save_data(alias1, TEST_DATA);
+ save_data(alias2, TEST_DATA);
+ save_data(alias3, TEST_DATA);
- // now test with appropriate addressing
- test_positive(&ManagerAsync::getData, alias2, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
-
- test_positive(&ManagerAsync::getData, alias3, "");
- test_positive(&ManagerAsync::removeAlias, alias3);
- }
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
}
// denyAccess
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
}
-RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
+RUNNER_TEST(TA1920_deny_access, UserEnv)
{
ScopedDBUnlock dbu(APP_UID, TEST_PASS);
// prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::NONE);
- }
+ const char *alias1 = "alias-1";
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
+ save_data(alias1, TEST_DATA);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
- }
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL,
+ CKM::Permission::NONE);
}
-RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, RemoveDataEnv<0>)
+RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, UserEnv)
{
auto pkcs = loadPkcs();
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
pkcs,
exportable,
exportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
pkcs,
notExportable,
notExportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
pkcs,
notExportable,
notExportable);
}
-RUNNER_TEST(TA2010_PKCS_get, RemoveDataEnv<0>)
+RUNNER_TEST(TA2010_PKCS_get, UserEnv)
{
auto pkcs = loadPkcs();
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
pkcs,
notExportable,
notExportable);
// fail - no entry
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- sharedDatabase("i-do-not-exist").c_str(),
+ "i-do-not-exist",
CKM::Password(),
CKM::Password());
// fail - not exportable
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_NOT_EXPORTABLE,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
CKM::Password(),
CKM::Password());
// success - exportable
auto obs = test_positive(&ManagerAsync::getPKCS12,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
CKM::Password(),
CKM::Password());
addCert(m_trustedCerts, cert);
std::stringstream ss;
- ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
+ ss << "TRUSTED_CERT_ALIAS_" << size;
save_cert(cert, ss.str().c_str());
addAlias(m_trustedAliases, ss.str().c_str());
}
addCert(m_untrustedCerts, cert);
std::stringstream ss;
- ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
+ ss << "UNTRUSTED_CERT_ALIAS_" << size;
save_cert(cert, ss.str().c_str());
addAlias(m_untrustedAliases, ss.str().c_str());
}
RUNNER_TEST(TCCH_0000_init)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
}
// old API
RUNNER_TEST(TCCH_0010_get_chain_old_api)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifierOld cv;
- cv.verifyNegative(TestData::GOOGLE_COM);
+ cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyPositive(TestData::GOOGLE_COM, 3); // including system cert
+ cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
+ cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3); // including system cert
cv.verifyNegative(TestData::TEST_LEAF);
}
// old API
RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifierOld cv;
- cv.verifyPositive(TestData::GIAG2, 2); // including system cert
+ cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // including system cert
}
// check invalid arguments
RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
- ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
- ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
+ ckmc_cert_s* ca2 = create_cert(TestData::THIRD_PARTY_LEAF);
+ ckmc_cert_s* ca1 = create_cert(TestData::THIRD_PARTY_IM_CA);
ckmc_cert_list_s* chain = NULL;
// cert
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
- cv.verifyNegative(TestData::EQUIFAX);
+ cv.verifyNegative(TestData::THIRD_PARTY_ROOT_CA);
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyNegative(TestData::GOOGLE_COM);
+ cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
+ cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
}
/*
*/
RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
- cv.verifyPositive(TestData::GIAG2, 2); // including system cert
- cv.verifyNegative(TestData::GOOGLE_COM);
+ cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // including system cert
+ cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
}
/*
*/
RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.verifyPositive(TestData::TEST_IM_CA, 2);// signed by trusted cert (TEST_ROOT_CA)
- cv.verifyPositive(TestData::GIAG2, 2); // signed by system cert (GEOTRUST)
- cv.verifyNegative(TestData::GOOGLE_COM);
+ cv.verifyPositive(TestData::TEST_IM_CA, 2); // signed by trusted cert (TEST_ROOT_CA)
+ cv.verifyPositive(TestData::THIRD_PARTY_IM_CA, 2); // signed by system cert (THIRD_PARTY_ROOT_CA)
+ cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
}
RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyPositive(TestData::GOOGLE_COM,3); // including system cert
+ cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
+ cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3); // including system cert
cv.verifyNegative(TestData::TEST_LEAF);
}
*/
RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addUntrusted(TestData::TEST_IM_CA);
cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::GOOGLE_COM);
+ cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
}
/*
*/
RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addTrusted(TestData::TEST_IM_CA);
cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::GOOGLE_COM);
+ cv.verifyNegative(TestData::THIRD_PARTY_LEAF);
}
RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(true);
cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::GEOTRUST);
- cv.addUntrusted(TestData::GIAG2);
- /*
- * In combat conditions this may as well be 3. Because of 2 existing GeoTrust certificates with
- * same Subject and Public key one being root ca and the other not there are 2 possible chains
- * of trust for this certificate.
- */
- cv.verifyPositive(TestData::GOOGLE_COM,4);
+ cv.addUntrusted(TestData::THIRD_PARTY_IM_CA);
+
+ cv.verifyPositive(TestData::THIRD_PARTY_LEAF, 3);
cv.verifyNegative(TestData::TEST_LEAF);
}
RUNNER_TEST(TCCH_9999_deinit)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
}
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
#include <ckm-common.h>
-#include <access_provider2.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <stdlib.h>
namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
+const int USER_APP = 5001;
const char* USER_PASS = "user-pass";
-const char* TEST_LABEL = "test_label";
const char *const TEST_OBJECT1 = "OBJECT1";
-const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
-const char* TEST_SYSTEM_ALIAS = "system-alias-1";
-const char* TEST_DATA = "ABCD";
} // namespace anonymous
CKMCReadableError(temp));
}
-RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
-{
- save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
-
- // [test] - expect success
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA);
-
- // remove user data - expect to map to the system DB
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
- CKMCReadableError(temp));
-
- // [test] - expect fail
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-}
RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
{
int temp;
- remove_user_data(0);
+ remove_user_data(USER_APP);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
ckmc_policy_s test_policy;
char* password = NULL;
- CKM::Alias alias = sharedDatabase("mykey");
+ CKM::Alias alias = "mykey";
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T30203_AES_key_C_API)
{
int temp;
- CKM::Alias alias = sharedDatabase("my_AES_key");
+ CKM::Alias alias = "my_AES_key";
size_t key_length = 192;
ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
char* password = NULL;
ckmc_cert_s *cert2;
ckmc_cert_s cert;
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
+ CKM::Alias alias = "test-cert-1-RSA";
ckmc_policy_s test_policy;
test_policy.password = password;
char* password = NULL;
ckmc_cert_s *cert2;
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
+ CKM::Alias alias = "test-cert-1-RSA";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
char* password = NULL;
ckmc_cert_s cert;
size_t current_aliases_num = count_aliases(ALIAS_CERT);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_CERT);
"Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
-
-RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
+RUNNER_TEST(T30207_save_AES_key_passwd_C_API)
{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- const char *passwordPolicy = "x";
- const char *alias = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = const_cast<char *>(passwordPolicy);
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
- CKMCReadableError(temp));
-
- // RUNNER_ASSERT_MSG(
- // key.getDER() == key2.getDER(), "Key value has been changed by service");
-
- delete [] char_keypem;
-}
-
-RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = NULL;
- size_t key_length = 192;
- CKM::Alias alias = "my_AES_key";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-
- compare_AES_keys(test_key, test_key2);
- ckmc_key_free(test_key);
- ckmc_key_free(test_key2);
-}
-
-RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
const char* password = "x";
size_t key_length = 192;
ckmc_key_free(test_key);
}
-RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
+RUNNER_TEST(T30208_save_RSA_keys_exportable_flag)
{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
+RUNNER_TEST(T30209_save_AES_keys_exportable_flag)
{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
const char* password = NULL;
size_t key_length = 256;
CKMCReadableError(temp));
}
-RUNNER_TEST(T30212_certificate_with_DSA_key_C_API)
+RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
char* password = NULL;
ckmc_cert_s *cert2 = NULL;
cert.cert_size = certPem.length();
cert.data_format = CKMC_FORM_PEM;
- CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
+ CKM::Alias alias = "test-cert-1-DSA";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
}
-RUNNER_TEST(T30213_deinit_C_API)
+RUNNER_TEST(T30211_deinit_C_API)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
{
int temp;
- remove_user_data(0);
+ remove_user_data(USER_APP);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_KEY);
ckmc_key_s *test_key2;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
+ CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
CKMCReadableError(temp));
}
int current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key1", *test_key, test_policy1)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key2", *test_key, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key3", *test_key, test_policy3)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
ckmc_key_s *test_key2;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("AES_key1", NULL, &test_key2)),
CKMCReadableError(temp));
validate_AES_key(test_key2);
ckmc_key_free(test_key2);
// actual test - remove middle item
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key("AES_key2")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key("AES_key2", NULL, &test_key2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("AES_key3", NULL, &test_key2)),
CKMCReadableError(temp));
validate_AES_key(test_key2);
ckmc_key_free(test_key2);
}
-RUNNER_TEST(T3036_deinit_C_API)
+RUNNER_TEST(T3036_alias_new_C_API)
+{
+ char *full_alias = NULL;
+ std::string owner_id = "iocma412ovyc";
+ std::string alias = "fvyuweq27c";
+
+ std::string full_alias_str = owner_id + ckmc_owner_id_separator + alias;
+
+ int temp = ckmc_alias_new(owner_id.c_str(), alias.c_str(), &full_alias);
+ std::unique_ptr<char, void(*)(void *)> p(full_alias, ::free);
+ RUNNER_ASSERT_MSG(temp == CKMC_ERROR_NONE, CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(full_alias_str == full_alias,
+ "Invalid full alias. expected(" << full_alias_str <<
+ ") actual(" << full_alias << ")");
+}
+
+RUNNER_TEST(T3037_deinit_C_API)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_TEST(T3041_init_C_API)
{
- remove_user_data(0);
reset_user_data(USER_APP, "simple-password");
}
size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_DATA);
ckmc_raw_buffer_s *testData4;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
CKMCReadableError(temp));
int compareResult;
"Data corrupted");
}
-RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
+RUNNER_TEST(T3043_app_user_save_bin_data_C_API)
{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
ckmc_raw_buffer_s testData1;
char* password = NULL;
size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_DATA);
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
CKMCReadableError(temp));
int compareResult;
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
{
const size_t BIG_SIZE = 5000000;
- ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
std::vector<char> big_data(BIG_SIZE);
std::ifstream is("/dev/urandom", std::ifstream::binary);
RUNNER_ASSERT_MSG(is,
"Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
- save_data(TEST_ALIAS1.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
- check_read(TEST_OBJECT1, TEST_LABEL, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ save_data(TEST_OBJECT1, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ auto self_label = getOwnerIdFromSelf();
+ check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+}
+
+RUNNER_TEST(T3046_save_get_password_protected_data)
+{
+ const char *alias = "T3046_data_alias";
+ const char *password = "test-password";
+ std::vector<unsigned char> data = { 0x28, 0x34, 0x5a, 0xf3 };
+
+ ckmc_raw_buffer_s raw_buffer;
+ raw_buffer.data = data.data();
+ raw_buffer.size = data.size();
+
+ ckmc_policy_s policy;
+ policy.password = const_cast<char *>(password);
+ policy.extractable = 1;
+
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(alias, raw_buffer, policy)),
+ CKMCReadableError(temp));
+
+ ckmc_raw_buffer_s *raw_buffer_stored = nullptr;
+
+ // test negative case first
+ temp = ckmc_get_data(alias, "invalid_password", &raw_buffer_stored);
+
+ // make scoped buffer for in case of success
+ std::unique_ptr<ckmc_raw_buffer_s, void(*)(ckmc_raw_buffer_s *)> scoped_buffer(
+ raw_buffer_stored, ckmc_buffer_free);
+
+ RUNNER_ASSERT_MSG(temp == CKMC_ERROR_AUTHENTICATION_FAILED,
+ "expected(" << CKMCErrorToString(CKMC_ERROR_AUTHENTICATION_FAILED)
+ << ") but ret(" << CKMCErrorToString(temp) << ")");
+
+ temp = ckmc_get_data(alias, password, &raw_buffer_stored);
+ // reset buffer with raw buffer of positive case
+ scoped_buffer.reset(raw_buffer_stored);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ raw_buffer_stored->size == raw_buffer.size,
+ "stored raw buffer size(" << raw_buffer_stored->size
+ << ") is differ to original raw buffer size(" << raw_buffer.size << ")");
+ for (size_t i = 0; i < raw_buffer_stored->size; ++i)
+ RUNNER_ASSERT_MSG(
+ raw_buffer_stored->data[i] == raw_buffer.data[i],
+ "stored raw buffer data[" << i << "](" << raw_buffer_stored->data[i]
+ << ") is differ to original raw buffer data["
+ << i << "](" << raw_buffer.data[i] << ")");
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_alias(alias)),
+ CKMCReadableError(temp));
}
RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key)
+RUNNER_TEST(T3052_CAPI_create_RSA_key)
{
int temp;
-
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t size = 1024;
const char *private_key_alias = "RSA-test-1-priv";
const char *public_key_alias = "RSA-test-1-pub";
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key)
+RUNNER_TEST(T3053_CAPI_create_DSA_key)
{
int temp;
-
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t size = 1024;
const char *private_key_alias = "DSA-test-2-priv";
const char *public_key_alias = "DSA-test-2-pub";
}
-RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key)
+RUNNER_TEST(T3054_CAPI_create_AES_key)
{
int temp;
size_t size = 128;
- CKM::Alias key_alias = sharedDatabase("AES-gen-test-1");
+ CKM::Alias key_alias = "AES-gen-test-1";
ckmc_policy_s policy_key;
policy_key.password = NULL;
RUNNER_TEST(T3061_CAPI_init)
{
- remove_user_data(0);
reset_user_data(USER_APP, USER_PASS);
}
int temp;
size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
+ CKM::Alias private_key_alias = "rsa-test-1";
+ CKM::Alias public_key_alias = "rsa-test-2";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
int temp;
size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
+ CKM::Alias private_key_alias = "dsa-test-1";
+ CKM::Alias public_key_alias = "dsa-test-2";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
int temp;
ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
+ CKM::Alias private_key_alias = "ecdsa-test-1";
+ CKM::Alias public_key_alias = "ecdsa-test-2";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
RUNNER_TEST(T3065_CAPI_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
// TODO
//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
RUNNER_TEST(T3071_CAPI_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
+ std::string ee = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_LEAF);
+ std::string im = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_IM);
ckmc_cert_s c_cert;
c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
RUNNER_TEST(T3075_CAPI_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
-
- remove_user_data(0);
}
RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
const char *key_passwd = "1234";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
+RUNNER_TEST(T3083a_CAPI__rsa_key_create_verify_negative)
{
int temp;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
CKMCReadableError(temp));
}
+RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
+{
+ int temp;
+
+ unsigned char hashed_msg[256] = {}; // shouldn't need padding (2048-bit key)
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = hashed_msg;
+ msg_buff.size = sizeof(hashed_msg);
+ ckmc_raw_buffer_s short_data = prepare_message_buffer("length not equal to key size");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_raw_buffer_s *signature;
+
+ // sign: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // sign: no padding + no hash + short data
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ short_data,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // sign: no padding + no hash + correct length
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+
+ // sign: padding + no hash + short data
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ short_data,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // verify: padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
+
+
RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
{
int temp;
"-----END PUBLIC KEY-----\n";
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("ecprv2");
- CKM::Alias pub_alias = sharedDatabase("ecpub2");
+ CKM::Alias pri_alias = "ecprv2";
+ CKM::Alias pub_alias = "ecpub2";
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("prv3");
- CKM::Alias pub_alias = sharedDatabase("pub3");
+ CKM::Alias pri_alias = "prv3";
+ CKM::Alias pub_alias = "pub3";
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
+ CKM::Alias pub_alias = "dsa-pub1";
+ CKM::Alias pri_alias = "dsa-prv1";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
+ CKM::Alias pub_alias = "dsa-pub2";
+ CKM::Alias pri_alias = "dsa-prv2";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("prv4");
- CKM::Alias pub_alias = sharedDatabase("pub4");
+ CKM::Alias pri_alias = "prv4";
+ CKM::Alias pub_alias = "pub4";
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3089_CAPI__deinit)
+RUNNER_TEST(T3089_CAPI_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T3091_CAPI_TYPE_init)
{
- remove_user_data(0);
reset_user_data(USER_APP, USER_PASS);
}
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
unsigned int size = certPem.size();
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::THIRD_PARTY_LEAF);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);
RUNNER_ASSERT_MSG(
pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
- CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
+ CKM::Alias lcert_alias = "lcert_alias";
ckmc_policy_s policy;
policy.password = NULL;
policy.extractable = 1;
policy.extractable = 1;
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
+ CKM::Alias pkey_alias = "pkey_alias";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
CKMCReadableError(temp));
- CKM::Alias cert_alias = sharedDatabase("cert_alias");
+ CKM::Alias cert_alias = "cert_alias";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_");
+ std::string caCertAlias = "ca_cert_alias_";
const char *idx = "0";
int cnt = 0;
ckmc_cert_list_s *tmpList = ca_cert_list;
policy.extractable = 1;
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
+ CKM::Alias pkey_alias = "pkey_alias2";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
CKMCReadableError(temp));
- CKM::Alias cert_alias = sharedDatabase("cert_alias2");
+ CKM::Alias cert_alias = "cert_alias2";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
+ std::string caCertAlias = "ca_cert_alias_2_";
const char *idx = "0";
int cnt = 0;
ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
RUNNER_TEST(T3098_CAPI_TYPE_deinit)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
namespace
{
-CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
+CKM::Alias alias_PKCS_exportable = "CAPI-test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+CKM::Alias alias_PKCS_key_not_exportable = "CAPI-test-PKCS-no-key-export";
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
RUNNER_ASSERT_MSG(
CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
+ CKMCReadableError(temp));
// try to lookup key
ckmc_key_s *key_lookup = NULL;
CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
CKMCReadableError(temp));
ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), "", &key_lookup)),
+ CKMCReadableError(temp));
+ ckmc_key_free(key_lookup);
// try to lookup certificate
ckmc_cert_s *cert_lookup = NULL;
CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
CKMCReadableError(temp));
ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(temp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
// fail - no entry
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
CKMCReadableError(temp));
ckmc_pkcs12_free(pkcs);
pkcs = NULL;
ckmc_pkcs12_free(pkcs);
pkcs = NULL;
+ // success - partially exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_key_not_exportable.c_str(), NULL, NULL, &pkcs)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL == pkcs->priv_key, "there should be no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+ size_t cntr = 0;
+ ckmc_cert_list_s *iter = pkcs->ca_chain;
+ do {
+ cntr++;
+ iter = iter->next;
+ } while (iter);
+ RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+ ckmc_pkcs12_free(pkcs);
+
+
// success - exportable
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
- size_t cntr = 0;
- ckmc_cert_list_s *iter = pkcs->ca_chain;
+ cntr = 0;
+ iter = pkcs->ca_chain;
do {
cntr ++;
iter = iter->next;
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
CKMCReadableError(tmp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_key_not_exportable.c_str())),
+ CKMCReadableError(tmp));
// expect lookup fails due to unknown alias
// try to lookup key
CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
CKMCReadableError(tmp));
ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), NULL, &key_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_key_free(key_lookup);
// try to lookup certificate
ckmc_cert_s *cert_lookup = NULL;
CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
CKMCReadableError(tmp));
ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
+ CKMCReadableError(tmp));
+ ckmc_cert_free(cert_lookup);
}
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
reset_user_data(USER_APP, USER_PASS);
}
-RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
+RUNNER_TEST(T3202_CAPI_get_data_from_empty_database)
{
ScopedDBUnlock unlock(USER_APP, USER_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::Alias alias = "mykey";
RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
}
-RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
+RUNNER_TEST(T3203_CAPI_lock_database)
{
ScopedDBUnlock unlock(USER_APP, USER_PASS);
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
+RUNNER_TEST(T3204_CAPI_get_data_from_locked_database)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
CKM::Alias alias = "mykey";
char *password = NULL;
#include <ckm-common.h>
#include <ckmc/ckmc-manager.h>
#include <ckm/ckm-type.h>
-#include <access_provider2.h>
+#include <ckm/ckm-manager.h>
#include <encryption-decryption-env.h>
using namespace CKM;
namespace {
const char* PASSWORD = "test-password";
-const uid_t UID = 5555;
-const gid_t GID = 5555;
+const uid_t UID = 5001;
const size_t CTR_DEFAULT_LEN = 16*8;
const size_t DEFAULT_IV_LEN = 16;
const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
}
+// Policy backend to use in subsequent operations (global for each test case)
+PolicyBackend g_backend = PolicyBackend::DEFAULT;
+
+class testBackend {
+public:
+ testBackend(PolicyBackend backend){
+ m_backend = g_backend;
+ g_backend = backend;
+ }
+
+ virtual ~testBackend(){
+ //restore in destructor
+ g_backend = m_backend;
+ }
+private:
+ PolicyBackend m_backend;
+};
+
+inline CKM::Password _tostring(const char *str)
+{
+ return (str == nullptr) ? Password() : Password(str);
+}
+
+inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
+{
+ return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
+}
+
EncryptionError apiDecrypt(ckmc_param_list_h params,
const char *key_alias,
const char *password,
return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
}
+
template <typename F, typename... Args>
void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
{
class EncEnv : public RemoveDataEnv<UID> {
public:
- EncEnv() : m_dbu(NULL), m_sap(NULL) {}
- ~EncEnv() { delete m_sap; delete m_dbu; }
+ EncEnv() : m_dbu(NULL) {}
+ ~EncEnv() { delete m_dbu; }
void init(const std::string& str) {
RemoveDataEnv<UID>::init(str);
m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
- m_sap = new ScopedAccessProvider("my-label"); // setup label
-
- // setup smack rules and switch user
- m_sap->allowAPI("key-manager::api-storage", "rw");
- m_sap->allowAPI("key-manager::api-encryption", "rw");
- m_sap->applyAndSwithToUser(UID, GID);
}
void finish() {
- delete m_sap;
- m_sap = NULL;
delete m_dbu;
m_dbu = NULL;
RemoveDataEnv<UID>::finish();
}
ScopedDBUnlock* m_dbu;
- ScopedAccessProvider* m_sap;
};
struct SyncEnv : public EncEnv {
policy.extractable = false;
policy.password = passPtr.get();
- assert_positive(ckmc_create_key_aes, m_keyLen, aliases.prv.c_str(), policy);
+ auto mgr = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyAES(m_keyLen, Alias(aliases.prv.c_str()),
+ _toCkmPolicy(policy, g_backend)),
+ "AES key creation failed");
+
return aliases;
}
policyPub.password = passPtr.get();
policyPub.extractable = 0;
- assert_positive(ckmc_create_key_pair_rsa,
- m_keyLen,
- aliases.prv.c_str(),
- aliases.pub.c_str(),
- policyPrv,
- policyPub);
+ auto mgr = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyPairRSA(static_cast<int>(m_keyLen),
+ CKM::Alias(aliases.prv.c_str()),
+ CKM::Alias(aliases.pub.c_str()),
+ _toCkmPolicy(policyPrv, g_backend),
+ _toCkmPolicy(policyPub, g_backend)), "RSA key pair generation failed" );
return aliases;
}
setParam(params, name, createRandomBufferCAPI(32));
// decrypt
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiDecrypt,
params.get(),
aliases.prv.c_str(),
{ 116, EncryptionError::INVALID_PARAM },
{ 124, EncryptionError::INVALID_PARAM },
{ 256, EncryptionError::INVALID_PARAM },
- // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
- { 32, EncryptionError::SERVER_ERROR },
- { 64, EncryptionError::SERVER_ERROR },
- { 96, EncryptionError::SERVER_ERROR },
- { 104, EncryptionError::SERVER_ERROR },
- { 112, EncryptionError::SERVER_ERROR },
- { 120, EncryptionError::SERVER_ERROR },
+ // legal tag lengths but different than the one used for encryption
+ { 32, EncryptionError::INVALID_PARAM },
+ { 64, EncryptionError::INVALID_PARAM },
+ { 96, EncryptionError::INVALID_PARAM },
+ { 104, EncryptionError::INVALID_PARAM },
+ { 112, EncryptionError::INVALID_PARAM },
+ { 120, EncryptionError::INVALID_PARAM },
// legal tag length that was actually used for encryption (default)
{ 128, EncryptionError::SUCCESS },
};
// modify tag (last 16B of encrypted message)
ret.encrypted->data[ret.encrypted->size-1]++;
- // EVP_CipherFinal fails but we can't get error code
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ // EVP_CipherFinal fails because of an authentication error
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiDecrypt,
ret.params.get(),
ret.prvKey.c_str(),
// add different key
KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
-
if (success) {
// some algorithms don't verify key validity
assert_crypto_positive(apiDecrypt,
assert_buffers_equal(*plain.get(), *decrypted, false);
} else {
- // different key should not be accepted
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiDecrypt,
ret.params.get(),
differentKeys.prv.c_str(),
nullptr,
*ret.encrypted.get(),
&decrypted);
- }
+ }
// Cleanup before testing next algorithm. Ignore results because not all keys are present
ckmc_remove_alias(ret.prvKey.c_str());
ckmc_param_list_h handle = NULL;
assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
ret.params = ParamListPtr(handle, ckmc_param_list_free);
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiEncrypt,
ret.params.get(),
aliases.pub.c_str(),
RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptDifferentKeys(AES_CBC_128, false);
testEncryptDecryptDifferentKeys(AES_CBC_192, false);
testEncryptDecryptDifferentKeys(AES_CBC_256, false);
// long test split into smaller ones
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CBC_128);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CBC_192);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CBC_256);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_GCM_128);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_GCM_192);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_GCM_256);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CTR_128);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CTR_192);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CTR_256);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CFB_128);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CFB_192);
}
RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testEncryptDecryptBigData(AES_CFB_256);
}
RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testGcmEncryptionTagLen(AES_GCM_128);
testGcmEncryptionTagLen(AES_GCM_192);
testGcmEncryptionTagLen(AES_GCM_256);
RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testGcmDecryptionTagLen(AES_GCM_128);
testGcmDecryptionTagLen(AES_GCM_192);
testGcmDecryptionTagLen(AES_GCM_256);
RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
testGcmWrongTag(AES_GCM_128);
testGcmWrongTag(AES_GCM_192);
testGcmWrongTag(AES_GCM_256);
RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
{
+ testBackend b(PolicyBackend::FORCE_SOFTWARE);
encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
+/*
+ * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <fstream>
+#include <iostream>
+#include <string>
+
#include <netdb.h>
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
-#include <access_provider2.h>
#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-type.h>
#include <ckm/ckm-pkcs12.h>
-#include <fstream>
-
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include <tzplatform_config.h>
+
namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
+const int USER_APP = 5001;
const int USER_APP_2 = 5020;
const int USER_APP_3 = 5030;
const char * const APP_PASS = "user-pass";
const int USER_TEST = 5001;
-const char* TEST_LABEL = "test_label";
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
* C - test number in group (all tests with same TABC must be run in the same time).
* D - subtest.
*/
-
-RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
-RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
- stop_service(MANAGER);
- start_service(MANAGER);
-
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- // all further tests will start with newly started service,
- // OpenSSL on the service side will have to be properly initialized too
- stop_service(MANAGER);
- start_service(MANAGER);
-}
-
RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
RUNNER_TEST(T0011_Control)
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::KeyShPtr key2;
- CKM::Alias alias = sharedDatabase("mykey");
+ CKM::Alias alias = "mykey";
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
int temp;
auto manager = CKM::Manager::create();
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
+ auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
CKM::CertificateShPtr cert2;
- CKM::Alias alias = sharedDatabase("myCert");
+ CKM::Alias alias = "myCert";
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
"Data has been modified in key manager");
}
-RUNNER_CHILD_TEST(T1013_user_app_save_key)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(), "Key value has been changed by service");
-}
-
RUNNER_TEST(T1014_save_with_label)
{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1015_deinit)
{
- remove_user_data(0);
remove_user_data(USER_APP);
}
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
-RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
+RUNNER_TEST(T1022_app_user_save_keys_get_alias)
{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
-RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
+RUNNER_TEST(T1023_app_user_save_keys_exportable_flag)
{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1029_deinit)
{
- remove_user_data(0);
remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
RUNNER_TEST(T1030_init)
{
- remove_user_data(0);
reset_user_data(USER_APP, APP_PASS);
}
-RUNNER_TEST(T1031_save_get_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
- "The wrong password should be ignored because non was used in saveData. Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
+RUNNER_TEST(T1032_app_user_save_bin_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
auto manager = CKM::Manager::create();
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
-RUNNER_TEST(T1033_remove_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data2";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- std::string invalid_address = sharedDatabase("i-do-not-exist");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num-2),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
-}
-
RUNNER_TEST(T1034_app_remove_bin_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1035_getData_wrong_password)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int temp;
auto manager = CKM::Manager::create();
CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
"Error=" << CKMErrorToString(temp));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer1,
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
"Error=" << CKMErrorToString(temp));
}
RUNNER_TEST(T1036_deinit)
{
- remove_user_data(0);
remove_user_data(USER_APP);
}
"Error=" << CKMErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1041_create_RSA_key)
+RUNNER_TEST(T1041_create_RSA_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap("mylabel-rsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
-RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
+RUNNER_TEST(T1042_create_RSA_key_foreign_label)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap("mylabel-rsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKMErrorToString(temp));
"Error=" << CKMErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1043_create_DSA_key)
+RUNNER_TEST(T1043_create_DSA_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap("mylabel-dsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
-RUNNER_CHILD_TEST(T1044_create_AES_key)
+RUNNER_TEST(T1044_create_AES_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- AccessProvider ap("mylabel-aes");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("rsa-test-1");
- CKM::Alias a2 = sharedDatabase("rsa-test-2");
+ CKM::Alias a1 = "rsa-test-1";
+ CKM::Alias a2 = "rsa-test-2";
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("dsa-test-1");
- CKM::Alias a2 = sharedDatabase("dsa-test-2");
+ CKM::Alias a1 = "dsa-test-1";
+ CKM::Alias a2 = "dsa-test-2";
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
- CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
+ CKM::Alias a1 = "ecdsa-test-1";
+ CKM::Alias a2 = "ecdsa-test-2";
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1114_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
RUNNER_TEST(T12101_key_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12102_saveKey_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12103_saveKey_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12104_saveKey_empty_key)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
+ auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
CKM::Alias alias; //alias is not initialized
int temp;
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
+ auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
CKM::Alias alias = "iamsomebodyelse alias";
int temp;
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
RUNNER_TEST(T12108_saveData_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12109_saveData_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12110_saveData_empty_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12113_getData_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12114_RSA_key_damaged)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12115_RSA_key_too_short)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12116_DSA_key_too_short)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
RUNNER_TEST(T1311_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
RUNNER_ASSERT_MSG(time(0) > 1405343457,
"Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
- ScopedLabel sl("System");
struct hostent* he = gethostbyname("google.com");
RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
RUNNER_TEST(T13129_get_chain)
{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
+ auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
RUNNER_TEST(T1313_get_chain_with_alias)
{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
+ auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
- CKM::Alias alias = sharedDatabase("imcert");
+ CKM::Alias alias = "imcert";
int tmp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T13141_ocsp_check_valid_chain)
{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
+ auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
RUNNER_TEST(T13144_ocsp_check_root)
{
- auto root = TestData::getTestCertificate(TestData::EQUIFAX);
+ auto root = TestData::getTestCertificate(TestData::THIRD_PARTY_ROOT_CA);
CKM::CertificateShPtrVector certVector = {root};
auto manager = CKM::Manager::create();
RUNNER_TEST(T13145_ocsp_check_no_ocsp)
{
- auto root = TestData::getTestCertificate(TestData::EQUIFAX);
- auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST);
- auto ca1 = TestData::getTestCertificate(TestData::GIAG2);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
+ auto ca = TestData::getTestCertificate(TestData::TEST_IM_CA);
- CKM::CertificateShPtrVector certVector = {ca1, ca2, root};
+ CKM::CertificateShPtrVector certVector = {ca, root};
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(NULL != ca.get(), "Certificate should not be empty");
int tmp;
int status;
RUNNER_TEST(T1315_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
RUNNER_TEST(T1411_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1412_RSA_key_create_verify)
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
CKM::Password password = "1234";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("ecpub2");
- CKM::Alias aliasPrv = sharedDatabase("ecprv2");
+ CKM::Alias aliasPub = "ecpub2";
+ CKM::Alias aliasPrv = "ecprv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub1-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
+ CKM::Alias aliasPub = "pub1-cert";
+ CKM::Alias aliasPrv = "prv1-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub2-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
+ CKM::Alias aliasPub = "pub2-cert";
+ CKM::Alias aliasPrv = "prv2-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub3");
- CKM::Alias aliasPrv = sharedDatabase("prv3");
+ CKM::Alias aliasPub = "pub3";
+ CKM::Alias aliasPrv = "prv3";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
RUNNER_TEST(T1420_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
RUNNER_TEST(T14180_init)
{
int temp;
- remove_user_data(0);
+ remove_user_data(USER_APP);
auto manager = CKM::Manager::create();
"zQIDAQAB\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::Password password = "1234";
auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
"05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
+ CKM::Alias aliasEcPub = "ecpub_nohash1";
+ CKM::Alias aliasEcPrv = "ecprv_nohash1";
auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
big_msg[msgSize-1]=0x00;
std::string message(big_msg);
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
CKM::RawBuffer signature;
RUNNER_TEST(T14189_deinit)
{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1510_init_unlock_key)
-{
- reset_user_data(USER_TEST, APP_PASS);
-}
-
-RUNNER_TEST(T1511_insert_data)
-{
- auto certee = TestData::getTestCertificate(TestData::MBANK);
- auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- CKM::Alias certeeAlias("CertEE");
- CKM::Alias certimAlias("CertIM");
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
- }
-
- // restart CKM
- stop_service(MANAGER);
- start_service(MANAGER);
-
- // actual test
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKMErrorToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKMErrorToString(status2));
- }
-}
-
-RUNNER_TEST(T1519_deinit)
-{
- remove_user_data(USER_TEST);
-}
-
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1701_init_unlock_key)
-{
- unlock_user_data(USER_TEST+1, "t170-special-password");
-
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-}
-
-RUNNER_CHILD_TEST(T1702_insert_data)
-{
- int temp;
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- auto certee = TestData::getTestCertificate(TestData::MBANK);
-
- auto manager = CKM::Manager::create();
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKMErrorToString(status1));
-
- CKM::AliasVector av;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
-}
-
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1704_data_test)
-{
- int temp;
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_TEST(T1705_deinit)
-{
- remove_user_data(USER_TEST+1);
-}
-
-RUNNER_TEST(T17101_init)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17102_prep_data_01)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17103_prep_data_02)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17104_prep_data_03)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17105_prep_data_04)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_TEST(T17106_remove_application)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17107_check_data_01)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17108_check_data_02)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17109_unlock_user2)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17110_check_data_03)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17111_check_data_04)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
+ remove_user_data(USER_APP);
}
-RUNNER_TEST(T17112_deinit)
-{
- remove_user_data(USER_TEST+2);
- remove_user_data(USER_TEST+3);
-}
RUNNER_TEST_GROUP_INIT(T180_PKCS12);
namespace
{
-CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
-CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
-CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
-CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
}
RUNNER_TEST(T1800_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1801_parse_PKCS12) {
// fail - no entry
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
"Error=" << CKMErrorToString(temp));
// fail - not exportable
RUNNER_TEST(T1812_get_pkcs12_password_tests)
{
- CKM::Alias alias = sharedDatabase("t1812alias1");
+ CKM::Alias alias = "t1812alias1";
auto manager = CKM::Manager::create();
std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
RUNNER_TEST(T1902_get_data)
{
ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
RUNNER_TEST(T1904_get_data_from_locked_database)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
int main(int argc, char *argv[])
{
+ uid_t expected_uid = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+ if (expected_uid != geteuid()) {
+ std::string userStr("owner");
+ const char* user = tzplatform_getenv(TZ_SYS_DEFAULT_USER);
+ if (user)
+ userStr = user;
+
+ std::cerr << argv[0] << " should be executed as " << userStr << ". Aborting" << std::endl;
+ return -1;
+ }
+
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
}
#include <errno.h>
#include <string.h>
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
+const uid_t APP_UID = 5001;
+const gid_t APP_GID = 5001;
const uid_t APP_UID_2 = 5200;
const gid_t APP_GID_2 = 5200;
const uid_t DB_ALARM_UID = 6001;
#!/bin/sh
#####################################################################
-# Copyright (c) 2012-2014 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2012-2018 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
;;
"ckm")
echo "========================================================================="
- echo "KEY MANAGER TESTS"
+ echo "KEY MANAGER UNPRIVILEGED TESTS"
echo
- ckm-tests "${@:2}"
+ ARGS="${@:2}"
+ su - owner -c "ckm-tests $ARGS"
+ echo "========================================================================="
+ echo "KEY MANAGER PRIVILEGED TESTS"
+ echo
+ ckm-tests-on-onlycap.sh $ARGS
;;
"yaca")
echo "========================================================================="
projects / platform / core / test / security-tests.git / commitdiff