SET(CMAKE_C_FLAGS "-g")
SET(CMAKE_CXX_FLAGS "-g -std=c++0x")
SET(CMAKE_C_FLAGS_PROFILING "-O0 -pg")
-SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -pg")
+SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -pg -std=c++0x")
SET(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb")
-SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -ggdb")
+SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -ggdb -std=c++0x")
SET(CMAKE_C_FLAGS_RELEASE "-O2")
-SET(CMAKE_CXX_FLAGS_RELEASE "-O2")
+SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x")
-SET(SMACK_ENABLE ON)
-
-OPTION(DPL_LOG "DPL logs status" ON)
-IF(DPL_LOG)
- MESSAGE(STATUS "Logging enabled for DPL")
- ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-ELSE(DPL_LOG)
- MESSAGE(STATUS "Logging disabled for DPL")
-ENDIF(DPL_LOG)
+IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
+ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
+ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
# If supported for the target machine, emit position-independent code,suitable
# for dynamic linking and avoiding any limit on the size of the global offset
ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
ADD_DEFINITIONS("-Wno-deprecated-declarations") # No warnings about deprecated features
-STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
-ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-ADD_DEFINITIONS("-DCYNARA_DB_DIR=\"${CYNARA_DB_DIR}\"")
-ADD_DEFINITIONS("-DAPP_USER=\"${APP_USER}\"")
-
-IF(SMACK_ENABLE)
- ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")
-ENDIF(SMACK_ENABLE)
-
-############################# Targets names ###################################
-
-SET(TARGET_CKM_TESTS "ckm-tests")
-SET(TARGET_CKMI_TESTS "ckm-integration-tests")
-SET(COMMON_TARGET_TEST "tests-common")
-############################# subdirectories ##################################
+SET(TARGET_TPKP_TEST "tpkp-test")
ADD_SUBDIRECTORY(src)
-ADD_SUBDIRECTORY(tests)
+++ /dev/null
-README for security-tests project
-
-==WHAT IS======================================================================
-
-security-tests is repository for testing packages from domain Security.
-
-==WHAT FOR=====================================================================
-
-The security-tests repository is designed for testing packages mentioned below
-with binaries provided for testing them:
-
-libsmack
- libsmack-test
-libprivilege-control
- libprivilege-control-test
-security-server
- security-server-tests-client-smack
- security-server-tests-stress
- security-server-tests-server
- security-server-tests-api-speed
- security-server-tests-password
- security-server-tests-privilege
- security-server-tests-dbus
-security-manager
- security-manager-tests
-cynara
- cynara-test
-
-There are also inner-tests for testing complex security-tests framework
-mechanisms with binary:
- security-tests-inner-test
-
-==HOW TO RUN===================================================================
-
-Each test suite may be run with options:
- --output=<output type> --output=<output type> ...
- --output=xml
- example:
- test-binary --output=text --output=xml --file=output.xml
- --only-from-xml=<xml file> Run only testcases specified in XML file
- --regexp='regexp' Only selected tests which names match regexp run
- --start=<test id> Start from concrete test id
- --group=<group name> Run tests only from one group
- --runignored Run also ignored tests
- --list Show a list of Test IDs
- --listgroups Show a list of Test Group names
- --only-from-xml=<xml file> Run only testcases specified in XML file
- XML name is taken from attribute id="part1_part2" as whole.
- If part1 is not found (no _) then it is implicitily set according to
- suite part1 from binary tests
- --listingroup=<group name> Show a list of Test IDS in one group
- --allowchildlogs Allow to print logs from child process on screen.
- When active child process will be able to print logs on stdout and
- stderr. Both descriptors will be closed after test.
- --help Print help
-
-They can be run also by scripts:
- security-tests.sh
- security-tests-all.sh
-
-Each test can end with one of three possible statuses:
- FAILED
- OK
- IGNORED
-
-==HOW TO WRITE=================================================================
-
-security-tests is based on extended dpl framework providing different macros.
-Below are categories with macros listed as below:
-library
- include
- macro
- description
-
---Test group registering macro-------------------------------------------------
-
-dpl-test-framework
- test_runner.h
- RUNNER_TEST_GROUP_INIT
- Registers group of tests. Test are registered under this group until
- another group registering macro is called.
-
---Test registering macros------------------------------------------------------
-Adding/removing those macro calls will add/remove test cases they provide. To
-change tests, change body of those macro calls. Registered tests are run within
-group alphabetically.
-Those macros allow additional arguments which are classes with mandatory
-methods:
-* (constructor) ()
- Called while registering test.
- Should not throw any exceptions
-* init(const std::string &testName)
- Called before test case function in order of classes passed to macro.
- Should not be forked.
- testName argument is name of the test (first macro argument).
-* finish(void)
- called after test case function in reversed order of classes passed to
- macro.
- Should not be forked.
-Created instances of those classes may be accessed from within test case body
-as argument of test case funtion is
- std::tuple<ClassesPassed> &optionalArgsTuple
-
-dpl-test-framework
- test_runner.h
- RUNNER_TEST
- Function registered by this macro will be run in the same process as
- framework. No forking allowed unless forked process does not throw
- any exception.
- test_runner_child.h
- RUNNER_CHILD_TEST
- Function registered by this macro will be run in child process. No
- forking allowed unless forked process does not throw any exception.
- test_runner_multiprocess.h
- RUNNER_MULTIPROCESS_TEST
- Function registered by this macro will be run in the same process as
- framework. Forking allowed. Exception of every process will be
- registered.
-tests-common
- tests_common.h
- RUNNER_TEST_SMACK
- Same as RUNNER_TEST but run only with smack enabled.
- RUNNER_TEST_NOSMACK
- Same as RUNNER_TEST but run only with smack disabled.
- RUNNER_CHILD_TEST_SMACK
- Same as RUNNER_TEST_CHILD but run only with smack enabled.
- RUNNER_CHILD_TEST_NOSMACK
- Same as RUNNER_TEST_CHILD but run only with smack disabled.
- RUNNER_MULTIPROCESS_TEST_SMACK
- Same as RUNNER_TEST_MULTIPROCESS but run only with smack enabled.
- RUNNER_MULTIPROCESS_TEST_NOSMACK
- Same as RUNNER_TEST_MULTIPROCESS but run only with smack disabled.
-
---Assert macros----------------------------------------------------------------
-Used within test registering macros.
-
-First failed assertion throws test failed exception. If another assertions
-fail, information about fail conditions and backtrace is cumulated and
-presented together with already thrown exception message.
-
-dpl-test-framework
- test_runner.h
- RUNNER_ASSERT_MSG
- Assertion with message with backtrace information appended.
- RUNNER_ASSERT_ERRNO_MSG
- Assertion with message, error string and backtrace information
- appended.
- RUNNER_ASSERT_ERRNO
- Assertion with error string and backtrace information appended.
- RUNNER_FAIL_MSG
- Fail with message and backtrace information appended.
- RUNNER_ASSERT
- Assertion with backtrace information appended.
- RUNNER_IGNORED_MSG
- Assertion with message classified as ignored.
-
---Performence macros-----------------------------------------------------------
-Used to do the time measurement.
-
-dpl-test-framework
- test_runner.h
- RUNNER_PERF_TEST_BEGIN
- Start time measurement.
- RUNNER_PERF_TEST_END
- End time measurement.
-
---Message macros---------------------------------------------------------------
-Used to print error messages during test run time.
-
-dpl-test-framework
- test_runner.h
- RUNNER_ERROR_MSG
- Print error message using red color.
-
---Defer macros-----------------------------------------------------------------
-Used to defer throwing TestException exceptions (TestFailed, TestIgnored)
-by catching them and rethrowing later. This mechanism can help in breaking
-test and passing test result from places where throwing exceptions
-is not allowed
-
-dpl-test-framework
- test_runner.h
- RUNNER_DEFER_TRYCATCH
- Catches thrown TestException exceptions and stores them in TestRunner
- structures for later use. This macro works only inside deffered scope
- defined by RUNNER_DEFER_SCOPE, otherwise it won't catch exceptions
- RUNNER_DEFER_SCOPE
- Defines deferred scope. All RUNNER_DEFER_TRYCATCH macros used inside
- the scope catch and save TestException exceptions. After scope is left
- all saved exceptions take part in setting result of test. If there
- is no any uncaught exception then additionally first of saved
- exceptions is thrown.
-
---Collectors-------------------------------------------------------------------
-Collectors are classes which collect test results. Each class does it differently.
-Collectors can be registered by --output parameter (see HOW TO RUN section) but
-there is also another collector created to write summary.
-
-dpl-test-framework
- test_results_collector_summary.h
- SummaryCollector
- Collector writing tests summary. Call SummaryCollector::Register() to
- register it
-
---Usage example----------------------------------------------------------------
-
-#include <test_runner.h>
-#include <tests_common.h>
-#include <summary_collector.h>
-
-#include <sys/stat.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-RUNNER_TEST_GROUP_INIT(foo_module)
-
-RUNNER_TEST_SMACK(bar_allways_fails)
-{
- RUNNER_ASSERT(false);
-}
-
-RUNNER_TEST(bar_allways_passses)
-{
- RUNNER_ASSERT(true);
-}
-
-RUNNER_TEST(bar_file1)
-{
- cosnt char *file = "bar_file1";
- int fd = TEMP_FAILURE_RETRY(open(file, O_RDONLY));
- RUNNER_ASSERT_ERRNO_MSG(fd != -1, "Cannot open " << file << " file");
- close(fd);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(bar_file2_dropped_root)
-{
- RUNNER_ASSERT_ERRNO(setgid(5000) == 0);
- RUNNER_ASSERT_ERRNO(setuid(5000) == 0);
-
- cosnt char *file = "bar_file2";
- int fd = TEMP_FAILURE_RETRY(open(file, O_RDONLY));
- if(fd != -1) {
- close(fd);
- RUNNER_FAIL_MSG("file " << file << "should not be opened");
- }
- RUNNER_ASSERT_ERRNO_MSG(errno == EACCESS,
- "Wrong errno on opening " << " file");
-}
-
-class Env
-{
-public:
- Env() { ... }
- void init(const std::string &testName) { ... }
- void finish() { ... }
- void doEnv() { ... }
-};
-
-class Restore
-{
-public:
- Restore() { ... }
- void init(const std::string &testName) { ... }
- void finish() { ... }
- void doRestore() { ... }
-};
-
-RUNNER_TEST(bar_optional_args, Env, Restore)
-{
- std::get<0>(optionalArgsTuple).doEnv();
- std::get<1>(optionalArgsTuple).doRestore();
-}
-
-int main(int argc, char *argv[])
-{
- SummaryCollector::Register();
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
-
---Notes------------------------------------------------------------------------
-
- While changing body of test cases, be sure to remove functions and global
-variables if not used by any other tests.
- Use const variables instead of #define's.
- Use mechanisms already provided in common library.
Source0: %{name}-%{version}.tar.gz
Source1: %{name}.manifest
BuildRequires: cmake
-BuildRequires: libattr-devel
-BuildRequires: pkgconfig(libcap)
-BuildRequires: pkgconfig(libsmack)
-BuildRequires: pkgconfig(libprivilege-control)
-BuildRequires: pkgconfig(security-server)
-BuildRequires: pkgconfig(security-manager)
-BuildRequires: pkgconfig(key-manager)
-BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(dbus-1)
-BuildRequires: pkgconfig(libpcrecpp)
+BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libiri)
-BuildRequires: pkgconfig(sqlite3)
-BuildRequires: pkgconfig(libwebappenc)
-BuildRequires: cynara-devel
-BuildRequires: pkgconfig(libtzplatform-config)
-BuildRequires: boost-devel
-BuildRequires: pkgconfig(vconf)
-BuildRequires: pkgconfig(libgum) >= 1.0.5
-Requires: perf
-Requires: gdb
-Requires: key-manager-listener
+BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(libcurl)
+BuildRequires: pkgconfig(tpkp-curl)
+BuildRequires: pkgconfig(tpkp-gnutls)
%description
Security tests repository - for tests that can't be kept together with code.
cp %{SOURCE1} .
%build
+export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
+export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
+export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
+
export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib"
-# password protection enabled
-%define ckm_password_protection_disable 1
-cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
- -DDPL_LOG="ON" \
- -DVERSION=%{version} \
- -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:DEBUG} \
-%if "%{sec_product_feature_security_mdfpp_enable}" == "1"
- -DSECURITY_MDFPP_STATE_ENABLE=1 \
-%endif
-%if 0%{?ckm_password_protection_disable}
- -DPASSWORD_PROTECTION_DISABLE=1 \
-%endif
- -DCMAKE_VERBOSE_MAKEFILE=ON \
- -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
- -DAPP_USER="security_test_user"
-make %{?jobs:-j%jobs}
+%{!?build_type:%define build_type "DEBUG"}
+%cmake . -DCMAKE_INSTALL_PREFIX=%_prefix \
+ -DVERSION=%version \
+ -DCMAKE_BUILD_TYPE=%build_type \
+ -DCMAKE_VERBOSE_MAKEFILE=ON
+
+make %{?_smp_mflags}
%install
%make_install
-ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
-
-%post
-find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} +
-
-# Load permissions templates
-api_feature_loader --verbose
-# Set vconf key for cc-mode testing if vconf key isn't there.
-%if "%{sec_product_feature_security_mdfpp_enable}" != "1"
- echo "Install vconf key (file/security_mdpp/security_mdpp_state) for testing key-manager"
- vconftool set -t string file/security_mdpp/security_mdpp_state "Unset"
-%endif
-
-id -u security_test_user 1>/dev/null 2>&1 || \
- useradd -r -g users -s /sbin/nologin -c "for tests only" security_test_user
-
-echo "security-tests postinst done ..."
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
%files
-%manifest %{name}.manifest
-%defattr(-, root, root, -)
-/usr/bin/security-tests.sh
-/usr/bin/security-tests-all.sh
-/usr/bin/test-performance-check.sh
-
-/etc/dbus-1/system.d/security-tests.conf
-
-/usr/bin/libsmack-test
-/usr/bin/smack-dbus-tests
-/usr/bin/libprivilege-control-test
-/usr/bin/security-server-tests-client-smack
-/usr/bin/security-server-tests-server
-/usr/bin/security-server-tests-password
-/usr/bin/security-server-tests-privilege
-/usr/bin/security-server-tests-stress
-/etc/smack/test_smack_rules_full
-/etc/smack/test_smack_rules2
-/etc/smack/test_smack_rules3
-/etc/smack/test_smack_rules4
-/usr/bin/security-server-tests-mt
-/usr/bin/security-server-tests-api-speed
-/usr/bin/security-manager-tests
-/etc/smack/test_smack_rules
-/etc/smack/test_smack_rules_lnk
-/usr/share/privilege-control/*
-/etc/smack/test_privilege_control_DIR/*
-/usr/apps/*
-/usr/bin/test-app-efl
-/usr/bin/test-app-osp
-/usr/bin/test-app-wgt
-/usr/bin/cynara-test
-/usr/bin/ckm-tests
-/usr/bin/ckm-integration-tests
-/usr/share/ckm-test/*
-/etc/security-tests
-/usr/lib/security-tests/cynara-tests/plugins/single-policy/*
-/usr/lib/security-tests/cynara-tests/plugins/multiple-policy/*
-/usr/lib/security-tests/cynara-tests/plugins/test-agent/*
-/usr/bin/security-tests-inner-test
-/usr/bin/libwebappenc-tests
-
-%postun
-id -u security_test_user 1>/dev/null 2>&1 && userdel security_test_user
+%manifest %name.manifest
+/usr/lib/libdpl-test-framework.so
+/usr/bin/tpkp-test
# limitations under the License.
#
-INCLUDE(FindPkgConfig)
-
PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST
REQUIRED
libxml-2.0
${SYS_FRAMEWORK_TEST_LIBRARIES}
)
-INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/security-tests.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/security-tests-all.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/test-performance-check.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
+INSTALL(TARGETS ${DPL_FRAMEWORK_TEST_LIBRARY} DESTINATION lib)
-ADD_SUBDIRECTORY(common)
-ADD_SUBDIRECTORY(ckm)
-ADD_SUBDIRECTORY(ckm-integration)
-ADD_SUBDIRECTORY(libprivilege-control-tests)
-ADD_SUBDIRECTORY(libsmack-tests)
-ADD_SUBDIRECTORY(smack-dbus-tests)
-ADD_SUBDIRECTORY(security-server-tests)
-ADD_SUBDIRECTORY(security-manager-tests)
-ADD_SUBDIRECTORY(cynara-tests)
-ADD_SUBDIRECTORY(libwebappenc-tests)
+ADD_SUBDIRECTORY(pinning-tests)
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-PKG_CHECK_MODULES(CKMI_DEP
- REQUIRED
- libsmack
- libgum
- key-manager
- security-manager
- dbus-1
- vconf
- REQUIRED)
-
-SET(CKMI_SOURCES_DIR ${PROJECT_SOURCE_DIR}/src/ckm-integration)
-
-SET(CKMI_SOURCES
- ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp
- ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp
- ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp
- ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp
- ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp
- ${CKMI_SOURCES_DIR}/ckm-policy.cpp
- ${CKMI_SOURCES_DIR}/group01.cpp
- ${CKMI_SOURCES_DIR}/group02.cpp
- ${CKMI_SOURCES_DIR}/main.cpp
-)
-
-INCLUDE_DIRECTORIES(SYSTEM ${CKMI_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm-integration/ )
-
-ADD_EXECUTABLE(${TARGET_CKMI_TESTS} ${CKMI_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKMI_TESTS} ${CKMI_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
-
-INSTALL(TARGETS ${TARGET_CKMI_TESTS} DESTINATION bin)
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-policy.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sstream>
-
-#include <ckm-policy.h>
-
-CKMPolicy::CKMPolicy(
- std::string pkgId,
- std::string userName,
- ProcessSettings::PrivilegeVector priv)
- : m_userName(std::move(userName))
- , m_pkgId(pkgId)
- , m_appId(std::move(pkgId))
- , m_privileges(std::move(priv))
-{
- std::stringstream ss;
- ss << "User::App::" << m_pkgId;
- m_smackLabel = ss.str();
-}
-
-std::string CKMPolicy::GetUserName() const {
- return m_userName;
-}
-
-void CKMPolicy::SetUserName(std::string userName) {
- m_userName = std::move(userName);
-}
-
-gid_t CKMPolicy::GetGid() const {
- return m_gid;
-}
-
-void CKMPolicy::SetGid(gid_t gid) {
- m_gid = gid;
-}
-
-uid_t CKMPolicy::GetUid() const {
- return m_uid;
-}
-
-void CKMPolicy::SetUid(uid_t uid) {
- m_uid = uid;
-}
-
-std::string CKMPolicy::GetSmackLabel() const {
- return m_smackLabel;
-}
-
-void CKMPolicy::SetSmackLabel(std::string label) {
- m_smackLabel = std::move(label);
-}
-
-std::string CKMPolicy::GetAppId() const {
- return m_appId;
-}
-
-void CKMPolicy::SetAppId(std::string appId) {
- m_appId = std::move(appId);
-}
-
-std::string CKMPolicy::GetPkgId() const {
- return m_pkgId;
-}
-
-void CKMPolicy::SetPkgId(std::string pkgId) {
- m_pkgId = std::move(pkgId);
-}
-
-ProcessSettings::PrivilegeVector CKMPolicy::GetPrivileges() const {
- return m_privileges;
-}
-
-void CKMPolicy::SetPrivileges(ProcessSettings::PrivilegeVector priv) {
- m_privileges = std::move(priv);
-}
-
-const ProcessSettings::PrivilegeVector PrivNone;
-const ProcessSettings::PrivilegeVector PrivCKMBoth {
- "http://tizen.org/privilege/keymanager",
- "http://tizen.org/privilege/keymanager.admin"};
-const ProcessSettings::PrivilegeVector PrivCKMControl {
- "http://tizen.org/privilege/keymanager.admin"};
-const ProcessSettings::PrivilegeVector PrivCKMStore {
- "http://tizen.org/privilege/keymanager"};
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-policy.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <process-settings/policy.h>
-#include <process-settings/executor.h>
-#include <process-settings/change-uid.h>
-#include <process-settings/change-smack.h>
-#include <process-settings/install-app.h>
-#include <process-settings/create-user.h>
-#include <process-settings/unlock-ckm.h>
-
-class CKMPolicy : public ProcessSettings::Policy {
-public:
- CKMPolicy(
- std::string pkgId,
- std::string userName,
- ProcessSettings::PrivilegeVector priv);
- virtual std::string GetUserName() const;
- virtual void SetUserName(std::string);
- virtual gid_t GetGid() const;
- virtual void SetGid(gid_t);
- virtual uid_t GetUid() const;
- virtual void SetUid(uid_t);
- virtual std::string GetSmackLabel() const;
- virtual void SetSmackLabel(std::string);
- virtual std::string GetAppId() const;
- virtual void SetAppId(std::string);
- virtual std::string GetPkgId() const;
- virtual void SetPkgId(std::string);
- virtual ProcessSettings::PrivilegeVector GetPrivileges() const;
- virtual void SetPrivileges(ProcessSettings::PrivilegeVector);
- virtual ~CKMPolicy() {}
-private:
- uid_t m_uid;
- gid_t m_gid;
- std::string m_userName;
- std::string m_smackLabel;
- std::string m_pkgId;
- std::string m_appId;
- ProcessSettings::PrivilegeVector m_privileges;
-};
-
-extern const ProcessSettings::PrivilegeVector PrivNone;
-extern const ProcessSettings::PrivilegeVector PrivCKMBoth;
-extern const ProcessSettings::PrivilegeVector PrivCKMControl;
-extern const ProcessSettings::PrivilegeVector PrivCKMStore;
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file group01.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-
-#include <ckm-policy.h>
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> ProcSettings;
-
-RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess);
-
-RUNNER_CHILD_TEST(G01T01_ControlNegative) {
- // Socket is secured with 0700
- // in this test we have no access to this socket
- // DAC should DENIED access to CKM
- ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone);
- ps.Apply();
-
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(),
- "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(G01T02_ControlPositive) {
- // We have root privileges.
- // We should be able to control data.
- // The cynara should give us an access.
- uid_t USER_UID = 5102;
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID,
- "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file group02.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-
-#include <ckm-policy.h>
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack,
- ProcessSettings::ChangeUid> PS;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::CreateUser,
- ProcessSettings::UnlockCkm,
- ProcessSettings::InstallApp,
- ProcessSettings::ChangeSmack> PSNoUid;
-
-typedef ProcessSettings::Executor<
- CKMPolicy,
- ProcessSettings::ChangeUid> PSUid;
-
-RUNNER_TEST_GROUP_INIT(GROUP_02_StorageApiAccess);
-
-RUNNER_CHILD_TEST(G02T01_StorageNegative) {
- // We are ordinary user without any privileges.
- // Cynara should deny all accesses.
- PS ps("PkgIdG02T01", "UserG02T01", PrivNone);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T01";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(G02T02_StoragePositive) {
- // We are root. We will be allowed.
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "/System dataG02T02";
-
- // This funciton may return error.
- manager->removeAlias(alias);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
-}
-
-RUNNER_CHILD_TEST(G02T03_StoragePositive) {
- // We are oridinary user with proper privileges.
- PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *dataAlias = "dataG02T03";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
-}
-
-RUNNER_CHILD_TEST(G02T04_StorageNegative) {
- // There is some user with privileges but we are
- // are ordinary user without any.
- // Cynara should deny all accesses.
- PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth);
- ps.Apply();
-
- PSUid ps2("", "", PrivNone);
- ps2.SetUid(ps.GetUid()+1);
- ps2.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T04";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(G02T05_StorageNegative) {
- // We have wrong privilege.
- // Cynara should deny all accesses to storage.
- PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl);
- ps.Apply();
-
- int temp;
- auto manager = CKM::Manager::create();
- std::string data = "Custom data";
- CKM::RawBuffer rawBuffer(data.begin(), data.end());
- CKM::RawBuffer output;
- const char *alias = "dataG02T05";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file main.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[]) {
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <sys/smack.h>
-
-#include <tests_common.h>
-
-#include <process-settings/change-smack.h>
-
-namespace ProcessSettings {
-
-ChangeSmack::ChangeSmack(const Policy &policy)
- : m_policy(policy)
-{}
-
-void ChangeSmack::Apply() {
- char *my_label = nullptr;
-
- RUNNER_ASSERT(-1 != smack_new_label_from_self(&my_label));
-
- if (my_label)
- m_originalLabel = my_label;
-
- free(my_label);
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_policy.GetSmackLabel().c_str()),
- "Error in smack_set_label_for_self(" << m_policy.GetSmackLabel() << ")");
-}
-
-void ChangeSmack::Revoke() {
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_originalLabel.c_str()),
- "Error in smack_set_label_for_self(" << m_originalLabel << ")");
-}
-
-ChangeSmack::~ChangeSmack() {}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-smack.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class ChangeSmack {
-public:
- ChangeSmack(const Policy &policy);
- void Apply();
- void Revoke();
- virtual ~ChangeSmack();
-private:
- const Policy &m_policy;
- std::string m_originalLabel;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-uid.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <unistd.h>
-
-#include <tests_common.h>
-
-#include <process-settings/change-uid.h>
-
-namespace ProcessSettings {
-
-ChangeUid::ChangeUid(const Policy &policy)
- : m_policy(policy)
-{}
-
-void ChangeUid::Apply() {
- m_originalUid = getuid();
- m_originalGid = getgid();
-
- RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_policy.GetGid()),
- "Error in setegid(" << m_policy.GetGid() << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_policy.GetUid()),
- "Error in seteuid(" << m_policy.GetUid() << ")");
-}
-
-void ChangeUid::Revoke() {
- RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_originalUid),
- "Error in seteuid(" << m_originalUid << ")");
- RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_originalGid),
- "Error in setegid(" << m_originalGid << ")");
-}
-
-ChangeUid::~ChangeUid() {}
-
-} // namespace ProcessSettings
-
-
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file change-uid.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class ChangeUid {
-public:
- ChangeUid(const Policy &policy);
-
- void Apply();
- void Revoke();
-
- virtual ~ChangeUid();
-private:
- const Policy &m_policy;
- uid_t m_originalUid;
- gid_t m_originalGid;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file create-user.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-#include <glib-object.h>
-#include <common/gum-user-types.h>
-
-#include <tests_common.h>
-
-#include <process-settings/create-user.h>
-
-namespace ProcessSettings {
-
-CreateUser::CreateUser(Policy &policy)
- : m_policy(policy)
- , m_userType(GUM_USERTYPE_NORMAL)
- , m_guser(nullptr)
-{}
-
-void CreateUser::Apply()
-{
- m_userName = m_policy.GetUserName();
- m_guser = gum_user_create_sync(false);
- RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
- g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
- g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
- gboolean added = gum_user_add_sync(m_guser);
- RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName);
- g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
- RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
- g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
- RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
-
- m_policy.SetUid(m_uid);
- m_policy.SetGid(m_gid);
-}
-
-void CreateUser::Revoke() {
- if (m_guser) {
- gum_user_delete_sync(m_guser, TRUE);
- g_object_unref(m_guser);
- m_guser = nullptr;
- }
-}
-
-CreateUser::~CreateUser(){
- if (m_guser)
- g_object_unref(m_guser);
-}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file create-user.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-#include <gum-user.h>
-#include <common/gum-user-types.h>
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class CreateUser {
-public:
- CreateUser(Policy &policy);
- void Apply();
- void Revoke();
- virtual ~CreateUser();
-private:
- Policy &m_policy;
- uid_t m_uid;
- gid_t m_gid;
- std::string m_userName;
- GumUserType m_userType;
- GumUser *m_guser;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file executor.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <stdlib.h>
-
-#include <iostream>
-
-#include <dpl/test/test_exception.h>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-template <typename PolicyArg, typename... Args>
-class Executor : public PolicyArg, public Args... {
-public:
- template <typename... T>
- Executor(T&&... t)
- : PolicyArg(std::forward<T>(t)...)
- , Args(static_cast<Policy&>(*this))...
- , m_applied(false)
- {}
-
- void Apply() {
- if (!m_applied)
- InternalApply<Args...>();
- m_applied = true;
- }
-
- void Revoke() {
- if (m_applied)
- InternalRevoke<Args...>();
- m_applied = false;
- }
-
- virtual ~Executor() {
- try {
- Revoke();
- } catch (const DPL::Test::TestException &e) {
- // This is bad. The rest of test will not work properly!
- std::cerr << "Error during cleaning up environment. "
- "The rest of test will probably fail." << e.GetMessage() << std::endl;
- }
- }
-
-private:
-
- template <typename First>
- void InternalApply() {
- First::Apply();
- }
-
- template <typename First, typename Second, typename... Rest>
- void InternalApply() {
- First::Apply();
- InternalApply<Second, Rest...>();
- }
-
- template <typename First>
- void InternalRevoke() {
- First::Revoke();
- }
-
- template <typename First, typename Second, typename... Rest>
- void InternalRevoke() {
- InternalRevoke<Second, Rest...>();
- First::Revoke();
- }
-
- bool m_applied;
-};
-
-} // namespace ProcessSetings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file install-app.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <security-manager.h>
-
-#include <tests_common.h>
-
-#include <process-settings/install-app.h>
-
-#define ERRORDESCRIBE(name) case name: return #name
-
-namespace {
-
-const char *ToString(int code) {
- switch(static_cast<lib_retcode>(code)) {
- ERRORDESCRIBE(SECURITY_MANAGER_SUCCESS);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_UNKNOWN);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_INPUT_PARAM);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_MEMORY);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(SECURITY_MANAGER_ERROR_ACCESS_DENIED);
- default:
- return "Unknown code";
- }
-}
-
-} // namespace anonymous
-
-#undef ERRORDESCRIBE
-
-namespace ProcessSettings {
-
-InstallApp::InstallApp(const Policy &policy)
- : m_policy(policy)
- , m_req(nullptr, security_manager_app_inst_req_free)
-{}
-
-void InstallApp::Apply() {
- app_inst_req *whatever = nullptr;
-
- int retcode = security_manager_app_inst_req_new(&whatever);
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_new. Error: " << ToString(retcode));
-
- m_req.reset(whatever);
-
- retcode = security_manager_app_inst_req_set_app_id(m_req.get(), m_policy.GetAppId().c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_app_id. Error: " << ToString(retcode));
-
- retcode = security_manager_app_inst_req_set_pkg_id(m_req.get(), m_policy.GetPkgId().c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_pkg_id. Error: " << ToString(retcode));
-
- for(auto &e : m_policy.GetPrivileges()) {
- retcode = security_manager_app_inst_req_add_privilege(m_req.get(), e.c_str());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_add_privilege. Error: " << ToString(retcode));
- }
-
- retcode = security_manager_app_inst_req_set_uid(m_req.get(), m_policy.GetUid());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_inst_req_set_uid. Error: " << ToString(retcode));
-
- retcode = security_manager_app_install(m_req.get());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_install. Error: " << ToString(retcode));
-}
-
-void InstallApp::Revoke() {
- int retcode = security_manager_app_uninstall(m_req.get());
- RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode,
- "Error in security_manager_app_uninstall. Error: " << ToString(retcode));
-}
-
-InstallApp::~InstallApp() {}
-
-} // ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file install-app.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-
-
-#pragma once
-
-#include <memory>
-#include <functional>
-
-#include <process-settings/policy.h>
-
-extern "C" {
-struct app_inst_req;
-typedef struct app_inst_req app_inst_req;
-} // extern "C"
-
-namespace ProcessSettings {
-
-class InstallApp {
-public:
- InstallApp(const Policy &policy);
-
- void Apply();
- void Revoke();
-
- virtual ~InstallApp();
-private:
- const Policy &m_policy;
- std::unique_ptr<app_inst_req, std::function<void(app_inst_req*)>> m_req;
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file policy.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <string>
-#include <vector>
-
-namespace ProcessSettings {
-typedef std::vector<std::string> PrivilegeVector;
-
-class Policy {
-public:
- virtual std::string GetUserName() const = 0;
- virtual void SetUserName(std::string) = 0;
- virtual gid_t GetGid() const = 0;
- virtual void SetGid(gid_t) = 0;
- virtual uid_t GetUid() const = 0;
- virtual void SetUid(uid_t) = 0;
- virtual std::string GetSmackLabel() const = 0;
- virtual void SetSmackLabel(std::string) = 0;
- virtual std::string GetAppId() const = 0;
- virtual void SetAppId(std::string) = 0;
- virtual std::string GetPkgId() const = 0;
- virtual void SetPkgId(std::string) = 0;
- virtual PrivilegeVector GetPrivileges() const = 0;
- virtual void SetPrivileges(PrivilegeVector) = 0;
- virtual ~Policy() {}
-};
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file unlock-ckm.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <ckm/ckm-control.h>
-
-#include <tests_common.h>
-
-#include <process-settings/unlock-ckm.h>
-
-namespace ProcessSettings {
-
-UnlockCkm::UnlockCkm(const Policy &policy)
- : m_policy(policy)
-{}
-
-void UnlockCkm::Apply() {
- int temp;
-
- m_uid = m_policy.GetUid();
-
- auto control = CKM::Control::create();
-
- // Let's clean up environment.
- // It will usually fails.
- control->removeUserData(m_uid);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")),
- "Error=" << CKM::ErrorToString(temp));
-
-}
-
-void UnlockCkm::Revoke() {
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-UnlockCkm::~UnlockCkm() {}
-
-} // namespace ProcessSettings
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file unlock-ckm.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#pragma once
-
-#include <sys/types.h>
-
-#include <string>
-
-#include <process-settings/policy.h>
-
-namespace ProcessSettings {
-
-class UnlockCkm {
-public:
- UnlockCkm(const Policy &policy);
- void Apply();
- void Revoke();
- virtual ~UnlockCkm();
-private:
- const Policy &m_policy;
- uid_t m_uid;
-};
-
-} // namespace ProcessSettings
-
-
+++ /dev/null
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# mdpp flag
-IF (DEFINED SECURITY_MDFPP_STATE_ENABLED)
- MESSAGE("SECURITY_MDFPP_STATE_ENABLE ENABLED !")
- ADD_DEFINITIONS("-DSECURITY_MDFPP_STATE_ENABLE")
-ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLED)
- MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !")
-ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLED)
-
-# password protection flag
-IF (DEFINED PASSWORD_PROTECTION_DISABLE)
- MESSAGE("PASSWORD_PROTECTION_DISABLE ENABLED !")
- ADD_DEFINITIONS("-DPASSWORD_PROTECTION_DISABLE")
-ENDIF (DEFINED PASSWORD_PROTECTION_DISABLE)
-
-# Dependencies
-PKG_CHECK_MODULES(CKM_DEP
- libsmack
- key-manager
- dbus-1
- vconf
- REQUIRED)
-
-# Targets definition
-
-SET(CKM_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/access_provider2.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/main.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-certificate-chains.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-access_control.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/clean-env.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/algo-params.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption-env.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption.cpp
-)
-
-INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm/ )
-
-ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
-INSTALL(FILES
- test1801.pkcs12
- pkcs.p12
- capi-t3096.p12
- XML_1_okay.xml
- XML_2_okay.xml
- XML_3_wrong.xml
- device_key.xml
- DESTINATION /usr/share/ckm-test
- )
-
-# C compilation
-SET(TARGET_C_COMPILATION_TEST "ckm-c-compilation-test")
-
-SET(C_COMPILATION_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/c-compilation.c
-)
-
-PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP
- key-manager
- REQUIRED)
-
-ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES})
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd">
- <!-- if EncryptionKey present, the content is an AES key encrypted using device key.
- The format is Base64(encrypt(AES_key_binary))
- i.e.:
- * RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
- * encode base64: openssl enc -base64 -in encryption_AES_key.encrypted -->
- <EncryptionKey>
- QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp
- UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s
- CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj
- bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss
- Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC
- ZVOanzc0euaenw1q9b+yEQ==
- </EncryptionKey>
- <Key name="test-key1" type="RSA_PUB" password="123">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
- +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
- tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
- x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
- 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
- m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
- +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
- f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
- +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
- 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
- 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
- -----END PUBLIC KEY-----
- </PEM>
- <Permission accessor="web_app1"/>
- </Key>
- <Key name="test-key2" type="RSA_PRV" exportable="true">
- <DER>
- MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
- jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
- 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
- GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
- xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
- TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
- VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
- wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
- BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
- 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
- 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
- pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
- 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
- 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
- RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
- bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
- jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
- 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
- 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
- GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
- UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
- /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
- AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
- ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
- TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
- ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
- v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
- xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
- 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
- eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
- 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
- xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
- sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
- WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
- gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
- W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
- G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
- oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
- yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
- 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
- Vx676FQrM4EzjSSqgA==
- </DER>
- <Permission accessor="web_app2"/>
- </Key>
- <Cert exportable="true" name="test-cert1">
- <DER>
- MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
- EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
- VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
- MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
- MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
- 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
- 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
- 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
- +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
- AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
- PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
- 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
- 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
- wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
- 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
- kOg11TpPdNDkhb1J4ZCh2gupDg==
- </DER>
- <Permission accessor="web_app2"/>
- </Cert>
- <Data name="test-data1" exportable="true">
- <ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Data>
- <Key name="test-aes1" type="AES" exportable="true">
- <Base64>
- QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
- </Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Key>
- <!-- key below is encrypted using AES-CBC algorithm.
- The key used is decrypted <EncryptionKey> provided above.
- Encryption:
- * encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in data -out data.enc
- -->
- <Key name="test-encryption-prv" type="RSA_PRV" exportable="true">
- <EncryptedDER IV="X1RoaXNJc0lWRm9yQUVTXw==">
- BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
- 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
- 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
- tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
- +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
- xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
- FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
- vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
- 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
- Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
- wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
- j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
- bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
- </EncryptedDER>
- </Key>
- <Key name="test-encryption-pub" type="RSA_PUB" exportable="true">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
- JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
- CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
- 3Op0tEjy0jpmzeyNiQIDAQAB
- -----END PUBLIC KEY-----
- </PEM>
- </Key>
- <Cert name="test-encryption-certificate" exportable="true">
- <!-- Note IV differs between items -->
- <EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
- pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
- /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
- l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
- XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
- /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
- osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
- 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
- TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
- ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
- oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
- ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
- tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
- kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
- DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
- LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
- XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
- 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
- a+r+N4lsYPKJbX2ywUvDHg==
- </EncryptedDER>
- </Cert>
- <Data name="test-ascii-data-encryption" exportable="true">
- <!-- this below decrypts to ASCII: "My secret data" -->
- <EncryptedASCII IV="X19hbm90aGVyX0lWXzJfXw==">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
- </Data>
- <Data name="test-binary-data-encryption" exportable="true">
- <!-- this below decrypts to small PNG image -->
- <EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
- weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC
- Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF
- oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf
- kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk
- KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy
- iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8
- gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju
- yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC
- Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps
- ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod
- v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW
- NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti
- udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0
- FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx
- IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h
- ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx
- asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0
- +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA
- Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI
- Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK
- XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT
- gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg
- g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8
- DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4
- T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q
- MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0
- CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz
- traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c
- q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP
- ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n
- Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t
- gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3
- 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW
- YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx
- pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys
- nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9
- pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI
- 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY
- hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp
- VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka
- lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP
- 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32
- LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk
- UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2
- rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/
- sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY
- 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1
- H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv
- e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt
- ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW
- MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP
- zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J
- 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un
- TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb
- aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS
- eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09
- +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ
- 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo
- p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO
- fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT
- mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ
- ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA
- YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3
- aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC
- jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK
- vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T
- INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA
- wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3
- Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf
- ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR
- 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu
- Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm
- q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O
- eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ
- USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx
- qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk
- p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL
- 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS
- orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY
- BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL
- YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5
- ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm
- HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h
- TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9
- jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ
- ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B
- Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU
- V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5
- RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc
- Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc
- Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh
- PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1
- zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV
- e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt
- eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz
- zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c
- 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw
- eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV
- HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu
- by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT
- n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50
- mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL
- PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe
- xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg
- wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0
- ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp
- EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr
- d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb
- 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi
- F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7
- HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM
- yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC
- Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV
- lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw
- xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm
- LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi
- eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A
- CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb
- U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB
- +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw
- IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx
- 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe
- FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD
- yYRBt5UqwGovABM08jYkuA==
- </EncryptedBinary>
- </Data>
-</InitialValues>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
- <Key name="test2-key1" type="RSA_PUB" password="123">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
- +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
- tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
- x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
- 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
- m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
- +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
- f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
- +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
- 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
- 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
- -----END PUBLIC KEY-----
- </PEM>
- <Permission accessor="web_app1"/>
- </Key>
- <Key name="test2-key2" type="RSA_PRV" exportable="true">
- <DER>
- MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
- jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
- 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
- GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
- xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
- TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
- VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
- wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
- BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
- 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
- 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
- pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
- 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
- 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
- RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
- bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
- jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
- 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
- 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
- GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
- UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
- /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
- AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
- ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
- TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
- ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
- v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
- xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
- 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
- eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
- 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
- xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
- sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
- WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
- gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
- W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
- G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
- oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
- yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
- 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
- Vx676FQrM4EzjSSqgA==
- </DER>
- <Permission accessor="web_app2"/>
- </Key>
- <Cert exportable="true" name="test2-cert1">
- <DER>
- MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
- EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
- VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
- MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
- MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
- 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
- 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
- 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
- +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
- AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
- PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
- 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
- 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
- wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
- 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
- kOg11TpPdNDkhb1J4ZCh2gupDg==
- </DER>
- <Permission accessor="web_app2"/>
- </Cert>
- <Data name="test2-data1" exportable="true">
- <ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Data>
- <Key name="test2-aes1" type="AES" exportable="true">
- <Base64>
- QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
- </Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Key>
-</InitialValues>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
- <Key name="test3-key1" type="RSA_PUB" password="123">
- <Permission accessor="web_app1"/>
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
- +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui
- tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB
- x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8
- 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4
- m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA
- +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp
- f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4
- +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ
- 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+
- 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
- -----END PUBLIC KEY-----
- </PEMIAMWRONG>
- </Key>
- <Key name="test3-key2" type="RSA_PRV" exportable="true">
- <DER>
- MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17
- jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA
- 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2
- QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S
- GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp
- xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ
- TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf
- VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji
- wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi
- BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1
- 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23
- 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8
- pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT
- 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK
- 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee
- RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O
- bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE
- jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH
- 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H
- 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO
- GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO
- UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD
- /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB
- AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As
- ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9
- TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+
- ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e
- v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu
- xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp
- 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8
- eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk
- 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a
- xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL
- sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew
- WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i
- gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH
- W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY
- G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x
- oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub
- yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD
- 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
- Vx676FQrM4EzjSSqgA==
- </DER>
- <Permission accessor="web_app2"/>
- </Key>
- <Cert exportable="true" name="test3-cert1">
- <DER>
- MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw
- EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD
- VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy
- MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ
- MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN
- BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1
- 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm
- 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x
- 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY
- +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID
- AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1
- PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ
- 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy
- 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU
- wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7
- 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
- kOg11TpPdNDkhb1J4ZCh2gupDg==
- </DER>
- <Permission accessor="web_app2"/>
- </Cert>
- <Data name="test3-data1" exportable="true">
- <ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Data>
- <Key name="test3-aes1" type="AES">
- <Base64>
- QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
- </Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
- </Key>
-</InitialValues>
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/smack.h>
-
-#include <access_provider2.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-
-namespace {
-
-std::string toSmackLabel(const std::string &ownerId) {
- if (ownerId.empty())
- return ownerId;
-
- if (ownerId[0] == '/') {
- return ownerId.substr(1, std::string::npos);
- }
-
- return SMACK_USER_APP_PREFIX + ownerId;
-}
-
-} // anonymous namespace
-
-AccessProvider::AccessProvider(const std::string &ownerId)
- : m_mySubject(toSmackLabel(ownerId))
- , m_inSwitchContext(false)
-{
- RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
- allowJournaldLogs();
-}
-
-AccessProvider::AccessProvider(const std::string &ownerId, int uid, int gid)
- : m_mySubject(toSmackLabel(ownerId))
- , m_inSwitchContext(false)
-{
- RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!");
- allowJournaldLogs();
- applyAndSwithToUser(uid, gid);
-}
-
-void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
- m_smackAccess.add(m_mySubject, api, rule);
-}
-
-void AccessProvider::apply() {
- // This should be done by security-manager
- m_smackAccess.add("System", m_mySubject, "w");
- m_smackAccess.add(m_mySubject, "System", "w");
- m_smackAccess.apply();
-}
-
-void AccessProvider::applyAndSwithToUser(int uid, int gid)
-{
- RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context");
-
- // get calling label
- char* my_label = NULL;
- RUNNER_ASSERT(smack_new_label_from_self(&my_label) > 0);
- if(my_label)
- {
- m_origLabel = std::string(my_label);
- free(my_label);
- }
- RUNNER_ASSERT(m_origLabel.size() > 0);
-
- RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
- "Error in smack_revoke_subject(" << m_mySubject << ")");
- apply();
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
- "Error in smack_set_label_for_self.");
-
- m_origUid = getuid();
- m_origGid = getgid();
- RUNNER_ASSERT_MSG(0 == setegid(gid),
- "Error in setgid.");
- RUNNER_ASSERT_MSG(0 == seteuid(uid),
- "Error in setuid.");
- m_inSwitchContext = true;
-}
-
-void AccessProvider::allowJournaldLogs() {
- allowAPI("System::Run","wx"); // necessary for logging with journald
-}
-
-ScopedAccessProvider::~ScopedAccessProvider()
-{
- if(m_inSwitchContext == true)
- {
- RUNNER_ASSERT_MSG(0 == setegid(m_origGid), "Error in setgid.");
- RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid.");
- RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
- "Error in smack_revoke_subject(" << m_mySubject << ")");
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_origLabel.c_str()),
- "Error in smack_set_label_for_self.");
- m_inSwitchContext = false;
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider2.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef _ACCESS_FOR_DUMMIES_H_
-#define _ACCESS_FOR_DUMMIES_H_
-
-#include <string>
-
-#include <smack_access.h>
-
-class AccessProvider {
-public:
- explicit AccessProvider(const std::string &ownerId);
- AccessProvider(const std::string &ownerId, int uid, int gid);
- virtual ~AccessProvider() {}
-
- AccessProvider(const AccessProvider &second) = delete;
- AccessProvider& operator=(const AccessProvider &second) = delete;
-
- void allowAPI(const std::string &api, const std::string &rules);
- void apply();
- void applyAndSwithToUser(int uid, int gid);
-
-private:
- void allowJournaldLogs();
-
- SmackAccess m_smackAccess;
-protected:
- std::string m_mySubject;
- uid_t m_origUid;
- gid_t m_origGid;
- std::string m_origLabel;
- bool m_inSwitchContext;
-};
-
-class ScopedAccessProvider : public AccessProvider {
-public:
- explicit ScopedAccessProvider(const std::string &mySubject)
- : AccessProvider(mySubject) {}
- ScopedAccessProvider(const std::string &mySubject, int uid, int gid)
- : AccessProvider(mySubject, uid, gid) {}
- virtual ~ScopedAccessProvider();
-};
-
-#endif // _ACCESS_FOR_DUMMIES_H_
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file algo-params.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <memory>
-#include <fstream>
-
-#include <string.h>
-
-#include <dpl/test/test_runner.h>
-#include <ckm-common.h>
-#include <ckmc/ckmc-type.h>
-#include <ckm/ckm-type.h>
-
-namespace {
-
-struct CryptoAlgorithmWrapper : public CKM::CryptoAlgorithm
-{
- bool empty() const { return m_params.empty(); }
- size_t count() const { return m_params.size(); }
-};
-
-ckmc_param_list_h* EMPTY_PLIST = NULL;
-ckmc_param_list_h EMPTY_LIST = NULL;
-
-const size_t DEFAULT_IV_LEN = 16;
-const size_t DEFAULT_IV_LEN_BITS = 8*DEFAULT_IV_LEN;
-
-RawBufferPtr IV(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free);
-
-void assert_list_empty(ckmc_param_list_h list)
-{
- const CryptoAlgorithmWrapper* caw = reinterpret_cast<const CryptoAlgorithmWrapper*>(list);
- RUNNER_ASSERT_MSG(caw->empty(), "Parameter list is not empty");
-}
-
-void check_int_param(ckmc_param_list_h list,
- ckmc_param_name_e name,
- uint64_t expected)
-{
- RUNNER_ASSERT_MSG(list, "List is NULL");
- uint64_t got;
- int ret = ckmc_param_list_get_integer(list, name, &got);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "No such integer param: " << name);
- RUNNER_ASSERT_MSG(expected == got,
- "Param " << name << " expected value: " << expected << " got: " << got);
-}
-
-void check_buffer_param(ckmc_param_list_h list,
- ckmc_param_name_e name,
- const ckmc_raw_buffer_s& expected)
-{
- RUNNER_ASSERT_MSG(list, "List is NULL");
- ckmc_raw_buffer_s* got = NULL;
- int ret = ckmc_param_list_get_buffer(list, name, &got);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "No such buffer param: " << name);
- assert_buffers_equal(expected, *got);
-}
-
-void assert_param_count(ckmc_param_list_h list, size_t expected)
-{
- RUNNER_ASSERT_MSG(list, "List is NULL");
- const CryptoAlgorithmWrapper* caw = reinterpret_cast<const CryptoAlgorithmWrapper*>(list);
- size_t count = caw->count();
- RUNNER_ASSERT_MSG(count == expected, "Expected param count: " << expected << " got: " << count);
-}
-
-} // anonymous namespace
-
-RUNNER_TEST_GROUP_INIT(CKM_ALGO_PARAMS);
-
-RUNNER_TEST(TAP_0010_new_invalid_param)
-{
- assert_invalid_param(ckmc_param_list_new, EMPTY_PLIST);
-}
-
-RUNNER_TEST(TAP_0020_free_invalid_param)
-{
- ckmc_param_list_free(EMPTY_LIST); // should not throw/segfault
-}
-
-RUNNER_TEST(TAP_0030_new_free)
-{
- ParamListPtr list = createParamListPtr();
- assert_list_empty(list.get());
-}
-
-RUNNER_TEST(TAP_0040_add_integer_invalid_param)
-{
- assert_invalid_param(ckmc_param_list_set_integer,
- EMPTY_LIST,
- CKMC_PARAM_ALGO_TYPE,
- CKMC_ALGO_AES_CTR);
-
- ParamListPtr list = createParamListPtr();
- assert_invalid_param(ckmc_param_list_set_integer,
- list.get(),
- static_cast<ckmc_param_name_e>(-1),
- CKMC_ALGO_AES_CTR);
- assert_list_empty(list.get());
-}
-
-RUNNER_TEST(TAP_0050_add_buffer_invalid_param)
-{
- assert_invalid_param(ckmc_param_list_set_buffer,
- EMPTY_LIST,
- CKMC_PARAM_ED_IV,
- IV.get());
-
- ParamListPtr list = createParamListPtr();
- assert_invalid_param(ckmc_param_list_set_buffer,
- list.get(),
- CKMC_PARAM_ED_IV,
- nullptr);
- assert_list_empty(list.get());
-
- ckmc_raw_buffer_s buffer;
- buffer.data = nullptr;
- buffer.size = 0;
- assert_invalid_param(ckmc_param_list_set_buffer,
- list.get(),
- CKMC_PARAM_ED_IV,
- &buffer);
- assert_list_empty(list.get());
-
- assert_invalid_param(ckmc_param_list_set_buffer,
- list.get(),
- static_cast<ckmc_param_name_e>(-1),
- IV.get());
- assert_list_empty(list.get());
-}
-
-RUNNER_TEST(TAP_0060_add_param)
-{
- ParamListPtr list = createParamListPtr();
- assert_positive(ckmc_param_list_set_integer,
- list.get(),
- CKMC_PARAM_ALGO_TYPE,
- CKMC_ALGO_AES_GCM);
- check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM);
- assert_param_count(list.get(),1);
-
- RawBufferPtr buffer(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free);
- assert_positive(ckmc_param_list_set_buffer,
- list.get(),
- CKMC_PARAM_ED_IV,
- buffer.get());
- check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM);
- check_buffer_param(list.get(), CKMC_PARAM_ED_IV, *buffer.get());
- assert_param_count(list.get(),2);
-}
-
-RUNNER_TEST(TAP_0070_generate_invalid_param)
-{
- assert_invalid_param(ckmc_generate_new_params, static_cast<ckmc_algo_type_e>(-1), EMPTY_PLIST);
-}
-
-RUNNER_TEST(TAP_0080_generate)
-{
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_CTR, &handle);
- ParamListPtr list = ParamListPtr(handle, ckmc_param_list_free);
- check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
- check_int_param(list.get(), CKMC_PARAM_ED_CTR_LEN, DEFAULT_IV_LEN_BITS);
-
- CKM::CryptoAlgorithm* ca = reinterpret_cast<CKM::CryptoAlgorithm*>(list.get());
- CKM::RawBuffer iv;
- bool ret = ca->getParam(CKM::ParamName::ED_IV, iv);
- RUNNER_ASSERT_MSG(!ret, "ED_IV param should not be present");
- assert_param_count(list.get(),2);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file async-api.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <mutex>
-#include <utility>
-#include <condition_variable>
-#include <cassert>
-
-#include <ckmc/ckmc-type.h>
-#include <ckm/ckm-manager-async.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-raw-buffer.h>
-
-#include <fstream>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <ckm-common.h>
-#include <access_provider2.h>
-#include <random>
-
-using namespace CKM;
-using namespace std;
-using namespace TestData;
-
-namespace {
-
-const char* TEST_LABEL = "test_label";
-const char* TEST_LABEL_2 = "test_label-2";
-
-const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-
-const char* TEST_PASS = "test-pass";
-
-const CertificateShPtrVector EMPTY_CERT_VECTOR;
-const CertificateShPtrVector NULL_PTR_VECTOR = {
- CertificateShPtr(),
- CertificateShPtr(),
- CertificateShPtr()
-};
-const AliasVector EMPTY_ALIAS_VECTOR;
-const Alias alias_PKCS_exportable = "async-test-PKCS-export";
-const Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
-
-class MyObserver: public ManagerAsync::Observer
-{
-public:
- MyObserver() :
- m_finished(false), m_error(0)
- {
- }
-
- void ReceivedError(int error)
- {
- m_finished = true;
- m_error = error;
- m_cv.notify_one();
- }
-
- void ReceivedSaveKey() { Succeeded(); }
- void ReceivedSaveCertificate() { Succeeded(); }
- void ReceivedSaveData() { Succeeded(); }
- void ReceivedSavePKCS12() { Succeeded(); }
-
- void ReceivedRemovedAlias() { Succeeded(); }
-
- void ReceivedKey(Key &&) { Succeeded(); }
- void ReceivedCertificate(Certificate &&) { Succeeded(); }
- void ReceivedData(RawBuffer &&) { Succeeded(); }
- void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
-
- void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
- void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
- void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
-
- void ReceivedCreateKeyAES() { Succeeded(); }
- void ReceivedCreateKeyPair() { Succeeded(); }
-
- void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
- { m_certChain = move(chain); Succeeded(); }
-
- void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
- void ReceivedVerifySignature() { Succeeded(); }
-
- void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
-
- void ReceivedSetPermission() { Succeeded(); }
-
- void WaitForResponse()
- {
- unique_lock < mutex > lock(m_mutex);
-
- m_cv.wait(lock, [this] {return m_finished;});
- }
-
- bool m_finished;
- int m_error;
- AliasVector m_aliases;
- CertificateShPtrVector m_certChain;
- PKCS12ShPtr m_pkcs;
- RawBuffer m_signed;
- int m_ocspStatus;
-
-protected:
- void Succeeded()
- {
- m_finished = true;
- m_cv.notify_one();
- }
-
- mutex m_mutex;
- condition_variable m_cv;
-};
-
-typedef shared_ptr<MyObserver> MyObserverPtr;
-
-enum Type {
- RSA,
- DSA,
- ECDSA,
- AES
-};
-
-struct KeyContainer
-{
- // assymetric
- KeyContainer(const std::string& prv_pem, const std::string& pub_pem) {
- RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
- prv = Key::create(buffer_prv);
- assert(prv);
-
- RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
- pub = Key::create(buffer_pub);
- assert(pub);
- }
-
- // symmetric
- KeyContainer(const RawBuffer& key_raw) {
- prv = pub = Key::createAES(key_raw);
- assert(prv);
- assert(pub);
- }
-
- KeyShPtr prv;
- KeyShPtr pub;
-};
-
-typedef map<Type, vector<KeyContainer> > KeyMap;
-
-
-KeyMap initializeKeys()
-{
- KeyMap km;
-
- km[RSA].emplace_back(
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
- "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
- "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
- "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
- "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
- "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
- "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
- "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
- "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
- "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
- "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
- "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
- "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
- "-----END RSA PRIVATE KEY-----",
-
- "-----BEGIN PUBLIC KEY-----\n"
- "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
- "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
- "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
- "3Op0tEjy0jpmzeyNiQIDAQAB\n"
- "-----END PUBLIC KEY-----"
- );
-
- km[RSA].emplace_back(
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6\n"
- "YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6T\n"
- "AQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7m\n"
- "Tus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2QNv3kBPuYdQQrXhoxCcIVtSIl8pU\n"
- "fI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8SGjA6mSpmrp7lPlKE\n"
- "9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWpxOzb\n"
- "lliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37J\n"
- "IudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4\n"
- "V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDes\n"
- "NBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ4rsmBqOwuglHFW52dIZEG9u/20ta\n"
- "QMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLiBLx0Yr/RXKf6gJUCAwEA\n"
- "AQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh18pva5Kzh\n"
- "EU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh\n"
- "9u236vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXN\n"
- "GF5JjNcCOQxO1Em8pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG\n"
- "5DPb19r9XjQhUPjbcq3/4qmLwtLT9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+\n"
- "fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK6wX2IQ+7vJoWQyg2w6DbpSRq\n"
- "cyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxeeRpNqFU9OCw0B\n"
- "d3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O\n"
- "bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBW\n"
- "gUyLSdxR5RoEjBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbP\n"
- "ggFZ8JnuwgtNo0soVKsWGATH65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX8\n"
- "0jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H1TYDjwA1iBFku/O/xx7Jag7Y0A2l\n"
- "1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MOGFTs5r9QyM//sm5D\n"
- "2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDOUCx6\n"
- "xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0\n"
- "/zX4MFMD/Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWd\n"
- "kKpm9xcFddATlT0CggEBAOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvE\n"
- "qgKHOgZO9ztD6/UgX41uc+3rKfvmY5AsldGZgd0ov/DyeF0N834LeBVayG1fdcEt\n"
- "amqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9TwoUWS2xmldc+nehCdHs\n"
- "WQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ETjKemdK\n"
- "HQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5\n"
- "ZB7ev8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FW\n"
- "Nqvwp9PQzxwTv8wuxBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o\n"
- "1Rad6jtb1SiV9KcPk83wIeoUk/xp0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7L\n"
- "qpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8eTEywu5yrMGeAjVpLFfKlmGI\n"
- "pYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk2kuGLYXISfUG\n"
- "j0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a\n"
- "xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8W\n"
- "X4+ZEW7S4heLsUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/a\n"
- "W22I0REV5UU8bS1F7taV93EwWmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVy\n"
- "FjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4igfJpPcUFYOazZ3Y7q53RdCgIPKKy\n"
- "iVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GHW93TUDTKWlTXyUFm\n"
- "C2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltYG08t\n"
- "fEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL6\n"
- "06qeBC8xoVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQ\n"
- "pyVWfB+F2ppBOYtKvNubyKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+I\n"
- "Qj8I06c1T31kzfJ71Vx1DUWZW/65xmFD4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rq\n"
- "uPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+Vx676FQrM4EzjSSqgA==\n"
- "-----END RSA PRIVATE KEY-----\n",
- "-----BEGIN PUBLIC KEY-----\n"
- "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3\n"
- "+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui\n"
- "tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB\n"
- "x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2\n"
- "QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8\n"
- "9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4\n"
- "m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA\n"
- "+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp\n"
- "f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4\n"
- "+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ\n"
- "4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+\n"
- "8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==\n"
- "-----END PUBLIC KEY-----");
- km[DSA].emplace_back(
- "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
- "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
- "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
- "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
- "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
- "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
- "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
- "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
- "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
- "yAKPlW7WQzgV5jLLNUW7\n"
- "-----END DSA PRIVATE KEY-----\n",
- "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMixBFiCdTiablWszLKSk03N4dNAA7wT\n"
- "aEkBw7A08Gt2izxqZqStwmfIFo2HnpmyVy5c0Qom7GIOzLhUz0pRHx8dOpOIXmz7\n"
- "g0CvN2t3A1CkpaMCok1+CkJ1otkfD2jznt+VxDh3Jg2cDPX9I0ae/TcObwRhE1EU\n"
- "1oU3DvME+PJXAhUA3KPuKMt+sJsNkOLqid3k2nU2zSECgYEAhxLVx5a3DoMAaZjD\n"
- "Dbuv/WUu2qOuryPTDRoXovL6ln/L5ZPD0pPXx5Eo+ZWCu5VKfdVVUl43TRdqgq98\n"
- "9IeRNEgTmuujZkQieGneDRVqTsRclZ7sooFFepIw0WSd2Mq/WfI0p5ZISr1eqXpI\n"
- "+fwnxN+ZvJSk9IiCVlG8nYMfAckDgYQAAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkB\n"
- "eukXzeZGqNWEjgzLAjMZEVYMDLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23\n"
- "ToR8fQuiBu+KvtAP/QuCOJ/LS0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6\n"
- "J2+fygnWcOOSo6s=\n"
- "-----END PUBLIC KEY-----\n"
- );
- km[ECDSA].emplace_back(
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
- "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
- "sQ==\n"
- "-----END EC PRIVATE KEY-----",
-
- "-----BEGIN PUBLIC KEY-----\n"
- "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
- "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
- "-----END PUBLIC KEY-----"
- );
-
- CKM::RawBuffer AES_key = createRandomBuffer(256/8);
- km[AES].emplace_back(AES_key);
-
- return km;
-}
-
-KeyMap keys = initializeKeys();
-typedef vector<CertificateShPtr> CertVector;
-
-const RawBuffer raw_buffer(const char* buffer)
-{
- return RawBuffer(buffer, buffer + strlen(buffer));
-}
-
-const RawBuffer test_buffer = raw_buffer("test_string");
-
-template <typename F, typename... Args>
-void test_negative(F&& func, int expected, Args... args)
-{
- MyObserverPtr obs = make_shared<MyObserver>();
- ManagerAsync mgr;
-
- (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
- obs->WaitForResponse();
-
- RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
- RUNNER_ASSERT_MSG(
- obs->m_error == expected,
- "Expected " << expected << "/" << ErrorToString(expected) <<
- " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
-}
-
-template <typename F, typename... Args>
-void test_invalid_param(F&& func, Args... args)
-{
- test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
-}
-
-template <typename F, typename... Args>
-MyObserverPtr test_positive(F&& func, Args... args)
-{
- MyObserverPtr obs = make_shared<MyObserver>();
- ManagerAsync mgr;
-
- (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
- obs->WaitForResponse();
-
- RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
- RUNNER_ASSERT_MSG(obs->m_error == 0,
- "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
- return obs;
-}
-
-template <typename F, typename... Args>
-void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
-{
- auto obs = test_positive(move(func), args...);
- RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
-}
-
-template <typename F, typename... Args>
-void test_check_cert_chain(F&& func, size_t expected, Args... args)
-{
- auto obs = test_positive(move(func), args...);
- RUNNER_ASSERT_MSG(
- obs->m_certChain.size() == expected,
- "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
-}
-
-typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
- const CertificateShPtr&,
- const CertificateShPtrVector&,
- const CertificateShPtrVector&,
- bool);
-
-typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
- const CertificateShPtr&,
- const AliasVector&,
- const AliasVector&,
- bool);
-
-class UserEnv : public RemoveDataEnv<APP_UID>
-{
-public:
- void init(const std::string & str) {
- RemoveDataEnv<APP_UID>::init(str);
- unlock_user_data(APP_UID, TEST_PASS);
- m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID));
- }
- void finish() {
- m_ap.reset();
- // lock is performed by remove_user_data() in RemoveDataEnv
- RemoveDataEnv<APP_UID>::finish();
- }
- std::unique_ptr<ScopedAccessProvider> m_ap;
-};
-
-CKM::PKCS12ShPtr loadPkcs()
-{
- std::ifstream is("/usr/share/ckm-test/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-
- return pkcs;
-}
-
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
-
-// saveKey
-RUNNER_TEST(TA0010_save_key_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
- test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
- test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
-}
-
-RUNNER_TEST(TA0020_save_key_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
- test_negative(&ManagerAsync::saveKey,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- "alias",
- keys[RSA][0].prv,
- Policy());
-}
-
-RUNNER_TEST(TA0050_save_key_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
-}
-
-
-// saveCertificate
-RUNNER_TEST(TA0110_save_cert_invalid_param, UserEnv)
-{
- CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
- test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
- test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
- test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
-}
-
-RUNNER_TEST(TA0120_save_cert_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
- test_negative(&ManagerAsync::saveCertificate,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- "alias",
- getTestCertificate(MBANK),
- Policy());
-}
-
-RUNNER_TEST(TA0150_save_cert_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
-}
-
-
-// saveData
-RUNNER_TEST(TA0210_save_data_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
- test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
- test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
-}
-
-RUNNER_TEST(TA0220_save_data_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy());
- test_negative(&ManagerAsync::saveData,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- "alias",
- test_buffer,
- Policy());
-}
-
-RUNNER_TEST(TA0250_save_data_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy());
-}
-
-
-// removeKey
-RUNNER_TEST(TA0310_remove_alias_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::removeAlias, "alias");
- test_invalid_param(&ManagerAsync::removeAlias, "");
-}
-
-RUNNER_TEST(TA0330_remove_alias_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
-}
-
-RUNNER_TEST(TA0350_remove_key_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias_RSA");
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias_DSA");
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias_AES");
-
-}
-
-
-RUNNER_TEST(TA0450_remove_cert_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy());
- test_positive(&ManagerAsync::removeAlias, "alias");
-}
-
-
-RUNNER_TEST(TA0550_remove_data_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias");
-}
-
-
-// getKey
-RUNNER_TEST(TA0610_get_key_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getKey, "alias", "");
- test_invalid_param(&ManagerAsync::getKey, "", "");
-}
-
-RUNNER_TEST(TA0630_get_key_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
-}
-
-RUNNER_TEST(TA0640_get_key_wrong_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password"));
- test_negative(&ManagerAsync::getKey,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_RSA",
- "wrong-password");
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password"));
- test_negative(&ManagerAsync::getKey,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_DSA",
- "wrong-password");
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password"));
- test_negative(&ManagerAsync::getKey,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_AES",
- "wrong-password");
-}
-
-RUNNER_TEST(TA0650_get_key_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias_RSA", "password");
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias_DSA", "password");
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias_AES", "password");
-}
-
-
-// getCertificate
-RUNNER_TEST(TA0710_get_cert_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getCertificate, "alias", "");
- test_invalid_param(&ManagerAsync::getCertificate, "", "");
-}
-
-RUNNER_TEST(TA0730_get_cert_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::getCertificate,
- CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- "non-existing-alias",
- "");
-}
-
-RUNNER_TEST(TA0740_get_cert_wrong_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate,
- "alias",
- getTestCertificate(MBANK),
- Policy("password"));
- test_negative(&ManagerAsync::getCertificate,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias",
- "wrong-password");
-}
-
-RUNNER_TEST(TA0750_get_cert_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy("password"));
- test_positive(&ManagerAsync::getCertificate, "alias", "password");
-}
-
-
-// getData
-RUNNER_TEST(TA0810_get_data_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getData, "alias", "");
- test_invalid_param(&ManagerAsync::getData, "", "");
-}
-
-RUNNER_TEST(TA0830_get_data_unknown_alias, UserEnv)
-{
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
-}
-
-RUNNER_TEST(TA0840_get_data_wrong_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy("password"));
- test_negative(&ManagerAsync::getData,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias",
- "wrong-password");
-}
-
-RUNNER_TEST(TA0850_get_data_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy("password"));
- test_positive(&ManagerAsync::getData, "alias", "password");
-}
-
-
-// getKeyAliasVector
-RUNNER_TEST(TA0910_get_key_alias_vector_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getKeyAliasVector);
-}
-
-RUNNER_TEST(TA0950_get_key_alias_vector_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA") });
-
- test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA") });
-
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES") });
-
- // remove DSA key
- test_positive(&ManagerAsync::removeAlias, "alias_DSA");
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES")});
-}
-
-
-// getCertificateAliasVector
-RUNNER_TEST(TA1010_get_cert_alias_vector_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getCertificateAliasVector);
-}
-
-RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(MBANK), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
-
- test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(SYMANTEC), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
-
- test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
-}
-
-
-// getDataAliasVector
-RUNNER_TEST(TA1110_get_data_alias_vector_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::getDataAliasVector);
-}
-
-RUNNER_TEST(TA1150_get_data_alias_vector_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::saveData, "alias1", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
-
- test_positive(&ManagerAsync::saveData, "alias2", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
-
- test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
-}
-
-
-// createKeyPairRSA
-RUNNER_TEST(TA1210_create_key_pair_RSA_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createKeyPairRSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1220_create_key_pair_RSA_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyPairRSA,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1250_create_key_pair_RSA_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::createKeyPairRSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
-}
-
-// createKeyPairDSA
-RUNNER_TEST(TA1270_create_key_pair_DSA_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createKeyPairDSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1280_create_key_pair_DSA_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[DSA][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyPairDSA,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1290_create_key_pair_DSA_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::createKeyPairDSA,
- 1024,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
-}
-
-// createKeyPairECDSA
-RUNNER_TEST(TA1310_create_key_pair_ECDSA_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createKeyPairECDSA,
- ElipticCurve::prime192v1,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1320_create_key_pair_ECDSA_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[ECDSA][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyPairECDSA,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- ElipticCurve::prime192v1,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-}
-
-RUNNER_TEST(TA1350_create_key_pair_ECDSA_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::createKeyPairECDSA,
- ElipticCurve::prime192v1,
- "alias_prv",
- "alias_pub",
- Policy(),
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
-}
-
-// createKeyAES
-RUNNER_TEST(TA1360_create_key_AES_invalid_param, UserEnv)
-{
- test_invalid_param(&ManagerAsync::createKeyAES,
- 147,
- "alias_AES",
- Policy());
-}
-
-RUNNER_TEST(TA1370_create_key_AES_already_exists, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_negative(&ManagerAsync::createKeyAES,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- 256,
- "alias_AES",
- Policy());
-}
-
-RUNNER_TEST(TA1380_create_key_AES_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test require password support.");
- test_positive(&ManagerAsync::createKeyAES,
- 256,
- "alias_AES",
- Policy());
-
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_AES")});
-}
-
-// getCertificateChain
-RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
- test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
- test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
- CertificateShPtr(),
- certv,
- EMPTY_CERT_VECTOR,
- true);
-
- Alias alias = "alias";
- AliasVector aliasv = { alias };
- test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
- cert,
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
- test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
- CertificateShPtr(),
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
-}
-
-RUNNER_TEST(TA1420_get_certificate_chain_negative, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(MBANK) };
- test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true);
- test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
- AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
- test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- EMPTY_ALIAS_VECTOR,
- EMPTY_ALIAS_VECTOR,
- true);
- test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
- CKM_API_ERROR_VERIFICATION_FAILED,
- cert,
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
-}
-
-RUNNER_TEST(TA1450_get_certificate_chain_positive, UserEnv)
-{
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
- test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
- 3,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
-
- AliasVector aliasv = { "alias" };
- test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
- test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
- 3,
- cert,
- aliasv,
- EMPTY_ALIAS_VECTOR,
- true);
-}
-
-
-// createSignature
-RUNNER_TEST(TA1510_create_signature_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::createSignature,
- "alias",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
- test_invalid_param(&ManagerAsync::createSignature,
- "",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
- test_invalid_param(&ManagerAsync::createSignature,
- "alias",
- "",
- RawBuffer(),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1520_create_signature_invalid_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password"));
- test_negative(&ManagerAsync::createSignature,
- CKM_API_ERROR_INPUT_PARAM,
- "alias",
- "wrong-password",
- RawBuffer(),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1550_create_signature_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::createSignature,
- "alias",
- "password",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-
-// verifySignature
-RUNNER_TEST(TA1610_verify_signature_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::verifySignature,
- "",
- "",
- RawBuffer(),
- RawBuffer(),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
- test_invalid_param(&ManagerAsync::verifySignature,
- "",
- "",
- test_buffer,
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1620_verify_signature_invalid_password, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("pass1"));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("pass2"));
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "pass1",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias_pub",
- "wrong-password",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1630_verify_signature_invalid_message, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy(""));
-
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub",
- "",
- raw_buffer("invalid-unsigned-mesage"),
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1640_verify_signature_invalid_signature, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy(""));
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub",
- "",
- test_buffer,
- raw_buffer("invalid-signature"),
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1650_verify_signature_wrong_key, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub2", keys[RSA][1].pub, Policy(""));
- test_positive(&ManagerAsync::saveKey, "alias_pub3", keys[DSA][0].prv, Policy(""));
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_positive(&ManagerAsync::verifySignature,
- "alias_prv",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_positive(&ManagerAsync::verifySignature,
- "alias_pub",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub2",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_negative(&ManagerAsync::verifySignature,
- CKM_API_ERROR_VERIFICATION_FAILED,
- "alias_pub3",
- "",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-RUNNER_TEST(TA1660_verify_signature_positive, UserEnv)
-{
- test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("pass1"));
- test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("pass2"));
- auto obs = test_positive(&ManagerAsync::createSignature,
- "alias_prv",
- "pass1",
- test_buffer,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-
- test_positive(&ManagerAsync::verifySignature,
- "alias_pub",
- "pass2",
- test_buffer,
- obs->m_signed,
- HashAlgorithm::SHA1,
- RSAPaddingAlgorithm::PKCS1);
-}
-
-
-// ocspCheck
-RUNNER_TEST(TA1710_ocsp_check_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
- test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
- test_invalid_param(&ManagerAsync::ocspCheck, NULL_PTR_VECTOR);
-}
-
-RUNNER_TEST(TA1720_ocsp_check_negative, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test requires additional network features to work.");
- CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
-
- auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
- RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
- "Verification should fail. Got: " << obs->m_ocspStatus);
-}
-
-RUNNER_TEST(TA1750_ocsp_check_positive, UserEnv)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test requires additional network features to work.");
- CertificateShPtr cert = getTestCertificate(MBANK);
- CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
- auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
- cert,
- certv,
- EMPTY_CERT_VECTOR,
- true);
-
- auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
- RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
- "Verification failed. Error: " << obs->m_ocspStatus);
-}
-
-// setPermission
-RUNNER_TEST(TA1810_allow_access_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
- test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
- test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
-}
-
-RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
-{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
-
- // prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
- std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
- save_data(alias2.c_str(), TEST_DATA);
- save_data(alias3.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias2,
- TEST_LABEL_2,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- alias3,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- }
-
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
-
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
-
- // test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
-
- // now test with appropriate addressing
- test_positive(&ManagerAsync::getData, alias2, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
-
- test_positive(&ManagerAsync::getData, alias3, "");
- test_positive(&ManagerAsync::removeAlias, alias3);
- }
-}
-
-// denyAccess
-RUNNER_TEST(TA1910_deny_access_invalid_param, UserEnv)
-{
- test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
- test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
- test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
-}
-
-RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
-{
- ScopedDBUnlock dbu(APP_UID, TEST_PASS);
-
- // prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::NONE);
- }
-
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
-
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
- }
-}
-
-RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, RemoveDataEnv<0>)
-{
- auto pkcs = loadPkcs();
-
- // save to the CKM
- CKM::Policy exportable;
- CKM::Policy notExportable(CKM::Password(), false);
-
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
- pkcs,
- exportable,
- exportable);
- test_negative(&ManagerAsync::savePKCS12,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_exportable),
- pkcs,
- exportable,
- exportable);
-
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
- pkcs,
- notExportable,
- notExportable);
- test_negative(&ManagerAsync::savePKCS12,
- CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_not_exportable),
- pkcs,
- notExportable,
- notExportable);
-}
-
-RUNNER_TEST(TA2010_PKCS_get, RemoveDataEnv<0>)
-{
- auto pkcs = loadPkcs();
-
- // save to the CKM
- CKM::Policy exportable;
- CKM::Policy notExportable(CKM::Password(), false);
-
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
- pkcs,
- exportable,
- exportable);
- test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
- pkcs,
- notExportable,
- notExportable);
-
- // fail - no entry
- test_negative(&ManagerAsync::getPKCS12,
- CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- sharedDatabase("i-do-not-exist").c_str(),
- CKM::Password(),
- CKM::Password());
-
-
- // fail - not exportable
- test_negative(&ManagerAsync::getPKCS12,
- CKM_API_ERROR_NOT_EXPORTABLE,
- sharedDatabase(alias_PKCS_not_exportable),
- CKM::Password(),
- CKM::Password());
-
- // success - exportable
- auto obs = test_positive(&ManagerAsync::getPKCS12,
- sharedDatabase(alias_PKCS_exportable),
- CKM::Password(),
- CKM::Password());
-
- auto cert = obs->m_pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = obs->m_pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file c-compilation.c
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-type.h>
-
-static unsigned char iv[] = { "rewrewrewgegsrtbhns" };
-
-void algo_param() {
- ckmc_param_list_h list = NULL;
- ckmc_raw_buffer_s* buffer = NULL;
-
- if(CKMC_ERROR_NONE != ckmc_param_list_new(&list))
- goto finish;
- if(CKMC_ERROR_NONE != ckmc_buffer_new(iv, sizeof(iv), &buffer))
- goto finish;
- if(CKMC_ERROR_NONE != ckmc_param_list_set_integer(list, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM))
- goto finish;
- if(CKMC_ERROR_NONE != ckmc_param_list_set_buffer(list, CKMC_PARAM_ED_IV, buffer))
- goto finish;
-
-finish:
- ckmc_buffer_free(buffer);
- ckmc_param_list_free(list);
-}
-
-
-int main()
-{
- algo_param();
- // TODO test other API
- return 0;
-}
+++ /dev/null
-#include <sys/types.h>
-#include <sys/wait.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <access_provider2.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-#include <ckm/ckm-type.h>
-
-namespace {
-const int USER_ROOT = 0;
-const int APP_1 = 6000;
-const int GROUP_1 = 6000;
-const int APP_2 = 6200;
-const int GROUP_2 = 6200;
-const char * const APP_PASS_1 = "app-pass-1";
-const char * const APP_PASS_2 = "app-pass-2";
-const char* APP_LABEL_1 = "APP_LABEL_1";
-const char* APP_LABEL_2 = "APP_LABEL_2";
-const char* APP_LABEL_3 = "APP_LABEL_3";
-const char* APP_LABEL_4 = "APP_LABEL_4";
-
-
-const char* NO_ALIAS = "definitely-non-existent-alias";
-const char* NO_OWNER = "definitely-non-existent-owner";
-
-const char* TEST_ALIAS = "test-alias";
-const char* TEST_ALIAS2 = "test-alias2";
-const char* TEST_ALIAS3 = "test-alias3";
-
-const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-
-void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights)
-{
- int ret = ckmc_allow_access(alias, accessor, accessRights);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights)
-{
- // data removal should revoke this access
- int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret));
-}
-
-void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor)
-{
- int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret));
-}
-
-void check_alias_count(size_t expected)
-{
- size_t count = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count);
-}
-
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API);
-
-
-/////////////////////////////////////////////////////////////////////////////
-// Manager
-RUNNER_TEST(T3000_init)
-{
- reset_user_data(APP_1, APP_PASS_1);
- reset_user_data(APP_2, APP_PASS_2);
-}
-
-// invalid arguments check
-RUNNER_TEST(T3001_manager_allow_access_invalid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ));
- RUNNER_ASSERT(
- CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ));
-}
-
-// invalid arguments check
-RUNNER_TEST(T3002_manager_deny_access_invalid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE));
-}
-
-// tries to allow access for non existing alias
-RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny access for non existing alias
-RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Denying access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny access that does not exist in database
-RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- // deny non existing access to existing alias
- int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
-}
-
-// tries to allow access to application own data
-RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- std::string ownerId = getOwnerIdFromSelf();
- int ret = ckmc_set_permission(TEST_ALIAS, ownerId.c_str(), CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
-}
-
-// verifies that alias can not contain forbidden characters
-RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- std::string test_alias_playground = std::string("AAA BBB CCC");
- check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // control: expect success
- check_read(TEST_ALIAS, 0, TEST_DATA);
- check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
-}
-
-// verifies that label can not contain forbidden characters
-RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
-{
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
-
- // basic test
- std::string APP_LABEL_1_playground = std::string("AAA BBB CCC");
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // insert part of the separator in the middle
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // prepend separator
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.insert(0, ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // append separator
- APP_LABEL_1_playground = std::string(APP_LABEL_1);
- APP_LABEL_1_playground.append(ckmc_label_name_separator);
- check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
-
- // control: expect success
- check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA);
-}
-
-
-// tries to access other application data without permission
-RUNNER_TEST(T3020_manager_access_not_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- }
-}
-
-// tries to access other application data with permission
-RUNNER_TEST(T3021_manager_access_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3022_manager_access_allowed_with_remove)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3025_manager_remove_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to access other application data after allow function was called twice with different
-// rights
-RUNNER_TEST(T3026_manager_double_allow)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- // access should be overwritten
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to access application data with permission and after permission has been revoked
-RUNNER_TEST(T3027_manager_allow_deny)
-{
- // prepare: add data
- GarbageCollector gc;
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-
- // remove permission
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- deny_access(TEST_ALIAS, APP_LABEL_2);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- }
-}
-
-RUNNER_TEST(T3028_manager_access_by_label)
-{
- // prepare: add data
- GarbageCollector gc;
- const char *additional_data = "label-2-data";
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // add data as app 2
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
- save_data(TEST_ALIAS, additional_data);
-
- allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
-
- // test if accessing valid alias (of label2 domain)
- check_read_allowed(TEST_ALIAS, additional_data);
- }
-
- // test accessibility to app 2 from app 1
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
-
- // test if can access label2 alias from label1 domain - should succeed
- check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data);
- }
-}
-
-// tries to modify another label's permission
-RUNNER_TEST(T3029_manager_access_modification_by_foreign_label)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED);
- deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED);
- }
-}
-
-// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3030_manager_get_all_aliases)
-{
- // prepare: add data
- GarbageCollector gc;
- size_t count;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- gc.save(TEST_ALIAS2, TEST_DATA);
-
- count = count_aliases(ALIAS_DATA);
- allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can access other aliases when it has permission
- check_alias_count(count - 1);
-
- ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA);
-
- // check that app can access its own aliases
- check_alias_count(count - 1 + 1);
- }
-
- // remove permission
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- deny_access(TEST_ALIAS, APP_LABEL_2);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can't access other aliases for which permission has been revoked
- check_alias_count(count - 2);
- }
-}
-
-// tries to access other application data with permission
-RUNNER_TEST(T3031_manager_deprecated_access_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- }
-
- // test accessibility from another label
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-/////////////////////////////////////////////////////////////////////////////
-// Control
-
-RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API);
-
-RUNNER_TEST(T3100_init)
-{
- reset_user_data(APP_1, APP_PASS_1);
- reset_user_data(APP_2, APP_PASS_2);
-}
-
-// invalid argument check
-RUNNER_TEST(T3101_control_allow_access_invalid)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- int ret;
- ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
- ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
-
- // double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
- ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret);
-}
-
-// invalid argument check
-RUNNER_TEST(T3102_control_deny_access_invalid)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE));
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE));
-
- // double owner
- std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS);
- RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER ==
- ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE));
-}
-
-// tries to allow access for non existing alias
-RUNNER_TEST(T3103_control_allow_access_non_existing)
-{
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Allowing access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny access for non existing alias
-RUNNER_TEST(T3104_control_deny_access_non_existing)
-{
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Denying access for non existing alias returned " << CKMCErrorToString(ret));
-}
-
-// tries to deny non existing access
-RUNNER_TEST(T3105_control_deny_access_non_existing_access)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Denying non existing access returned: " << CKMCErrorToString(ret));
-}
-
-// tries to allow application to access its own data
-RUNNER_TEST(T3106_control_allow_access_to_myself)
-{
- // prepare: add data
- GarbageCollector gc;
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret,
- "Trying to allow myself returned: " << CKMCErrorToString(ret));
-}
-
-// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
-{
- RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
-
- // prepare: add data
- GarbageCollector gc;
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
-}
-
-// tries to use admin API as a user
-RUNNER_CHILD_TEST(T3111_control_deny_access_as_user)
-{
- RUNNER_IGNORED_MSG("Disabled until labeled sockets not available");
-
- // prepare: add data
- GarbageCollector gc;
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
-
- // test
- int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret));
-}
-
-// tries to read other application data with permission
-RUNNER_TEST(T3121_control_access_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3122_control_access_allowed_with_remove)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission to read
-RUNNER_TEST(T3122_control_access_allowed_remove_denied)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3125_control_remove_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to access other application data after allow function has been called twice with different
-// rights
-RUNNER_TEST(T3126_control_double_allow)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- // access should be overwritten
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-}
-
-// tries to access other application data with permission and after permission has been revoked
-RUNNER_TEST(T3127_control_allow_deny)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS);
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(TEST_ALIAS_adr.c_str());
- check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA);
- }
-
- deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_not_visible(TEST_ALIAS_adr.c_str());
- check_read_not_visible(TEST_ALIAS_adr.c_str());
- }
-}
-
-// checks if only aliases readable by given app are returned
-RUNNER_TEST(T3130_control_get_all_aliases)
-{
- // prepare: add data
- GarbageCollector gc;
- size_t count;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- gc.save(TEST_ALIAS2, TEST_DATA);
-
- count = count_aliases(ALIAS_DATA);
- }
-
- allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can access other aliases when it has permission
- check_alias_count(count - 1);
-
- ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA);
-
- // check that app can access its own aliases
- check_alias_count(count - 1 + 1);
- }
-
- deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- // check that app can't access other aliases for which permission has been revoked
- check_alias_count(count - 2);
- }
-}
-
-// tries to add access to data in a database of invalid user
-RUNNER_TEST(T3140_control_allow_invalid_user)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret));
-}
-
-// tries to revoke access to data in a database of invalid user
-RUNNER_TEST(T3141_control_deny_invalid_user)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret));
-}
-
-// tries to read other application data with permission
-RUNNER_TEST(T3142_control_deprecated_access_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to read other application data with permission to read/remove
-RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA);
- }
-}
-
-// tries to remove other application data with permission to read
-RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
-
-// tries to remove other application data with permission
-RUNNER_TEST(T3145_control_deprecated_remove_allowed)
-{
- // prepare: add data
- GarbageCollector gc;
- {
- ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1);
- gc.save(TEST_ALIAS, TEST_DATA);
- }
-
- allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE);
- {
- ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1);
-
- check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str());
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file capi-certificate-chains.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <stdarg.h>
-
-#include <string>
-#include <memory>
-
-#include <dpl/test/test_runner.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <ckm-common.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-namespace {
-
-typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
-typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
-typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
-
-ckmc_cert_s* create_cert(TestData::certificateID idx) {
-
- std::string cert_raw = TestData::getTestCertificateBase64(idx);
-
- ckmc_cert_s* cert = NULL;
- assert_positive(ckmc_cert_new,
- reinterpret_cast<unsigned char*>(const_cast<char*>(cert_raw.c_str())),
- cert_raw.size(),
- CKMC_FORM_PEM,
- &cert);
-
- RUNNER_ASSERT_MSG(cert != NULL, "Cert is NULL");
- return cert;
-}
-
-void save_cert(const ckmc_cert_s* cert, const char* alias) {
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
- assert_positive(ckmc_save_cert, alias, *cert, policy);
-}
-
-// list takes ownership of provided certificates
-CertListPtr create_cert_list(ckmc_cert_s* cert, ...) {
- CertListPtr certList(NULL, ckmc_cert_list_all_free);
-
- va_list ap;
-
- va_start(ap, cert);
- ckmc_cert_list_s* last = NULL;
- for (ckmc_cert_s* c = cert; c!=NULL; c = va_arg(ap, ckmc_cert_s*)) {
- if (!certList) {
- ckmc_cert_list_s* tmp = NULL;
- assert_positive(ckmc_cert_list_new, c, &tmp);
- certList = CertListPtr(tmp, ckmc_cert_list_all_free);
- RUNNER_ASSERT_MSG(!!certList, "Cert list is NULL");
- last = certList.get();
- } else {
- assert_positive(ckmc_cert_list_add, last, c, &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL");
- }
- }
- va_end(ap);
-
- return certList;
-}
-
-const ckmc_cert_s* NULL_CERT = NULL;
-ckmc_cert_list_s** NULL_CHAIN = NULL;
-
-/*
- * Helper class for certificate verification
- */
-class ChainVerifierBase {
-public:
- ChainVerifierBase();
- virtual ~ChainVerifierBase();
-
- void addTrusted(TestData::certificateID idx);
- void addUntrusted(TestData::certificateID idx);
- void enableSystem(bool enable);
-
- virtual void verifyPositive(TestData::certificateID idx, size_t expected) = 0;
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED) = 0;
-
-protected:
- void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert);
- void addAlias(ckmc_alias_list_s*& list, const char* alias);
-
- ckmc_cert_list_s* m_trustedCerts;
- ckmc_alias_list_s* m_trustedAliases;
-
- ckmc_cert_list_s* m_untrustedCerts;
- ckmc_alias_list_s* m_untrustedAliases;
-
- bool m_system;
-};
-
-
-ChainVerifierBase::ChainVerifierBase() :
- m_trustedCerts(NULL),
- m_trustedAliases(NULL),
- m_untrustedCerts(NULL),
- m_untrustedAliases(NULL),
- m_system(true)
-{
-}
-
-ChainVerifierBase::~ChainVerifierBase()
-{
- ckmc_cert_list_all_free(m_trustedCerts);
- ckmc_cert_list_all_free(m_untrustedCerts);
- ckmc_alias_list_all_free(m_trustedAliases);
- ckmc_alias_list_all_free(m_untrustedAliases);
-}
-
-void ChainVerifierBase::addTrusted(TestData::certificateID idx)
-{
- size_t size = list_size(m_trustedCerts);
- ckmc_cert_s* cert = create_cert(idx);
- addCert(m_trustedCerts, cert);
-
- std::stringstream ss;
- ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
- save_cert(cert, ss.str().c_str());
- addAlias(m_trustedAliases, ss.str().c_str());
-}
-
-void ChainVerifierBase::addUntrusted(TestData::certificateID idx)
-{
- size_t size = list_size(m_untrustedCerts);
- ckmc_cert_s* cert = create_cert(idx);
- addCert(m_untrustedCerts, cert);
-
- std::stringstream ss;
- ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
- save_cert(cert, ss.str().c_str());
- addAlias(m_untrustedAliases, ss.str().c_str());
-}
-
-void ChainVerifierBase::enableSystem(bool enable)
-{
- m_system = enable;
-}
-
-void ChainVerifierBase::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
-{
- if (!list) {
- ckmc_cert_list_s* tmp = NULL;
- assert_positive(ckmc_cert_list_new, cert, &tmp);
- RUNNER_ASSERT_MSG(!!tmp, "Cert list is NULL");
- list = tmp;
- } else {
- ckmc_cert_list_s* last = list;
- while(last->next)
- last = last->next;
- assert_positive(ckmc_cert_list_add, last, cert, &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL");
- }
-}
-
-void ChainVerifierBase::addAlias(ckmc_alias_list_s*& list, const char* alias)
-{
- if (!list) {
- ckmc_alias_list_s* tmp = NULL;
- assert_positive(ckmc_alias_list_new, strdup(alias), &tmp);
- RUNNER_ASSERT_MSG(!!tmp, "Alias list is NULL");
- list = tmp;
- } else {
- ckmc_alias_list_s* last = list;
- while(last->next)
- last = last->next;
- assert_positive(ckmc_alias_list_add, last, strdup(alias), &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last alias on the list is NULL");
- }
-}
-
-class ChainVerifierOld : public ChainVerifierBase {
-public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
-};
-
-class ChainVerifier : public ChainVerifierBase {
-public:
- virtual void verifyPositive(TestData::certificateID idx, size_t expected);
- virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
-};
-
-void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_positive(ckmc_get_cert_chain,
- cert,
- m_untrustedCerts,
- &chain);
-
- size_t size = list_size(chain);
- ckmc_cert_list_all_free(chain);
- chain = NULL;
- RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
-
- assert_positive(ckmc_get_cert_chain_with_alias,
- cert,
- m_untrustedAliases,
- &chain);
-
- size = list_size(chain);
- ckmc_cert_list_all_free(chain);
- chain = NULL;
- RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
-
- ckmc_cert_free(cert);
-}
-
-void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_positive(ckmc_get_cert_chain_with_trustedcert,
- cert,
- m_untrustedCerts,
- m_trustedCerts,
- m_system,
- &chain);
-
- size_t size = list_size(chain);
- ckmc_cert_list_all_free(chain);
- chain = NULL;
- RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
-
- ckmc_cert_free(cert);
-}
-
-void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_result(error,
- ckmc_get_cert_chain,
- cert,
- m_untrustedCerts,
- &chain);
- RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
-
- assert_result(error,
- ckmc_get_cert_chain_with_alias,
- cert,
- m_untrustedAliases,
- &chain);
-
- RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
-
- ckmc_cert_free(cert);
-}
-
-void ChainVerifier::verifyNegative(TestData::certificateID idx, int error)
-{
- ckmc_cert_s* cert = create_cert(idx);
-
- ckmc_cert_list_s* chain = NULL;
-
- assert_result(error,
- ckmc_get_cert_chain_with_trustedcert,
- cert,
- m_untrustedCerts,
- m_trustedCerts,
- m_system,
- &chain);
- RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
-
- ckmc_cert_free(cert);
-}
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
-
-RUNNER_TEST(TCCH_0000_init)
-{
- remove_user_data(0);
-}
-
-// old API
-RUNNER_TEST(TCCH_0010_get_chain_old_api)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. Require network feature.");
- remove_user_data(0);
-
- ChainVerifierOld cv;
- cv.verifyNegative(TestData::GOOGLE_COM);
-
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyPositive(TestData::GOOGLE_COM, 3); // including system cert
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-// old API
-RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
-{
- remove_user_data(0);
-
- ChainVerifierOld cv;
- cv.verifyPositive(TestData::GIAG2, 2); // including system cert
-}
-
-// check invalid arguments
-RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
-{
- remove_user_data(0);
-
- ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
- ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
- ckmc_cert_list_s* chain = NULL;
-
- // cert
- CertListPtr untrusted_c = create_cert_list(ca1, NULL);
- ca1 = NULL;
-
- assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
- NULL_CERT,
- untrusted_c.get(),
- untrusted_c.get(),
- true,
- &chain);
-
- assert_invalid_param(ckmc_get_cert_chain_with_trustedcert,
- ca2,
- untrusted_c.get(),
- untrusted_c.get(),
- true,
- NULL_CHAIN);
-
- ckmc_cert_free(ca2);
-}
-
-/*
- * This test verifies that chain of trust won't be successfully built unless system or trusted
- * certificates are used even if real trusted root ca certs are used as untrusted.
- */
-RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.verifyNegative(TestData::EQUIFAX);
-
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-/*
- * This test verifies that it's possible to build a chain of trust with single trusted certificate
- * and no system certificates.
- */
-RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.verifyPositive(TestData::TEST_IM_CA, 2);
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-/*
- * This test verifies that it's possible to build a chain of trust with system certificates only
- */
-RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.verifyPositive(TestData::GIAG2, 2); // including system cert
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-/*
- * Verifies that chain of trust can be built without untrusted certificates.
- */
-RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.verifyPositive(TestData::TEST_IM_CA, 2);// signed by trusted cert (TEST_ROOT_CA)
- cv.verifyPositive(TestData::GIAG2, 2); // signed by system cert (GEOTRUST)
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. Require network feature.");
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.addUntrusted(TestData::GIAG2);
- cv.verifyPositive(TestData::GOOGLE_COM,3); // including system cert
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-/*
- * Check if its possible to build a chain of trust without system certs.
- */
-RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::TEST_IM_CA);
- cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-/*
- * Check if its possible to build a chain of trust with intermediate ca cert in trusted list.
- */
-RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
-{
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(false);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addTrusted(TestData::TEST_IM_CA);
- cv.verifyPositive(TestData::TEST_LEAF, 3);
- cv.verifyNegative(TestData::GOOGLE_COM);
-}
-
-RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. Require network feature.");
- remove_user_data(0);
-
- ChainVerifier cv;
- cv.enableSystem(true);
- cv.addTrusted(TestData::TEST_ROOT_CA);
- cv.addUntrusted(TestData::GEOTRUST);
- cv.addUntrusted(TestData::GIAG2);
- /*
- * In combat conditions this may as well be 3. Because of 2 existing GeoTrust certificates with
- * same Subject and Public key one being root ca and the other not there are 2 possible chains
- * of trust for this certificate.
- */
- cv.verifyPositive(TestData::GOOGLE_COM,4);
- cv.verifyNegative(TestData::TEST_LEAF);
-}
-
-RUNNER_TEST(TCCH_9999_deinit)
-{
- remove_user_data(0);
-}
+++ /dev/null
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <ckm-common.h>
-#include <access_provider2.h>
-
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-type.h>
-
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-
-#include <ckm-common.h>
-
-#include <string>
-#include <fstream>
-#include <string.h>
-#include <stdio.h>
-#include <stddef.h>
-#include <stdlib.h>
-
-namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
-const char* USER_PASS = "user-pass";
-const char* TEST_LABEL = "test_label";
-const char *const TEST_OBJECT1 = "OBJECT1";
-const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
-const char* TEST_SYSTEM_ALIAS = "system-alias-1";
-const char* TEST_DATA = "ABCD";
-} // namespace anonymous
-
-
-RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
-
-RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
- CKMCReadableError(temp));
-
- remove_user_data(5000);
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3011_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3012_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3013_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3014_Control_C_API)
-{
- int temp;
- const uid_t UNIQUE_USER = 6500;
-
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
- // unlock with empty password
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
- CKMCReadableError(temp));
- // reset password (NULL, "simple-password")
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
- CKMCReadableError(temp));
- // get rid of NULL DKEK
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")),
- CKMCReadableError(temp));
- // lock db
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)),
- CKMCReadableError(temp));
- // try to reset password when db locked
- RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
- CKMCReadableError(temp));
- // clean up environment
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3015_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3016_Control_C_API)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
-{
- save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
-
- // [test] - expect success
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA);
-
- // remove user data - expect to map to the system DB
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
- CKMCReadableError(temp));
-
- // [test] - expect fail
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-}
-
-RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
-
-RUNNER_TEST(T30201_init_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30202_RSA_key_C_API)
-{
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- CKM::Alias alias = sharedDatabase("mykey");
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30203_AES_key_C_API)
-{
- int temp;
- CKM::Alias alias = sharedDatabase("my_AES_key");
- size_t key_length = 192;
-
- ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = NULL;
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
-
- compare_AES_keys(test_key, test_key2);
- ckmc_key_free(test_key);
- ckmc_key_free(test_key2);
-}
-
-RUNNER_TEST(T30204_certificate_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- ckmc_cert_s cert;
-
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
-RUNNER_TEST(T30205_certificate_remove_C_API)
-{
- int temp;
-
- char* password = NULL;
- ckmc_cert_s *cert2;
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert2);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30206_certificate_list_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_CERT);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-}
-
-
-RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- const char *passwordPolicy = "x";
- const char *alias = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = const_cast<char *>(passwordPolicy);
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
- CKMCReadableError(temp));
-
- // RUNNER_ASSERT_MSG(
- // key.getDER() == key2.getDER(), "Key value has been changed by service");
-
- delete [] char_keypem;
-}
-
-RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = NULL;
- size_t key_length = 192;
- CKM::Alias alias = "my_AES_key";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-
- compare_AES_keys(test_key, test_key2);
- ckmc_key_free(test_key);
- ckmc_key_free(test_key2);
-}
-
-RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = "x";
- size_t key_length = 192;
- CKM::Alias alias = "my_AES_key-2";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- ckmc_key_free(test_key);
-}
-
-RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- ckmc_policy_s test_policy;
- ckmc_key_s test_key, *test_key2;
- char* char_keypem = new char[keyPem.length() + 1];
- char* password = NULL;
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = NULL;
-
- test_policy.password = password;
- test_policy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
-{
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = NULL;
- size_t key_length = 256;
- CKM::Alias alias = "my_AES_key-3";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- ckmc_key_free(test_key);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T30212_certificate_with_DSA_key_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s *cert2 = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
-RUNNER_TEST(T30213_deinit_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-
-RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
-
-RUNNER_TEST(T3031_init_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3032_save_asymmetric_keys_get_alias_C_API)
-{
- int temp;
-
- char* password = NULL;
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
- ckmc_key_s test_key;
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 0;
-
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-}
-
-
-RUNNER_TEST(T3033_remove_asymmetric_key_C_API)
-{
- int temp;
-
- char* password = NULL;
-
- ckmc_key_s *test_key2;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3034_save_symmetric_keys_get_alias_C_API)
-{
- int temp;
- size_t key_length = 128;
- ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
- test_policy1.password = NULL;
- test_policy1.extractable = 1;
-
- test_policy2.password = NULL;
- test_policy2.extractable = 1;
-
- test_policy3.password = NULL;
- test_policy3.extractable = 1;
-
- int current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
-
- ckmc_key_free(test_key);
-}
-
-
-RUNNER_TEST(T3035_remove_symmetric_key_C_API)
-{
- int temp;
-
- ckmc_key_s *test_key2;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
- validate_AES_key(test_key2);
- ckmc_key_free(test_key2);
-
- // actual test - remove middle item
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)),
- CKMCReadableError(temp));
- validate_AES_key(test_key2);
- ckmc_key_free(test_key2);
-
-}
-
-RUNNER_TEST(T3036_deinit_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
-
-RUNNER_TEST(T3041_init_C_API)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, "simple-password");
-}
-
-RUNNER_TEST(T3042_save_get_bin_data_C_API)
-{
- int temp;
-
- ckmc_raw_buffer_s testData1, testData2, testData3;
- char* password = NULL;
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
- char* char_binData1 = new char[binData1.length() + 1];
- char* char_binData2 = new char[binData2.length() + 1];
- char* char_binData3 = new char[binData3.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- std::strcpy(char_binData2, binData2.c_str());
- std::strcpy(char_binData3, binData3.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData2.data = (unsigned char *) char_binData2;
- testData3.data = (unsigned char *) char_binData3;
- testData1.size = binData1.length()+1;
- testData2.size = binData2.length()+1;
- testData3.size = binData3.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2, test_policy3;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
- test_policy2.password = password;
- test_policy2.extractable = 1;
- test_policy3.password = password;
- test_policy3.extractable = 0;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-
- ckmc_raw_buffer_s *testData4;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
- CKMCReadableError(temp));
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-}
-
-RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- ckmc_raw_buffer_s testData1;
- char* password = NULL;
- std::string binData1 = "My bin data";
- char* char_binData1 = new char[binData1.length() + 1];
- std::strcpy(char_binData1, binData1.c_str());
- testData1.data = (unsigned char *) char_binData1;
- testData1.size = binData1.length()+1;
-
- ckmc_policy_s test_policy1, test_policy2;
-
- test_policy1.password = password;
- test_policy1.extractable = 1;
-
- test_policy2.password = password;
- test_policy2.extractable = 1;
-
- std::string binData = "My bin data";
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+3) == actual_cnt,
- "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
-}
-
-RUNNER_TEST(T3044_remove_bin_data_C_API)
-{
- int temp;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- (current_aliases_num-2) == actual_cnt,
- "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
-
- char* password = NULL;
-
- ckmc_raw_buffer_s *testData1, testData2;
-
- std::string testStr = "My bin data2";
- char* char_testData2 = new char[testStr.length() + 1];
- std::strcpy(char_testData2, testStr.c_str());
- testData2.data = (unsigned char *) char_testData2;
- testData2.size = testStr.length()+1;
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
- CKMCReadableError(temp));
-
- int compareResult;
- compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
- RUNNER_ASSERT_MSG( compareResult == 0,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3045_save_big_data_C_API)
-{
- GarbageCollector gc;
- const size_t BIG_SIZE = 5000000; // can't go much further because of stack size limit
- ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
-
- char big_data[BIG_SIZE];
- std::ifstream is("/dev/urandom", std::ifstream::binary);
- if(is)
- is.read(big_data, BIG_SIZE);
-
- RUNNER_ASSERT_MSG(is,
- "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
-
- gc.save(TEST_ALIAS1.c_str(), big_data, BIG_SIZE, CKMC_ERROR_NONE);
-
- check_read(TEST_OBJECT1, TEST_LABEL, big_data, BIG_SIZE, CKMC_ERROR_NONE);
-}
-
-RUNNER_TEST(T3050_deinit_C_API)
-{
- int temp;
-
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI);
-
-RUNNER_TEST(T3051_CAPI_init)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key)
-{
- int temp;
-
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t size = 1024;
- const char *private_key_alias = "RSA-test-1-priv";
- const char *public_key_alias = "RSA-test-1-pub";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == actual_cnt,
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
-
- ckmc_key_s *privateKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
- RUNNER_ASSERT_MSG(
- privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
- "Private key is broken.");
-
- ckmc_key_s *publicKey;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
- RUNNER_ASSERT_MSG(
- publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
- "Public key is broken.");
-
- // on next attempt to generate keys with the same alias, expect fail (alias exists)
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key)
-{
- int temp;
-
- AccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t size = 1024;
- const char *private_key_alias = "DSA-test-2-priv";
- const char *public_key_alias = "DSA-test-2-pub";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-
- size_t actual_cnt = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == actual_cnt,
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
-
- ckmc_key_s *privateKey = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
- "Private key is broken.");
- RUNNER_ASSERT_MSG(
- privateKey->key_type == CKMC_KEY_DSA_PRIVATE,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
- ckmc_key_free(privateKey);
-
- ckmc_key_s *pubKey = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL,
- "Public key is broken.");
- RUNNER_ASSERT_MSG(
- pubKey->key_type == CKMC_KEY_DSA_PUBLIC,
- "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast<int>(pubKey->key_type));
- ckmc_key_free(pubKey);
-
- // on next attempt to generate keys with the same alias, expect fail (alias exists)
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-
-RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key)
-{
- int temp;
- size_t size = 128;
- CKM::Alias key_alias = sharedDatabase("AES-gen-test-1");
- ckmc_policy_s policy_key;
-
- policy_key.password = NULL;
- policy_key.extractable = 1;
-
- int current_aliases_num = count_aliases(ALIAS_KEY);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_aes(size, key_alias.c_str(), policy_key)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == (temp = count_aliases(ALIAS_KEY)),
- "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
-
- ckmc_key_s *get_AES_key = 0;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(key_alias.c_str(), policy_key.password, &get_AES_key)),
- CKMCReadableError(temp));
- validate_AES_key(get_AES_key);
- ckmc_key_free(get_AES_key);
-}
-
-
-RUNNER_TEST(T3055_CAPI_deinit)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-
-RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
-
-RUNNER_TEST(T3061_CAPI_init)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, USER_PASS);
-}
-
-RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
-{
- int temp;
-
- size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-
- // on next attempt to generate keys with the same alias, expect fail (alias exists)
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
-{
- int temp;
-
- size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
-{
- int temp;
-
- ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3065_CAPI_deinit)
-{
- remove_user_data(0);
-}
-
-// TODO
-//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
-
-
-RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
-
-RUNNER_TEST(T3071_CAPI_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. Require network feature.");
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
-
- ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
- c_cert.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
- ckmc_cert_list_s *cert_chain_list;
-
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
-
- RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
-
- ckmc_ocsp_status_e ocsp_status;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
-}
-
-RUNNER_TEST(T3075_CAPI_deinit)
-{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE);
-
-RUNNER_TEST(T3081_CAPI__init)
-{
- int temp;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- CKMCReadableError(temp));
-
- remove_user_data(0);
-}
-
-RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
- const char *key_passwd = "1234";
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 0;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = const_cast<char *>(key_passwd);
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
-{
- int temp;
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("ecprv2");
- CKM::Alias pub_alias = sharedDatabase("ecpub2");
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
-{
- int temp;
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pri_alias = sharedDatabase("prv3");
- CKM::Alias pub_alias = sharedDatabase("pub3");
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
-{
- int temp;
-
- const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
- "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
- "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
- "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
- "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
- "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
- "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
- "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
- "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
- "YMYCBhubtrVaLmc=\n"
- "-----END PUBLIC KEY-----";
-
- const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
- "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
- "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
- "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
- "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
- "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
- "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
- "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
- "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
- "u1roOuaPY+Hl19BlTE2qdw==\n"
- "-----END DSA PRIVATE KEY-----";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 0;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
- prikey.key_size = priv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = NULL;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // positive test
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- // negative test
- ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- invalid_msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
-{
- int temp;
-
- size_t size = 1024;
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
- "Error=" << temp);
-
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s *pubkey = NULL;
- ckmc_key_s *prikey = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // positive test
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- // negative test
- ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- invalid_msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_key_free(prikey);
- ckmc_key_free(pubkey);
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
-{
- int temp;
-
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- CKM::Alias pri_alias = sharedDatabase("prv4");
- CKM::Alias pub_alias = sharedDatabase("pub4");
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
- cert.cert_size = pub.size();
- cert.data_format = CKMC_FORM_PEM;
-
- ckmc_policy_s certpolicy;
- certpolicy.password = pub_passwd;
- certpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
- pripolicy.password = pri_passwd;
- pripolicy.extractable = 0;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3089_CAPI__deinit)
-{
- remove_user_data(0);
-}
-
-
-//#######################################################################################
-
-void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
-{
- RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
- RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
-
- if(key->password != NULL && password != NULL) {
- RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
- }else if(key->password == NULL && password == NULL) {
- RUNNER_ASSERT_MSG(true, "Password Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Password Error" );
- }
-
- if(key->raw_key != NULL && raw_key != NULL) {
- for(unsigned int i=0; i<key_size; i++) {
- RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
- }
- }else if(key->raw_key == NULL && raw_key == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw Key Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw Key Error" );
- }
-}
-
-RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
-
-RUNNER_TEST(T3091_CAPI_TYPE_init)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, USER_PASS);
-}
-
-RUNNER_TEST(T3092_CAPI_TYPE_KEY)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int key_size = keyPem.size();
- ckmc_key_type_e key_type = CKMC_KEY_NONE;
- char *password = const_cast< char *>("");
-
- ckmc_key_s *key;
- ckmc_key_new(raw_key, key_size, key_type, password, &key);
-
- _assertKey(key, raw_key, key_size, key_type, password);
- ckmc_key_free(key);
-
- char *passwordNull = NULL;
- ckmc_key_s *key2;
- ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
- ckmc_key_free(key2);
-}
-
-RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
-{
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
- unsigned int size = keyPem.size();
-
- ckmc_raw_buffer_s *buff;
- ckmc_buffer_new(data, size, &buff);
-
- RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
-
- if(buff->data != NULL && data != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
- }
- }else if(buff->data == NULL && data == NULL) {
- RUNNER_ASSERT_MSG(true, "Raw data Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "Raw data Error" );
- }
-
- ckmc_buffer_free(buff);
-}
-
-RUNNER_TEST(T3094_CAPI_TYPE_CERT)
-{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
- unsigned int size = certPem.size();
- ckmc_data_format_e form = CKMC_FORM_PEM;
-
- ckmc_cert_s *ckmCert;
- ckmc_cert_new(raw_cert, size, form, &ckmCert);
-
- RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
-
- if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
- for(unsigned int i=0; i<size; i++) {
- RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
- }
- }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
- RUNNER_ASSERT_MSG(true, "raw_cert Error" );
- }else {
- RUNNER_ASSERT_MSG(false, "raw_cert Error" );
- }
-
- RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
-
- ckmc_cert_free(ckmCert);
-}
-
-
-RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
-{
- int ret;
-
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
-
- const char *file_name = "/tmp/ckmc_test_cert.pem";
- remove(file_name);
-
- FILE* cert_file;
- cert_file = fopen(file_name, "w");
- fprintf(cert_file, "%s",certStr.c_str());
- fclose(cert_file);
-
- ckmc_cert_s *pcert;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
- CKMCReadableError(ret));
-
- RUNNER_ASSERT_MSG(
- pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
-
- CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
- CKMCReadableError(ret));
-
- remove(file_name);
-}
-
-RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
- const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
- const char *password = "password";
-
- int temp;
-
- ckmc_key_s *private_key = NULL;
- ckmc_cert_s *cert = NULL;
- ckmc_cert_list_s *ca_cert_list = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
- &private_key, &cert, &ca_cert_list)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
-
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
-
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
- CKMCReadableError(temp));
-
- CKM::Alias cert_alias = sharedDatabase("cert_alias");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
- CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_");
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ca_cert_list;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- CKMCReadableError(temp));
- tmpList = tmpList->next;
- cnt ++;
- }
-
- RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
-
- ckmc_key_free(private_key);
- ckmc_cert_free(cert);
- ckmc_cert_list_all_free(ca_cert_list);
-}
-
-RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
- const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
- const char *password = "password";
-
- int temp;
-
- ckmc_pkcs12_s *ppkcs12 = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
- RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
- RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
-
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = 1;
-
-
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
- CKMCReadableError(temp));
-
- CKM::Alias cert_alias = sharedDatabase("cert_alias2");
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
- CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
- const char *idx = "0";
- int cnt = 0;
- ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
- while(tmpList != NULL) {
- caCertAlias.append(idx);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
- CKMCReadableError(temp));
- tmpList = tmpList->next;
- cnt ++;
- }
-
- RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
-
- ckmc_pkcs12_free(ppkcs12);
-}
-
-RUNNER_TEST(T3098_CAPI_TYPE_deinit)
-{
- int temp;
- remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
-
-namespace
-{
-CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
-}
-
-RUNNER_TEST(T3101_CAPI_PKCS12_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
-{
- const char *wrong_passwd = "wrong";
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
-{
- ckmc_pkcs12_s *ppkcs12 = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
-
- // save to the CKM
- ckmc_policy_s exportable;
- exportable.password = NULL;
- exportable.extractable = 1;
- ckmc_policy_s notExportable;
- notExportable.password = NULL;
- notExportable.extractable = 0;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
- CKMCReadableError(temp));
-
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
- CKMCReadableError(temp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(temp));
- ckmc_cert_free(cert_lookup);
-}
-
-RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
-{
- int temp;
- ckmc_pkcs12_s *pkcs = NULL;
-
- // fail - no entry
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // fail - not exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
- ckmc_pkcs12_free(pkcs);
- pkcs = NULL;
-
- // success - exportable
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
- RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
- size_t cntr = 0;
- ckmc_cert_list_s *iter = pkcs->ca_chain;
- do {
- cntr ++;
- iter = iter->next;
- } while(iter);
- RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
-
- ckmc_pkcs12_free(pkcs);
-}
-
-RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
-{
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- int temp;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- alias_PKCS_exportable.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- alias_PKCS_exportable.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
-RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
-{
- int tmp;
-
- // remove the whole PKCS12 bundles
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_exportable.c_str())),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
- CKMCReadableError(tmp));
-
- // expect lookup fails due to unknown alias
- // try to lookup key
- ckmc_key_s *key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
- key_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
- CKMCReadableError(tmp));
- ckmc_key_free(key_lookup);
-
- // try to lookup certificate
- ckmc_cert_s *cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
- cert_lookup = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
- CKMCReadableError(tmp));
- ckmc_cert_free(cert_lookup);
-}
-
-RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
-{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
-
-RUNNER_TEST(T3201_CAPI_unlock_database)
-{
- reset_user_data(USER_APP, USER_PASS);
-}
-
-RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
-{
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- CKM::Alias alias = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
- "Error=" << temp);
-
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
-}
-
-RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. The default password for database must be turn off for this test.");
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. The default password for database must be turn off for this test.");
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- CKM::Alias alias = "mykey";
- char *password = NULL;
- ckmc_key_s *test_key = NULL;
-
-#ifndef PASSWORD_PROTECTION_DISABLE
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
-#else
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
- CKMCReadableError(temp));
-#endif
-}
-
-RUNNER_TEST(T3204_deinit)
-{
- remove_user_data(USER_APP);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file cc-mode.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <string>
-
-#include <vconf/vconf.h>
-
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-
-using namespace CKM;
-using namespace std;
-
-#ifndef VCONFKEY_SECURITY_MDPP_STATE
-#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
-#endif
-
-namespace {
-
-const useconds_t SLEEP = 100*1000;
-
-const size_t MAX_RETRIES = 50;
-
-const char* const ENABLED = "Enabled";
-const char* const ENFORCING = "Enforcing";
-const char* const DISABLED = "Disabled";
-const char* const READY = "Ready";
-const char* const UNSET = "Unset"; // Meaningless value for unset.
-
-const char* const USER_LABEL = "User";
-const char* const CKM_LOCK = "/var/run/key-manager.pid";
-
-// Wrapper for mdpp state that restores the original value upon destruction
-class MdppState
-{
-public:
- MdppState();
- ~MdppState();
-
- // pass NULL to unset
- void set(const char* const value);
-
-private:
- char* m_original;
-};
-
-MdppState::MdppState()
-{
- ScopedLabel sl(USER_LABEL);
- m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
-}
-
-MdppState::~MdppState()
-{
- ScopedLabel sl(USER_LABEL);
- if (!m_original)
- vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
- else {
- vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
- }
-}
-
-void MdppState::set(const char* const value)
-{
- ScopedLabel sl(USER_LABEL);
- if (value)
- {
- int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
- RUNNER_ASSERT_MSG(0 == ret,
- "vconf_set() failed, ec: " << ret);
- }
- else
- vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
-}
-
-
-
-Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002");
-Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
-Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
-Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
-Alias aes_alias = sharedDatabase("aes-T2002");
-size_t aes_length = 128;
-
-void save_keys()
-{
- int temp;
- auto manager = Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
- 1024,
- rsa_pri_alias,
- rsa_pub_alias,
- Policy(Password(), true),
- Policy(Password(), true))),
- "Error=" << ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
- ElipticCurve::prime192v1,
- ecdsa_pri_alias,
- ecdsa_pub_alias,
- Policy(Password(), true),
- Policy(Password(), true))),
- "Error=" << ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyAES(
- aes_length,
- aes_alias,
- Policy(Password(), true))),
- "Error=" << ErrorToString(temp));
-}
-
-void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
- KeyShPtr key;
- int temp;
- RUNNER_ASSERT_MSG(
- expected == (temp = manager->getKey(alias, Password(), key)),
- "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
- ErrorToString(temp));
-}
-
-void read_keys(int expected)
-{
-// if mdpp is disabled at compilation time we expect that read_key always succeeds
-#ifndef DSECURITY_MDFPP_STATE_ENABLE
- expected = CKM_API_SUCCESS;
-#endif
- auto manager = Manager::create();
-
- read_key(manager, rsa_pri_alias, expected);
- read_key(manager, ecdsa_pri_alias, expected);
- read_key(manager, aes_alias, expected);
-}
-
-void update_cc_mode()
-{
- auto control = Control::create();
- int ret;
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
- "Error=" << ErrorToString(ret));
-}
-
-void restart_ckm(const char* const mdpp_setting)
-{
- stop_service(MANAGER);
- MdppState mdpp;
- mdpp.set(mdpp_setting);
- start_service(MANAGER);
-}
-} // namespace anonymous
-
-RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
-
-RUNNER_TEST(TCC_0000_init)
-{
- remove_user_data(0);
-}
-
-// updatedCCMode should succeed regardless of mdpp setting
-RUNNER_TEST(TCC_0010_updateCCMode)
-{
- MdppState mdpp;
-
- mdpp.set(NULL);
- update_cc_mode();
-
- mdpp.set(ENABLED);
- update_cc_mode();
-
- mdpp.set(ENFORCING);
- update_cc_mode();
-
- mdpp.set(DISABLED);
- update_cc_mode();
-
- mdpp.set(READY);
- update_cc_mode();
-
- mdpp.set("whatever");
- update_cc_mode();
-}
-
-// tests without listener (ckm only)
-RUNNER_TEST(TCC_0020_noListener)
-{
- stop_service(LISTENER);
- MdppState mdpp;
-
- remove_user_data(0);
- save_keys();
-
- mdpp.set(NULL);
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(DISABLED);
- update_cc_mode();
- // MJK, it's counter-intuitive: Disabled does not mean
- // that CC mode is disabled, but that device
- // self-test failed "device DISABLED"
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set("whatever");
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENABLED);
- update_cc_mode();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(ENFORCING);
- update_cc_mode();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(READY);
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set("whatever");
- update_cc_mode();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(DISABLED);
- update_cc_mode();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// when listener is started with mdpp key unset it should not update mdpp status in ckm
-RUNNER_TEST(TCC_0030_noCallbackRegistered)
-{
- // restart listener without vconf callback
- stop_service(LISTENER);
- remove_user_data(0);
- MdppState mdpp;
- mdpp.set(NULL);
- update_cc_mode();
- start_service(LISTENER);
-
- // save and read
- save_keys();
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENABLED);
- usleep(SLEEP); // give some time for notification to reach ckm
-
- read_keys(CKM_API_SUCCESS);
-}
-
-// when listener is started with mdpp key set it should update mdpp status in ckm
-RUNNER_TEST(TCC_0040_callbackRegistered)
-{
- // restart listener with vconf callback
- stop_service(LISTENER);
- MdppState mdpp;
- mdpp.set(DISABLED);
- update_cc_mode();
- start_service(LISTENER);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set("whatever");
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENABLED);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(DISABLED);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(READY);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_SUCCESS);
-
- mdpp.set(ENFORCING);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-
- mdpp.set(NULL);
- usleep(SLEEP); // give some time for notification to reach ckm
- read_keys(CKM_API_SUCCESS);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0050_manualCkmDisabled)
-{
- restart_ckm(DISABLED);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0060_manualCkmEnabled)
-{
- restart_ckm(ENABLED);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0070_manualCkmEnforcing)
-{
- restart_ckm(ENFORCING);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_ERROR_BAD_REQUEST);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0075_manualCkmReady)
-{
- restart_ckm(READY);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_SUCCESS);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0080_manualCkmWhatever)
-{
- restart_ckm("whatever");
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_SUCCESS);
-}
-
-// run ckm manually and see if it properly loads mdpp setting
-RUNNER_TEST(TCC_0090_manualCkmUnset)
-{
- restart_ckm(NULL);
-
- remove_user_data(0);
- save_keys();
- read_keys(CKM_API_SUCCESS);
-}
-
-// make sure listener won't activate ckm to update mdpp
-RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
-{
- stop_service(MANAGER);
- stop_service(LISTENER);
-
- MdppState mdpp;
- mdpp.set(ENABLED);
-
- start_service(LISTENER);
-
- usleep(1000*1000); // by that time ckm would be already started
-
- int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
- RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
-
- int ret = lockf(lock, F_TEST, 0);
- close(lock);
- RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
-}
-
-RUNNER_TEST(TCC_9999_deinit)
-{
- remove_user_data(0);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-common.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-#include <string>
-#include <fstream>
-#include <sys/smack.h>
-#include <ckmc/ckmc-type.h>
-#include <ckm-common.h>
-#include <tests_common.h>
-#include <access_provider2.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-manager.h>
-#include <ckmc/ckmc-control.h>
-#include <ckmc/ckmc-manager.h>
-#include <service_manager.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-const std::string SMACK_USER_APP_PREFIX = "User::App::";
-
-void generate_random(size_t random_bytes, char *output)
-{
- RUNNER_ASSERT(random_bytes>0 && output);
-
- std::ifstream is("/dev/urandom", std::ifstream::binary);
- RUNNER_ASSERT_MSG(is, "Failed to read /dev/urandom");
- is.read(output, random_bytes);
- if(static_cast<std::streamsize>(random_bytes) != is.gcount()) {
- RUNNER_ASSERT_MSG(false,
- "Not enough bytes read from /dev/urandom: " << random_bytes << "!=" <<
- is.gcount());
- }
-}
-
-const char* SERVICE[] = {
- "central-key-manager-listener.service",
- "central-key-manager.service" };
-
-void start_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.startService();
-}
-
-void stop_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.stopService();
-}
-
-std::string getLabel() {
- int ret;
- char* myLabel = NULL;
- RUNNER_ASSERT_MSG(0 <= (ret = smack_new_label_from_self(&myLabel)),
- "Failed to get smack label for self. Error: " << ret);
- RUNNER_ASSERT_MSG(myLabel, "NULL smack label");
- std::string result = myLabel;
- free(myLabel);
- return result;
-}
-
-std::string getOwnerIdFromSelf() {
- const std::string& prefix = SMACK_USER_APP_PREFIX;
- std::string smack = getLabel();
- if (0 == smack.compare(0, prefix.size(), prefix))
- return smack.substr(prefix.size(), std::string::npos);
- return "/" + smack;
-}
-
-std::string aliasWithLabel(const char *label, const char *alias)
-{
- if(label)
- {
- std::stringstream ss;
- ss << label << std::string(ckmc_label_name_separator) << alias;
- return ss.str();
- }
- return std::string(alias);
-}
-
-// changes process label
-void change_label(const char* label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
-}
-
-ScopedLabel::ScopedLabel(const char* label) : m_original_label(getLabel())
-{
- change_label(label);
-}
-
-ScopedLabel::~ScopedLabel()
-{
- /*
- * Let it throw. If we can't restore label then remaining tests results will be
- * unreliable anyway.
- */
- change_label(m_original_label.c_str());
-}
-
-const char * CKMCErrorToString(int error) {
-#define ERRORDESCRIBE(name) case name: return #name
- switch(error) {
- ERRORDESCRIBE(CKMC_ERROR_NONE);
- ERRORDESCRIBE(CKMC_ERROR_INVALID_PARAMETER);
- ERRORDESCRIBE(CKMC_ERROR_OUT_OF_MEMORY);
- ERRORDESCRIBE(CKMC_ERROR_PERMISSION_DENIED);
- ERRORDESCRIBE(CKMC_ERROR_SOCKET);
- ERRORDESCRIBE(CKMC_ERROR_BAD_REQUEST);
- ERRORDESCRIBE(CKMC_ERROR_BAD_RESPONSE);
- ERRORDESCRIBE(CKMC_ERROR_SEND_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_RECV_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_BUFFER_TOO_SMALL);
- ERRORDESCRIBE(CKMC_ERROR_SERVER_ERROR);
- ERRORDESCRIBE(CKMC_ERROR_DB_LOCKED);
- ERRORDESCRIBE(CKMC_ERROR_DB_ERROR);
- ERRORDESCRIBE(CKMC_ERROR_DB_ALIAS_EXISTS);
- ERRORDESCRIBE(CKMC_ERROR_DB_ALIAS_UNKNOWN);
- ERRORDESCRIBE(CKMC_ERROR_VERIFICATION_FAILED);
- ERRORDESCRIBE(CKMC_ERROR_INVALID_FORMAT);
- ERRORDESCRIBE(CKMC_ERROR_FILE_ACCESS_DENIED);
- ERRORDESCRIBE(CKMC_ERROR_NOT_EXPORTABLE);
- ERRORDESCRIBE(CKMC_ERROR_FILE_SYSTEM);
- ERRORDESCRIBE(CKMC_ERROR_NOT_SUPPORTED);
- ERRORDESCRIBE(CKMC_ERROR_UNKNOWN);
- default: return "Error not defined";
- }
-#undef ERRORDESCRIBE
-}
-
-std::string CKMCReadableError(int error) {
- std::string output("Error: ");
- output += std::to_string(error);
- output += " Description: ";
- output += CKMCErrorToString(error);
- return output;
-}
-
-void save_data(const char* alias, const char *data, int expected_err)
-{
- save_data(alias, data, strlen(data), expected_err);
-}
-
-void save_data(const char* alias, const char *data, size_t len, int expected_err = CKMC_ERROR_NONE)
-{
- RUNNER_ASSERT(alias);
- RUNNER_ASSERT(data);
-
- ckmc_raw_buffer_s buffer;
- buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
- buffer.size = len;
- ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = true;
-
- int ret = ckmc_save_data(alias, buffer, policy);
- RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
- << CKMCErrorToString(ret) << " while expected: "
- << CKMCErrorToString(expected_err));
-
-}
-
-ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
-{
- save_data(alias, data, expected_err);
-}
-
-ScopedSaveData::~ScopedSaveData()
-{
- /*
- * Let it throw. If we can't remove data then remaining tests results will be
- * unreliable anyway.
- */
- check_remove_allowed(m_alias.c_str());
-}
-
-void GarbageCollector::add(const char* alias)
-{
- save_item item;
- item.item_alias = std::string(alias);
- item.owner_label = getOwnerIdFromSelf();
- item.owner_uid = geteuid();
- item.owner_gid = getegid();
- m_garbage.push_back(item);
-}
-
-void GarbageCollector::save(const char* alias, const char *data, int expected_err)
-{
- save(alias, data, strlen(data), expected_err);
-}
-
-void GarbageCollector::save(const char* alias, const char *data, size_t len, int expected_err)
-{
- save_data(alias, data, len, expected_err);
-
- if(CKMC_ERROR_NONE == expected_err)
- add(alias);
-}
-
-GarbageCollector::~GarbageCollector()
-{
- for(auto & item : m_garbage)
- {
- try {
- ScopedAccessProvider ap(item.owner_label, item.owner_uid, item.owner_gid);
- check_remove_allowed(item.item_alias.c_str());
- } catch (...) {
- // prevent exceptions in destructor
- }
- }
-}
-
-ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id)
-{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(user_id, passwd)), CKMCErrorToString(temp));
-}
-ScopedDBUnlock::~ScopedDBUnlock()
-{
- int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp));
-}
-
-void check_remove_allowed(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- // remove, but ignore non existing
- RUNNER_ASSERT_MSG((CKMC_ERROR_NONE == ret) || (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret),
- "Removing data failed: " << CKMCErrorToString(ret));
-}
-
-void check_remove_denied(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_PERMISSION_DENIED == ret,
- "App with different label shouldn't have rights to remove this data. "
- << CKMCReadableError(ret));
-}
-
-void check_remove_not_visible(const char* alias)
-{
- int ret = ckmc_remove_alias(alias);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "App with different label shouldn't have rights to see this data. "
- << CKMCReadableError(ret));
-}
-
-void check_read(const char* alias,
- const char *label,
- const char *test_data,
- size_t len,
- int expected_code)
-{
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer);
- RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. "
- "Expected " << CKMCErrorToString(expected_code) << ", "
- "while result " << CKMCErrorToString(ret));
-
- if(expected_code == CKMC_ERROR_NONE)
- {
- // compare data with expected
- RUNNER_ASSERT_MSG(
- buffer->size == len,
- "Extracted data length do not match expected data length (encrypted?):" <<
- buffer->size << "!=" << len);
-
- RUNNER_ASSERT_MSG(
- memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)),
- test_data, buffer->size) == 0,
- "Extracted data do not match expected data (encrypted?).");
-
- ckmc_buffer_free(buffer);
- }
-}
-
-void check_read(const char* alias, const char *label, const char *test_data, int expected_code)
-{
- check_read(alias, label, test_data, strlen(test_data), expected_code);
-}
-
-void check_read_allowed(const char* alias, const char *data)
-{
- // try to read previously saved data - label taken implicitly
- check_read(alias, NULL, data);
-}
-
-void check_read_not_visible(const char* alias)
-{
- // try to read previously saved data - label taken implicitly
- {
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(alias, NULL, &buffer);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
- "App with different label shouldn't have rights to see this data. " << CKMCErrorToString(ret));
- ckmc_buffer_free(buffer);
- }
-}
-
-void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type)
-{
- ckmc_key_s *test_key = NULL;
- int temp = ckmc_get_key(alias, 0, &test_key);
- RUNNER_ASSERT_MSG(
- expected_error == temp,
- "received: " << CKMCReadableError(temp) << " while expected: " << CKMCReadableError(expected_error));
- if(expected_type != CKMC_KEY_NONE)
- {
- RUNNER_ASSERT_MSG(
- test_key->key_type == expected_type,
- "received type: " << test_key->key_type << " while expected type: " << expected_type);
- }
- ckmc_key_free(test_key);
-}
-void check_key_allowed(const char *alias, ckmc_key_type_e expected_type)
-{
- check_key(alias, CKMC_ERROR_NONE, expected_type);
-}
-void check_key_not_visible(const char *alias)
-{
- check_key(alias, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-}
-void check_cert_allowed(const char *alias)
-{
- ckmc_cert_s *test_cert = NULL;
- int temp = ckmc_get_cert(alias, 0, &test_cert);
- ckmc_cert_free(test_cert);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp));
-
-}
-void check_cert_not_visible(const char *alias)
-{
- ckmc_cert_s *test_cert = NULL;
- int temp = ckmc_get_cert(alias, 0, &test_cert);
- ckmc_cert_free(test_cert);
- RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == temp,
- "App with different label shouldn't have rights to see this cert. " << CKMCErrorToString(temp));
-}
-
-void allow_access(const char* alias, const char* accessor, int permissionMask)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: "
- << CKMCErrorToString(ret));
-}
-
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode)
-{
- // data removal should revoke this access
- int ret = ckmc_set_permission(alias, accessor, permissionMask);
- RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned "
- << CKMCErrorToString(ret) << ", while expected: "
- << CKMCErrorToString(expectedCode));
-}
-
-void deny_access(const char* alias, const char* accessor)
-{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: "
- << CKMCErrorToString(ret));
-}
-
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
-{
- int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE);
- RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. "
- << CKMCErrorToString(ret) << ", while expected: "
- << CKMCErrorToString(expectedCode));
-}
-
-void unlock_user_data(uid_t user_id, const char *passwd)
-{
- int ret;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-void remove_user_data(uid_t user_id)
-{
- auto control = CKM::Control::create();
- control->lockUserKey(user_id);
- control->removeUserData(user_id);
-}
-
-void reset_user_data(uid_t user_id, const char *passwd)
-{
- remove_user_data(user_id);
- unlock_user_data(user_id, passwd);
-}
-
-ckmc_raw_buffer_s prepare_message_buffer(const char * input)
-{
- ckmc_raw_buffer_s retval;
- retval.data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(input));
- retval.size = strlen(input);
- return retval;
-}
-
-void check_alias_list(const CKM::AliasVector& expected)
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ret = ckmc_get_data_alias_list(&aliasList);
- RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << ret << " / " << CKMCErrorToString(ret));
-
- CKM::AliasVector actual;
- ckmc_alias_list_s *plist = aliasList;
- while(plist)
- {
- actual.push_back(plist->alias);
- plist = plist->next;
- }
- ckmc_alias_list_all_free(aliasList);
-
- RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
-}
-
-size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
-{
- ckmc_alias_list_s *aliasList = NULL;
- int ec;
- switch(type)
- {
- case ALIAS_KEY:
- ec = ckmc_get_key_alias_list(&aliasList);
- break;
-
- case ALIAS_CERT:
- ec = ckmc_get_cert_alias_list(&aliasList);
- break;
-
- case ALIAS_DATA:
- ec = ckmc_get_data_alias_list(&aliasList);
- break;
- default:
- RUNNER_ASSERT_MSG(false, "Unsupported value ALIAS_KEY == " << (int)type);
- }
-
- if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN)
- return 0;
-
- RUNNER_ASSERT_MSG(ec == CKMC_ERROR_NONE,
- "Error: alias list failed, ec: " << CKMCErrorToString(ec));
-
- ckmc_alias_list_s *plist = aliasList;
- size_t return_count = 0;
- while(plist)
- {
- plist = plist->next;
- return_count ++;
- }
- ckmc_alias_list_all_free(aliasList);
-
- RUNNER_ASSERT_MSG(
- return_count >= minimum_initial_element_count,
- "Error: alias list failed, current element count: " << return_count <<
- " while expected minimal count of " << minimum_initial_element_count <<
- " elements");
-
- return return_count;
-}
-
-std::string sharedDatabase(const CKM::Alias & alias)
-{
- return aliasWithLabel(ckmc_owner_id_system, alias.c_str());
-}
-
-ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes)
-{
- ckmc_raw_buffer_s* buffer = NULL;
- char* data = static_cast<char*>(malloc(random_bytes*sizeof(char)));
- RUNNER_ASSERT(data);
- generate_random(random_bytes, data);
- int ret = ckmc_buffer_new(reinterpret_cast<unsigned char*>(data), random_bytes, &buffer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Buffer creation failed: " << CKMCErrorToString(ret));
- return buffer;
-}
-
-CKM::RawBuffer createRandomBuffer(size_t random_bytes)
-{
- char buffer[random_bytes];
- generate_random(random_bytes, buffer);
- return CKM::RawBuffer(buffer, buffer + random_bytes);
-}
-
-ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd)
-{
- ckmc_key_s *retval = reinterpret_cast<ckmc_key_s *>(malloc(sizeof(ckmc_key_s)));
- RUNNER_ASSERT(retval != NULL);
-
- RUNNER_ASSERT(lengthBits%8 == 0);
- char *char_key_AES = reinterpret_cast<char*>(malloc(lengthBits/8));
- RUNNER_ASSERT(char_key_AES != NULL);
- generate_random(lengthBits/8, char_key_AES);
-
- retval->raw_key = reinterpret_cast<unsigned char *>(char_key_AES);
- retval->key_size = lengthBits/8;
- retval->key_type = CKMC_KEY_AES;
- retval->password = passwd?strdup(passwd):NULL;
-
- return retval;
-}
-
-void validate_AES_key(ckmc_key_s *analyzed)
-{
- RUNNER_ASSERT_MSG(analyzed, "provided key is NULL");
- RUNNER_ASSERT_MSG(analyzed->raw_key != NULL, "provided key is empty");
- RUNNER_ASSERT_MSG(analyzed->key_size==(128/8) ||
- analyzed->key_size==(192/8) ||
- analyzed->key_size==(256/8), "provided key length is invalid");
- RUNNER_ASSERT_MSG(analyzed->key_type = CKMC_KEY_AES, "expected AES key, while got: " << analyzed->key_type);
-}
-
-void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second)
-{
- validate_AES_key(first);
- validate_AES_key(second);
- RUNNER_ASSERT_MSG(
- (first->key_size==second->key_size) &&
- (memcmp(first->raw_key, second->raw_key, first->key_size)==0),
- "data has been modified in key manager");
- // bypassing password intentionally
-}
-
-ParamListPtr createParamListPtr()
-{
- ckmc_param_list_h list = NULL;
- assert_positive(ckmc_param_list_new, &list);
- return ParamListPtr(list, ckmc_param_list_free);
-}
-
-void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal)
-{
- if(equal) {
- RUNNER_ASSERT_MSG(b1.size == b2.size, "Buffer size differs: " << b1.size << "!=" << b2.size);
- RUNNER_ASSERT_MSG(0 == memcmp(b1.data, b2.data, b1.size), "Buffer contents differ");
- } else {
- RUNNER_ASSERT_MSG(b1.size != b2.size || 0 != memcmp(b1.data, b2.data, b1.size),
- "Buffers should be different");
- }
-}
-
-RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer)
-{
- return RawBufferPtr(buffer, ckmc_buffer_free);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file ckm-common.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <string>
-#include <memory>
-#include <stdexcept>
-#include <ckm/ckm-type.h>
-#include <ckm/ckm-manager-async.h>
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-error.h>
-#include <tests_common.h>
-#include <sys/types.h>
-
-extern const std::string SMACK_USER_APP_PREFIX;
-
-// support for error printing
-const char * CKMCErrorToString(int error);
-std::string CKMCReadableError(int error);
-
-// RUNNER_ASSERT wrappers
-template <typename F, typename... Args>
-void assert_result(int expected, F&& func, Args... args)
-{
- int ret = func(args...);
- RUNNER_ASSERT_MSG(ret == expected,
- "Expected: " << CKMCErrorToString(expected) << "(" << expected << ")"
- " got: " << CKMCErrorToString(ret) << "(" << ret << ")");
-}
-
-template <typename F, typename... Args>
-void assert_positive(F&& func, Args... args)
-{
- assert_result(CKMC_ERROR_NONE, std::move(func), args...);
-}
-
-template <typename F, typename... Args>
-void assert_invalid_param(F&& func, Args... args)
-{
- assert_result(CKMC_ERROR_INVALID_PARAMETER, std::move(func), args...);
-}
-
-
-// list operations
-template <typename T>
-size_t list_size(const T* list)
-{
- size_t size = 0;
- while(list) {
- list = list->next;
- size++;
- }
- return size;
-}
-
-
-// service lifecycle management
-enum ServiceIdx {
- LISTENER,
- MANAGER
-};
-void start_service(ServiceIdx idx);
-void stop_service(ServiceIdx idx);
-
-// scoped free
-typedef std::unique_ptr<char, void (*)(void *)> CharPtr;
-
-// returns process owner id
-std::string getOwnerIdFromSelf();
-
-std::string aliasWithLabel(const char *label, const char *alias);
-
-// changes process label
-void change_label(const char* label);
-
-// changes process label upon construction and restores it upon destruction
-class ScopedLabel
-{
-public:
- ScopedLabel(const char* label);
- ~ScopedLabel();
-
-private:
- std::string m_original_label;
-};
-
-void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
-void save_data(const char* alias, const char *data, size_t len, int expected_err);
-class ScopedSaveData
-{
-public:
- ScopedSaveData(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
- virtual ~ScopedSaveData();
-
-private:
- std::string m_alias;
-};
-
-class GarbageCollector
-{
-public:
- void save(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
- void save(const char* alias, const char *data, size_t len, int expected_err);
- void add(const char* alias);
- virtual ~GarbageCollector();
-
-private:
- struct save_item {
- std::string item_alias;
- std::string owner_label;
- uid_t owner_uid;
- gid_t owner_gid;
- };
- std::vector<save_item> m_garbage;
-};
-
-class ScopedDBUnlock
-{
-public:
- ScopedDBUnlock(uid_t user_id, const char* passwd);
- virtual ~ScopedDBUnlock();
-
-private:
- uid_t m_uid;
-};
-
-void check_remove_allowed(const char* alias);
-void check_remove_denied(const char* alias);
-void check_remove_not_visible(const char* alias);
-void check_read(const char* alias,
- const char *label,
- const char *test_data,
- size_t len,
- int expected_code = CKMC_ERROR_NONE);
-void check_read(const char* alias,
- const char *label,
- const char *test_data,
- int expected_code = CKMC_ERROR_NONE);
-void check_read_allowed(const char* alias, const char *data);
-void check_read_not_visible(const char* alias);
-void check_key(const char *alias,
- int expected_error = CKMC_ERROR_NONE,
- ckmc_key_type_e expected_type = CKMC_KEY_NONE);
-void check_key_allowed(const char *alias, ckmc_key_type_e expected_type = CKMC_KEY_NONE);
-void check_key_not_visible(const char *alias);
-void check_cert_allowed(const char *alias);
-void check_cert_not_visible(const char *alias);
-void allow_access(const char* alias, const char* accessor, int permissionMask);
-void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode);
-void deny_access(const char* alias, const char* accessor);
-void deny_access_negative(const char* alias, const char* accessor, int expectedCode);
-
-void unlock_user_data(uid_t user_id, const char *passwd);
-void remove_user_data(uid_t user_id);
-void reset_user_data(uid_t user_id, const char *passwd);
-
-ckmc_raw_buffer_s prepare_message_buffer(const char * input);
-void check_alias_list(const CKM::AliasVector& expected);
-
-typedef enum {
- ALIAS_KEY,
- ALIAS_CERT,
- ALIAS_DATA
-} alias_type_;
-size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0);
-std::string sharedDatabase(const CKM::Alias & alias);
-CKM::RawBuffer createRandomBuffer(size_t random_bytes);
-ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes);
-
-ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd);
-void validate_AES_key(ckmc_key_s *analyzed);
-void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second); // true if equal
-
-// Test env class for database cleanup. Pass database uids to cleanup before and after test
-template <uid_t ...Args>
-class RemoveDataEnv;
-
-template <>
-class RemoveDataEnv<>
-{
-public:
- void init(const std::string&)
- {}
- void finish()
- {}
-};
-
-template <uid_t UID, uid_t ...Args>
-class RemoveDataEnv<UID, Args...> : public RemoveDataEnv<Args...>
-{
-public:
- void init(const std::string & str) {
- remove_user_data(UID);
- RemoveDataEnv<Args...>::init(str);
- }
- void finish() {
- RemoveDataEnv<Args...>::finish();
- remove_user_data(UID);
- }
-};
-
-typedef std::shared_ptr<ckmc_raw_buffer_s> RawBufferPtr;
-typedef std::shared_ptr<struct __ckmc_param_list> ParamListPtr;
-
-ParamListPtr createParamListPtr();
-
-void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal=true);
-
-RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer);
-
-
-template <typename F, typename... Args>
-void test_no_observer(F&& func, Args... args)
-{
- CKM::ManagerAsync::ObserverPtr obs;
- CKM::ManagerAsync mgr;
-
- try {
- (mgr.*func)(obs, args...);
- RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
- } catch (const std::invalid_argument& e) {
- RUNNER_ASSERT(true);
- } catch (...) {
- RUNNER_ASSERT_MSG(false, "Unexpected exception");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <ckm/ckm-control.h>
-
-#include <service_manager.h>
-#include <clean-env.h>
-
-int restart_security_server() {
- ServiceManager sm("security-server.service");
- sm.restartService();
-
- return 0;
-}
-
-static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW *ftwbuf)
-{
- if (tflag == FTW_F)
- unlink(fpath);
- else if (tflag == FTW_DP && ftwbuf->level != 0)
- rmdir(fpath);
-
- return 0;
-}
-
-/**
- * This function should be called at the begining of every SS test, so all the tests
- * are independent of each other.
- */
-int reset_security_server()
-{
- const char* path = "/opt/data/security-server/";
- const int max_descriptors = 10; //max number of open file descriptors by nftw function
-
- // Clear /opt/data/security-server/ directory
- if (access(path, F_OK) == 0) {
- if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
- return 1;
- }
- sync();
- }
-
- restart_security_server();
- auto control = CKM::Control::create();
-
- if (!!control) {
- control->lockUserKey(5000);
- control->removeUserData(5000);
- control->unlockUserKey(5000, "");
- }
-
- return 0;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-#pragma once
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <ckm/ckm-control.h>
-
-int restart_security_server();
-int reset_security_server();
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<DeviceKey version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="sw_key.xsd ">
- <RSAPrivateKey>
- <DERBase64>
- MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
- 1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
- S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
- OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
- DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
- yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
- MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
- koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
- IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
- HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
- mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
- l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
- u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
- 4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
- Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
- IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
- hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
- 38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
- 2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
- XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
- ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
- n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
- upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
- RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
- tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
- </DERBase64>
- </RSAPrivateKey>
-</DeviceKey>
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption-decryption-env.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <encryption-decryption-env.h>
-
-using namespace CKM;
-
-EncryptionError SyncApi::encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted)
-{
- return ckmcError2Result(ckmc_encrypt_data(params, key_alias, password, decrypted, ppencrypted));
-}
-
-EncryptionError SyncApi::decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted)
-{
- return ckmcError2Result(ckmc_decrypt_data(params, key_alias, password, encrypted, ppdecrypted));
-}
-
-EncryptionError SyncApi::ckmcError2Result(int error) {
- switch (error) {
- case CKMC_ERROR_NONE: return EncryptionError::SUCCESS;
- case CKMC_ERROR_INVALID_PARAMETER: return EncryptionError::INVALID_PARAM;
- case CKMC_ERROR_SERVER_ERROR: return EncryptionError::SERVER_ERROR;
- case CKMC_ERROR_DB_ALIAS_UNKNOWN: return EncryptionError::ALIAS_UNKNOWN;
- case CKMC_ERROR_AUTHENTICATION_FAILED: return EncryptionError::AUTH_FAILED;
- default: return EncryptionError::OTHER;
- }
-}
-
-
-
-void AsyncApi::Observer::ReceivedError(int error) {
- Finished(error);
-}
-void AsyncApi::Observer::ReceivedEncrypted(RawBuffer && buffer) {
- m_buffer = std::move(buffer);
- Finished();
-}
-
-void AsyncApi::Observer::ReceivedDecrypted(RawBuffer && buffer) {
- m_buffer = std::move(buffer);
- Finished();
-}
-
-void AsyncApi::Observer::WaitForResponse() {
- std::unique_lock<std::mutex> lock(m_mutex);
- m_cv.wait(lock, [this] {return m_finished;});
-}
-void AsyncApi::Observer::Finished(int error)
-{
- m_error = error;
- m_finished = true;
- m_cv.notify_one();
-}
-
-EncryptionError AsyncApi::crypt(cryptoFn operation,
- ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& in,
- ckmc_raw_buffer_s **ppout)
-{
- // C++ API doesn't have to check that
- if(!params || !key_alias || !ppout)
- return EncryptionError::INVALID_PARAM;
-
- CKM::ManagerAsync mgr;
- std::shared_ptr<Observer> obs = std::make_shared<Observer>();
-
- // params
- const CryptoAlgorithm* ca = reinterpret_cast<const CryptoAlgorithm*>(params);
-
- // password
- Password pass;
- if (password)
- pass = password;
-
- // buffer
- RawBuffer inBuffer(in.data, in.data + in.size);
-
- // crypto operation
- (mgr.*operation)(obs, *ca, key_alias, pass, inBuffer);
- obs->WaitForResponse();
- if(obs->m_error != CKM_API_SUCCESS)
- return ckmError2Result(obs->m_error);
-
- int ret = ckmc_buffer_new(obs->m_buffer.data(), obs->m_buffer.size(), ppout);
- if (ret != CKMC_ERROR_NONE)
- return EncryptionError::OTHER;
-
- return EncryptionError::SUCCESS;
-}
-
-EncryptionError AsyncApi::encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& plain,
- ckmc_raw_buffer_s **ppencrypted)
-{
- return crypt(&CKM::ManagerAsync::encrypt, params, key_alias, password, plain, ppencrypted);
-}
-
-EncryptionError AsyncApi::decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted)
-{
- return crypt(&CKM::ManagerAsync::decrypt, params, key_alias, password, encrypted, ppdecrypted);
-}
-
-EncryptionError AsyncApi::ckmError2Result(int error)
-{
- switch (error) {
- case CKM_API_SUCCESS: return EncryptionError::SUCCESS;
- case CKM_API_ERROR_INPUT_PARAM: return EncryptionError::INVALID_PARAM;
- case CKM_API_ERROR_SERVER_ERROR: return EncryptionError::SERVER_ERROR;
- case CKM_API_ERROR_DB_ALIAS_UNKNOWN: return EncryptionError::ALIAS_UNKNOWN;
- case CKM_API_ERROR_AUTHENTICATION_FAILED: return EncryptionError::AUTH_FAILED;
- default: return EncryptionError::OTHER;
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption-decryption-env.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <memory>
-#include <mutex>
-#include <condition_variable>
-
-#include <ckmc/ckmc-type.h>
-#include <ckmc/ckmc-manager.h>
-#include <ckm/ckm-manager-async.h>
-
-enum EncryptionError{
- SUCCESS,
- INVALID_PARAM,
- SERVER_ERROR,
- ALIAS_UNKNOWN,
- AUTH_FAILED,
- OTHER,
-};
-
-struct EncryptionApi
-{
- virtual EncryptionError encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted) = 0;
-
- virtual EncryptionError decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted) = 0;
-};
-
-class SyncApi : public EncryptionApi
-{
-public:
- virtual EncryptionError encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted);
-
- virtual EncryptionError decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted);
-private:
- static EncryptionError ckmcError2Result(int error);
-};
-
-struct AsyncApi : public EncryptionApi
-{
-private:
- struct Observer : public CKM::ManagerAsync::Observer {
- Observer() : m_finished(false), m_error(CKM_API_SUCCESS) {}
-
- void ReceivedError(int error);
- void ReceivedEncrypted(CKM::RawBuffer && buffer);
- void ReceivedDecrypted(CKM::RawBuffer && buffer);
- void WaitForResponse();
- void Finished(int error = CKMC_ERROR_NONE);
-
- std::mutex m_mutex;
- std::condition_variable m_cv;
- bool m_finished;
- int m_error;
- CKM::RawBuffer m_buffer;
- };
-
-public:
- EncryptionError encrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& decrypted,
- ckmc_raw_buffer_s **ppencrypted);
-
- EncryptionError decrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& encrypted,
- ckmc_raw_buffer_s **ppdecrypted);
-private:
- typedef void (CKM::ManagerAsync::*cryptoFn)(const CKM::ManagerAsync::ObserverPtr&,
- const CKM::CryptoAlgorithm&,
- const CKM::Alias&,
- const CKM::Password&,
- const CKM::RawBuffer&);
-
- EncryptionError crypt(cryptoFn operation,
- ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s& in,
- ckmc_raw_buffer_s **ppout);
-
- static EncryptionError ckmError2Result(int error);
-};
-
-
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption-decryption.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-
-#include <string>
-#include <vector>
-#include <map>
-#include <sstream>
-
-#include <dpl/test/test_runner.h>
-#include <ckm-common.h>
-#include <ckmc/ckmc-manager.h>
-#include <ckm/ckm-type.h>
-#include <access_provider2.h>
-#include <encryption-decryption-env.h>
-
-using namespace CKM;
-
-namespace {
-
-const char* PASSWORD = "test-password";
-const uid_t UID = 5555;
-const gid_t GID = 5555;
-const size_t CTR_DEFAULT_LEN = 16*8;
-const size_t DEFAULT_IV_LEN = 16;
-const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
-
-// Environment
-SyncApi g_syncApi;
-AsyncApi g_asyncApi;
-
-EncryptionApi* g_api = &g_syncApi;
-
-EncryptionError apiEncrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s decrypted,
- ckmc_raw_buffer_s **ppencrypted) {
- RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
- return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
-}
-
-EncryptionError apiDecrypt(ckmc_param_list_h params,
- const char *key_alias,
- const char *password,
- const ckmc_raw_buffer_s encrypted,
- ckmc_raw_buffer_s **ppdecrypted) {
- RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
- return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
-}
-
-template <typename F, typename... Args>
-void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
-{
- EncryptionError ret = func(args...);
- RUNNER_ASSERT_MSG(ret == expected,
- "Expected: " << static_cast<int>(expected) <<
- " got: " << static_cast<int>(ret));
-}
-
-template <typename F, typename... Args>
-void assert_crypto_positive(F&& func, Args... args)
-{
- assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
-}
-
-template <typename F, typename... Args>
-void assert_crypto_invalid_param(F&& func, Args... args)
-{
- assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
-}
-
-struct TagTest {
- int tagLen;
- EncryptionError expected;
-};
-
-struct KeyAliasPair
-{
- Alias prv;
- Alias pub;
-};
-
-class EncEnv : public RemoveDataEnv<UID> {
-public:
- EncEnv() : m_dbu(NULL), m_sap(NULL) {}
- ~EncEnv() { delete m_sap; delete m_dbu; }
-
- void init(const std::string& str) {
- RemoveDataEnv<UID>::init(str);
- m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
- m_sap = new ScopedAccessProvider("my-label"); // setup label
-
- // setup smack rules and switch user
- m_sap->allowAPI("key-manager::api-storage", "rw");
- m_sap->allowAPI("key-manager::api-encryption", "rw");
- m_sap->applyAndSwithToUser(UID, GID);
- }
-
- void finish() {
- delete m_sap;
- m_sap = NULL;
- delete m_dbu;
- m_dbu = NULL;
- RemoveDataEnv<UID>::finish();
- g_api = NULL;
- }
-
- ScopedDBUnlock* m_dbu;
- ScopedAccessProvider* m_sap;
-};
-
-struct SyncEnv : public EncEnv {
- void init(const std::string& str) {
- EncEnv::init(str);
- g_api = &g_syncApi;
- }
-
- static std::string suffix() { return "_sync"; }
-};
-
-struct AsyncEnv : public EncEnv {
- void init(const std::string& str) {
- EncEnv::init(str);
- g_api = &g_asyncApi;
- }
-
- static std::string suffix() { return "_async"; }
-};
-
-struct AlgoBase {
- ckmc_algo_type_e m_type;
- size_t m_keyLen;
-
- AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
-
- virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
-};
-
-typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
-
-template <typename T>
-AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
- return AlgoBasePtr(new T(type, keyLen));
-}
-
-struct AlgoAes : public AlgoBase {
- AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
- KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
-};
-
-KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
-{
- KeyAliasPair aliases;
- std::ostringstream oss;
- std::string ownerId = getOwnerIdFromSelf();
- CharPtr passPtr(nullptr, free);
- if (pass)
- passPtr.reset(strdup(pass));
-
- oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
- if (suffix)
- oss << suffix;
- aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str());
- aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str());
-
- ckmc_policy_s policy;
- policy.extractable = false;
- policy.password = passPtr.get();
-
- assert_positive(ckmc_create_key_aes, m_keyLen, aliases.prv.c_str(), policy);
- return aliases;
-}
-
-struct AlgoRsa : public AlgoBase {
- AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
- KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
-};
-
-KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
-{
- std::ostringstream oss_prv, oss_pub;
- oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
- oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
- if (suffix) {
- oss_prv << suffix;
- oss_pub << suffix;
- }
- KeyAliasPair aliases = {
- aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()),
- aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str())
- };
- CharPtr passPtr(nullptr, free);
- if (pass)
- passPtr.reset(strdup(pass));
-
- ckmc_policy_s policyPrv;
- policyPrv.password = passPtr.get();
- policyPrv.extractable = 0;
-
- ckmc_policy_s policyPub;
- policyPub.password = passPtr.get();
- policyPub.extractable = 0;
-
- assert_positive(ckmc_create_key_pair_rsa,
- m_keyLen,
- aliases.prv.c_str(),
- aliases.pub.c_str(),
- policyPrv,
- policyPub);
- return aliases;
-}
-
-enum Algorithm {
- AES_CBC_128,
- AES_CBC_192,
- AES_CBC_256,
- AES_GCM_128,
- AES_GCM_192,
- AES_GCM_256,
- AES_CTR_128,
- AES_CTR_192,
- AES_CTR_256,
- AES_CFB_128,
- AES_CFB_192,
- AES_CFB_256,
- RSA_OAEP_1024,
- RSA_OAEP_2048,
- RSA_OAEP_4096,
-};
-
-std::map<Algorithm, AlgoBasePtr> g_algorithms = {
- { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
- { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
- { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
- { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
- { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
- { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
- { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
- { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
- { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
- { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
- { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
- { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
- { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
- { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
- { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
-};
-
-void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
-{
- int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
- "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
-}
-
-void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
-{
- int ret = ckmc_param_list_set_integer(params.get(), name, integer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
- "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
-}
-
-struct EncryptionResult
-{
- RawBufferPtr encrypted;
- ParamListPtr params;
- Alias prvKey;
- Alias pubKey;
-};
-
-EncryptionResult encrypt(const AlgoBasePtr& algo,
- const RawBufferPtr& plain,
- const char* pass = nullptr)
-{
- EncryptionResult ret;
- ckmc_raw_buffer_s* encrypted = nullptr;
- KeyAliasPair aliases = algo->keyGen(pass);
-
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ret.params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_positive(apiEncrypt,
- ret.params.get(),
- aliases.pub.c_str(),
- pass,
- *plain.get(),
- &encrypted);
-
- ret.encrypted = create_raw_buffer(encrypted);
- ret.prvKey = aliases.prv;
- ret.pubKey = aliases.pub;
- return ret;
-}
-
-void testAllAlgorithms(
- const std::function<void(const AlgoBasePtr& algo)>& test)
-{
- for(const auto& it : g_algorithms)
- test(it.second);
-}
-
-void testNoIvEnc(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // param list with algo type only
- ParamListPtr params = createParamListPtr();
- setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
-}
-
-void testNoIvDec(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt;
- auto ret = encrypt(algo, plain);
-
- // param list with algo type only
- ParamListPtr params = createParamListPtr();
- setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
- assert_crypto_invalid_param(apiDecrypt,
- params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-}
-
-void testInvalidIvEnc(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-
- // invalid encryption
- auto test = [&](){
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- };
- // invalid iv size
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
- test();
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
- test();
-};
-
-void testInvalidIvDec(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // valid encryption
- auto ret = encrypt(algo, plain);
-
- // decryption
- auto test2 = [&](){
- assert_crypto_invalid_param(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- decrypted = nullptr;
- };
-
- // invalid iv size
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
- test2();
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
- test2();
-};
-
-void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // set AAD
- setParam(params, name, createRandomBufferCAPI(64));
-
- // encrypt
- assert_crypto_positive(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
- RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
-
- // decrypt
- assert_crypto_positive(apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- *tmpEnc.get(),
- &decrypted);
- RawBufferPtr tmpDec = create_raw_buffer(decrypted);
-
- // check
- assert_buffers_equal(*plain.get(), *tmpDec.get());
- tmpDec.reset();
- decrypted = nullptr;
-
- // set wrong AAD
- setParam(params, name, createRandomBufferCAPI(32));
-
- // decrypt
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- *tmpEnc.get(),
- &decrypted);
-}
-
-void testGcmIvSize(size_t size,
- const KeyAliasPair& aliases,
- EncryptionError error = EncryptionError::SUCCESS)
-{
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- RawBufferPtr encrypted;
- RawBufferPtr decrypted;
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
- ckmc_raw_buffer_s* decryptedTmp = nullptr;
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
-
- // encryption
- assert_crypto_result(error,
- apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
-
- if(error != EncryptionError::SUCCESS)
- return;
- encrypted = create_raw_buffer(encryptedTmp);
-
- // decryption
- assert_crypto_positive(apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- *encrypted.get(),
- &decryptedTmp);
- decrypted = create_raw_buffer(decryptedTmp);
-
- assert_buffers_equal(*plain.get(), *decrypted.get());
-}
-
-void testIntegrity(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- // break the encrypted data
- ret.encrypted->data[BUF_LEN/2]++;
-
- // no data integrity check
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-
- RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted, false);
-}
-
-void testCtrEncryptionInvalidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add AES CTR key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // encryption
- auto test = [&](){
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- };
- // invalid counter size
- setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
- test();
-}
-
-void testCtrEncryptionValidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add AES CTR key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // encryption
- auto test = [&](){
- assert_crypto_positive(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- };
- // valid counter sizez
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
- test();
-}
-
-void testCtrDecryptionInvalidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add AES CTR key & encrypt
- auto ret = encrypt(algo, plain);
-
- // decryption
- auto test = [&](){
- assert_crypto_invalid_param(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- decrypted = nullptr;
- };
- // invalid counter size
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
- test();
-}
-
-void testCtrDecryptionValidLength(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add AES CTR key & encrypt
- auto ret = encrypt(algo, plain);
-
- // decryption
- auto test = [&](){
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted);
- };
- // invalid counter size
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
- test();
-}
-
-void testGcmEncryptionTagLen(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encryptedTmp = nullptr;
-
- // add AES GCM key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- std::vector<TagTest> testData = {
- // illegal tag lengths
- { -1, EncryptionError::INVALID_PARAM },
- { 0, EncryptionError::INVALID_PARAM },
- { 16, EncryptionError::INVALID_PARAM },
- { 48, EncryptionError::INVALID_PARAM },
- { 72, EncryptionError::INVALID_PARAM },
- { 100, EncryptionError::INVALID_PARAM },
- { 108, EncryptionError::INVALID_PARAM },
- { 116, EncryptionError::INVALID_PARAM },
- { 124, EncryptionError::INVALID_PARAM },
- { 256, EncryptionError::INVALID_PARAM },
- // legal tag lengths
- { 32, EncryptionError::SUCCESS },
- { 64, EncryptionError::SUCCESS },
- { 96, EncryptionError::SUCCESS },
- { 104, EncryptionError::SUCCESS },
- { 112, EncryptionError::SUCCESS },
- { 120, EncryptionError::SUCCESS },
- { 128, EncryptionError::SUCCESS },
- };
-
- // encryption
- for(const auto& it : testData)
- {
- setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
- assert_crypto_result(it.expected,
- apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encryptedTmp);
- ckmc_buffer_free(encryptedTmp);
- encryptedTmp = nullptr;
- }
-}
-
-void testGcmDecryptionTagLen(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add AES GCM key & encrypt
- auto ret = encrypt(algo, plain);
-
- std::vector<TagTest> testData = {
- // illegal tag lengths
- { -1, EncryptionError::INVALID_PARAM },
- { 0, EncryptionError::INVALID_PARAM },
- { 16, EncryptionError::INVALID_PARAM },
- { 48, EncryptionError::INVALID_PARAM },
- { 72, EncryptionError::INVALID_PARAM },
- { 100, EncryptionError::INVALID_PARAM },
- { 108, EncryptionError::INVALID_PARAM },
- { 116, EncryptionError::INVALID_PARAM },
- { 124, EncryptionError::INVALID_PARAM },
- { 256, EncryptionError::INVALID_PARAM },
- // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
- { 32, EncryptionError::SERVER_ERROR },
- { 64, EncryptionError::SERVER_ERROR },
- { 96, EncryptionError::SERVER_ERROR },
- { 104, EncryptionError::SERVER_ERROR },
- { 112, EncryptionError::SERVER_ERROR },
- { 120, EncryptionError::SERVER_ERROR },
- // legal tag length that was actually used for encryption (default)
- { 128, EncryptionError::SUCCESS },
- };
-
- // decryption
- for(const auto& it : testData)
- {
- setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
- assert_crypto_result(it.expected,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- ckmc_buffer_free(decrypted);
- decrypted = nullptr;
- }
-}
-
-void testGcmWrongTag(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt with AES GCM
- auto ret = encrypt(algo, plain);
-
- // modify tag (last 16B of encrypted message)
- ret.encrypted->data[ret.encrypted->size-1]++;
-
- // EVP_CipherFinal fails but we can't get error code
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-}
-
-void testGcmDifferentIvSizes(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // add AES GCM key
- KeyAliasPair aliases = algo->keyGen();
-
- testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
- testGcmIvSize(12, aliases);
- testGcmIvSize(17, aliases);
- testGcmIvSize(128, aliases);
-}
-
-void testEncryptDecryptBigData(Algorithm type)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted);
-}
-
-void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- // add different key
- KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
-
-
- if (success) {
- // some algorithms don't verify key validity
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- differentKeys.prv.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted, false);
- } else {
- // different key should not be accepted
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiDecrypt,
- ret.params.get(),
- differentKeys.prv.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- }
-
- // Cleanup before testing next algorithm. Ignore results because not all keys are present
- ckmc_remove_alias(ret.prvKey.c_str());
- ckmc_remove_alias(ret.pubKey.c_str());
- ckmc_remove_alias(differentKeys.prv.c_str());
- ckmc_remove_alias(differentKeys.pub.c_str());
-}
-
-void testRsaLongestData(Algorithm type, size_t dataSize)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted);
-}
-
-void testRsaDataTooLong(Algorithm type, size_t dataSize)
-{
- const AlgoBasePtr& algo = g_algorithms.at(type);
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
-
- // encrypt
- EncryptionResult ret;
- ckmc_raw_buffer_s* encrypted = nullptr;
- KeyAliasPair aliases = algo->keyGen();
-
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ret.params = ParamListPtr(handle, ckmc_param_list_free);
- assert_crypto_result(EncryptionError::SERVER_ERROR,
- apiEncrypt,
- ret.params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
-}
-
-} // namespace anonymous
-
-
-RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
-
-/////////////////////////////////////////
-// Generic encryption decryption tests
-/////////////////////////////////////////
-
-RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // null param list
- assert_crypto_invalid_param(apiEncrypt,
- nullptr,
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
-
- // empty param list
- ParamListPtr params = createParamListPtr();
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- &encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
- apiEncrypt,
- params.get(),
- "non-existing-key-alias",
- nullptr,
- *plain.get(),
- &encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- ckmc_raw_buffer_s plain = { nullptr, 0 };
- ckmc_raw_buffer_s* encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- plain,
- &encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s** encrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_invalid_param(apiEncrypt,
- params.get(),
- aliases.pub.c_str(),
- nullptr,
- *plain.get(),
- encrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt;
- auto ret = encrypt(algo, plain);
-
- // null param list
- assert_crypto_invalid_param(apiDecrypt,
- nullptr,
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
-
- // empty param list
- ParamListPtr params = createParamListPtr();
- assert_crypto_invalid_param(apiDecrypt,
- params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- // remove key
- assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
-
- // try to decrypt
- assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- ckmc_raw_buffer_s encrypted = { nullptr, 0 };
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // add key
- KeyAliasPair aliases = algo->keyGen();
-
- // setup params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- assert_crypto_invalid_param(apiDecrypt,
- params.get(),
- aliases.prv.c_str(),
- nullptr,
- encrypted,
- &decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s** decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_crypto_invalid_param(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptDifferentKeys(AES_CBC_128, false);
- testEncryptDecryptDifferentKeys(AES_CBC_192, false);
- testEncryptDecryptDifferentKeys(AES_CBC_256, false);
- testEncryptDecryptDifferentKeys(AES_GCM_128, false);
- testEncryptDecryptDifferentKeys(AES_GCM_192, false);
- testEncryptDecryptDifferentKeys(AES_GCM_256, false);
- testEncryptDecryptDifferentKeys(AES_CTR_128, true);
- testEncryptDecryptDifferentKeys(AES_CTR_192, true);
- testEncryptDecryptDifferentKeys(AES_CTR_256, true);
- testEncryptDecryptDifferentKeys(AES_CFB_128, true);
- testEncryptDecryptDifferentKeys(AES_CFB_192, true);
- testEncryptDecryptDifferentKeys(AES_CFB_256, true);
- testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
- testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
- testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain);
-
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- nullptr,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted);
-
- assert_buffers_equal(*plain.get(), *decrypted);
- });
-}
-
-RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
- ckmc_raw_buffer_s* decrypted = nullptr;
-
- // encrypt
- auto ret = encrypt(algo, plain, PASSWORD);
-
- // wrong password
- assert_crypto_result(EncryptionError::AUTH_FAILED,
- apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- "wrong-password",
- *ret.encrypted.get(),
- &decrypted);
-
- // correct password
- assert_crypto_positive(apiDecrypt,
- ret.params.get(),
- ret.prvKey.c_str(),
- PASSWORD,
- *ret.encrypted.get(),
- &decrypted);
- RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
-
- assert_buffers_equal(*plain.get(), *decrypted);
- });
-}
-
-// long test split into smaller ones
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CBC_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CBC_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CBC_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_GCM_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_GCM_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CTR_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CTR_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CFB_128);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CFB_192);
-}
-
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
-{
- testEncryptDecryptBigData(AES_CFB_256);
-}
-
-/////////////////////////////////////////
-// Algorithm specific tests
-/////////////////////////////////////////
-
-RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
-{
- testNoIvEnc(AES_CTR_128);
- testNoIvEnc(AES_CTR_192);
- testNoIvEnc(AES_CTR_256);
- testNoIvEnc(AES_CBC_128);
- testNoIvEnc(AES_CBC_192);
- testNoIvEnc(AES_CBC_256);
- testNoIvEnc(AES_CFB_128);
- testNoIvEnc(AES_CFB_192);
- testNoIvEnc(AES_CFB_256);
- testNoIvEnc(AES_GCM_128);
- testNoIvEnc(AES_GCM_192);
- testNoIvEnc(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
-{
- testInvalidIvEnc(AES_CTR_128);
- testInvalidIvEnc(AES_CTR_192);
- testInvalidIvEnc(AES_CTR_256);
- testInvalidIvEnc(AES_CBC_128);
- testInvalidIvEnc(AES_CBC_192);
- testInvalidIvEnc(AES_CBC_256);
- testInvalidIvEnc(AES_CFB_128);
- testInvalidIvEnc(AES_CFB_192);
- testInvalidIvEnc(AES_CFB_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
-{
- testNoIvDec(AES_CTR_128);
- testNoIvDec(AES_CTR_192);
- testNoIvDec(AES_CTR_256);
- testNoIvDec(AES_CBC_128);
- testNoIvDec(AES_CBC_192);
- testNoIvDec(AES_CBC_256);
- testNoIvDec(AES_CFB_128);
- testNoIvDec(AES_CFB_192);
- testNoIvDec(AES_CFB_256);
- testNoIvDec(AES_GCM_128);
- testNoIvDec(AES_GCM_192);
- testNoIvDec(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
-{
- testInvalidIvDec(AES_CTR_128);
- testInvalidIvDec(AES_CTR_192);
- testInvalidIvDec(AES_CTR_256);
- testInvalidIvDec(AES_CBC_128);
- testInvalidIvDec(AES_CBC_192);
- testInvalidIvDec(AES_CBC_256);
- testInvalidIvDec(AES_CFB_128);
- testInvalidIvDec(AES_CFB_192);
- testInvalidIvDec(AES_CFB_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
-{
- testIntegrity(AES_CTR_128);
- testIntegrity(AES_CTR_192);
- testIntegrity(AES_CTR_256);
- testIntegrity(AES_CBC_128);
- testIntegrity(AES_CBC_192);
- testIntegrity(AES_CBC_256);
- testIntegrity(AES_CFB_128);
- testIntegrity(AES_CFB_192);
- testIntegrity(AES_CFB_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
-{
- testCtrEncryptionInvalidLength(AES_CTR_128);
- testCtrEncryptionInvalidLength(AES_CTR_192);
- testCtrEncryptionInvalidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
-{
- RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
- testCtrEncryptionValidLength(AES_CTR_128);
- testCtrEncryptionValidLength(AES_CTR_192);
- testCtrEncryptionValidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
-{
- testCtrDecryptionInvalidLength(AES_CTR_128);
- testCtrDecryptionInvalidLength(AES_CTR_192);
- testCtrDecryptionInvalidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
-{
- RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
- testCtrDecryptionValidLength(AES_CTR_128);
- testCtrDecryptionValidLength(AES_CTR_192);
- testCtrDecryptionValidLength(AES_CTR_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
-{
- testGcmEncryptionTagLen(AES_GCM_128);
- testGcmEncryptionTagLen(AES_GCM_192);
- testGcmEncryptionTagLen(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
-{
- testGcmDecryptionTagLen(AES_GCM_128);
- testGcmDecryptionTagLen(AES_GCM_192);
- testGcmDecryptionTagLen(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
-{
- testGcmWrongTag(AES_GCM_128);
- testGcmWrongTag(AES_GCM_192);
- testGcmWrongTag(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
-{
- testGcmDifferentIvSizes(AES_GCM_128);
- testGcmDifferentIvSizes(AES_GCM_192);
- testGcmDifferentIvSizes(AES_GCM_256);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
-{
- encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
- encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
- encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
-{
- RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
- encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
- encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
- encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
-{
- testRsaLongestData(RSA_OAEP_1024, 86);
- testRsaLongestData(RSA_OAEP_2048, 214);
- testRsaLongestData(RSA_OAEP_4096, 470);
-}
-
-RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
-{
- testRsaDataTooLong(RSA_OAEP_1024, 87);
- testRsaDataTooLong(RSA_OAEP_2048, 215);
- testRsaDataTooLong(RSA_OAEP_4096, 471);
-}
-
-/////////////////////////////////////////
-// Asynchronous only tests
-/////////////////////////////////////////
-RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBuffer plain = createRandomBuffer(BUF_LEN);
-
- // keys
- KeyAliasPair aliases = algo->keyGen(nullptr);
-
- // params
- ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
- ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-
- // encrypt
- test_no_observer(&ManagerAsync::encrypt,
- *reinterpret_cast<CryptoAlgorithm*>(params.get()),
- aliases.pub,
- Password(),
- plain);
- });
-}
-
-RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
-{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
-
- // encrypt
- auto ret = encrypt(algo, plain);
- RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
-
- // decrypt
- test_no_observer(&ManagerAsync::decrypt,
- *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),
- ret.prvKey,
- Password(),
- encrypted);
- });
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * @file system-db.cpp
- * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <ckm/ckm-control.h>
-#include <ckmc/ckmc-manager.h>
-#include <access_provider2.h>
-#include <fstream>
-#include <ios>
-#include <unistd.h>
-
-namespace
-{
-const uid_t USER_APP = 5070;
-const uid_t GROUP_APP = 5070;
-const char* APP_PASS = "user-pass";
-const char* TEST_WEB_APP_1 = "web_app1";
-const char* TEST_WEB_APP_2 = "web_app2";
-
-const char *XML_DEVICE_KEY = "device_key.xml";
-
-const char *XML_1_okay = "XML_1_okay.xml";
-std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
-std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
-std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2");
-// uncomment when AES is supported (+ usage in the tests)
-std::string XML_1_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
-std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
-std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
-const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
-// encrypted
-std::string XML_1_EXPECTED_KEY_3_RSA_PRV = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
-std::string XML_1_EXPECTED_KEY_3_RSA_PUB = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
-std::string XML_1_EXPECTED_ASCII_DATA = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
-std::string XML_1_EXPECTED_BIG_DATA = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
-
-const char *XML_2_okay = "XML_2_okay.xml";
-std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
-std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
-// uncomment when AES is supported
-std::string XML_2_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
-std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
-std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
-const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
-
-const char *XML_3_wrong = "XML_3_wrong.xml";
-std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
-std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
-// uncomment when AES is supported
-std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
-std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
-
-
-std::string format_src_path(const char *file)
-{
- return std::string("/usr/share/ckm-test/") + std::string(file);
-}
-
-std::string format_dest_key_path(const char *file)
-{
- return std::string("/opt/data/ckm/") + std::string(file);
-}
-
-std::string format_dest_path(const char *file)
-{
- return std::string("/opt/data/ckm/initial_values/") + std::string(file);
-}
-
-void copy_file(const std::string &from, const std::string &to)
-{
- std::ifstream infile(from, std::ios_base::binary);
- RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
- std::ofstream outfile(to, std::ios_base::binary);
- RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
- outfile << infile.rdbuf();
-}
-
-void restart_key_manager()
-{
- stop_service(MANAGER);
- start_service(MANAGER);
-}
-
-void test_exists(const std::string& name, bool expected) {
- bool file_exists = (access( name.c_str(), F_OK ) != -1);
- RUNNER_ASSERT_MSG(file_exists == expected,
- "File " << name << " status: " << file_exists <<
- " while expected: " << expected);
-}
-
-}
-
-
-RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
-
-RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. This test requires password protected db.");
- // [prepare]
- // remove database 0
- // copy to the initial-values folder
- // [test0]
- // check XML file exists
- // restart the key-manager
- // check XML file exists - should fail
- // [test1]
- // check items existence as system service
- // [test2]
- // check items existence as web_app1
- // [test3]
- // check items existence as web_app2
-
-
- // [prepare]
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
-
- // [test0]
- test_exists(format_dest_path(XML_1_okay), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_1_okay), false);
-
- // [test1]
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_1);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- }
-
- // [test3]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- }
-}
-
-RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy two files to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
- // check items existence as system service
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
-
- // [test0]
- test_exists(format_dest_path(XML_1_okay), true);
- test_exists(format_dest_path(XML_1_okay), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_2_okay), false);
- test_exists(format_dest_path(XML_2_okay), false);
-
- // [test1]
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
- check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
-}
-
-RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy failing XML file to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
- // check items existence as system service - nothing should be available
-
- // [prepare]
- copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
-
- // [test0]
- test_exists(format_dest_path(XML_3_wrong), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_3_wrong), false);
-
- // [test1]
- check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
- check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
- check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
- check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
-}
-
-RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
-{
- // [prepare]
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test]
- // check if key can create & verify signature
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test]
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- XML_1_EXPECTED_KEY_2_RSA.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // invalid password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_1_RSA.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- // correct password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_1_RSA.c_str(),
- XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test0]
- // check if encrypted private key is present
- // check if public key is present
- // [test1]
- // extract the private, encrypted key
- // extract the public key
- // create signature using the public key
- // verify signature using the decrypted private key
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test0]
- check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
-
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- // invalid password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- ckmc_buffer_free(signature);
-}
-
-RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test0]
- // extract data
- // check if data matches the expected size and content
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test0]
- ckmc_raw_buffer_s *testData1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
- CKMCReadableError(temp));
- size_t expected_len = 15;
- RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
- RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
- ckmc_buffer_free(testData1);
-}
-
-RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
- // [test0]
- // extract data
- // check if data matches the expected size
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test0]
- ckmc_raw_buffer_s *testData1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
- ckmc_buffer_free(testData1);
-}
+++ /dev/null
-My secret data
+++ /dev/null
-ÃŽÃ C\8e\9f)´[aÂN½Q®\~
\ No newline at end of file
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
-1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
-S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
-OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
-DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
-yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
-MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
-koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
-IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
-HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
-mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
-l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
-u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
-4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
-Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
-IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
-hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
-38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
-2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
-XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
-ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
-n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
-upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
-RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
-tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Vx4MBKFGalaRh+BzSYn
-W8am8ajbnyD6AaweHcH+oAAQX7Ll1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy
-+/X/pMBa4MHrjzH01gzzV0jyqEOrS6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLg
-jBkbrmKEMHMk6jT5NUtKhpBXo0/gOgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG
-1tFxGbeQkmBBxXVIr7u/z9WDG32RDiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspF
-y7ek0x0Lll3t1P7FMgF1V21PFhclyX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlc
-SQIDAQAB
------END PUBLIC KEY-----
+++ /dev/null
-_ThisIsIVForAES_
\ No newline at end of file
+++ /dev/null
-IVdiffersFrItems
\ No newline at end of file
+++ /dev/null
-__another_IV_2__
\ No newline at end of file
+++ /dev/null
-PNGIVPNGIVPNGIVP
\ No newline at end of file
+++ /dev/null
-ABCDEFGHIJKLMNOPRSTUVWXYZ0123456
\ No newline at end of file
+++ /dev/null
-* RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
-* encode base64: openssl enc -base64 -in encryption_AES_key.encrypted
-* encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in test.der.priv -out test.der.priv.enc
-* decrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -d -in test.der.priv.enc -out test.der.priv
+++ /dev/null
-BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
-6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
-0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
-tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
-+iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
-xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
-FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
-vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
-54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
-Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
-wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
-j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
-bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4
-x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x
-fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB
-AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx
-KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr
-sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN
-p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4
-Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj
-ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl
-oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/
-UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw
-iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2
-N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
-JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
-CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
-3Op0tEjy0jpmzeyNiQIDAQAB
------END PUBLIC KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx
-EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl
-c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx
-MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
-DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w
-HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j
-L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7
-nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc
-UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT
-thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6
-XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E
-FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/
-HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97
-Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v
-vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc
-4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB
-pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8
-SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm
-F2obL5qJSTN/RQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICqTCCAZECAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHzAdBgNVBAMMFlRlc3Qg
-SU0gQ0EgY2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDOYEXvyoKWCgp+csCdwxdnBnXhNb7mRqCzX5AJh6DdzuMv35G8PEhpfa0p/Wy6
-QlzBB9ipSVCTC37nwsw5vY5G2SmPw6vpYJYJnQHOd5Py6DufElPib35uiEwXQmgq
-OMHYfgo0wdqYsjBTFEq3qfJ+TzWRWEk6La/PPF35QI+Lo9xQBsk0fjx42A4iDnmf
-IWi9XNiPwYij/0a8cmPzc89r8qUln5nWpkBJln9ViiumVVO2Gwdcp96OEXLlgn23
-uf+/IBCzIGxqBmy9fX3GcfjV9thccp/xRtcbbes1pmVyGzpclUtB3M6mPdZOP+UK
-hxUeotpkhIuE1DdojuRQFR2LAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAOERz
-vFL+n7sPG3KdkWJFdIYKZvPHCOaJ6mdrNatAF1rHeRayeSgM6PYwQF4DwwKcPLyo
-IUi2B2sxabvKCCBZ9EjIrhG2fC2ocv7VawuQecB9QET6X4sbUcchcBCkGwL7evrZ
-LzWSs9lBr8wwkPdHwvujup5VTZ7+VYs1lVt38CrFERrAlY03v5VDwN1B1JUCqcDf
-wh69OJNPDgx7Y09GJLoRBfdXSpSVGznDmSB+VRCGb/JsiWAB+qtse1cN4Iwihx8I
-+hhfRFLsxBKo/iYncuovPY0riRYBJsop6g/hLqn6kXIhzNnaApKhpwxpmN1cO5N6
-hnsAlvR2v9u2bFMILQ==
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7jL9+R
-vDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7nxJT
-4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6PcUAbJ
-NH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVTthsH
-XKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6XJVL
-QdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABAoIBAQCLidy/vZV+DVv7
-E2vZP8fbCSs7EzP4T1jo73xcdS/3yaMjA29ubvQnH6qt8YRKjARbIAsGq2OniOZN
-nhCoGdrRXJQVeKAMNBo+dcJ6769BVnS5oZLGT8yUv+Ny9punsKig0NflxA0hoZm7
-EsVSWb50WOpHVAJvK+Trok2H8nccWn6q3od9xSoDszexhGFgo1Q9qFVP/YUfT1Qg
-8ZwRu04JTZEHa9DXIRir10rkvhHTHJ0nb+9FeWd6CsCkOtdWRig3a+Vq+4MK/Yt3
-dstf0D1MQXG2WPaHxPB/DpJBOoU7jj4FxrIaJGPM7qVFnpHwRh0iCKtkGQfarKR6
-JjshtU7BAoGBAPywan5o9ZOD+NnfazglPlFrkBansXG329GP/2ag8+PWOadgin+0
-oyMqB81lBr6yI4ZmM+DgvXkb4yjHb9hGNoWjgttbtjU9eVaXzOg5laOd8nZIhmki
-aH/1yPa0sqmlsAlipUq3nqHKOSeG6pE2dg/R5Yu4TYFj6WV57AbLhxPXAoGBANEU
-guet7XZMAiAJKmEy3pRs22Qs0YcEywX44h09ShPz2OoNYpuSWzS2RgxRbSgs0f25
-ks94lYMNOnm6RMWawRgMPv0Z2Pbwpki6CR72ratvZKqYOoZkCg+UM9pMpvmOd4W3
-ZybxLa/4tJMdpVU4unhJ4v1ZIt2lThnC8d369k1tAoGAVF6rEA4HgPudiVF5wUNe
-LV1WvNm8+5VCBhSoWCIBjN8oXOR1GfK8Ta9o74F94QolpmhVhg5D9T4EeMcuZu36
-omBX/tn+WoRuESWaOyeO+RRxsmDA0DW24pK0SPtIdDBoOJoBSpNImgilULdRdq7S
-eLHCjQY6iqtLcKBm2FX4gf0CgYAW9qfCBmpUWdjJ5/fNoSatKp+WCw4gRDiAOWus
-RnUCZ//lBP9VkueNjI94/uB8Tx/pPB6Rxu607BkGEZ1IDs0ydPXeGp6n0JqS1kv2
-KKW+dIeb7QhQhmBMgbyIN28HbcxW1WPw9QBNmYVLuy/Tgl2IpKTXqpiXu3YugijK
-dqviqQKBgF+L6GJPZkVIA1YSy6E3ph2F6K1kxSamTuSA+48352PJ0QFapes8blVg
-vtnlku41CO383G3qk0zZIpgalE2SeF1p5UO/pT6M9mAmJJMY0iF8jTQkvJa9WUwD
-zxWFEfIgTFlU9PtOnPQZlZELS0nwlRXsGYsWJiwEcMbBrXCQNXXV
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD
-VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw
-HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET
-MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz
-dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC
-9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da
-eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W
-rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo
-5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs
-BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw
-TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk
-zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
-AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX
-ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus
-9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS
-Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV
-qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
-kOg11TpPdNDkhb1J4ZCh2gupDg==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr12w+a9jd0
-s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+
-g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzP
-GFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrG
-iiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAO
-cnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABAoIBAQDNI3YvrrRdfHfJ
-ZG9jp6q/dp/h2nGpeJBZ3XmtMbMpO/7tZwTKhkVXeIaRVJXxhBrCQQ6+KnaQBA9n
-2nbCnmXwqhBKaZy1whBYewbW2er/VPGijB5pG3zwUWPEBcqxPtSluM54ZcDUfKqg
-2kgWorCSnyLRwxzKz4G74qRG+XWsFncEaGSk7upv49LPrNMBrSQaiEy/HsNvR4gd
-viQ7E1RY3Tj9T0DFruv4RU9gIvXagCs+lole1fZDGupD3QBschJWGoNyyes4yjMS
-fWbGWquWMXfsrSi7CuwIrFoOVIErAjlU1m1CJqB+mZMubTOdmOnJMjNQOqXgvhN7
-0z/aKh6xAoGBAPyKYeVZUVC+wbIl3t0QEDtXaPaOnN6IJfMkHGQ+kCw2GjiUl628
-hqdR3eKZgu0nC9o9erlvOm3ItfKWMHrTtwE66ON1uFmGY1IzEEbgmHmiVtFdgk/C
-QVxIVz7ht66raqZ3ES0FMaFJvvQw3fT3pa7hCr0XA5xyfOBd99ylRhnlAoGBANMc
-peBk2HO29JPw+vcUeLJv4g4/EoE1gEWzUy8BKnqqP4vvh7hCMUuo+1U7IOy2MKXd
-TuXJ5tcuGSIfi02ID2darSlE2jZcYwahn4RTvYttfKksBw2ulf52g62Ig8vG4nkf
-sAOs9EOdRCyCVDomXxt4Oi+NFd0Wks5Rec9T3PwlAoGAexLpwL81rNc6SJrCMRP6
-BSGFStuXwa+yZvtLRuNimdlIEBkCjq4ZJYP1UdCkiPUFhrd9js+RNx2g5nehasqx
-Hk1aYDfnvuGKl+3A2fns9SJTkzcyIbK27cVnl4KjZOGvWS8f1MP6OvNYt2L1WMQ0
-H7UW6a5EmUMGbsX83LBDKK0CgYBXKgXm/1xLcqfLCX1lVMN80SshvLL0PFXI8YCP
-8MhMO0zfhzefQV0/Ivcaur4eXh757MUtpU41XCguaZ3Hljzd7JeAaZg7R6vvSf4l
-0bl5/uuwoagL4yC1HtPBa5MXKPfLEOVIrzlvTVifk/QYyk0Md3h2t6bmUPKuUv+b
-NcIRLQKBgQCQ56ygXw/DgrTk+QC+prA11UVUy5EYWSifhQZGRRZ/IOxjzVZ9NQf6
-lKxLg9QHQ3/FOk01pk3m2K8wz+bucCxJgXf38wIpJp9t9DWgnjrJqB2xw4tMzFvL
-AnBVXNYND8vdi51tIaziFuOgW81SroZFoX5XBv8wPv/HZT2KqxAMmg==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx
-HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0
-WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T
-dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV
-VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl
-z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq
-QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc
-bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E
-4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk
-4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp
-UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj
-CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/
-i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9
-HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF
-Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz
-6ON7PVe0ABN/AlwVQiFE
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICqDCCAZACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHjAcBgNVBAMMFVRlc3Qg
-bGVhZiBjZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM03QyGtrQ5kcRZyIIhvpgc/BqElTg7NCJjUBm6o/qS4QThUR/H7GoeCZc+WBfSs
-ITFS5J5xxhSxPzW+wHN+ZBM4TEDKU0caIVvN6McN3mfMzfxQaCqoOKh0akEfJEtd
-GF04KwUdHsf1afjlChMOoe8i9q+E6b65/f6h8LMbS8almwyFX9TvW9S33G5ZWDHZ
-leROtsjebXMKwz/ILx4xZ1Xi86xvME6XPRUfdP9CZH6eYwCXAKzgS609BOFUarPu
-B7sE/IwMBQJjZ3OyGF+ako7UlpJph3u9yv5cwfjoiNCRHP93llE1qsE0pOLTQokB
-gSid/S1z0wQSXc5sVR+wlA0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAI0DmU
-6E9XSs42wVqzKghvjuGwXH+SHIxSTQVaoXzMbFnsCPrt9F9FGTKjRq2IRBHb2yq/
-S+kW3ptSteKrqLzABxaQ8aCt//Xm/hYnpeJZV4WuDr2TWpEfT0U955iGRAOqpOzi
-E19J9h7F/+cX1FzVdP86mHhwQERTPWGg8jiwEPuApe3APmNBYlu7K4zMa2IB/LKh
-cItzpqi8sJ0wmGQrdRVHgNyBc7TC2IkyCVl5eJiD+gmQEOuy6agAVggWM9yQQlNg
-5WkqBDegPG/pLOxFvDtaV2SlxSuFAXKDoyRPeRC21w6pYEtc7aXzpgBWgcv2R0pT
-NrWNXibZ7aLImIhW
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH
-8fsah4Jlz5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBo
-Kqg4qHRqQR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf
-1O9b1LfcbllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcA
-rOBLrT0E4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eW
-UTWqwTSk4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABAoIBAQCTBhmhglVu70Ua
-KK/oL91KabwtLZXsArc7DwSAubCegKexXKii1B0goqqge8JOlhe9x76lSav5XTeF
-IOGunQnDv1zaOlpJoY3uwOoZ2nTR9yhIsa6/iP/2qFkLyOzu1YbEGp6vrjpEVi4T
-NLzwBFa+BlWoUFhK3eP8TzcsiszSRr8/vbvlRFzDyq4+YqLsAHpGsvaIZHScU3iG
-AjtCCCpV9HNW3TAAhGq9j/x3YPqt6edrsK1taR+dbLIeGoMnmMReaxgaKd7wWZCr
-dbvngGtpgyEXjONkXVpAcZrD2AaWoGWHjoik+14T4K2QU4OW8jQ2h2uljQa2JXDu
-+LMaTKCBAoGBAP6MPqMfcMmf4bYAhrgeZMwSq1F7ubBPu/YyOYiCF6J259jcdxjY
-HfdwtDeoNGKCwE8S8BMXMs33tlL8/AcVdYwbIMVmk6ZXmyFDAyUGB/fGq+QkFCwJ
-yVHb75uuiPpn8euIwg+Y9NBDQYt59oJI9TyCjNPy6Xd612u6AXBcFU1hAoGBAM5i
-+HM6lSuqNdp77awbDIzuuu/zTRzgF4bbodjGSxwn1cx7xb2iCPWiykiD5EU3XWWv
-68i15yud6ooIFjxGYP6oYjFIpfjRU7n+/UJpbnkTjMUbUqc4IpiP+ruU9hoMZZ3S
-ey+bLSYQfy6Jf8YnCLkroKtGsgFF30gi0EL6qjotAoGAFTPzZ70PtQvHTlS+5AlM
-Fh+b+56VuhT6MCjA2BkWBOdoqoy6suwVmu3dZSFys532jN+j9cMh7TwsCL+f8qsb
-7n63/RltRRbZCi09ztCwyzfWS5uhvoVWKqZqUAp6yHjuEtOCbrAr/EkN5aNUIEgZ
-fV/WgTUjs1sdJJEK26Qf9iECgYB2HmabbDfbmbrgpHTOP1zbe/Y5RkIn+Ij+gc0L
-R9HM92+BbIUrlwURsG2dOv72Lk2h2SFU6ea4K9UD0sUHEjCJDs3D7xQuZ39HwAwq
-ajTzzqCOXqjbU2FZd23E1ehT2CyAOuqNwH4CfwaLF96tBcIUWEfIPtm5qMe1fVc8
-PkIWsQKBgQCiwgARCIHhzXUoAY8U0k4Ng8cTj2ykISTf9HKXyKoInhBbuHRDvYsU
-oCPi8eYvz4Vwmwcf938CdtLAd5XHCMmTQ+96Xjt/QgJrkA3n04hWsgTMQM2E9QMv
-cxv8UfypFUzhMkUfj4b3EsaTHOxJVS3Ml5m8+YJdncKoZnz8lBKALA==
------END RSA PRIVATE KEY-----
+++ /dev/null
-#include <netdb.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-#include <test-certs.h>
-#include <access_provider2.h>
-
-#include <ckm-common.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-#include <ckm/ckm-pkcs12.h>
-
-#include <fstream>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
-
-const int USER_APP_2 = 5020;
-const int USER_APP_3 = 5030;
-
-const char * const APP_PASS = "user-pass";
-const int USER_TEST = 5001;
-const char* TEST_LABEL = "test_label";
-
-const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
-const CKM::AliasVector EMPTY_ALIAS_VECTOR;
-} // namespace anonymous
-
-/*
- * How to numerate tests:
- * TABCD_NAME
- * T - test case (always T)
- * AB - number of test group (always two digits)
- * C - test number in group (all tests with same TABC must be run in the same time).
- * D - subtest.
- */
-
-RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
-RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
- stop_service(MANAGER);
- start_service(MANAGER);
-
- std::ifstream is("/usr/share/ckm-test/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- // all further tests will start with newly started service,
- // OpenSSL on the service side will have to be properly initialized too
- stop_service(MANAGER);
- start_service(MANAGER);
-}
-
-RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
-
-RUNNER_TEST(T0011_Control)
-{
- int temp;
- auto control = CKM::Control::create();
-
- control->removeUserData(0);
- control->removeUserData(USER_APP_2);
- control->removeUserData(USER_APP);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0012_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0013_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0014_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0015_Control)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T0016_Control_negative_wrong_password)
-{
- RUNNER_IGNORED_MSG("Temporary turn off. This test requires password support.");
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
-#ifndef PASSWORD_PROTECTION_DISABLE
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
- "Error=" << CKM::ErrorToString(temp));
-#endif
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T1010_init)
-{
- unlock_user_data(USER_APP, "user-pass");
-}
-
-RUNNER_TEST(T1011_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = sharedDatabase("mykey");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1012_certificate)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
- CKM::CertificateShPtr cert2;
- CKM::Alias alias = sharedDatabase("myCert");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- cert->getDER() == cert2->getDER(),
- "Data has been modified in key manager");
-}
-
-RUNNER_CHILD_TEST(T1013_user_app_save_key)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(), "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1014_save_with_label)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key_name, key_full_addr;
- CKM::Alias alias = "mykey-2";
- std::string top_label = getOwnerIdFromSelf();
- std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- // lookup by name
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key_name->getDER(),
- "Key value has been changed by service");
-
- // lookup by full address
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key_full_addr->getDER(),
- "Key value has been changed by service");
-}
-
-RUNNER_TEST(T1015_deinit)
-{
- remove_user_data(0);
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
-
-RUNNER_TEST(T1020_init)
-{
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1021_save_keys_get_alias)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-}
-
-RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-}
-
-RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
-{
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
- CKM::Policy notExportable(CKM::Password(), false);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1029_deinit)
-{
- remove_user_data(0);
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
-RUNNER_TEST(T1030_init)
-{
- remove_user_data(0);
- reset_user_data(USER_APP, APP_PASS);
-}
-
-RUNNER_TEST(T1031_save_get_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
- "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData = "My bin data";
-
- CKM::RawBuffer buffer(binData.begin(), binData.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-}
-
-RUNNER_TEST(T1033_remove_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data2";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- std::string invalid_address = sharedDatabase("i-do-not-exist");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num-2),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1034_app_remove_bin_data)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num-2),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1035_getData_wrong_password)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data4";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer1,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1036_deinit)
-{
- remove_user_data(0);
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
-
-RUNNER_TEST(T1040_init)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1041_create_RSA_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- ScopedAccessProvider ap("mylabel-rsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
-}
-
-RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- ScopedAccessProvider ap("mylabel-rsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1043_create_DSA_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- ScopedAccessProvider ap("mylabel-dsa");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- size_t current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
-}
-
-RUNNER_CHILD_TEST(T1044_create_AES_key)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::AliasVector av;
-
- AccessProvider ap("mylabel-aes");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int current_aliases_num = count_aliases(ALIAS_KEY);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == (temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
-}
-
-RUNNER_TEST(T1049_deinit)
-{
- remove_user_data(USER_APP);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
-
-RUNNER_TEST(T1110_init)
-{
- unlock_user_data(USER_APP, "user-pass");
-}
-
-RUNNER_TEST(T1111_CreateKeyPairRSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("rsa-test-1");
- CKM::Alias a2 = sharedDatabase("rsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1112_CreateKeyPairDSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("dsa-test-1");
- CKM::Alias a2 = sharedDatabase("dsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1113_CreateKeyPairECDSA)
-{
- int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
- CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
- CKM::Policy p1;
- CKM::Policy p2;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1114_deinit)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
-RUNNER_TEST(T12100_init)
-{
- reset_user_data(USER_APP, APP_PASS);
-}
-
-RUNNER_TEST(T12101_key_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "rsa-alias-duplication";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-/*
- * These test cases tests API when empty parameters are passed to functions
- */
-
-RUNNER_TEST(T12102_saveKey_empty_alias)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLc\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias; //alias is not initialized
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12103_saveKey_foreign_label)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "iamsomebodyelse alias";
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12104_saveKey_empty_key)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::KeyShPtr key; //key is not initialized
- CKM::Alias alias = "empty-key";
-
- int ret;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12105_saveCertificate_empty_alias)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
- CKM::Alias alias; //alias is not initialized
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12106_saveCertificate_foreign_label)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto cert = TestData::getTestCertificate(TestData::GIAG2);
- CKM::Alias alias = "iamsomebodyelse alias";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12107_saveCertificate_empty_cert)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::CertificateShPtr cert; //cert is not initialized
- CKM::Alias alias = "empty-cert";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12108_saveData_empty_alias)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string testData = "test data test data test data";
- CKM::RawBuffer buffer(testData.begin(), testData.end());
- CKM::Alias alias;
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12109_saveData_foreign_label)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string testData = "test data test data test data";
- CKM::RawBuffer buffer(testData.begin(), testData.end());
- CKM::Alias alias = "iamsomebodyelse alias";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12110_saveData_empty_data)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::RawBuffer buffer;
- CKM::Alias alias = "empty-data";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-/*
- * These test cases tests API when trying to get data from not existing alias
- */
-
-RUNNER_TEST(T12111_getKey_alias_not_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::KeyShPtr key;
- CKM::Alias alias = "this-alias-not-exist";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12112_getCertificate_alias_not_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- CKM::CertificateShPtr certificate;
- CKM::Alias alias = "this-alias-not-exist";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12113_getData_alias_not_exist)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
- CKM::RawBuffer buffer;
- CKM::Alias alias("some alias");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-/*
- * These test cases tests API when damaged keys are used
- */
-RUNNER_TEST(T12114_RSA_key_damaged)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- // "BROKENBROKENBROKENBROKENBROKENTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- // "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "damaged-rsa";
-
- RUNNER_ASSERT_MSG(
- NULL == key.get(), "Key is broken. It should be empty");
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12115_RSA_key_too_short)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- //"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "short-rsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12116_DSA_key_too_short)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- const std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
- "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
- //"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
- "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
- //"AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
- "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
- "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
- "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
- "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
- "YMYCBhubtrVaLmc=\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer);
- CKM::Alias alias = "short-dsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12117_AES_key_too_short)
-{
- int ret;
- auto manager = CKM::Manager::create();
-
- size_t key_size = (128-1);
- CKM::RawBuffer key_AES = createRandomBuffer(key_size/8);
-
- auto key = CKM::Key::create(key_AES);
- CKM::Alias alias = "short-AES";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-/*
- * These test cases tests CKM service if malicious data is provided over the socket.
- */
-
-RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int ret;
- auto manager = CKM::Manager::create();
-
- // fake the client - let the service detect the problem
- class WrongKeyImpl : public CKM::Key
- {
- public:
- WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
- }
-
- virtual bool empty() const {
- return false;
- }
-
- virtual CKM::KeyType getType() const {
- return CKM::KeyType::KEY_RSA_PUBLIC;
- }
- virtual int getSize() const {
- return 1024;
- }
- virtual CKM::ElipticCurve getCurve() const {
- return CKM::ElipticCurve::prime192v1;
- }
- virtual CKM::RawBuffer getDER() const {
- return m_dummy;
- }
- virtual ~WrongKeyImpl() {}
- private:
- CKM::RawBuffer & m_dummy;
- };
- std::string dummyData = "my_cat_Berta\n";
- CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
- auto key = std::make_shared<WrongKeyImpl>(buffer);
- CKM::Alias alias = "damaged-rsa";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
-{
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- // fake the client - let the service detect the problem
- class WrongCertImpl : public CKM::Certificate
- {
- public:
- WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
- m_x509 = X509_new();
- }
-
- bool empty() const {
- return false;
- }
-
- virtual X509 *getX509() const {
- return m_x509;
- }
-
- virtual CKM::RawBuffer getDER() const {
- return m_dummy;
- }
-
- virtual ~WrongCertImpl() {
- X509_free(m_x509);
- }
- private:
- X509* m_x509;
- CKM::RawBuffer & m_dummy;
- };
- std::string dummyData = "my_cat_Stefan\n";
- CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
- auto cert = std::make_shared<WrongCertImpl>(buffer);
- CKM::Alias alias = "damaged-cert";
-
- int temp;
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T12120_deinit)
-{
- remove_user_data(USER_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
-
-RUNNER_TEST(T1311_init)
-{
- remove_user_data(0);
- RUNNER_ASSERT_MSG(time(0) > 1405343457,
- "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
-
- ScopedLabel sl("System");
- struct hostent* he = gethostbyname("google.com");
-
- RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
- "is not woking on the device. OCSP tests requires network access!");
-}
-
-RUNNER_TEST(T13121_get_chain_no_cert)
-{
- CKM::CertificateShPtrVector certChain;
- CKM::CertificateShPtr cert;
-
- auto manager = CKM::Manager::create();
-
- int ret = manager->getCertificateChain(cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
- "Function should fail for empty certificate");
-}
-
-RUNNER_TEST(T13122_get_chain_empty_cert)
-{
- CKM::CertificateShPtrVector certChain;
- CKM::CertificateShPtr cert = CKM::Certificate::create(CKM::RawBuffer(),
- CKM::DataFormat::FORM_PEM);
-
- auto manager = CKM::Manager::create();
-
- int ret = manager->getCertificateChain(cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
- "Function should fail for empty certificate");
-}
-
-RUNNER_TEST(T13129_get_chain)
-{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
-
- CKM::CertificateShPtrVector certVector = {cert1};
- CKM::CertificateShPtrVector certChain;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert,
- EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T1313_get_chain_with_alias)
-{
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
-
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
- CKM::Alias alias = sharedDatabase("imcert");
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
- "Error=" << CKM::ErrorToString(tmp));
-
- aliasVector.push_back(alias);
-
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-}
-
-RUNNER_TEST(T13141_ocsp_check_valid_chain)
-{
- RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
-
- auto cert = TestData::getTestCertificate(TestData::MBANK);
- auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
- CKM::CertificateShPtrVector certVector = {cert1};
- CKM::CertificateShPtrVector certChain;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
- "Wrong size of certificate chain.");
-
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
-}
-
-RUNNER_TEST(T13142_ocsp_check_empty)
-{
- RUNNER_IGNORED_MSG("Temporary turned off.");
- CKM::CertificateShPtrVector certVector;
-
- auto manager = CKM::Manager::create();
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
- "ocspCheck should fail for empty certificate vector");
-}
-
-RUNNER_TEST(T13143_ocsp_check_empty_ptrs)
-{
- CKM::CertificateShPtrVector certVector = {
- CKM::CertificateShPtr(),
- CKM::CertificateShPtr(),
- CKM::CertificateShPtr()};
-
- auto manager = CKM::Manager::create();
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
- "ocspCheck should fail for empty certificate vector");
-}
-
-RUNNER_TEST(T13144_ocsp_check_root)
-{
- RUNNER_IGNORED_MSG("Temporary turned off.");
- auto root = TestData::getTestCertificate(TestData::EQUIFAX);
- CKM::CertificateShPtrVector certVector = {root};
-
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
- "Ocsp should fail for single certificate");
-}
-
-RUNNER_TEST(T13145_ocsp_check_no_ocsp)
-{
- RUNNER_IGNORED_MSG("Temporary turned off.");
- auto root = TestData::getTestCertificate(TestData::EQUIFAX);
- auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST);
- auto ca1 = TestData::getTestCertificate(TestData::GIAG2);
-
- CKM::CertificateShPtrVector certVector = {ca1, ca2, root};
-
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty");
-
- int tmp;
- int status;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed");
-}
-
-RUNNER_TEST(T1315_deinit)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
-
-RUNNER_TEST(T1411_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T1412_RSA_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
- CKM::Password password = "1234";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1413_DSA_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
- "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
- "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
- "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
- "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
- "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
- "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
- "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
- "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
- "u1roOuaPY+Hl19BlTE2qdw==\n"
- "-----END DSA PRIVATE KEY-----";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
- "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
- "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
- "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
- "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
- "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
- "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
- "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
- "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
- "YMYCBhubtrVaLmc=\n"
- "-----END PUBLIC KEY-----";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T1414_ECDSA_key_create_verify)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("ecpub2");
- CKM::Alias aliasPrv = sharedDatabase("ecprv2");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1415_RSA_key_create_verify_negative)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1416_DSA_key_create_verify_negative)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1417_RSA_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
- "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
- "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
- "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
- "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
- "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
- "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
- "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
- "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
- "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
- "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
- "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
- "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
- "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub1-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1418_DSA_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- const std::string pub = "-----BEGIN CERTIFICATE-----\n"
- "MIIDUzCCAxECCQCer/fKcXtJgTALBglghkgBZQMEAwIwgYsxCzAJBgNVBAYTAlBM\n"
- "MQ8wDQYDVQQIDAZQb2xhbmQxDzANBgNVBAcMBldhcnNhdzEQMA4GA1UECgwHU2Ft\n"
- "c3VuZzEMMAoGA1UECwwDS1NGMRMwEQYDVQQDDAptLmthcnBpdWsyMSUwIwYJKoZI\n"
- "hvcNAQkBFhZtLmthcnBpdWsyQHNhbXN1bmcuY29tMCAXDTE0MDkyNjEzNTQwN1oY\n"
- "DzIxNDAwOTA1MTM1NDA3WjCBizELMAkGA1UEBhMCUEwxDzANBgNVBAgMBlBvbGFu\n"
- "ZDEPMA0GA1UEBwwGV2Fyc2F3MRAwDgYDVQQKDAdTYW1zdW5nMQwwCgYDVQQLDANL\n"
- "U0YxEzARBgNVBAMMCm0ua2FycGl1azIxJTAjBgkqhkiG9w0BCQEWFm0ua2FycGl1\n"
- "azJAc2Ftc3VuZy5jb20wggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA9Bhh7ZA4onkY\n"
- "uDNQbYR4EwkJ6RpD505hB0GF6yppUNp2LanvNcQXcyXY88MB6OdP7Rikbu1H2zP4\n"
- "gONCtdxKW58Za7h9bFzYjxcObZsS52F9DP7sv3C4sX4xNWApfhUgbfzKaRCJOkOs\n"
- "06tV7teu3G/v26PdI8dlykIuQXQZmH8CFQCHsIV0njb2yC3ggfKz+exH+g5jAQKB\n"
- "gBVLYfVCMjUz5XJH+xYU3A8W8rpSLqZKIK2d9mbXqhpz8QK1bvNQUlSRZo+o1ZYV\n"
- "mJn3Mx2YuiifHZNKdBNweCqe5a+HV2RSl1Yv/TV9famZKlogGslsmPHUOJMlSIdh\n"
- "MfMwVny4/rNtjEtEFE1WnaTr1W6MKH1EBbizVo8fmWFrA4GFAAKBgQCaPjrlkAyX\n"
- "kBitWo+w0xZN4OSk13SsCzZ/PG+5zOgMRaFm2XbiC04YsGCi4NFOd9kaiP7w1CsP\n"
- "iqG6Vwv0T/VcoxBl/hp6jEqTDSrM6z0ungjDO9wGOdI+jZS0UjVahgC4ZLDHhrOa\n"
- "CjfxcHruO3e416b/Rm2CjhOzjKdoSFUWVzALBglghkgBZQMEAwIDLwAwLAIUHa+A\n"
- "5xo8O/tPuH9gXkr1mee6kRYCFGNycJ1xkc3nIJaEQOtGfDe7S71A\n"
- "-----END CERTIFICATE-----\n";
-
- const std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
- "MIIBuwIBAAKBgQD0GGHtkDiieRi4M1BthHgTCQnpGkPnTmEHQYXrKmlQ2nYtqe81\n"
- "xBdzJdjzwwHo50/tGKRu7UfbM/iA40K13EpbnxlruH1sXNiPFw5tmxLnYX0M/uy/\n"
- "cLixfjE1YCl+FSBt/MppEIk6Q6zTq1Xu167cb+/bo90jx2XKQi5BdBmYfwIVAIew\n"
- "hXSeNvbILeCB8rP57Ef6DmMBAoGAFUth9UIyNTPlckf7FhTcDxbyulIupkogrZ32\n"
- "ZteqGnPxArVu81BSVJFmj6jVlhWYmfczHZi6KJ8dk0p0E3B4Kp7lr4dXZFKXVi/9\n"
- "NX19qZkqWiAayWyY8dQ4kyVIh2Ex8zBWfLj+s22MS0QUTVadpOvVbowofUQFuLNW\n"
- "jx+ZYWsCgYEAmj465ZAMl5AYrVqPsNMWTeDkpNd0rAs2fzxvuczoDEWhZtl24gtO\n"
- "GLBgouDRTnfZGoj+8NQrD4qhulcL9E/1XKMQZf4aeoxKkw0qzOs9Lp4IwzvcBjnS\n"
- "Po2UtFI1WoYAuGSwx4azmgo38XB67jt3uNem/0Ztgo4Ts4ynaEhVFlcCFGMH+Z9l\n"
- "vonbjii3BYe4AIdkzOvp\n"
- "-----END DSA PRIVATE KEY-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub2-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("pub3");
- CKM::Alias aliasPrv = sharedDatabase("prv3");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
-
- RUNNER_ASSERT_MSG(NULL != cert.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1420_deinit)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
-
-RUNNER_TEST(T14180_init)
-{
- int temp;
- remove_user_data(0);
-
- auto manager = CKM::Manager::create();
-
- // Prepare RSA Key Pair
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "Proc-Type: 4,ENCRYPTED\n"
- "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
- "\n"
- "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
- "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
- "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
- "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
- "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
- "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
- "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
- "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
- "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
- "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
- "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
- "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
- "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
- "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
- "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
- "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
- "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
- "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
- "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
- "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
- "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
- "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
- "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
- "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
- "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----\n";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
- CKM::Password password = "1234";
-
- auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
-
- RUNNER_ASSERT_MSG(NULL != keyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- // Prepare ECDSA Key Pair
- std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string ecpub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
-
- auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
- auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
-
- RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(),
- "Key is empty. Failed to import public key.");
- RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T14181_RSA_create_signatue_nohash)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg)
-{
- int temp;
- auto manager = CKM::Manager::create();
- std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
-
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T14184_ECDSA_create_signatue_nohash)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string message = "message test";
-
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- int msgSize = 1024*1024;
- char big_msg[msgSize];
- for(int i =0; i<msgSize-1; i++) {
- big_msg[i] = 'a';
- }
- big_msg[msgSize-1]=0x00;
- std::string message(big_msg);
-
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-
-RUNNER_TEST(T14189_deinit)
-{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1510_init_unlock_key)
-{
- reset_user_data(USER_TEST, APP_PASS);
-}
-
-RUNNER_TEST(T1511_insert_data)
-{
- auto certee = TestData::getTestCertificate(TestData::MBANK);
- auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- CKM::Alias certeeAlias("CertEE");
- CKM::Alias certimAlias("CertIM");
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
- }
-
- // restart CKM
- stop_service(MANAGER);
- start_service(MANAGER);
-
- // actual test
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
- }
-}
-
-RUNNER_TEST(T1519_deinit)
-{
- remove_user_data(USER_TEST);
-}
-
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1701_init_unlock_key)
-{
- unlock_user_data(USER_TEST+1, "t170-special-password");
-
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-}
-
-RUNNER_CHILD_TEST(T1702_insert_data)
-{
- int temp;
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- auto certee = TestData::getTestCertificate(TestData::MBANK);
-
- auto manager = CKM::Manager::create();
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-
- CKM::AliasVector av;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
-}
-
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1704_data_test)
-{
- int temp;
- ScopedAccessProvider ap("t170-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_TEST(T1705_deinit)
-{
- remove_user_data(USER_TEST+1);
-}
-
-RUNNER_TEST(T17101_init)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17102_prep_data_01)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17103_prep_data_02)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17104_prep_data_03)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17105_prep_data_04)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T17106_remove_application)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17107_check_data_01)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17108_check_data_02)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17109_unlock_user2)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17110_check_data_03)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17111_check_data_04)
-{
- int temp;
- ScopedAccessProvider ap("t1706-special-label2");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17112_deinit)
-{
- remove_user_data(USER_TEST+2);
- remove_user_data(USER_TEST+3);
-}
-
-RUNNER_TEST_GROUP_INIT(T180_PKCS12);
-
-namespace
-{
-CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
-CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
-CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
-CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
-}
-
-RUNNER_TEST(T1800_init)
-{
- remove_user_data(0);
-}
-
-RUNNER_TEST(T1801_parse_PKCS12) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 0 == caVector.size(),
- "Wrong size of vector");
-}
-
-RUNNER_TEST(T1802_negative_wrong_password) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, "error");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
-
-RUNNER_TEST(T1803_negative_broken_buffer) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
- buffer[4]=0;
-
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
- RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
-
-RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
-{
- auto manager = CKM::Manager::create();
- std::ifstream is("/usr/share/ckm-test/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- // save private key
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string message = "message test";
-
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- int temp;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
-{
- auto manager = CKM::Manager::create();
- std::ifstream is("/usr/share/ckm-test/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-
- // save to the CKM
- int tmp;
- CKM::Policy exportable;
- CKM::Policy notExportable(CKM::Password(), false);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // try to lookup key
- CKM::KeyShPtr key_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // try to lookup certificate
- CKM::CertificateShPtr cert_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1806_get_PKCS)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- CKM::PKCS12ShPtr pkcs;
-
- // fail - no entry
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- // fail - not exportable
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- // success - exportable
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- auto cert = pkcs->getCertificate();
- RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
-
- auto key = pkcs->getKey();
- RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
-
- auto caVector = pkcs->getCaCertificateShPtrVector();
- RUNNER_ASSERT_MSG(
- 2 == caVector.size(),
- "Wrong size of vector");
-}
-
-RUNNER_TEST(T1807_create_and_verify_signature)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string message = "message test";
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
- "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
- "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
- "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
- "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
- "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
- "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
- "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
- "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
- "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
- "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
- "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
- "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
- "-----END RSA PRIVATE KEY-----";
- std::string message = "message test";
-
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- alias_PKCS_priv_key_copy,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
- "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
- "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
- "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
- "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
- "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
- "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
- "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
- "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
- "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
- "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
- "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
- "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
- "-----END RSA PRIVATE KEY-----\n";
-
- std::string message = "message test";
-
- auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
- RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
- "Key is empty. Failed to import private key.");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- alias_PKCS_priv_key_wrong,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- alias_PKCS_exportable,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1810_verify_get_certificate_chain)
-{
- // this certificate has been signed using PKCS chain
- std::string im = "-----BEGIN CERTIFICATE-----\n"
- "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
- "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
- "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
- "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
- "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
- "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
- "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
- "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
- "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
- "Qw==\n"
- "-----END CERTIFICATE-----\n";
-
- auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
-
- int tmp;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
-
- tmp = manager->getCertificateChain(cert,
- EMPTY_ALIAS_VECTOR,
- EMPTY_ALIAS_VECTOR,
- true,
- certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::ErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- aliasVector.push_back(alias_PKCS_exportable);
-
- tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-
- // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
- RUNNER_ASSERT_MSG(
- 4 == certChain.size(),
- "Wrong size of certificate chain: " << certChain.size());
-}
-
-RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
-{
- auto manager = CKM::Manager::create();
- int tmp;
-
-
- // remove the whole PKCS12 bundles
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // expect lookup fails due to unknown alias
- // try to lookup key
- CKM::KeyShPtr key_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-
- // try to lookup certificate
- CKM::CertificateShPtr cert_lookup;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1812_get_pkcs12_password_tests)
-{
- CKM::Alias alias = sharedDatabase("t1812alias1");
-
- auto manager = CKM::Manager::create();
- std::ifstream is("/usr/share/ckm-test/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::PKCS12ShPtr pkcs12;
- CKM::Password pass1 = "easypass1";
- CKM::Password pass2 = "easypass2";
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- int temp;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::CertificateShPtr cert;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
- "Error=" << CKM::ErrorToString(temp));
-
- CKM::CertificateShPtrVector certChain;
- CKM::AliasVector certVect;
- certVect.push_back(alias);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST(T1813_deinit)
-{
- int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-namespace {
-const char * const T190_PASSWD = "t190-special-password";
-}
-RUNNER_TEST(T1901_init_unlock_key)
-{
- reset_user_data(USER_APP, T190_PASSWD);
-}
-
-RUNNER_TEST(T1902_get_data)
-{
- ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-}
-
-RUNNER_TEST(T1903_lock_database)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_TEST(T1904_get_data_from_locked_database)
-{
- RUNNER_IGNORED_MSG("Temporary turned off. Require password support.");
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
-
-#ifndef PASSWORD_PROTECTION_DISABLE
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == status1,
- "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
-#else
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
- "Could not get key with a wrong alias. Error=" << CKM::ErrorToString(status1));
-#endif
-}
-
-RUNNER_TEST(T1905_deinit)
-{
- remove_user_data(USER_APP);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * @file password-integration.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <vector>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-
-#include <security-server.h>
-
-#include <access_provider2.h>
-#include <clean-env.h>
-
-CKM::Alias CKM_ALIAS1 = "ALIAS1";
-CKM::Alias CKM_ALIAS2 = "ALIAS2";
-
-CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
-
-const char * PASSWORD1 = "LongPassword1";
-const char * PASSWORD2 = "LongerPassword2";
-
-static const int USER_APP = 5000;
-
-const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
-
-void dropPrivileges() {
- static const std::string LABEL1 = "TestLabel1";
- static const int GROUP_APP = 5000;
-
- AccessProvider ap(LABEL1);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
-
-RUNNER_TEST(T4010_INIT)
-{
- reset_security_server();
- unsigned int attempt, max_attempt, expire_sec;
-
- int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4011_ADD_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
-}
-
-RUNNER_TEST(T4012_CLOSE_CKM_DB)
-{
- auto ctl = CKM::Control::create();
-
- int ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_CHILD_TEST(T4013_GET_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
-
- // CKM will automaticly unlock with empty password
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
-{
- unsigned int attempt, max_attempt, expire_sec;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4015_GET_DATA)
-{
- dropPrivileges();
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
-}
-
-RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
-
-RUNNER_TEST(T4020_INIT)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4021_ADD_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
-}
-
-RUNNER_TEST(T4022_CLOSE_CKM_DB)
-{
- unsigned int attempt, max, expire;
-
- auto ctl = CKM::Control::create();
-
- int ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // login with current password to get rid of invalid "NULL" DKEK
- ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
-
- ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
-{
- unsigned int attempt, max, expire;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
-}
-
-RUNNER_CHILD_TEST(T4025_GET_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data missmatch");
-}
-
-RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
-
-RUNNER_TEST(T4030_INIT)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4031_ADD_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
-}
-
-RUNNER_TEST(T4032_CLOSE_CKM_DB)
-{
- unsigned int attempt, max, expire;
-
- auto ctl = CKM::Control::create();
-
- int ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // login with current password to get rid of invalid "NULL" DKEK
- ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
-
- ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
-{
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
-}
-
-RUNNER_CHILD_TEST(T4035_GET_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
-}
-
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * @file system-db.cpp
- * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <tests_common.h>
-#include <ckm-common.h>
-#include <ckm/ckm-control.h>
-#include <ckmc/ckmc-manager.h>
-#include <ckmc/ckmc-type.h>
-#include <access_provider2.h>
-#include <unistd.h>
-#include <sys/types.h>
-
-namespace
-{
-const uid_t USER_SERVICE = 0;
-const uid_t USER_SERVICE_2 = 1234;
-const uid_t GROUP_SERVICE_2 = 1234;
-const uid_t USER_SERVICE_MAX = 4999;
-const uid_t GROUP_SERVICE_MAX = 4999;
-const uid_t USER_SERVICE_FAIL = 5000;
-const uid_t GROUP_SERVICE_FAIL = 5000;
-const uid_t USER_APP = 5050;
-const uid_t GROUP_APP = 5050;
-const char* APP_PASS = "user-pass";
-
-const char* TEST_ALIAS = "test-alias";
-const char* SYSTEM_LABEL = ckmc_owner_id_system;
-const char* INVALID_LABEL = "coco-jumbo";
-std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS);
-std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2");
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL_2 = "test-label-2";
-
-const char* TEST_DATA =
- "Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
- "qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores "
- "et quas molestias excepturi sint occaecati cupiditate non provident, "
- "similique sunt in culpa qui officia deserunt mollitia animi, id est "
- "laborum et dolorum fuga. ";
-}
-
-
-RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB);
-
-RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB)
-{
- RUNNER_IGNORED_MSG("This test is turn off because fix "
- "from tizen 2.4 that unlock db with empty password");
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, leave DB locked
- // try to access system DB item - expect success
-
- // [prepare]
- remove_user_data(USER_APP);
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
- }
-}
-
-RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB)
-{
- // [test]
- // switch to user app, unlock DB
- // when accessing private DB - owner==me
- // try to write to private DB - expect success
- // try to get item from private DB - expect success
-
- // [test]
- {
- remove_user_data(USER_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- ScopedSaveData ssd(TEST_ALIAS, TEST_DATA);
- check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM)
-{
- // [test]
- // switch to user app, unlock DB
- // try to add item to system DB - expect fail
-
- // [prepare]
- remove_user_data(USER_APP);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, unlock DB
- // try to access the system item - expect success
-
- // [prepare]
- remove_user_data(USER_APP);
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to user app, unlock DB
- // try to access the system item - expect fail
-
- // [prepare]
- remove_user_data(USER_APP);
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, unlock DB
- // try to access the system item - expect success
- // [prepare2]
- // as system service, remove the item (expecting to remove permission)
- // add item again, do not add permission
- // [test2]
- // switch to user app, unlock DB
- // try to access the system item - expect fail
-
- // [prepare]
- remove_user_data(USER_APP);
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-
- // [prepare2]
- check_remove_allowed(TEST_SYSTEM_ALIAS.c_str());
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS)
-{
- // [test]
- // switch to user app, unlock DB
- // try to write to private DB - expect success
- // try to write to system DB - expect fail
-
- // [test]
- {
- remove_user_data(USER_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA);
- ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
- }
-}
-
-RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // add permission to the resource to a user app
- // [test]
- // switch to user app, unlock DB
- // try to remove item from system DB - expect fail
-
- // [prepare]
- remove_user_data(USER_APP);
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- check_remove_denied(TEST_SYSTEM_ALIAS.c_str());
- }
-}
-
-RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS)
-{
- // [prepare]
- // start as system service
- // add data A to the system DB
- // add data B to the system DB
- // add permission to data A to a user app
- // [test]
- // system service list items - expect both items to appear
- // [test2]
- // switch to user app, unlock DB
- // add data as user
- // user lists items - expect system item A and private item
-
- // [prepare]
- remove_user_data(0);
- remove_user_data(USER_APP);
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- gc.save(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
- allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ);
-
- // [test]
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()});
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedSaveData user_data(TEST_ALIAS, TEST_DATA);
-
- check_alias_list({TEST_SYSTEM_ALIAS.c_str(),
- aliasWithLabel(TEST_LABEL, TEST_ALIAS)});
- }
-}
-
-RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB)
-{
- // [test]
- // switch to user app, unlock DB
- // try to generate a key in system DB - expect fail
-
- // [test]
- {
- remove_user_data(USER_APP);
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
- std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_PERMISSION_DENIED ==
- (temp = ckmc_create_key_pair_rsa(1024,
- private_key_alias.c_str(),
- public_key_alias.c_str(),
- policy_private_key,
- policy_public_key)),
- CKMCReadableError(temp));
- }
-}
-
-RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB)
-{
- // [prepare]
- // start as system service
- // generate RSA key in system DB
- // [test]
- // try to create and verify signature in system DB - expect success
- // [test2]
- // switch to user app, unlock DB
- // try to create signature in system DB - expect fail
-
- // [prepare]
- remove_user_data(USER_APP);
- GarbageCollector gc;
- std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv");
- std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub");
- gc.add(private_key_alias.c_str());
- gc.add(public_key_alias.c_str());
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
- policy_private_key.password = NULL;
- policy_private_key.extractable = 1;
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE ==
- (temp = ckmc_create_key_pair_rsa(1024,
- private_key_alias.c_str(),
- public_key_alias.c_str(),
- policy_private_key,
- policy_public_key)),
- CKMCReadableError(temp));
-
- // [test]
- {
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- private_key_alias.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- public_key_alias.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
- }
-
- // [test2]
- {
- ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature(
- private_key_alias.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
- }
-}
-
-RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // add remove permission to a user app - expect fail
-
- // [prepare]
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER);
-}
-
-RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // try to access the item - expect success
-
- // [prepare]
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
-}
-
-RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to another system service
- // try to access the item - expect success
-
- // [prepare]
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB)
-{
- // [prepare]
- // start as system service 1234
- // add resource to the system DB
- // [test]
- // switch to another system service
- // try to access the item - expect success
-
- // [prepare]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2);
-
- // [test]
- ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB)
-{
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to system service having uid maximum for system svcs
- // try to access the item - expect success
-
- // [prepare]
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_MAX, GROUP_SERVICE_MAX);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
- }
-}
-
-RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB)
-{
- RUNNER_IGNORED_MSG("This test is turn off because fix "
- "from tizen 2.4 that unlock db with empty password");
- // [prepare]
- // start as system service
- // add resource to the system DB
- // [test]
- // switch to another, faulty system service with user-land uid==5000
- // try to access the item - expect fail (no system service)
-
- // [prepare]
- GarbageCollector gc;
- gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
-
- // [test]
- {
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_SERVICE_FAIL, GROUP_SERVICE_FAIL);
-
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED);
- }
-}
-
-RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL)
-{
- // [prepare]
- // start as system service
- // [test]
- // try to add item to system DB using wrong label - expect fail
- // try to add item using explicit system label - expect success
-
- // [prepare]
- remove_user_data(USER_APP);
-
- // [test]
- save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
- check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-
- save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA);
- check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file test-certs.cpp
- * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-
-#include <map>
-#include <test-certs.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-using namespace std;
-
-namespace {
-typedef map<TestData::certificateID, pair<string, CKM::CertificateShPtr>> CertMap;
-
-CKM::CertificateShPtr createCert(const string& cert) {
- CKM::RawBuffer buffer_cert(cert.begin(), cert.end());
- CKM::CertificateShPtr cptr = CKM::Certificate::create(buffer_cert, CKM::DataFormat::FORM_PEM);
- return cptr;
-}
-
-CertMap initializeTestCerts()
-{
- CertMap cm;
-
- // TEST_ROOT_CA, expires 2035
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n"
- "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n"
- "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n"
- "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n"
- "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n"
- "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n"
- "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n"
- "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n"
- "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n"
- "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n"
- "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n"
- "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n"
- "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n"
- "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n"
- "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n"
- "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n"
- "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n"
- "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n"
- "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n"
- "kOg11TpPdNDkhb1J4ZCh2gupDg==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::TEST_ROOT_CA] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx\n"
- "EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl\n"
- "c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx\n"
- "MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI\n"
- "DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w\n"
- "HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF\n"
- "AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j\n"
- "L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7\n"
- "nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc\n"
- "UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT\n"
- "thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6\n"
- "XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E\n"
- "FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/\n"
- "HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97\n"
- "Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v\n"
- "vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc\n"
- "4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB\n"
- "pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8\n"
- "SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm\n"
- "F2obL5qJSTN/RQ==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::TEST_IM_CA] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // TEST_LEAF, signed by TEST_IM_CA, expires 2035
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV\n"
- "BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx\n"
- "HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0\n"
- "WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T\n"
- "dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV\n"
- "VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- "CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl\n"
- "z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq\n"
- "QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc\n"
- "bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E\n"
- "4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk\n"
- "4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp\n"
- "UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj\n"
- "CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/\n"
- "i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9\n"
- "HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF\n"
- "Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz\n"
- "6ON7PVe0ABN/AlwVQiFE\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::TEST_LEAF] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n"
- "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n"
- "YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG\n"
- "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy\n"
- "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
- "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP\n"
- "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv\n"
- "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE\n"
- "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ\n"
- "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC\n"
- "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7\n"
- "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD\n"
- "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig\n"
- "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF\n"
- "BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ\n"
- "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE\n"
- "+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6\n"
- "8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS\n"
- "etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i\n"
- "vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP\n"
- "WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8\n"
- "VOBHBw==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::GIAG2] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // MBANK, signed by SYMANTEC, expires 04 Feb 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n"
- "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n"
- "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n"
- "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n"
- "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n"
- "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n"
- "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n"
- "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n"
- "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n"
- "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n"
- "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n"
- "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n"
- "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n"
- "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n"
- "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n"
- "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n"
- "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n"
- "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n"
- "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n"
- "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n"
- "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n"
- "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n"
- "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n"
- "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n"
- "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n"
- "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n"
- "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n"
- "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n"
- "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n"
- "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n"
- "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n"
- "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n"
- "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n"
- "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::MBANK] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n"
- "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n"
- "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n"
- "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n"
- "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n"
- "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n"
- "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n"
- "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n"
- "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n"
- "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n"
- "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n"
- "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n"
- "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n"
- "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n"
- "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n"
- "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n"
- "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n"
- "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n"
- "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n"
- "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n"
- "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n"
- "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::SYMANTEC] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // GEOTRUST, signed by EQUIFAX, expires 21 Aug 2018
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"
- "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"
- "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"
- "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"
- "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"
- "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"
- "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"
- "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"
- "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"
- "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"
- "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"
- "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"
- "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"
- "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"
- "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"
- "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"
- "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"
- "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::GEOTRUST] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // EQUIFAX, (root CA), expires 22 Aug 2018
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n"
- "UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n"
- "dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n"
- "MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n"
- "dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n"
- "AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n"
- "BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n"
- "cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n"
- "AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n"
- "MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n"
- "aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n"
- "ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n"
- "IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n"
- "MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n"
- "A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n"
- "7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n"
- "1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016
- {
- std::string raw_base64 = std::string(
- "-----BEGIN CERTIFICATE-----\n"
- "MIIGzzCCBbegAwIBAgIIG6xwxBtjtJEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\n"
- "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
- "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMDE1MTY0MjQzWhcNMTYwMTEzMDAwMDAw\n"
- "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
- "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n"
- "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjZonqWEMpOM+v3cr\n"
- "rD/xj0L1lxUK2EaCmk3xckbEMFEMW992hnCa1CRjcOC3jb2bkmjHfVzfgt/mbCcX\n"
- "H2YYi6OCBGcwggRjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n"
- "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n"
- "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n"
- "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n"
- "ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds\n"
- "ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv\n"
- "b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q\n"
- "Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n\n"
- "bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou\n"
- "Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv\n"
- "b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv\n"
- "LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq\n"
- "Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq\n"
- "LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1\n"
- "YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5k\n"
- "cm9pZC5jb22CBGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv\n"
- "b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUu\n"
- "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n"
- "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n"
- "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n"
- "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTkzYJaSmLNPMENVN00b75rL11D/zAMBgNV\n"
- "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1Ud\n"
- "IAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYf\n"
- "aHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOC\n"
- "AQEAHj3svrvviu8X79HzVy6hPIoPUtjkYbgheBSZeWTAC0GgxdZ3cQTrZShZNXmL\n"
- "A9Pwfvs2Kv+iAWfDFuyG6WGD4YN2m2MItQRlBdGGib5aMl8N4vq/KQ1HU2Sw2KQA\n"
- "gBfgt3THooNzXdJ363K7NShV1SMbZYpYMJ3p+hgZe1ezymIM/yny/j/nhoHMqFUG\n"
- "KRNjp7n74bmj0HG9Upci8QL8oxCynKwCPs72Dw8WIFv+WjXoTkEgnfHfUklWBZ8n\n"
- "SpLyfbO8eRQkgXPZxau0BMof5tyetyzBe2QQ/OcvAkDUVhwZi2wIBf9rbhWnl2LE\n"
- "urbTa3K72M5I58jgb740XezcOQ==\n"
- "-----END CERTIFICATE-----\n");
- cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64));
- }
-
- return cm;
-}
-
-CertMap TEST_CERTS = initializeTestCerts();
-}
-
-
-std::string TestData::getTestCertificateBase64(TestData::certificateID id)
-{
- RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
- RUNNER_ASSERT_MSG(TEST_CERTS[id].first.size()>0, "Certificate is empty (should never ever happen)!");
-
- return TEST_CERTS[id].first;
-}
-
-CKM::CertificateShPtr TestData::getTestCertificate(certificateID id)
-{
- RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!");
- RUNNER_ASSERT_MSG(TEST_CERTS[id].second, "Certificate is empty (should never ever happen)!");
-
- return TEST_CERTS[id].second;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file test-certs.h
- * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <string>
-#include <ckm/ckm-certificate.h>
-
-namespace TestData
-{
-
-enum certificateID {
- // test certificates
- TEST_ROOT_CA = 0, // TEST_ROOT_CA, expires 2035
- TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035
- TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035
-
- // third party
- GIAG2, // GIAG2, signed by GEOTRUST, expires 31 Dec 2016
- MBANK, // MBANK, signed by SYMANTEC, expires 04 Feb 2016
- SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
- GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018
- EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018
- GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016
-
- // footer - last element in the set
- NO_CERT
-};
-
-std::string getTestCertificateBase64(certificateID id);
-CKM::CertificateShPtr getTestCertificate(certificateID id);
-}
+++ /dev/null
-INCLUDE(FindPkgConfig)
-SET(COMMON_TARGET_TEST "tests-common")
-
-#dependencies
-PKG_CHECK_MODULES(COMMON_TARGET_DEP
- libsmack
- dbus-1
- sqlite3
- libgum
- glib-2.0
- REQUIRED
- )
-
-#files to compile
-SET(COMMON_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/common/tests_common.cpp
- ${PROJECT_SOURCE_DIR}/src/common/access_provider.cpp
- ${PROJECT_SOURCE_DIR}/src/common/smack_access.cpp
- ${PROJECT_SOURCE_DIR}/src/common/dbus_connection.cpp
- ${PROJECT_SOURCE_DIR}/src/common/dbus_message_in.cpp
- ${PROJECT_SOURCE_DIR}/src/common/dbus_message_out.cpp
- ${PROJECT_SOURCE_DIR}/src/common/service_manager.cpp
- ${PROJECT_SOURCE_DIR}/src/common/memory.cpp
- ${PROJECT_SOURCE_DIR}/src/common/db_sqlite.cpp
- ${PROJECT_SOURCE_DIR}/src/common/fs_label_manager.cpp
- ${PROJECT_SOURCE_DIR}/src/common/passwd_access.cpp
- ${PROJECT_SOURCE_DIR}/src/common/uds.cpp
- ${PROJECT_SOURCE_DIR}/src/common/synchronization_pipe.cpp
- ${PROJECT_SOURCE_DIR}/src/common/timeout.cpp
- ${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp
- )
-
-#system and local includes
-INCLUDE_DIRECTORIES(SYSTEM ${COMMON_TARGET_DEP_INCLUDE_DIRS})
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/framework/include
- ${PROJECT_SOURCE_DIR}/src/common
- )
-
-
-#output OBJECT format
-ADD_LIBRARY(${COMMON_TARGET_TEST} ${COMMON_TARGET_TEST_SOURCES})
-
-TARGET_LINK_LIBRARIES(${COMMON_TARGET_TEST} ${COMMON_TARGET_DEP_LIBRARIES}
- dpl-test-framework)
-
-INSTALL (FILES ${PROJECT_SOURCE_DIR}/src/common/security-tests.conf DESTINATION /etc/dbus-1/system.d)
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/smack.h>
-
-#include <map>
-
-#include <tests_common.h>
-
-#include <access_provider.h>
-
-namespace SecurityServer {
-
-AccessProvider::AccessProvider(const std::string &mySubject)
- : m_mySubject(mySubject)
-{}
-
-void AccessProvider::allowSS() {
- m_smackAccess.add(m_mySubject, "System::Run", "x");
-}
-
-void AccessProvider::addObjectRule(const std::string &object, const std::string &rule) {
- m_smackAccess.add(m_mySubject, object, rule);
-}
-
-void AccessProvider::apply() {
- m_smackAccess.apply();
-}
-
-void AccessProvider::applyAndSwithToUser(int uid, int gid) {
- RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
- "Error in smack_revoke_subject(" << m_mySubject << ")");
- apply();
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
- "Error in smack_set_label_for_self.");
- RUNNER_ASSERT_MSG(0 == setgid(gid),
- "Error in setgid.");
- RUNNER_ASSERT_MSG(0 == setuid(uid),
- "Error in setuid.");
-}
-
-} // namespace SecurityServer
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file access_provider.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef _ACCESS_FOR_DUMMIES_H_
-#define _ACCESS_FOR_DUMMIES_H_
-
-#include <string>
-
-#include <smack_access.h>
-
-namespace SecurityServer {
-
-class AccessProvider {
-public:
- AccessProvider(const std::string &mySubject);
-
- AccessProvider(const AccessProvider &second) = delete;
- AccessProvider& operator=(const AccessProvider &second) = delete;
-
- void addObjectRule(const std::string &object, const std::string &rule);
- void allowSS();
- void apply();
- void applyAndSwithToUser(int uid, int gid);
-
- virtual ~AccessProvider(){}
-private:
- std::string m_mySubject;
- SmackAccess m_smackAccess;
-};
-
-} // namespace SecurityServer
-
-#endif // _ACCESS_FOR_DUMMIES_H_
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db_sqlite.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests API for sqlite3 database access
- */
-
-#include <tests_common.h>
-#include "db_sqlite.h"
-
-Sqlite3DBase::Sqlite3DBase(const std::string& db_path, int flags)
- : m_db_handle(nullptr), m_db_path(db_path), m_flags(flags)
-{
-}
-
-Sqlite3DBase::~Sqlite3DBase()
-{
- sqlite3_close(m_db_handle);
-}
-
-#define VFS_NOT_USED nullptr
-
-void Sqlite3DBase::open(void)
-{
- if (m_db_handle) //database already opened
- return;
-
- int ret = sqlite3_open_v2(m_db_path.c_str(), &m_db_handle, m_flags, VFS_NOT_USED);
- RUNNER_ASSERT_MSG(m_db_handle, "Error opening the database: Unable to allocate memory.");
- RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error opening the database: " <<
- sqlite3_errmsg(m_db_handle));
-}
-
-void Sqlite3DBase::close(void)
-{
- int ret = sqlite3_close(m_db_handle);
- RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error closing the database: " <<
- sqlite3_errmsg(m_db_handle));
-
- m_db_handle = nullptr;
-}
-
-bool Sqlite3DBase::is_open(void) const
-{
- return !!m_db_handle;
-}
-
-void Sqlite3DBase::execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result)
-{
- char* tmp = nullptr;
- std::string errmsg;
-
- int ret = sqlite3_exec(m_db_handle, sql_query.c_str(), callback, &result, &tmp);
- if (tmp) {
- errmsg.assign(tmp);
- }
- sqlite3_free(tmp);
-
- RUNNER_ASSERT_MSG(ret == SQLITE_OK || ret == SQLITE_ABORT, "Error executing statement <" <<
- sql_query << "> : " << errmsg);
-}
-
-int Sqlite3DBase::callback(void* p_result, int cols, char** data, char** header)
-{
- int i;
- Sqlite3DBaseSelectResult* result = static_cast<Sqlite3DBaseSelectResult*>(p_result);
-
- // if this is first record get column names
- if (result->rows.empty()) {
- for (i = 0; i < cols; ++i) {
- result->header.push_back(header[i] ? header[i] : "");
- }
- }
- result->rows.push_back(Sqlite3Row());
- for (i = 0; i < cols; ++i) {
- result->rows.back().push_back(data[i] ? data[i] : "");
- }
- return SQLITE_OK;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db_sqlite.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests API for sqlite3 database access
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_
-
-#include <vector>
-#include <string>
-#include <sqlite3.h>
-
-/**
- * @def DB_SQLITE_READONLY_FLAG
- * @brief Sqlite3 flag set for opening database in RO mode
- */
-#define DB_SQLITE_READONLY_FLAG SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE \
- | SQLITE_OPEN_READONLY
-
-/**
- * @typedef Sqlite3HeaderName
- * @brief Holds single column name of sqlite select query response.
- */
-typedef std::string Sqlite3HeaderName;
-
-/**
- * @typedef Sqlite3HeaderNameVector
- * @brief Holds column names vector of sqlite select query response.
- */
-typedef std::vector<Sqlite3HeaderName> Sqlite3HeaderNameVector;
-
-/**
- * @typedef Sqlite3RowCell
- * @brief Holds single cell of row of sqlite select query response.
- */
-typedef std::string Sqlite3RowCell;
-
-/**
- * @typedef Sqlite3Row
- * @brief Holds single row of sqlite select query response.
- */
-typedef std::vector<Sqlite3RowCell> Sqlite3Row;
-
-/**
- * @typedef Sqlite3RowVector
- * @brief Holds multiple rows of sqlite select query response.
- */
-typedef std::vector<Sqlite3Row> Sqlite3RowVector;
-
-/**
- * @class Sqlite3DBaseSelectResult
- * @brief Sqlite3 select query response.
- *
- * Fields are public as there is no complicated logic to operate on them
- */
-struct Sqlite3DBaseSelectResult
-{
-/**
- * @var header
- * @brief Sqlite select query column names
- */
- Sqlite3HeaderNameVector header;
-
-/**
- * @var rows
- * @brief Sqlite select query rows vector
- */
- Sqlite3RowVector rows;
-};
-
-
-/**
- * @class Sqlite3DBase
- * @brief Simple interface for executing select statements on sqlite3 database
- *
- * Fields are public as there is no complicated logic to operate on them
- */
-class Sqlite3DBase
-{
-public:
-/**
- * @brief A constructor
- *
- * @param db_path path to database file
- * @param flags sqlite3 flags defining database opening mode
- * (default value DB_SQLITE_READONLY_FLAG)
- */
- Sqlite3DBase(const std::string& db_path, int flags = DB_SQLITE_READONLY_FLAG);
-
-/**
- * @brief A destructor
- */
- ~Sqlite3DBase();
-
-/**
- * @brief Open database.
- *
- * If database is already opened do nothing.
- *
- * @throw DPL::Test::TestFailed when opening database fails
- */
- void open(void);
-
-/**
- * @brief Close database.
- *
- * @throw DPL::Test::TestFailed when closing database fails
- */
- void close(void);
-
-/**
- * @brief Get database connection status.
- *
- * @return true if database is open
- * false if database is closed
- */
- bool is_open(void) const;
-
-/**
- * @brief Execute SQL query on database
- *
- * @param sql_query SQL query
- * @param result returned result
- *
- * @throw DPL::Test::TestFailed when execution of query fails
- */
- void execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result);
-
-private:
-/**
- * @var db_handle
- * @brief Handle to sqlite3 database
- *
- * nullptr when database not opened.
- */
- sqlite3* m_db_handle;
-
-/**
- * @var db_path
- * @brief Path to database file
- */
- std::string m_db_path;
-
-/**
- * @var flags
- * @brief Sqlite3 flags defining database opening mode
- */
- int m_flags;
-
-/**
- * @brief Callback used to aquire results from SQL query
- *
- * It is run by sqlite for every row in query result.
- *
- * @param p_result pointer to private data (Sqlite3DBaseSelectResult)
- * @param cols number of columns in SQL result
- * @param data array of strings containing single row
- * @param header array of strings containing column names
- * @return SQLITE_OK as we always know what to do with data
- */
- static int callback(void* p_result, int cols, char** data, char** header);
-};
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_connection.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus connection wrapper class source file
- */
-
-#include <dbus_connection.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace DBus
-{
-
-Connection::Connection(DBusBusType busType, bool busPrivate)
- : m_busPrivate(busPrivate)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- if (busPrivate)
- m_connection = dbus_bus_get_private(busType, &error);
- else
- m_connection = dbus_bus_get(busType, &error);
- RUNNER_ASSERT_MSG(m_connection != nullptr,
- "Failed to open connection on "
- << (busPrivate ? "private" : "public") << " bus."
- << " Error: " << error.message);
- dbus_connection_set_exit_on_disconnect(m_connection, FALSE);
-}
-
-Connection::~Connection()
-{
- if (m_busPrivate)
- dbus_connection_close(m_connection);
- dbus_connection_unref(m_connection);
-}
-
-void Connection::addMatch(const std::string &rule)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- dbus_bus_add_match(m_connection, rule.c_str(), &error);
- RUNNER_ASSERT_MSG(dbus_error_is_set(&error) != TRUE, "Failed to add match."
- << " Rule: " << rule << ";"
- << " Error: " << error.message);
-}
-
-void Connection::addFilter(DBusHandleMessageFunction handleMessageFunction,
- void *userData,
- DBusFreeFunction freeDataFunction)
-{
- if (freeDataFunction == nullptr)
- freeDataFunction = [](void*)->void {};
-
- dbus_bool_t ret = dbus_connection_add_filter(m_connection,
- handleMessageFunction,
- userData,
- freeDataFunction);
- RUNNER_ASSERT_MSG(ret == TRUE, "Failed to add filter. Not enough memory");
-}
-
-void Connection::readWriteDispatch()
-{
- dbus_bool_t ret = dbus_connection_read_write_dispatch(m_connection, -1);
- RUNNER_ASSERT_MSG(ret == TRUE, "Failed to read write dispatch. Disconnect message has been processed");
-}
-
-void Connection::flush()
-{
- dbus_connection_flush(m_connection);
-}
-
-void Connection::requestName(const std::string &name)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- int ret = dbus_bus_request_name(m_connection,
- name.c_str(),
- DBUS_NAME_FLAG_REPLACE_EXISTING | DBUS_NAME_FLAG_DO_NOT_QUEUE,
- &error);
- switch (ret)
- {
- case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER:
- case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER:
- return;
- case DBUS_REQUEST_NAME_REPLY_EXISTS:
- RUNNER_FAIL_MSG("Failed to request name."
- << " Name: " << name << ";"
- << " Owner did not specified DBUS_NAME_FLAG_ALLOW_REPLACEMENT flag");
- case -1:
- RUNNER_FAIL_MSG("Failed to request name."
- << " Name: " << name << ";"
- << " Error: " << error.message);
- default: // DBUS_REQUEST_NAME_REPLY_IN_QUEUE
- RUNNER_FAIL_MSG("Should not happen");
- }
-}
-
-MessageIn Connection::sendWithReplyAndBlock(const MessageOut &messageOut)
-{
- DBusError error;
- dbus_error_init(&error);
- ErrorPtr errorPtr(&error);
-
- DBusMessage *messageRecv = dbus_connection_send_with_reply_and_block(m_connection,
- messageOut.getMessage(),
- -1,
- &error);
- RUNNER_ASSERT_MSG(messageRecv != nullptr, "Failed to send with reply and block. "
- << "Error: " << error.message);
- return MessageIn(messageRecv);
-}
-
-} // namespace DBus
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_connection.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus connection wrapper class header
- */
-
-#ifndef COMMON_DBUS_CONNECTION_H
-#define COMMON_DBUS_CONNECTION_H
-
-#include <dbus/dbus.h>
-
-#include <dbus_message_in.h>
-#include <dbus_message_out.h>
-#include <memory.h>
-
-#include <string>
-
-namespace DBus
-{
-
-DEFINE_SMARTPTR(dbus_error_free, DBusError, ErrorPtr);
-
-class Connection
-{
-public:
- Connection(DBusBusType busType, bool privateGet);
- Connection(const Connection &other) = delete;
- ~Connection();
-
- Connection& operator=(const Connection &other) = delete;
-
- void addMatch(const std::string &rule);
- void addFilter(DBusHandleMessageFunction handleMessageFunction,
- void *userData,
- DBusFreeFunction freeDataFunction = nullptr);
- void readWriteDispatch();
- void flush();
- void requestName(const std::string &name);
- MessageIn sendWithReplyAndBlock(const MessageOut &messageOut);
-
-private:
- DBusConnection *m_connection;
- bool m_busPrivate;
-};
-
-} // namespace DBus
-
-#endif // COMMON_DBUS_CONNECTION_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_in.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus incoming message wrapper class source file
- */
-
-#include <dbus_message_in.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace DBus
-{
-
-MessageIn::MessageIn(DBusMessage *message, bool ref)
- : m_message(message)
-{
- RUNNER_ASSERT(m_message != nullptr);
- if (ref)
- dbus_message_ref(m_message);
-}
-
-MessageIn::MessageIn(MessageIn &&other)
- : m_message(other.m_message)
-{
- other.m_message = nullptr;
-}
-
-MessageIn::~MessageIn()
-{
- if (m_message != nullptr)
- dbus_message_unref(m_message);
-}
-
-int MessageIn::getType()
-{
- return dbus_message_get_type(m_message);
-}
-
-bool MessageIn::isMethodCall(const std::string &interface, const std::string &method)
-{
- dbus_bool_t ret = dbus_message_is_method_call(m_message,
- interface.c_str(),
- method.c_str());
- return ret == TRUE;
-}
-
-bool MessageIn::isSignal(const std::string &interface, const std::string &signalName)
-{
- dbus_bool_t ret = dbus_message_is_signal(m_message,
- interface.c_str(),
- signalName.c_str());
- return ret == TRUE;
-}
-
-bool MessageIn::isError(const std::string &errorName)
-{
- dbus_bool_t ret = dbus_message_is_error(m_message,
- errorName.c_str());
- return ret == TRUE;
-}
-
-MessageIn::Iterator MessageIn::iterInit()
-{
- return Iterator(this->m_message);
-}
-
-MessageIn::Iterator::Iterator(DBusMessage* message)
-{
- dbus_message_iter_init(message, &m_iterator);
-}
-
-MessageIn::Iterator::Iterator(DBusMessageIter *iteratorOver)
-{
- dbus_message_iter_recurse(iteratorOver, &m_iterator);
-}
-
-bool MessageIn::Iterator::next()
-{
- return dbus_message_iter_next(&m_iterator) != FALSE;
-}
-
-void MessageIn::Iterator::expectNext()
-{
- RUNNER_ASSERT_MSG(next(), "No next argument in message");
-}
-
-int MessageIn::Iterator::getArgType()
-{
- return dbus_message_iter_get_arg_type(&m_iterator);
-}
-
-void MessageIn::Iterator::expectArgType(int argType)
-{
- int argTypeActual = getArgType();
- RUNNER_ASSERT_MSG(argTypeActual == argType, "Wrong argument type in message"
- << " Actual: " << argTypeActual
- << " Expected: " << argType);
-}
-
-void MessageIn::Iterator::expectArgTypeValid()
-{
- RUNNER_ASSERT_MSG(getArgType() != DBUS_TYPE_INVALID, "Invalid argument type in message");
-}
-
-char MessageIn::Iterator::getArgChar()
-{
- return getArg<char>();
-}
-
-bool MessageIn::Iterator::getArgBool()
-{
- dbus_bool_t value;
- dbus_message_iter_get_basic(&m_iterator, &value);
- return value != FALSE;
-}
-
-int16_t MessageIn::Iterator::getArgInt16()
-{
- return getArg<int16_t>();
-}
-
-uint16_t MessageIn::Iterator::getArgUint16()
-{
- return getArg<uint16_t>();
-}
-
-int32_t MessageIn::Iterator::getArgInt32()
-{
- return getArg<int32_t>();
-}
-
-uint32_t MessageIn::Iterator::getArgUint32()
-{
- return getArg<uint32_t>();
-}
-
-int64_t MessageIn::Iterator::getArgInt64()
-{
- return getArg<int64_t>();
-}
-
-uint64_t MessageIn::Iterator::getArgUint64()
-{
- return getArg<uint64_t>();
-}
-
-double MessageIn::Iterator::getArgDouble()
-{
- return getArg<double>();
-}
-
-std::string MessageIn::Iterator::getArgString()
-{
- char *value;
- dbus_message_iter_get_basic(&m_iterator, &value);
- return std::string(value);
-}
-
-MessageIn::Iterator MessageIn::Iterator::recurse()
-{
- return Iterator(&(this->m_iterator));
-}
-
-} // namespace DBus
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_in.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus incoming message wrapper class header
- */
-
-#ifndef COMMON_DBUS_MESSAGE_IN_H
-#define COMMON_DBUS_MESSAGE_IN_H
-
-#include <dbus/dbus.h>
-
-#include <cstdint>
-#include <string>
-
-namespace DBus
-{
-
-class MessageIn
-{
-public:
- MessageIn(DBusMessage *message, bool ref = false);
- MessageIn(const MessageIn &other) = delete;
- MessageIn(MessageIn &&other);
- ~MessageIn();
-
- MessageIn& operator=(const MessageIn &other) = delete;
-
- int getType();
- bool isMethodCall(const std::string &interface, const std::string &method);
- bool isSignal(const std::string &interface, const std::string &signalName);
- bool isError(const std::string &errorName);
-
- class Iterator
- {
- public:
- friend class MessageIn;
-
- bool next();
- void expectNext();
- int getArgType();
- void expectArgType(int argType);
- void expectArgTypeValid();
- char getArgChar();
- bool getArgBool();
- int16_t getArgInt16();
- uint16_t getArgUint16();
- int32_t getArgInt32();
- uint32_t getArgUint32();
- int64_t getArgInt64();
- uint64_t getArgUint64();
- double getArgDouble();
- std::string getArgString();
- Iterator recurse();
-
- private:
- template<class T>
- T getArg() {
- T value;
- dbus_message_iter_get_basic(&m_iterator, &value);
- return value;
- }
-
- // sub constructor
- Iterator(DBusMessageIter *iteratorOver);
- // message constructor
- Iterator(DBusMessage *message);
- DBusMessageIter m_iterator;
- };
-
- Iterator iterInit();
-
-private:
- DBusMessage *m_message;
-};
-
-} // namespace DBus
-
-#endif // COMMON_DBUS_MESSAGE_IN_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_out.cpp
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus outgoing message wrapper class source file
- */
-
-#include <dbus_message_out.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace DBus
-{
-
-MessageOut::MessageOut(const std::string &destination,
- const std::string &path,
- const std::string &interface,
- const std::string &method)
-{
- m_message = dbus_message_new_method_call(destination.c_str(),
- path.c_str(),
- interface.c_str(),
- method.c_str());
- RUNNER_ASSERT_MSG(nullptr != m_message,
- "Failed to create new method call. Not enough memory");
-}
-
-MessageOut::MessageOut(MessageOut &&other)
- : m_message(other.m_message)
-{
- other.m_message = nullptr;
-}
-
-MessageOut::~MessageOut()
-{
- if (m_message != nullptr)
- dbus_message_unref(m_message);
-}
-
-DBusMessage* MessageOut::getMessage() const
-{
- return m_message;
-}
-
-void MessageOut::append(bool b)
-{
- DBusMessageIter iter;
- dbus_message_iter_init_append(m_message, &iter);
-
- dbus_bool_t bArg = b ? TRUE : FALSE;
- dbus_bool_t ret = dbus_message_iter_append_basic(&iter,
- DBUS_TYPE_BOOLEAN,
- &bArg);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic boolean. Not enough memory");
-}
-
-void MessageOut::append(const char *cstr)
-{
- DBusMessageIter iter;
- dbus_message_iter_init_append(m_message, &iter);
-
- dbus_bool_t ret = dbus_message_iter_append_basic(&iter,
- DBUS_TYPE_STRING,
- &cstr);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic string. Not enough memory");
-}
-
-void MessageOut::append(const std::string &str)
-{
- append(str.c_str());
-}
-
-void MessageOut::append(const std::vector<std::string> &strs)
-{
- DBusMessageIter iter;
- dbus_message_iter_init_append(m_message, &iter);
-
- DBusMessageIter subIter;
- dbus_bool_t ret = dbus_message_iter_open_container(&iter,
- DBUS_TYPE_ARRAY,
- DBUS_TYPE_STRING_AS_STRING,
- &subIter);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to open container. Not enough memory");
- for (const auto &str : strs) {
- const char *cstr = str.c_str();
- ret = dbus_message_iter_append_basic(&subIter, DBUS_TYPE_STRING, &cstr);
- if (ret == FALSE) {
- dbus_message_iter_abandon_container(&iter, &subIter);
- RUNNER_FAIL_MSG("Failed to append basic string. Not enough memory");
- }
- }
- ret = dbus_message_iter_close_container(&iter, &subIter);
- RUNNER_ASSERT_MSG(ret != FALSE, "Failed to close container. Not enough memory");
-}
-
-} // namespace DBus
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file dbus_message_out.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief DBus outgoing message wrapper class header
- */
-
-#ifndef COMMON_DBUS_MESSAGE_OUT_H
-#define COMMON_DBUS_MESSAGE_OUT_H
-
-#include <dbus/dbus.h>
-
-#include <string>
-#include <vector>
-
-namespace DBus
-{
-
-class MessageOut
-{
-public:
- MessageOut(const std::string &destination,
- const std::string &path,
- const std::string &interface,
- const std::string &method);
- MessageOut(const MessageOut &other) = delete;
- MessageOut(MessageOut &&other);
- ~MessageOut();
-
- MessageOut& operator=(const MessageOut &other) = delete;
-
- DBusMessage* getMessage() const;
-
- void append(bool b);
- void append(const char *cstr);
- void append(const std::string &str);
- void append(const std::vector<std::string> &strs);
-
-private:
- DBusMessage *m_message;
-};
-
-} // namespace DBus
-
-#endif // COMMON_DBUS_MESSAGE_OUT_H
+++ /dev/null
-#include <fs_label_manager.h>
-
-#include <tests_common.h>
-#include <memory.h>
-
-#include <unistd.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/mount.h>
-#include <sys/xattr.h>
-#include <linux/xattr.h>
-
-
-namespace
-{
-static const char* get_xattr_name(enum smack_label_type type)
-{
- switch (type) {
- case SMACK_LABEL_ACCESS:
- return XATTR_NAME_SMACK;
- case SMACK_LABEL_EXEC:
- return XATTR_NAME_SMACKEXEC;
- case SMACK_LABEL_MMAP:
- return XATTR_NAME_SMACKMMAP;
- case SMACK_LABEL_TRANSMUTE:
- return XATTR_NAME_SMACKTRANSMUTE;
- case SMACK_LABEL_IPIN:
- return XATTR_NAME_SMACKIPIN;
- case SMACK_LABEL_IPOUT:
- return XATTR_NAME_SMACKIPOUT;
- default:
- /* Should not reach this point */
- return nullptr;
- }
-}
-}
-
-FsLabelManager::FsLabelManager(const std::string &path, const std::string &label)
- : m_path(path)
- , m_label(label)
-{
- umount(m_path.c_str());
- rmdir(m_path.c_str());
-
- std::string data = std::string("mode=0777,uid=0,smackfsdef=") + label;
-
- int ret = mkdir(path.c_str(), S_IRWXU | S_IRWXG | S_IRWXO);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to make directory");
-
- ret = mount("none", path.c_str(), "tmpfs", 0, data.c_str());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to mount filesystem");
-
- if (m_path[m_path.length()-1] != '/')
- m_path += '/';
-}
-
-FsLabelManager::~FsLabelManager()
-{
- umount(m_path.c_str());
- rmdir(m_path.c_str());
-}
-
-void FsLabelManager::createFile(const std::string &relativePath)
-{
- std::string path = m_path + relativePath;
-
- mode_t systemMask = umask(0000);
- int fd = open(path.c_str(), O_RDWR | O_CREAT | O_TRUNC, S_IRWXU | S_IRWXG | S_IRWXO);
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- close(fd);
-
- int ret = chown(path.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-}
-
-void FsLabelManager::createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath)
-{
- std::string linkPath = m_path + relativeLinkPath;
- std::string realPath = m_path + relativeRealPath;
-
- int ret = unlink(linkPath.c_str());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0 || errno == ENOENT, "Unable to unlink file");
-
- ret = symlink(realPath.c_str(), linkPath.c_str());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to create symlink");
-
- ret = lchown(linkPath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-}
-
-void FsLabelManager::testSmackSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- int ret = smack_setlabel(path.c_str(), label, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in normal setting label " << label);
-
- checkLabel(path, label, labelType);
-}
-
-void FsLabelManager::testSmackLSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- int ret = smack_lsetlabel(path.c_str(), label, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in link setting label " << label);
-
- checkLinkLabel(path, label, labelType);
-}
-
-void FsLabelManager::testSmackFSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- int fd = open(path.c_str(), O_WRONLY);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file");
-
- int ret = smack_fsetlabel(fd, label, labelType);
- close(fd);
- RUNNER_ASSERT_MSG(ret == 0, "Error in fd setting " << label);
-
- checkLabel(path, label, labelType);
-}
-
-void FsLabelManager::testSmackGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- char *tmpLabel;
- int ret = smack_getlabel(path.c_str(), &tmpLabel, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in normal getting label");
- SmackLabelPtr labelPtr(tmpLabel);
-
- if (label == nullptr && !m_label.compare(tmpLabel))
- return;
- RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. "
- << tmpLabel << " != " << m_label);
-
- ret = strcmp(tmpLabel, label);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
-
- checkLabel(path, tmpLabel, labelType);
-}
-
-void FsLabelManager::testSmackLGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
-
- char *tmpLabel;
- int ret = smack_lgetlabel(path.c_str(), &tmpLabel, labelType);
- RUNNER_ASSERT_MSG(ret == 0, "Error in link getting label");
- SmackLabelPtr labelPtr(tmpLabel);
-
- if (label == nullptr && !m_label.compare(tmpLabel))
- return;
- RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. "
- << tmpLabel << " != " << m_label);
-
- ret = strcmp(tmpLabel, label);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
-
- checkLinkLabel(path, tmpLabel, labelType);
-}
-
-void FsLabelManager::testSmackFGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType)
-{
- std::string path = m_path + relativePath;
- int fd = open(path.c_str(), O_WRONLY);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file");
-
- char *tmpLabel;
- int ret = smack_fgetlabel(fd, &tmpLabel, labelType);
- close(fd);
- RUNNER_ASSERT_MSG(ret == 0, "Error in fd getting label");
- SmackLabelPtr labelPtr(tmpLabel);
-
- if (label == nullptr && !m_label.compare(tmpLabel))
- return;
- RUNNER_ASSERT_MSG(label != nullptr, "Fd should be related with file system default label. "
- << tmpLabel << " != " << m_label);
-
- ret = strcmp(tmpLabel, label);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label);
-
- checkLabel(path, tmpLabel, labelType);
-}
-
-void FsLabelManager::testSmackClearLabels(const std::string &relativePath)
-{
- testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS);
- testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS);
- testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_EXEC);
- testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_EXEC);
-}
-
-void FsLabelManager::checkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType)
-{
- char buf[SMACK_LABEL_LEN+2] = { 0, };
- int ret = getxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
-
- const char *tmpLabel;
- if (label == nullptr)
- tmpLabel = m_label.c_str();
- else
- tmpLabel = label;
-
- ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
-}
-
-void FsLabelManager::checkLinkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType)
-{
- char buf[SMACK_LABEL_LEN+2] = { 0, };
- int ret = lgetxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr");
-
- const char *tmpLabel;
- if (label == nullptr)
- tmpLabel = m_label.c_str();
- else
- tmpLabel = label;
-
- ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1);
- RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file fs_label_manager.h
- * @author Marcin Niesluchowski (m.niesluchow@samsung.com)
- * @version 1.0
- * @brief Class for environment operations on file system.
- */
-#ifndef _FS_LABEL_MANAGER_H_
-#define _FS_LABEL_MANAGER_H_
-
-#include <string>
-#include <sys/smack.h>
-
-class FsLabelManager
-{
-public:
- FsLabelManager() = delete;
- FsLabelManager(const std::string &path, const std::string &label);
- FsLabelManager(const FsLabelManager &second) = delete;
- FsLabelManager& operator=(FsLabelManager &second) = delete;
-
- virtual ~FsLabelManager();
-
- void createFile(const std::string &relativePath);
- void createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath);
-
- void testSmackSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackLSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackFSetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
-
- void testSmackGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackLGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
- void testSmackFGetLabel(const std::string &relativePath,
- const char *label,
- enum smack_label_type labelType);
-
- void testSmackClearLabels(const std::string &relativePath);
-
-private:
- void checkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType);
- void checkLinkLabel(const std::string &path,
- const char *label,
- enum smack_label_type labelType);
-
- std::string m_path;
- std::string m_label;
-};
-
-#endif // _FS_LABEL_MANAGER_H_
+++ /dev/null
-#include <memory.h>
-#include <unistd.h>
-
-void closePtr(int *p) {
- close(*p);
-}
+++ /dev/null
-#ifndef MEMORY_H
-#define MEMORY_H
-
-#include <memory>
-#include <sys/smack.h>
-#include <dirent.h>
-#include <glob.h>
-
-#define DEFINE_SMARTPTR(func, type, name) \
- struct deleter_##func { \
- void operator()(type* p) {\
- func(p); \
- } \
- }; \
- \
- typedef std::unique_ptr<type, deleter_##func> name;
-
-// Custom freeing functions
-
-void closePtr(int *fd);
-
-// Defining specializations of unique_ptr
-
-DEFINE_SMARTPTR(free, char, CStringPtr);
-DEFINE_SMARTPTR(closePtr, int, FdUniquePtr);
-DEFINE_SMARTPTR(smack_accesses_free, smack_accesses, SmackAccessesPtr);
-DEFINE_SMARTPTR(closedir, DIR, DirPtr);
-DEFINE_SMARTPTR(globfree, glob_t, GlobPtr);
-
-// Custom typedefs
-
-typedef FdUniquePtr SockUniquePtr;
-typedef CStringPtr SmackLabelPtr;
-typedef CStringPtr CookieUniquePtr;
-
-#endif // MEMORY_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file passwd_access.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Provides access to UID and GID
- */
-
-#include <cerrno>
-#include <grp.h>
-#include <pwd.h>
-
-#include <dpl/test/test_runner.h>
-
-#include "passwd_access.h"
-
-namespace PasswdAccess {
- uid_t uid(const std::string &username) {
- struct passwd *passwd = nullptr;
- do {
- errno = 0;
- passwd = getpwnam(username.c_str());
- } while (passwd == nullptr && errno == EINTR);
- RUNNER_ASSERT_ERRNO_MSG(passwd != nullptr, "Error in getpwnam(). Username: " << username);
- return passwd->pw_uid;
- }
-
- gid_t gid(const std::string &groupname) {
- struct group *group = nullptr;
- do {
- errno = 0;
- group = getgrnam(groupname.c_str());
- } while (group == nullptr && errno == EINTR);
- RUNNER_ASSERT_ERRNO_MSG(group != nullptr, "Error in getgrnam(). Groupname: " << groupname);
- return group->gr_gid;
- }
-} // namespace PasswdAccess
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file passwd_access.h
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Provides access to UID and GID
- */
-
-#ifndef TESTS_COMMON_PASSWD_ACCESS_H_
-#define TESTS_COMMON_PASSWD_ACCESS_H_
-
-#include <string>
-#include <sys/types.h>
-
-namespace PasswdAccess {
- uid_t uid(const std::string &username);
- gid_t gid(const std::string &groupname);
-} // namespace PasswdAccess
-
-#endif // TESTS_COMMON_PASSWD_ACCESS_H_
+++ /dev/null
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
- <!-- Only root can own this service -->
- <policy user="root">
- <allow own="tests.dbus.client"/>
- <allow own="test.method.caller"/>
- <allow own="test.method.server"/>
- </policy>
-</busconfig>
+++ /dev/null
-/*
- * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file service_manager.cpp
- * @author Zbigniew Jasinski <z.jasinski@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @version 1.1
- * @brief Definition of service control class using dbus interface to communicate with systemd
- */
-
-#include <service_manager.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <algorithm>
-#include <sstream>
-#include <unistd.h>
-#include <vector>
-
-namespace {
-
-const std::string DBUS_CLIENT_NAME("tests.dbus.client");
-const std::string DBUS_PROPERTIES_INTERFACE("org.freedesktop.DBus.Properties");
-const std::string SYSTEMD_DESTINATION("org.freedesktop.systemd1");
-const std::string SYSTEMD_PATH("/org/freedesktop/systemd1");
-const std::string SYSTEMD_MANAGER_INTERFACE("org.freedesktop.systemd1.Manager");
-const std::string SYSTEMD_SERVICE_INTERFACE("org.freedesktop.systemd1.Service");
-
-const std::string MATCH_JOB_REMOVED("JobRemoved");
-const std::string MATCH_JOB_NEW("JobNew");
-const std::string MATCH_RELOADING("Reloading");
-
-}
-
-ServiceManager::ServiceManager(const std::string &serviceName,
- const std::vector<std::string>& socketsNames)
- : m_connection(DBUS_BUS_SYSTEM, true)
- , m_serviceName(serviceName)
- , m_socketsNames(socketsNames)
-{
- addBusMatch(MATCH_JOB_REMOVED);
- addBusMatch(MATCH_JOB_NEW);
- addBusMatch(MATCH_RELOADING);
- m_connection.flush();
- m_connection.addFilter(messageHandler,
- static_cast<void*>(this));
- subscribeSignals();
- m_connection.requestName(DBUS_CLIENT_NAME);
- getUnitPath();
-}
-
-void ServiceManager::addBusMatch(const std::string &member)
-{
- std::ostringstream rule;
- rule << "type='signal',"
- << "sender='" << SYSTEMD_DESTINATION << "',"
- << "interface='" << SYSTEMD_MANAGER_INTERFACE << "',"
- << "member='" << member << "',"
- << "path='" << SYSTEMD_PATH << "'";
-
- m_connection.addMatch(rule.str());
-}
-
-void ServiceManager::subscribeSignals()
-{
- DBus::MessageOut messageOut = newMethodCall("Subscribe");
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-void ServiceManager::reloadDbusManager()
-{
- DBus::MessageOut messageOut = newMethodCall("Reload");
- m_connection.sendWithReplyAndBlock(messageOut);
- m_runningJobs.insert(MATCH_RELOADING);
-}
-
-void ServiceManager::getUnitPath()
-{
- DBus::MessageOut messageOut = newMethodCall("GetUnit");
- messageOut.append(m_serviceName);
- DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut);
- m_unitPath = handleObjectPathMsgReply(messageIn);
-}
-
-DBus::MessageOut ServiceManager::newMethodCall(const std::string &method)
-{
- return DBus::MessageOut(SYSTEMD_DESTINATION.c_str(),
- SYSTEMD_PATH.c_str(),
- SYSTEMD_MANAGER_INTERFACE.c_str(),
- method.c_str());
-}
-
-std::string ServiceManager::handleObjectPathMsgReply(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
- iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
- return iterator.getArgString();
-}
-
-uint32_t ServiceManager::handleVariantUIntMsgReply(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
- iterator.expectArgType(DBUS_TYPE_VARIANT);
- DBus::MessageIn::Iterator iteratorSub = iterator.recurse();
- iteratorSub.expectArgType(DBUS_TYPE_UINT32);
- return iteratorSub.getArgUint32();
-}
-
-uint64_t ServiceManager::handleVariantUInt64MsgReply(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
- iterator.expectArgType(DBUS_TYPE_VARIANT);
- DBus::MessageIn::Iterator iteratorSub = iterator.recurse();
- iteratorSub.expectArgType(DBUS_TYPE_UINT64);
- return iteratorSub.getArgUint64();
-}
-
-void ServiceManager::sendToService(const std::string &method, const std::string &unit)
-{
- DBus::MessageOut messageOut = newMethodCall(method);
- messageOut.append(unit);
- messageOut.append("fail");
- DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut);
- m_runningJobs.insert(handleObjectPathMsgReply(messageIn));
-}
-
-void ServiceManager::sendMaskToService()
-{
- const std::vector<std::string> mask(1, m_serviceName);
- DBus::MessageOut messageOut = newMethodCall("MaskUnitFiles");
- messageOut.append(mask);
- messageOut.append(true);
- messageOut.append(true);
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-void ServiceManager::sendUnmaskToService()
-{
- const std::vector<std::string> mask(1, m_serviceName);
- DBus::MessageOut messageOut = newMethodCall("UnmaskUnitFiles");
- messageOut.append(mask);
- messageOut.append(true);
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-DBus::MessageIn ServiceManager::sendPropertyGetMsg(const std::string &interface,
- const std::string &property)
-{
- DBus::MessageOut messageOut(SYSTEMD_DESTINATION,
- m_unitPath,
- DBUS_PROPERTIES_INTERFACE,
- "Get");
- messageOut.append(interface);
- messageOut.append(property);
- return m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-uint32_t ServiceManager::getUIntProperty(const std::string &interface,
- const std::string &property)
-{
- DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property);
- return handleVariantUIntMsgReply(messageIn);
-}
-
-uint64_t ServiceManager::getUInt64Property(const std::string &interface,
- const std::string &property)
-{
- DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property);
- return handleVariantUInt64MsgReply(messageIn);
-}
-
-void ServiceManager::sendResetFailedToService()
-{
- DBus::MessageOut messageOut = newMethodCall("ResetFailedUnit");
- messageOut.append(m_serviceName);
- m_connection.sendWithReplyAndBlock(messageOut);
-}
-
-DBusHandlerResult ServiceManager::messageHandler(DBusConnection *conn, DBusMessage *msg, void *t)
-{
- (void) conn;
- ServiceManager* self = static_cast<ServiceManager*>(t);
-
- DBus::MessageIn messageIn(msg, true);
- if (messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_REMOVED))
- self->signalJobRemovedHandler(messageIn);
- else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_NEW))
- self->signalJobNewHandler(messageIn);
- else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_RELOADING))
- self->signalReloadingHandler(messageIn);
-
- return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-}
-
-void ServiceManager::signalJobRemovedHandler(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
-
- iterator.expectArgType(DBUS_TYPE_UINT32);
- uint32_t id = iterator.getArgUint32();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
- std::string path = iterator.getArgString();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_STRING);
- std::string unit = iterator.getArgString();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_STRING);
- std::string result = iterator.getArgString();
-
- if (unit == m_serviceName
- || std::count(m_socketsNames.begin(), m_socketsNames.end(), unit) > 0) {
- RUNNER_ASSERT_MSG(result == "done" || result == "canceled",
- "RemoveJob signal delivered bad news. Job wasn't completed successfully: "
- << "expected job results = {done, canceled}, "
- << "received job result = " << result << ", "
- << "for job with id = " << id << ", "
- << "and path = " << path);
- m_runningJobs.erase(path);
- }
-}
-
-void ServiceManager::signalJobNewHandler(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
-
- iterator.expectArgTypeValid();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_OBJECT_PATH);
- std::string path = iterator.getArgString();
- iterator.expectNext();
-
- iterator.expectArgType(DBUS_TYPE_STRING);
- std::string unit = iterator.getArgString();
-
- if(m_serviceName == unit)
- m_runningJobs.insert(path);
-}
-
-void ServiceManager::signalReloadingHandler(DBus::MessageIn &messageIn)
-{
- DBus::MessageIn::Iterator iterator = messageIn.iterInit();
-
- iterator.expectArgType(DBUS_TYPE_BOOLEAN);
- bool active = iterator.getArgBool();
-
- if (active)
- m_runningJobs.insert(MATCH_RELOADING);
- else
- m_runningJobs.erase(MATCH_RELOADING);
-}
-
-void ServiceManager::waitForRunningJobsFinish()
-{
- while (!m_runningJobs.empty())
- m_connection.readWriteDispatch();
-}
-
-void ServiceManager::executeMethod(const std::string &method, const std::string &unit)
-{
- sendToService(method, unit);
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
-
-void ServiceManager::startService(bool withSockets)
-{
- executeMethod("StartUnit", m_serviceName);
- if (withSockets)
- for (const auto &socket : m_socketsNames)
- executeMethod("StartUnit", socket);
-}
-
-void ServiceManager::stopService(bool withSockets)
-{
- if (withSockets)
- for (const auto &socket : m_socketsNames)
- executeMethod("StopUnit", socket);
- executeMethod("StopUnit", m_serviceName);
-}
-
-void ServiceManager::restartService(bool withSockets)
-{
- if (withSockets)
- for (const auto &socket : m_socketsNames)
- executeMethod("StopUnit", socket);
-
- executeMethod("RestartUnit", m_serviceName);
-
- if (withSockets)
- for (const auto &socket : m_socketsNames)
- executeMethod("StartUnit", socket);
-}
-
-pid_t ServiceManager::getServicePid()
-{
- return static_cast<pid_t>(getUIntProperty(SYSTEMD_SERVICE_INTERFACE, "MainPID"));
-}
-
-timeval ServiceManager::getServiceStartTimestamp() {
- uint64_t timestamp = getUInt64Property(SYSTEMD_SERVICE_INTERFACE,
- "ExecMainStartTimestamp");
- return {static_cast<long>(timestamp / 1000000), static_cast<long>(timestamp % 1000000)};
-}
-
-void ServiceManager::maskService()
-{
- sendMaskToService();
- reloadDbusManager();
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
-
-void ServiceManager::unmaskService()
-{
- sendUnmaskToService();
- reloadDbusManager();
- waitForRunningJobsFinish();
- sendResetFailedToService();
-}
+++ /dev/null
-/*
- * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file service_manager.h
- * @author Zbigniew Jasinski <z.jasinski@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsungcom>
- * @version 1.1
- * @brief Declaration of service control class using dbus interface to communicate with systemd
- */
-
-#ifndef COMMON_SERVICE_MANAGER_H
-#define COMMON_SERVICE_MANAGER_H
-
-#include <dbus/dbus.h>
-
-#include <dbus_connection.h>
-#include <dbus_message_in.h>
-#include <dbus_message_out.h>
-
-#include <cstdint>
-#include <set>
-#include <string>
-
-class ServiceManager {
-public:
- ServiceManager() = delete;
- ServiceManager(const std::string &serviceName,
- const std::vector<std::string>& socketsNames = {});
- ~ServiceManager() = default;
-
- void startService(bool withSockets = false);
- void stopService(bool withSockets = false);
- void restartService(bool withSockets = false);
- pid_t getServicePid();
- timeval getServiceStartTimestamp();
- void maskService();
- void unmaskService();
-
-private:
- void addBusMatch(const std::string &member);
- void subscribeSignals();
- void reloadDbusManager();
- void getUnitPath();
- DBus::MessageOut newMethodCall(const std::string &method);
- std::string handleObjectPathMsgReply(DBus::MessageIn &messageIn);
- uint32_t handleVariantUIntMsgReply(DBus::MessageIn &messageIn);
- uint64_t handleVariantUInt64MsgReply(DBus::MessageIn &messageIn);
-
- void sendToService(const std::string &method, const std::string &unit);
- void sendMaskToService();
- void sendUnmaskToService();
- DBus::MessageIn sendPropertyGetMsg(const std::string &interface, const std::string &property);
- uint32_t getUIntProperty(const std::string &interface, const std::string &property);
- uint64_t getUInt64Property(const std::string &interface, const std::string &property);
- void sendResetFailedToService();
-
- static DBusHandlerResult messageHandler(DBusConnection *conn, DBusMessage *msg, void *t);
- void signalJobRemovedHandler(DBus::MessageIn &messageIn);
- void signalJobNewHandler(DBus::MessageIn &messageIn);
- void signalReloadingHandler(DBus::MessageIn &messageIn);
- void waitForRunningJobsFinish();
-
- void executeMethod(const std::string &method, const std::string &unit);
-
- DBus::Connection m_connection;
-
- const std::string m_serviceName;
- const std::vector<std::string> m_socketsNames;
- std::string m_unitPath;
-
- std::set<std::string> m_runningJobs;
-};
-
-#endif // COMMON_SERVICE_MANAGER_H
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file smack_access.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-
-#include <sys/smack.h>
-
-#include <tests_common.h>
-
-#include <smack_access.h>
-
-SmackAccess::SmackAccess()
- : m_handle(nullptr)
-{
- RUNNER_ASSERT_MSG(0 == smack_accesses_new(&m_handle),
- "Error in smack_accesses_new");
-}
-
-void SmackAccess::add(
- const std::string &subject,
- const std::string &object,
- const std::string &rights)
-{
- RUNNER_ASSERT_MSG(0 == smack_accesses_add(m_handle,
- subject.c_str(),
- object.c_str(),
- rights.c_str()),
- "Error in smack_accesses_add.");
-}
-
-void SmackAccess::apply() {
- RUNNER_ASSERT_MSG(0 == smack_accesses_apply(m_handle),
- "Error in smack_accessses_apply.");
-}
-
-SmackAccess::~SmackAccess() {
- if (m_handle)
- smack_accesses_free(m_handle);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file smack_access.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-#ifndef _SMACK_ACCESS_H_
-#define _SMACK_ACCESS_H_
-
-#include <string>
-
-struct smack_accesses;
-
-class SmackAccess {
-public:
- SmackAccess();
- SmackAccess(const SmackAccess &second) = delete;
- SmackAccess& operator=(SmackAccess &second) = delete;
-
- void add(const std::string &subject,
- const std::string &object,
- const std::string &rights);
- void apply();
- virtual ~SmackAccess();
-private:
- struct smack_accesses *m_handle;
-};
-
-#endif // _SMACK_ACCESS_H_
-
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file synchronization_pipe.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief A crippled abstraction of widely praised, but often misused communication mechanism
- */
-
-#include <stdexcept>
-#include <unistd.h>
-
-#include <dpl/test/test_runner.h>
-
-#include "synchronization_pipe.h"
-
-static void closeFd(int *fd) {
- if (*fd > -1) {
- close(*fd);
- *fd = -1;
- }
-}
-
-SynchronizationPipe::SynchronizationPipe() {
- auto ret = pipe(m_pipeCP);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "pipe failed");
-
- ret = pipe(m_pipePC);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "pipe failed");
-}
-
-SynchronizationPipe::~SynchronizationPipe() {
- closeFd(m_pipeCP + 0);
- closeFd(m_pipeCP + 1);
- closeFd(m_pipePC + 0);
- closeFd(m_pipePC + 1);
-}
-
-void SynchronizationPipe::claimParentEp() {
- if (m_epClaimed)
- return;
-
- m_readEp = m_pipeCP[0];
- closeFd(m_pipeCP + 1);
-
- m_writeEp = m_pipePC[1];
- closeFd(m_pipePC + 0);
-
- m_epClaimed = true;
-}
-
-void SynchronizationPipe::claimChildEp() {
- if (m_epClaimed)
- return;
-
- m_readEp = m_pipePC[0];
- closeFd(m_pipePC + 1);
-
- m_writeEp = m_pipeCP[1];
- closeFd(m_pipeCP + 0);
-
- m_epClaimed = true;
-}
-
-void SynchronizationPipe::post() {
- RUNNER_ASSERT_MSG(m_epClaimed == true, "Endpoint not claimed");
- auto ret = TEMP_FAILURE_RETRY(write(m_writeEp, "#", 1));
- RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Write failed ret = " << ret);
-}
-
-void SynchronizationPipe::wait() {
- RUNNER_ASSERT_MSG(m_epClaimed == true, "Endpoint not claimed");
-
- char buf;
- auto ret = TEMP_FAILURE_RETRY(read(m_readEp, &buf, 1));
- RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Read failed ret = " << ret);
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file synchronization_pipe.h
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief A crippled abstraction of widely praised, but often misused communication mechanism
- */
-
-#ifndef TESTS_COMMON_SYNCHRONIZATION_PIPE_H_
-#define TESTS_COMMON_SYNCHRONIZATION_PIPE_H_
-
-class SynchronizationPipe {
-public:
- SynchronizationPipe();
- ~SynchronizationPipe();
-
- void claimParentEp();
- void claimChildEp();
-
- void post();
- void wait();
-
-private:
- int m_pipeCP[2]; // Child -> Parent
- int m_pipePC[2]; // Parent -> Child
- int m_readEp = -1;
- int m_writeEp = -1;
- bool m_epClaimed = false;
-};
-
-#endif // TESTS_COMMON_SYNCHRONIZATION_PIPE_H_
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file temp_test_user.cpp
- * @author Jan Cybulski (j.cybulski@partner.samsung.com)
- * @version 1.0
- * @brief File with class for users management
- */
-
-
-#include <temp_test_user.h>
-#include <glib-object.h>
-#include <dpl/test/test_runner.h>
-
-void TemporaryTestUser::create(void)
-{
- if (m_guser) {
- remove();
- };
-
- m_guser = gum_user_create_sync (m_offline);
- RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object");
- g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL);
- g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL);
- gboolean added = gum_user_add_sync(m_guser);
- RUNNER_ASSERT_MSG(added, "Failed to add user");
- g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL);
- RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0.");
- g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL);
- RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0.");
-}
-
-void TemporaryTestUser::remove(void)
-{
- if(m_guser){
- gum_user_delete_sync(m_guser, TRUE);
- g_object_unref(m_guser);
- m_guser = nullptr;
- }
-}
-
-TemporaryTestUser::~TemporaryTestUser()
-{
- this->remove();
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-#ifndef TEMP_TEST_USER_H
-#define TEMP_TEST_USER_H
-
-#include <string>
-#include <sys/types.h>
-#include <gum-user.h>
-#include <common/gum-user-types.h>
-
-class TemporaryTestUser {
-public:
- TemporaryTestUser() = delete;
- TemporaryTestUser(std::string userName, GumUserType userType, bool offline) :
- m_uid(0),
- m_gid(0),
- m_userName(userName),
- m_userType(userType),
- m_guser(nullptr),
- m_offline(offline)
- {};
- ~TemporaryTestUser();
- void remove(void);
- uid_t getUid() const {return m_uid;}
- uid_t getGid() const {return m_gid;}
- void create(void);
- void getUidString(std::string& uidstr) const {uidstr = std::to_string(static_cast<unsigned int>(m_uid));}
- const std::string& getUserName() const {return m_userName;}
- GumUserType getUserType() const {return m_userType;}
-private:
- uid_t m_uid;
- uid_t m_gid;
- std::string m_userName;
- GumUserType m_userType;
- GumUser *m_guser;
- bool m_offline;
-};
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file tests_common.cpp
- * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-
-#include "tests_common.h"
-#include <fcntl.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <grp.h>
-#include <errno.h>
-#include <vector>
-#include <algorithm>
-
-int DB::Transaction::db_result = PC_OPERATION_SUCCESS;
-
-const char *WGT_APP_ID = "QwCqJ0ttyS";
-
-bool smack_check(void)
-{
-#ifndef WRT_SMACK_ENABLED
- return false;
-#else
- static int smack_present = -1;
- if (-1 == smack_present)
- smack_present = smack_smackfs_path() == nullptr ? 0 : 1;
- return smack_present == 1;
-#endif
-}
-
-/**
- * Dropping root privileges
- * returns 0 on success, 1 on error
- */
-int drop_root_privileges(uid_t appUid, gid_t appGid)
-{
- if (getuid() == 0) {
- /* process is running as root, drop privileges */
- if (setgid(appGid) != 0)
- return 1;
- if (setuid(appUid) != 0)
- return 1;
- }
- uid_t uid = getuid();
- if (uid == appUid)
- return 0;
-
- return 1;
-}
-
-void setLabelForSelf(const int line, const char *label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self(): " << ret << ", line: " << line);
-}
-
-/*
- * Add a new group to the current process groups.
- */
-void add_process_group(const char* group_name)
-{
- // get group ID by group name
- group *gr = getgrnam(group_name);
- RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
- const gid_t new_group_id = gr->gr_gid;
-
- // get number of groups that the current process belongs to
- int ngroups = getgroups(0, nullptr);
-
- //allocate groups table + space for new group entry
- std::vector<gid_t> groups(ngroups + 1);
- getgroups(ngroups, groups.data());
-
- // check if the process already belongs to the group
- if (std::find(groups.begin(), groups.end(), new_group_id) != groups.end()) return;
-
- // add new group & apply change
- groups[ngroups] = new_group_id;
- int ret = setgroups(groups.size(), groups.data());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
-}
-
-/*
- * Remove specific group from the current process groups.
- */
-void remove_process_group(const char* group_name)
-{
- // get group ID by group name
- group *gr = getgrnam(group_name);
- RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group");
- const gid_t new_group_id = gr->gr_gid;
-
- int ngroups = getgroups(0, nullptr);
- std::vector<gid_t> groups(ngroups);
- getgroups(ngroups, groups.data());
-
- // remove group from the list
- groups.erase(std::remove(groups.begin(), groups.end(), new_group_id), groups.end());
-
- if (groups.size() != (size_t)ngroups) {
- // apply change
- int ret = setgroups(groups.size(), groups.data());
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed");
- }
-}
-
-std::string formatCstr(const char *cstr)
-{
- if (!cstr)
- return std::string("nullptr");
- return std::string("\"") + cstr + "\"";
-}
-
-int files_compare(int fd1, int fd2)
-{
- //for getting files sizes
- struct stat fs1, fs2;
-
- //handlers for mmap()
- void *h1 = MAP_FAILED;
- void *h2 = MAP_FAILED;
-
- //getting files information
- RUNNER_ASSERT_ERRNO_MSG(fstat(fd1, &fs1) == 0, "fstat failed");
- RUNNER_ASSERT_ERRNO_MSG(fstat(fd2, &fs2) == 0, "fstat failed");
-
- if (fs1.st_size < fs2.st_size) {
- return -1;
- }
-
- if (fs1.st_size > fs2.st_size) {
- return 1;
- }
-
- //since Linux 2.6.12, mmap returns EINVAL if length is 0
- //if both lengths are 0, files are actually the same
- if (0 == fs1.st_size && 0 == fs2.st_size) {
- return 0;
- }
-
- //mapping files to process memory
- RUNNER_ASSERT_ERRNO_MSG((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) != MAP_FAILED,
- "mmap failed for fd=" << fd1);
-
- if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) {
- munmap(h1, fs1.st_size);
- RUNNER_ASSERT_MSG(h2 != MAP_FAILED, "mmap failed for fd=" << fd2
- << ". " << strerror(errno));
- }
-
- int result = memcmp(h1, h2, fs1.st_size);
- munmap(h1, fs1.st_size);
- munmap(h2, fs2.st_size);
-
- return result;
-}
-
-void mkdirSafe(const std::string &path, mode_t mode)
-{
- RUNNER_ASSERT_ERRNO_MSG(0 == mkdir(path.c_str(), mode) || errno == EEXIST,
- "mkdir for <" << path << "> with mode <" << mode << "> failed");
-}
-
-void mktreeSafe(const std::string &path, mode_t mode)
-{
- // Create subsequent parent directories
- // Assume that path is absolute - i.e. starts with '/'
- for (size_t pos = 0; (pos = path.find("/", pos + 1)) != std::string::npos; )
- mkdirSafe(path.substr(0, pos).c_str(), mode);
-
- mkdirSafe(path, mode);
-}
-
-void creatSafe(const std::string &path, mode_t mode)
-{
- RUNNER_ASSERT_ERRNO_MSG(-1 != creat(path.c_str(), mode),
- "creat for <" << path << "> with mode <" << mode << "> failed");
-}
-
-void symlinkSafe(const std::string &targetPath, const std::string &linkPath)
-{
- RUNNER_ASSERT_ERRNO_MSG(0 == symlink(targetPath.c_str(), linkPath.c_str()),
- "symlink for <" << linkPath << "> to <" << targetPath << "> failed");
-}
-
-void removeDir(const std::string &path)
-{
- DIR *d = opendir(path.c_str());
-
- if (nullptr == d) {
- RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "opendir of <" << path << "> failed");
- return;
- }
-
- struct dirent *dirEntry;
- while (nullptr != (dirEntry = readdir(d))) {
- std::string entryName(dirEntry->d_name);
- if (entryName == "." || entryName == "..")
- continue;
-
- std::string entryPath(path + "/" + entryName);
- struct stat st;
-
- RUNNER_ASSERT_ERRNO_MSG(0 == lstat(entryPath.c_str(), &st),
- "stat for <" << entryPath << "> failed");
- if (S_ISDIR(st.st_mode))
- removeDir(entryPath);
- else
- RUNNER_ASSERT_ERRNO_MSG(0 == unlink(entryPath.c_str()),
- "unlink for <" << entryPath << "> failed");
- }
-
- closedir(d);
-
- RUNNER_ASSERT_ERRNO_MSG(0 == rmdir(path.c_str()), "rmdir for <" << path << "> failed");
-}
+++ /dev/null
-/*
- * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file tests_common.h
- * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
- * @version 1.0
- * @brief Common functions and macros used in security-tests package.
- */
-
-#ifndef _TESTS_COMMON_H_
-#define _TESTS_COMMON_H_
-
-#include <sys/smack.h>
-#include <dpl/test/test_case_extended.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <privilege-control.h>
-#include <sys/smack.h>
-#include <string>
-#include <tuple>
-#include <errno.h>
-#include <string.h>
-
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
-const uid_t APP_UID_2 = 5200;
-const gid_t APP_GID_2 = 5200;
-const uid_t DB_ALARM_UID = 6001;
-const gid_t DB_ALARM_GID = 6001;
-const std::string TMP_DIR("/tmp");
-
-bool smack_check(void);
-int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
-void setLabelForSelf(const int line, const char *label);
-void add_process_group(const char* group_name);
-void remove_process_group(const char* group_name);
-std::string formatCstr(const char *cstr);
-int files_compare(int fd1, int fd2);
-void mkdirSafe(const std::string &path, mode_t mode);
-void mktreeSafe(const std::string &path, mode_t mode);
-void creatSafe(const std::string &path, mode_t mode);
-void symlinkSafe(const std::string &targetPath, const std::string &linkPath);
-void removeDir(const std::string &path);
-
-
-#define RUNNER_TEST_SMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
-#define RUNNER_TEST_NOSMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (!smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
-#define RUNNER_CHILD_TEST_SMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \
- DPL::Test::RunChildProc(std::bind(Proc##Child, optionalArgsTuple)); \
- } \
- void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
-#define RUNNER_CHILD_TEST_NOSMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (!smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \
- DPL::Test::RunChildProc(std::bind(Proc##Child, optionalArgsTuple)); \
- } \
- void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
-#define RUNNER_MULTIPROCESS_TEST_SMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \
- DPL::Test::RunMultiProc(std::bind(Proc##Multi, optionalArgsTuple)); \
- } \
- void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
-#define RUNNER_MULTIPROCESS_TEST_NOSMACK(Proc, ...) \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple); \
- static int Static##Proc##Init() \
- { \
- if (!smack_check()) \
- DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \
- new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \
- return 0; \
- } \
- const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \
- void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \
- DPL::Test::RunMultiProc(std::bind(Proc##Multi, optionalArgsTuple)); \
- } \
- void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-
-namespace DB {
-
- class Transaction
- {
- public:
-
- static int db_result;
-
- Transaction() {
- db_result = perm_begin();
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == db_result,
- "perm_begin returned: " << db_result);
- }
-
- ~Transaction() {
- db_result = perm_end();
- }
- };
-} // namespace DB
-
-// Database Transaction macros
-// PLEASE NOTE Both DB_BEGIN and DB_END need to be called in the same scope.
-// They are used to prevent developer from forgetting to close transaction.
-// Also note that variables defined between these macros will not be visible
-// after DB_END.
-#define DB_BEGIN \
- { \
- DB::Transaction db_transaction;
-
-#define DB_END } \
- RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == DB::Transaction::db_result, \
- "perm_end returned: " << DB::Transaction::db_result);
-
-// Common macros and labels used in tests
-extern const char *WGT_APP_ID;
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file timeout.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of future_status serialization operator
- */
-
-#include <timeout.h>
-
-namespace Timeout {
-
-std::ostream& operator<<(std::ostream& os, const std::future_status &status)
-{
- switch (status) {
- case std::future_status::ready:
- os << "<READY>";
- break;
- case std::future_status::timeout:
- os << "<TIMEOUT>";
- break;
- case std::future_status::deferred:
- os << "<DEFERRED>";
- break;
- }
- os << " [" << static_cast<int>(status) << "]";
- return os;
-}
-
-} // namespace Timeout
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file timeout.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of time limited execution of synchronous functions
- */
-
-#ifndef TIMEOUT_H
-#define TIMEOUT_H
-
-#include <chrono>
-#include <functional>
-#include <future>
-#include <type_traits>
-#include <utility>
-
-#include <dpl/test/test_runner.h>
-
-namespace Timeout {
-
-template <class Rep, class Period>
-using Timeout = std::chrono::duration<Rep, Period>;
-
-typedef std::function<void(void)> CancelFunction;
-
-enum ExpectMode {
- FINISHED,
- TIMEOUT,
- IGNORE,
-};
-
-std::ostream& operator<<(std::ostream& os, const std::future_status &status);
-
-template <class Rep, class Period, class F, class... Args>
- typename std::result_of<F(Args...)>::type
- callAndWait(const Timeout<Rep, Period> &timeout,
- ExpectMode expect,
- CancelFunction cancelFunction,
- F&& function,
- Args&&... args) {
-
- auto fut = std::async(std::launch::async, function, std::forward<Args>(args)...);
- std::future_status status = fut.wait_for(timeout);
-
- if (status == std::future_status::timeout && cancelFunction)
- cancelFunction();
-
- switch (expect) {
- case FINISHED:
- RUNNER_ASSERT_MSG(status == std::future_status::ready,
- "expected future status is " << std::future_status::ready
- << " received future status is " << status);
- break;
- case TIMEOUT:
- RUNNER_ASSERT_MSG(status == std::future_status::timeout,
- "expected future status is " << std::future_status::timeout
- << " received future status is " << status);
- break;
- case IGNORE:
- break;
- }
-
- return fut.get();
-}
-
-} // namespace Timeout
-
-#endif // TIMEOUT_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file uds.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Helpers for Unix Domain Sockets
- */
-
-#include <cstring>
-#include <poll.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include <dpl/test/test_runner.h>
-#include <memory.h>
-
-#include "uds.h"
-
-namespace UDSHelpers {
-
-int createServer(const struct sockaddr_un *sockaddr) {
- int sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
-
- SockUniquePtr sockPtr(&sock);
-
- int bindResult = bind(sock, (const struct sockaddr*) sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(bindResult == 0, "bind failed");
-
- int listenResult = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(listenResult == 0, "listen failed");
-
- sockPtr.release();
- return sock;
-}
-
-int createClient(const struct sockaddr_un *sockaddr) {
- int sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
-
- SockUniquePtr sockPtr(&sock);
-
- int connectResult = TEMP_FAILURE_RETRY(
- connect(sock, (const struct sockaddr*) sockaddr, sizeof(struct sockaddr_un)));
- RUNNER_ASSERT_ERRNO_MSG(connectResult == 0, "connect failed");
-
- sockPtr.release();
- return sock;
-}
-
-int acceptClient(int sock) {
- int clientSock = TEMP_FAILURE_RETRY(accept(sock, NULL, NULL));
- RUNNER_ASSERT_ERRNO_MSG(clientSock >= 0, "accept failed");
- return clientSock;
-}
-
-void waitForDisconnect(int sock) {
- const nfds_t fdCount = 1;
- const int timeout = -1; // no timeout
-
- struct pollfd pfd { sock, POLLRDHUP, 0 };
- int ret = TEMP_FAILURE_RETRY(poll(&pfd, fdCount, timeout));
- RUNNER_ASSERT_ERRNO_MSG(ret >= 0, "poll failed");
-}
-
-struct sockaddr_un makeAbstractAddress(const std::string &path) {
- struct sockaddr_un sockaddr;
- RUNNER_ASSERT_MSG(path.size() <= sizeof(sockaddr.sun_path) - 1, "Socket path too long");
- memset(&sockaddr, 0, sizeof(struct sockaddr_un));
- sockaddr.sun_family = AF_UNIX;
- // Leave '\0' as a first character of path
- memcpy(sockaddr.sun_path + 1, path.c_str(), path.size());
- return sockaddr;
-}
-
-} // namespace UDSHelpers
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file uds.h
- * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
- * @version 1.0
- * @brief Helpers for Unix Domain Sockets
- */
-
-#ifndef TESTS_COMMON_UDS_H_
-#define TESTS_COMMON_UDS_H_
-
-#include <string>
-#include <sys/un.h>
-
-namespace UDSHelpers {
- int createServer(const struct sockaddr_un *sockaddr);
- int createClient(const struct sockaddr_un *sockaddr);
- int acceptClient(int sock);
- void waitForDisconnect(int sock);
- struct sockaddr_un makeAbstractAddress(const std::string &path);
-};
-
-#endif // TESTS_COMMON_UDS_H_
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-cmake_minimum_required(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-SET(CYNARA_TARGET_TEST "cynara-test")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_DEP
- REQUIRED
- libprivilege-control
- cynara-admin
- cynara-agent
- cynara-client
- cynara-client-async
- cynara-creds-socket
- cynara-plugin
- dbus-1
- )
-
-#files to compile
-SET(CYNARA_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_request.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_response.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_client.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_env.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_helpers.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/cynara-test.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_agent.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_async.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_db.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_helpers.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-
-#output format
-ADD_EXECUTABLE(${CYNARA_TARGET_TEST} ${CYNARA_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST}
- ${CYNARA_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${CYNARA_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/WRT_test_for_cynara_rules.smack
- DESTINATION /usr/share/privilege-control/
-)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/db_patterns
- DESTINATION /etc/security-tests/
-)
-
-ADD_SUBDIRECTORY(plugins)
+++ /dev/null
-~APP~ cynara_test_1 r
-~APP~ cynara_test_2 w
-~APP~ cynara_test_3 x
-~APP~ cynara_test_4 rw
-~APP~ cynara_test_5 rx
-~APP~ cynara_test_6 wx
-~APP~ cynara_test_7 rwx
-cynara_subject_1 ~APP~ r
-cynara_subject_2 ~APP~ w
-cynara_subject_3 ~APP~ x
-cynara_subject_4 ~APP~ rw
-cynara_subject_5 ~APP~ rx
-cynara_subject_6 ~APP~ wx
-cynara_subject_7 ~APP~ rwx
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_cynara_mask.h>
-#include <memory.h>
-#include <plugins.h>
-#include <tests_common.h>
-
-
-#include <algorithm>
-#include <cstring>
-#include <cstdlib>
-#include <memory>
-#include <ostream>
-#include <string>
-#include <sstream>
-
-namespace CynaraTestAdmin {
-
-namespace
-{
-
-std::ostream& operator<<(std::ostream& os, const cynara_admin_policy &policy)
-{
- os << "{";
- os << " " << formatCstr(policy.bucket) << ",";
- os << " " << formatCstr(policy.client) << ",";
- os << " " << formatCstr(policy.user) << ",";
- os << " " << formatCstr(policy.privilege) << ",";
- os << " " << policy.result << ",";
- os << " " << formatCstr(policy.result_extra);
- os << " }" << std::endl;
- return os;
-}
-
-std::ostream& operator<<(std::ostream& os, const cynara_admin_policy *const *policies)
-{
- os << "{" << std::endl;
- for (size_t i = 0; policies[i] != nullptr; ++i)
- os << *policies[i];
- os << "}";
- return os;
-}
-
-int string_compare(const char *s1, const char *s2)
-{
- if (!s2)
- {
- if (!s1)
- return 0;
- return 1;
- }
- if (!s1)
- return -1;
- return strcmp(s1, s2);
-}
-
-bool policy_less(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
-{
- auto sc = string_compare(p1.bucket, p2.bucket);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.client, p2.client);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.user, p2.user);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.privilege, p2.privilege);
- if (sc != 0)
- return (sc < 0);
- sc = string_compare(p1.result_extra, p2.result_extra);
- if (sc != 0)
- return (sc < 0);
- return p1.result < p2.result;
-}
-
-bool policy_equal(const cynara_admin_policy &p1, const cynara_admin_policy &p2)
-{
- return (p1.result == p2.result
- && string_compare(p1.bucket, p2.bucket) == 0
- && string_compare(p1.client, p2.client) == 0
- && string_compare(p1.user, p2.user) == 0
- && string_compare(p1.privilege, p2.privilege) == 0
- && string_compare(p1.result_extra, p2.result_extra) == 0);
-}
-
-std::ostream& operator<<(std::ostream& os, const CynaraTestPlugins::Descriptions &descriptions)
-{
- os << "{" << std::endl;
- for (const auto &desc : descriptions)
- os << "{ [" << desc.type << "], <" << desc.name << "> }" << std::endl;
- os << "}";
- return os;
-}
-
-} // namespace anonymous
-
-CynaraPoliciesContainer::CynaraPoliciesContainer()
-{
-}
-
-CynaraPoliciesContainer::CynaraPoliciesContainer(struct cynara_admin_policy **policies)
-{
- if (!policies)
- return;
-
- for (int i = 0; policies[i]; ++i) {
- auto policyPtr = policies[i];
- m_policies.push_back(*policyPtr);
- free(policyPtr);
- }
- free(policies);
-}
-
-CynaraPoliciesContainer::~CynaraPoliciesContainer()
-{
- for (struct cynara_admin_policy &policy : m_policies) {
- free(policy.bucket);
- free(policy.client);
- free(policy.user);
- free(policy.privilege);
- free(policy.result_extra);
- }
-}
-
-void CynaraPoliciesContainer::add(const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra)
-{
- m_policies.push_back({ nullptr, nullptr, nullptr, nullptr, 0, nullptr });
- struct cynara_admin_policy &policy = m_policies.back();
- if (bucket)
- policy.bucket = strdup(bucket);
- if (client)
- policy.client = strdup(client);
- if (user)
- policy.user = strdup(user);
- if (privilege)
- policy.privilege = strdup(privilege);
- policy.result = result;
- if (resultExtra)
- policy.result_extra = strdup(resultExtra);
-}
-
-void CynaraPoliciesContainer::add(const char *bucket,
- const CheckKey &checkKey,
- const int result,
- const char *resultExtra)
-{
- add(bucket, checkKey.m_client, checkKey.m_user, checkKey.m_privilege, result, resultExtra);
-}
-
-void CynaraPoliciesContainer::sort()
-{
- std::sort(m_policies.begin(), m_policies.end(), policy_less);
-}
-
-std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies)
-{
- os << "{" << std::endl;
- for (const auto & policy : policies.m_policies)
- os << policy;
- os << "}";
- return os;
-}
-
-Admin::Admin(bool isOnline)
- : m_admin(nullptr), m_online(isOnline)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
-
- int ret = cynara_admin_initialize(&m_admin);
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_admin_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_admin != nullptr, "cynara_admin struct was not initialized");
-}
-
-Admin::~Admin() noexcept(false)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
- cynara_admin_finish(m_admin);
-}
-
-void Admin::setPolicies(const CynaraPoliciesContainer &policiesContainer,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- const cynara_admin_policy *policies[policiesContainer.m_policies.size()+1];
-
- for (size_t i = 0; i < policiesContainer.m_policies.size(); ++i) {
- policies[i] = &policiesContainer.m_policies[i];
- }
- policies[policiesContainer.m_policies.size()] = nullptr;
-
- int ret = cynara_admin_set_policies(m_admin, policies);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_set_policies returned wrong value: "
- << ret << " != " << expectedResult << ". "
- << "policies:\n" << policies);
-}
-
-void Admin::setBucket(const char *bucket, int operation, const char *extra,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- int ret = cynara_admin_set_bucket(m_admin, bucket, operation, extra);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_set_bucket returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " bucket: " << formatCstr(bucket) << ","
- << " operation: " << operation << ","
- << " extra: " << formatCstr(extra));
-}
-
-void Admin::adminCheck(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedCheckResult, const char *expectedCheckResultExtra,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- int checkResult;
- char *checkResultExtra = nullptr;
-
- int ret = cynara_admin_check(m_admin,
- startBucket, recursive,
- client, user, privilege,
- &checkResult, &checkResultExtra);
- CStringPtr extra(checkResultExtra);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " recursive: " << recursive << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege) << ",";
-
- s << " checkResult: " << checkResult << ","
- << " expectedCheckResult: " << expectedCheckResult << ","
- << " checkResultExtra: " << formatCstr(checkResultExtra) << ","
- << " expectedCheckResultExtra: " << formatCstr(expectedCheckResultExtra);
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(checkResult == expectedCheckResult,
- "cynara_admin_check returned wrong check result: "
- << checkResult << " != " << expectedCheckResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(formatCstr(checkResultExtra) == formatCstr(expectedCheckResultExtra),
- "cynara_admin_check returned wrong check result extra: "
- << formatCstr(checkResultExtra) << " != "
- << formatCstr(expectedCheckResultExtra) << "."
- << dump());
-}
-
-void Admin::listPolicies(const char *startBucket,
- const char *client, const char *user, const char *privilege,
- CynaraPoliciesContainer &expectedPolicyList,
- int expectedResult) {
-
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- struct cynara_admin_policy **policies = nullptr;
-
- int ret = cynara_admin_list_policies(m_admin,
- startBucket,
- client, user, privilege,
- &policies);
-
- CynaraPoliciesContainer receivedPolicyList(policies);
- receivedPolicyList.sort();
- expectedPolicyList.sort();
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege) << ",";
-
- s << " receivedPolicyList: " << receivedPolicyList << ","
- << " expectedPolicyList: " << expectedPolicyList;
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_list_policies returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(receivedPolicyList.m_policies.size() == expectedPolicyList.m_policies.size(),
- "size of list returned by cynara_admin_list_policies: "
- << receivedPolicyList.m_policies.size()
- << " doesn't match expected list size: "
- << expectedPolicyList.m_policies.size() << "."
- << dump());
-
- RUNNER_ASSERT_MSG(std::equal(receivedPolicyList.m_policies.begin(),
- receivedPolicyList.m_policies.end(),
- expectedPolicyList.m_policies.begin(),
- policy_equal),
- "list returned by cynara_admin_list_policies doesn't match expected: "
- << dump());
-}
-
-void Admin::erasePolicies(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- int ret = cynara_admin_erase(m_admin,
- startBucket, recursive,
- client, user, privilege);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " startBucket: " << formatCstr(startBucket) << ","
- << " recursive: " << recursive << ","
- << " client: " << formatCstr(client) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege);
-
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_erase returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-}
-
-CynaraTestPlugins::Descriptions parseAndRelease(cynara_admin_policy_descr **descriptions)
-{
- CynaraTestPlugins::Descriptions ret;
-
- if (descriptions) {
- for (size_t i = 0; descriptions[i] != nullptr; ++i) {
- auto descPtr = descriptions[i];
- ret.push_back({ static_cast<Cynara::PolicyType>(descPtr->result),
- std::string(descPtr->name) });
- free(descPtr->name);
- free(descPtr);
- }
- free(descriptions);
- }
- return ret;
-}
-
-void Admin::listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
- int expectedResult)
-{
- std::unique_ptr<CynaraMask>(m_online ? nullptr : new CynaraMask());
-
- struct cynara_admin_policy_descr **descriptions = nullptr;
-
- int ret = cynara_admin_list_policies_descriptions(m_admin, &descriptions);
-
- CynaraTestPlugins::Descriptions receivedDescriptions = parseAndRelease(descriptions);
-
- auto description_less = [](const Cynara::PolicyDescription &d1,
- const Cynara::PolicyDescription &d2) -> bool {
- return d1.type != d2.type ? d1.type < d2.type : d1.name < d2.name;
- };
-
- auto description_equal = [](const Cynara::PolicyDescription &d1,
- const Cynara::PolicyDescription &d2) -> bool {
- return d1.type == d2.type && d1.name == d2.name;
- };
-
- std::sort(receivedDescriptions.begin(), receivedDescriptions.end(), description_less);
- std::sort(expectedDescriptions.begin(), expectedDescriptions.end(), description_less);
-
- auto dump = [&]() -> std::string
- {
- std::stringstream s;
- s << " functionReturn: " << ret << ","
- << " functionExpectedReturn: " << expectedResult << ",";
-
- s << " receivedPolicyDescriptionList: " << receivedDescriptions << ","
- << " expectedPolicyDescriptionList: " << expectedDescriptions << ".";
- return s.str();
- };
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_admin_list_policies_descriptions returned wrong value: "
- << ret << " != " << expectedResult << "."
- << dump());
-
- RUNNER_ASSERT_MSG(receivedDescriptions.size() == expectedDescriptions.size(),
- "size of list returned by cynara_admin_list_policies_descriptions: "
- << receivedDescriptions.size()
- << " doesn't match expected list size: "
- << expectedDescriptions.size() << "."
- << dump());
-
- RUNNER_ASSERT_MSG(std::equal(receivedDescriptions.begin(),
- receivedDescriptions.end(),
- expectedDescriptions.begin(),
- description_equal),
- "list returned by cynara_admin_list_policies_descriptions "
- "doesn't match expected. " << dump());
-}
-
-} // namespace CynaraTestAdmin
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_ADMIN_H
-#define CYNARA_TEST_ADMIN_H
-
-#include <cynara_test_commons.h>
-#include <plugins.h>
-
-#include <cynara-admin.h>
-#include <ostream>
-#include <vector>
-
-namespace CynaraTestAdmin {
-
-class Admin;
-
-class CynaraPoliciesContainer
-{
-public:
- CynaraPoliciesContainer();
-
-/**
- * \par Description:
- * A special constructor stealing all data from all structures cynara_admin_policy
- * arranged in a null-terminated list.
- * It moves all data from inside structures to own vector,
- * but release input list by freeing memory of list elements and list itself.
- */
- CynaraPoliciesContainer(struct cynara_admin_policy **policies);
- CynaraPoliciesContainer(const CynaraPoliciesContainer&) = delete;
- CynaraPoliciesContainer(const CynaraPoliciesContainer&&) = delete;
- virtual ~CynaraPoliciesContainer();
-
- void add(const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra);
- void add(const char *bucket,
- const CheckKey &checkKey,
- const int result,
- const char *resultExtra = nullptr);
- void sort();
-
- friend std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies);
-
-private:
- friend class Admin;
-
- std::vector<struct cynara_admin_policy> m_policies;
-};
-
-class Admin
-{
-public:
- Admin(bool isOnline = true);
- virtual ~Admin() noexcept(false);
-
- void setPolicies(const CynaraPoliciesContainer &policiesContainer,
- int expectedResult = CYNARA_API_SUCCESS);
- void setBucket(const char *bucket, int operation, const char *extra,
- int expectedResult = CYNARA_API_SUCCESS);
- void adminCheck(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedCheckResult, const char *expectedCheckResultExtra,
- int expectedResult = CYNARA_API_SUCCESS);
- void listPolicies(const char *startBucket,
- const char *client, const char *user, const char *privilege,
- CynaraPoliciesContainer &expectedPolicyList,
- int expectedResult = CYNARA_API_SUCCESS);
- void erasePolicies(const char *startBucket, int recursive,
- const char *client, const char *user, const char *privilege,
- int expectedResult = CYNARA_API_SUCCESS);
- void listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions,
- int expectedResult = CYNARA_API_SUCCESS);
-private:
- struct cynara_admin *m_admin;
- bool m_online;
-};
-
-} // namespace CynaraTestAdmin
-
-#endif // CYNARA_TEST_ADMIN_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstdlib>
-#include <string>
-
-#include <cynara_test_agent.h>
-#include <plugins.h>
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestAgent {
-
-Agent::Agent()
- : m_agent(nullptr)
-{
- int ret = cynara_agent_initialize(&m_agent, CynaraTestPlugins::TEST_AGENT_TYPE.c_str());
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_agent_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_agent != nullptr,
- "cynara_agent struct was not initialized");
-}
-
-Agent::~Agent()
-{
- cynara_agent_finish(m_agent);
-}
-
-void Agent::getRequest(AgentRequest &request, int expectedResult)
-{
- cynara_agent_msg_type type;
- cynara_agent_req_id id;
- void *data = nullptr;
- size_t dataSize;
-
- int ret = cynara_agent_get_request(m_agent, &type, &id, &data, &dataSize);
- if (ret == CYNARA_API_SUCCESS) {
- RUNNER_ASSERT_MSG(!data == !dataSize,
- "cynara_agent_get_request returned contradictory values: "
- << "data = " << data << " ,"
- << "size = " << dataSize << ".");
- request.set(type, id, data, dataSize);
- free(data);
- }
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_agent_get_request returned wrong value: "
- << ret << " != " << expectedResult << ".");
-}
-
-void Agent::putResponse(const AgentResponse &response, int expectedResult)
-{
- auto size = response.data().size();
- int ret = cynara_agent_put_response(m_agent,
- response.type(),
- response.id(),
- size ? static_cast<const void*>(response.data().data())
- : nullptr,
- size);
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_agent_put_response returned wrong value: "
- << ret << " != " << expectedResult << "."
- << "response = " << response);
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_H
-#define CYNARA_TEST_AGENT_H
-
-#include <cynara-agent.h>
-
-#include <cynara_test_agent_request.h>
-#include <cynara_test_agent_response.h>
-
-namespace CynaraTestAgent {
-
-class Agent
-{
-public:
- Agent();
- ~Agent();
-
- void getRequest(AgentRequest &request, int expectedResult = CYNARA_API_SUCCESS);
- void putResponse(const AgentResponse &response, int expectedResult = CYNARA_API_SUCCESS);
-
-private:
- struct cynara_agent *m_agent;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_agent_request.h>
-#include <plugins.h>
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestAgent {
-
-std::ostream& operator<<(std::ostream& os, const AgentRequest &request)
-{
- os << "{";
- os << " valid = " << request.m_valid << ",";
- os << " type = " << request.m_type << ",";
- os << " id = " << request.m_id << ",";
- os << " data = " << request.m_data << ",";
- os << " client = " << request.m_client << ",";
- os << " user = " << request.m_user << ",";
- os << " privilege = " << request.m_privilege;
- os << " }";
- return os;
-}
-
-void AgentRequest::set(cynara_agent_msg_type type, cynara_agent_req_id id,
- const void *data, size_t dataSize)
-{
- m_type = type;
- m_id = id;
- m_data = Cynara::PluginData(static_cast<const char*>(data), dataSize);
- m_client.clear();
- m_user.clear();
- m_privilege.clear();
-
- if (m_type == CYNARA_MSG_TYPE_ACTION) {
- CynaraTestPlugins::AgentDataVector parsedData;
-
- bool unwrapSuccess = CynaraTestPlugins::unwrapAgentData(m_data, parsedData);
- RUNNER_ASSERT_MSG(unwrapSuccess,
- "Format error. Cannot succesfully unwrap request. "
- << *this);
-
- RUNNER_ASSERT_MSG(parsedData.size() == 3,
- "Received unexpected [" << parsedData.size() << "] number of units,"
- << " while expecting 3."
- << " Cannot succesfully unwrap request. "
- << *this);
-
- m_client = parsedData[0];
- m_user = parsedData[1];
- m_privilege = parsedData[2];
- }
- m_valid = true;
-}
-
-void AgentRequest::assertAction(std::string client, std::string user, std::string privilege)
-{
- RUNNER_ASSERT_MSG(m_valid,
- "assertAction failed: request is not valid. "
- << *this);
- RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_ACTION,
- "assertAction failed: request's type is " << m_type
- << ", expected type is " << CYNARA_MSG_TYPE_ACTION << ". "
- << *this);
- RUNNER_ASSERT_MSG(!m_data.empty(),
- "assertAction failed: m_data is empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_client == client,
- "assertAction failed: unexpected client value " << m_client
- << ", expected value is " << client << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_user == user,
- "assertAction failed: unexpected user value " << m_user
- << ", expected value is " << user << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_privilege == privilege,
- "assertAction failed: unexpected privilege value " << m_privilege
- << ", expected value is " << privilege << ". "
- << *this);
-}
-
-void AgentRequest::assertCancel()
-{
- RUNNER_ASSERT_MSG(m_valid,
- "assertCancel failed: request is not valid. "
- << *this);
- RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_CANCEL,
- "assertCancel failed: request's type is " << m_type
- << ", expected type is " << CYNARA_MSG_TYPE_CANCEL << ". "
- << *this);
- RUNNER_ASSERT_MSG(m_data.empty(),
- "assertCancel failed: m_data is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_client.empty(),
- "assertCancel failed: m_client is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_user.empty(),
- "assertCancel failed: m_user is not empty. "
- << *this);
- RUNNER_ASSERT_MSG(m_privilege.empty(),
- "assertCancel failed: m_privilege is not empty. "
- << *this);
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_REQUEST_H
-#define CYNARA_TEST_AGENT_REQUEST_H
-
-#include <cynara_test_commons.h>
-
-#include <cynara-agent.h>
-#include <cynara-plugin.h>
-#include <ostream>
-#include <string>
-
-namespace CynaraTestAgent {
-
-class AgentRequest
-{
-public:
- AgentRequest() : m_valid(false), m_type(CYNARA_MSG_TYPE_ACTION), m_id(0)
- {}
-
- void set(cynara_agent_msg_type type, cynara_agent_req_id id, const void *data, size_t dataSize);
-
- bool valid() const
- {
- return m_valid;
- }
-
- cynara_agent_msg_type type() const
- {
- return m_type;
- }
-
- cynara_agent_req_id id() const
- {
- return m_id;
- }
-
- void assertAction(std::string client, std::string user, std::string privilege);
- void assertCancel();
-
- friend std::ostream& operator<<(std::ostream& os, const AgentRequest &request);
-
-private:
- bool m_valid;
- cynara_agent_msg_type m_type;
- cynara_agent_req_id m_id;
- Cynara::PluginData m_data;
- std::string m_client;
- std::string m_user;
- std::string m_privilege;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_REQUEST_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_agent_response.h>
-#include <plugins.h>
-#include <cynara-agent.h>
-
-namespace CynaraTestAgent {
-
-std::ostream& operator<<(std::ostream& os, const AgentResponse &response)
-{
- os << "{";
- os << " type = " << response.m_type << ",";
- os << " id = " << response.m_id << ",";
- os << " data = " << response.m_data;
- os << " }";
- return os;
-}
-
-AgentResponse AgentResponse::createAllow(cynara_agent_req_id id)
-{
- CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_ALLOW};
- return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
-}
-
-AgentResponse AgentResponse::createDeny(cynara_agent_req_id id)
-{
- CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_DENY};
- return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData));
-}
-
-AgentResponse AgentResponse::createCancel(cynara_agent_req_id id)
-{
- return AgentResponse(CYNARA_MSG_TYPE_CANCEL, id, Cynara::PluginData());
-}
-
-} // namespace CynaraTestAgent
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_AGENT_RESPONSE_H
-#define CYNARA_TEST_AGENT_RESPONSE_H
-
-#include <cynara_test_commons.h>
-
-#include <cynara-agent.h>
-#include <cynara-plugin.h>
-#include <ostream>
-
-namespace CynaraTestAgent {
-
-class AgentResponse
-{
-public:
- AgentResponse() = delete;
- static AgentResponse createAllow(cynara_agent_req_id id);
- static AgentResponse createDeny(cynara_agent_req_id id);
- static AgentResponse createCancel(cynara_agent_req_id id);
-
- cynara_agent_msg_type type() const
- {
- return m_type;
- }
-
- cynara_agent_req_id id() const
- {
- return m_id;
- }
-
- Cynara::PluginData data() const
- {
- return m_data;
- }
-
- friend std::ostream& operator<<(std::ostream& os, const AgentResponse &response);
-
-private:
- AgentResponse(cynara_agent_msg_type type, cynara_agent_req_id id, Cynara::PluginData data)
- : m_type(type), m_id(id), m_data(data)
- {}
-
- cynara_agent_msg_type m_type;
- cynara_agent_req_id m_id;
- Cynara::PluginData m_data;
-};
-
-} // namespace CynaraTestAgent
-
-#endif // CYNARA_TEST_AGENT_RESPONSE_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client.h>
-
-#include <tests_common.h>
-
-namespace CynaraTestClient {
-
-Client::Client()
- : m_cynara(nullptr)
-{
- int ret = cynara_initialize(&m_cynara, nullptr);
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_initialize failed. ret: " << ret);
- RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara struct was not initialized");
-}
-
-Client::~Client()
-{
- cynara_finish(m_cynara);
-}
-
-void Client::check(const char *client, const char *session,
- const char *user, const char *privilege,
- int expectedResult)
-{
- int ret = cynara_check(m_cynara, client, session, user, privilege);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " client: " << formatCstr(client) << ","
- << " session: " << formatCstr(session) << ","
- << " user: " << formatCstr(user) << ","
- << " privilege: " << formatCstr(privilege));
-}
-
-} //namespace CynaraTestClient
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_H
-#define CYNARA_TEST_CLIENT_H
-
-#include <cynara-client.h>
-
-namespace CynaraTestClient {
-
-class Client
-{
-public:
- Client();
- virtual ~Client();
-
- void check(const char *client, const char *session,
- const char *user, const char *privilege,
- int expectedResult = CYNARA_API_ACCESS_ALLOWED);
-
-private:
- struct cynara *m_cynara;
-};
-
-} //namespace CynaraTestClient
-
-#endif // CYNARA_TEST_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_client.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <cynara-client-async.h>
-
-#include <exception>
-#include <unistd.h>
-
-namespace CynaraTestClientAsync {
-
-static std::string suffix(const std::string &major, const std::string &minor)
-{
- if (minor.empty())
- return major;
- return "_" + major + "_" + minor;
-}
-
-CheckData::CheckData(const std::string &major, const std::string &minor) :
- m_client("client" + suffix(major, minor)),
- m_session("session" + suffix(major, minor)),
- m_user("user" + suffix(major, minor)),
- m_privilege("privilege" + suffix(major, minor))
-{
-}
-
-CheckData::CheckData(const std::string &major, int minor) : CheckData(major, std::to_string(minor))
-{
-}
-
-CheckKey CheckData::toAdminPolicy()
-{
- return {m_client.c_str(), m_user.c_str(), m_privilege.c_str()};
-}
-
-Client::Client(const StatusFunction &userFunction)
- : m_cynara(nullptr), m_statusMonitor(userFunction)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_initialize(&m_cynara, nullptr,
- StatusMonitor::updateStatus,
- static_cast<void*>(&m_statusMonitor)););
- RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
- "cynara_async_initialize() failed. ret = " << ret << ".");
- RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara_async struct was not initialized.");
-
- assertStatus(DISCONNECTED);
-}
-
-Client::~Client() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- RUNNER_DEFER_SCOPE(cynara_async_finish(m_cynara););
- assertStatus(DISCONNECTED);
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraTestAsync::Client.");
- }
-}
-
-void Client::assertStatus(enum SocketStatus expectedStatus)
-{
- enum SocketStatus currentStatus = m_statusMonitor.getStatus();
- RUNNER_ASSERT_MSG(currentStatus == expectedStatus,
- "SocketStatus mismatch: "
- << " currentStatus = " << currentStatus << ","
- << " expectedStatus = " << expectedStatus << ".");
-}
-
-void Client::checkCache(const CheckData &checkData, int expectedResult)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_check_cache(m_cynara, checkData.m_client.c_str(),
- checkData.m_session.c_str(),
- checkData.m_user.c_str(),
- checkData.m_privilege.c_str()););
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Cache check returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " client = " << checkData.m_client << ","
- << " sesion = " << checkData.m_session << ","
- << " user = " << checkData.m_user << ","
- << " privilege = " << checkData.m_privilege << ".");
-}
-
-void Client::createRequest(const CheckData &checkData, cynara_check_id &id,
- const RequestEntity &callbackData, int expectedResult)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_create_request(m_cynara, checkData.m_client.c_str(),
- checkData.m_session.c_str(),
- checkData.m_user.c_str(),
- checkData.m_privilege.c_str(), &id,
- RequestMonitor::updateResponse,
- static_cast<void*>(
- &m_requestMonitor)););
- if (ret == CYNARA_API_SUCCESS)
- m_requestMonitor.registerRequest(id, callbackData);
-
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Create request returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " client = " << checkData.m_client << ","
- << " sesion = " << checkData.m_session << ","
- << " user = " << checkData.m_user << ","
- << " privilege = " << checkData.m_privilege << ".");
-}
-
-void Client::process(int expectedResult,
- enum TimeoutExpectation timeoutExpectation,
- time_t timeoutSeconds) {
- if (m_statusMonitor.getStatus() == DISCONNECTED)
- return;
-
- int fd = m_statusMonitor.getFd();
- fd_set fds;
- timeval tv;
- FD_ZERO(&fds);
- FD_SET(fd, &fds);
- tv.tv_sec = timeoutSeconds;
- tv.tv_usec = 0;
-
- int ret;
- if (m_statusMonitor.getStatus() == READ)
- ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, NULL, NULL, &tv));
- else
- ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, &fds, NULL, &tv));
-
- if (ret == 0) {
- RUNNER_ASSERT_MSG(timeoutExpectation != EXPECT_NO_TIMEOUT,
- "Unexpected select timeout."
- << " ret = " << ret);
- return;
- }
- RUNNER_ASSERT_ERRNO_MSG(ret > 0,
- "Select returned error:"
- << " ret = " << ret);
- RUNNER_ASSERT_MSG(timeoutExpectation != EXPECT_TIMEOUT,
- "Select returned positive value, when timeout was expected."
- << " ret = " << ret);
-
- RUNNER_DEFER_SCOPE(ret = cynara_async_process(m_cynara););
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_async_process returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ".");
-}
-
-void Client::cancel(cynara_check_id id, int expectedResult)
-{
- int ret;
- RUNNER_DEFER_SCOPE(ret = cynara_async_cancel_request(m_cynara, id););
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "Cancel request returned unexpected value: "
- << " returned value = " << ret << ","
- << " expected value = " << expectedResult << ","
- << " id = " << id << ".");
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
-#define CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
-
-#include <cynara_test_client_async_request_monitor.h>
-#include <cynara_test_client_async_status_monitor.h>
-#include <cynara_test_commons.h>
-
-#include <cynara-client-async.h>
-
-#include <string>
-#include <sys/types.h>
-
-namespace CynaraTestClientAsync {
-
-struct CheckData
-{
- std::string m_client;
- std::string m_session;
- std::string m_user;
- std::string m_privilege;
-
- CheckData(const std::string &major, const std::string &minor = "");
- CheckData(const std::string &major, int minor);
-
- CheckKey toAdminPolicy();
-};
-
-class Client
-{
-public:
- enum TimeoutExpectation {
- EXPECT_TIMEOUT,
- EXPECT_NO_TIMEOUT,
- IGNORE_TIMEOUT,
- };
-
- Client(const StatusFunction &userFunction = StatusFunction());
- ~Client() noexcept(false);
-
- void assertStatus(enum SocketStatus expectedStatus);
- void checkCache(const CheckData &checkData, int expectedResult);
- void createRequest(const CheckData &checkData, cynara_check_id &id,
- const RequestEntity &callbackData, int expectedResult = CYNARA_API_SUCCESS);
- void process(int expectedResult = CYNARA_API_SUCCESS,
- enum TimeoutExpectation timeoutExpectation = EXPECT_NO_TIMEOUT,
- time_t timeoutSeconds = 3);
- void cancel(cynara_check_id id, int expectedResult = CYNARA_API_SUCCESS);
-
-private:
- struct cynara_async *m_cynara;
-
- StatusMonitor m_statusMonitor;
- RequestMonitor m_requestMonitor;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_request_monitor.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <exception>
-
-namespace CynaraTestClientAsync {
-
-RequestMonitor::~RequestMonitor() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- for (auto ent : m_requests)
- {
- RUNNER_ERROR_MSG("There was no callback for request with:"
- << "id = " << ent.first << ","
- << "expectedResponse = " << ent.second.m_expectedResponse << ","
- << "expectedCause = " << ent.second.m_expectedCause << ".");
- }
- RUNNER_ASSERT_MSG(m_requests.empty(),
- m_requests.size() << "requests does not receive callback.");
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing"
- " CynaraTestAsync::RequestMonitor.");
- }
-}
-
-void RequestMonitor::registerRequest(cynara_check_id id, const RequestEntity &request)
-{
- auto p = m_requests.insert({id, request});
- RUNNER_ASSERT_MSG(p.second,
- "Request with id = " << p.first->first << " already exists.");
-}
-
-void RequestMonitor::updateResponse(cynara_check_id checkId, cynara_async_call_cause cause,
- int response, void *data)
-{
- RUNNER_DEFER_TRYCATCH(
- RequestMonitor *monitor = static_cast<RequestMonitor*>(data);
- if (!monitor) {
- RUNNER_FAIL_MSG("Bad user data (nullptr) in response callback.");
- return;
- }
-
- auto it = monitor->m_requests.find(checkId);
- if (it == monitor->m_requests.end()) {
- RUNNER_FAIL_MSG("Received unexpected callback for request:"
- << "id = " << checkId << ","
- << "response = " << response << ","
- << "cause = " << cause << ".");
- return;
- }
-
- //save request data and remove request from monitored requests
- auto expectedResponse = it->second.m_expectedResponse;
- auto expectedCause = it->second.m_expectedCause;
- auto userFunction = it->second.m_userFunction;
- monitor->m_requests.erase(it);
-
- RUNNER_ASSERT_MSG(cause == expectedCause,
- "Unexpected cause in response callback:"
- << "id = " << checkId << ","
- << "received response = " << response << ","
- << "expected response = " << expectedResponse << ","
- << "received cause = " << cause << ","
- << "expected cause = " << expectedCause << ".");
-
- if (cause == CYNARA_CALL_CAUSE_ANSWER)
- {
- RUNNER_ASSERT_MSG(response == expectedResponse,
- "Unexpected response in response callback:"
- << "id = " << checkId << ","
- << "received response = " << response << ","
- << "expected response = " << expectedResponse << ","
- << "received cause = " << cause << ","
- << "expected cause = " << expectedCause << ".");
- }
-
- if (userFunction)
- userFunction();
- );
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
-#define CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
-
-#include <cynara-client-async.h>
-
-#include <functional>
-#include <unordered_map>
-
-namespace CynaraTestClientAsync {
-
-typedef std::function<void(void)> RequestFunction;
-
-struct RequestEntity
-{
- RequestFunction m_userFunction;
- int m_expectedResponse;
- cynara_async_call_cause m_expectedCause;
-};
-
-class RequestMonitor
-{
-public:
- ~RequestMonitor() noexcept(false);
-
- void registerRequest(cynara_check_id id, const RequestEntity &request);
-
- static void updateResponse(cynara_check_id checkId, cynara_async_call_cause cause, int response,
- void *data);
-
-private:
- std::unordered_map<cynara_check_id, RequestEntity> m_requests;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_client_async_status_monitor.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestClientAsync {
-
-StatusMonitor::StatusMonitor(const StatusFunction &userFunction)
- : m_fd(-1), m_status(CYNARA_STATUS_FOR_READ), m_userFunction(userFunction)
-{
-}
-
-void StatusMonitor::updateStatus(int oldFd, int newFd, cynara_async_status status, void *data)
-{
- RUNNER_DEFER_TRYCATCH(
- StatusMonitor *monitor = static_cast<StatusMonitor*>(data);
- if (!monitor) {
- RUNNER_FAIL_MSG("Bad user data (nullptr) in status callback.");
- return;
- }
-
- RUNNER_ASSERT_MSG(monitor->m_fd == oldFd,
- "fd value mismatch: "
- << " last saved fd = " << monitor->m_fd << ","
- << " callback oldFd = " << oldFd << ".");
-
- monitor->m_fd = newFd;
- monitor->m_status = status;
- if (monitor->m_userFunction)
- monitor->m_userFunction(oldFd, newFd, status);
- );
-}
-
-int StatusMonitor::getFd(void) const
-{
- return m_fd;
-}
-
-enum SocketStatus StatusMonitor::getStatus(void) const
-{
- if (m_fd == -1)
- return DISCONNECTED;
-
- switch (m_status) {
- case CYNARA_STATUS_FOR_READ:
- return READ;
- case CYNARA_STATUS_FOR_RW:
- return READWRITE;
- }
- RUNNER_FAIL_MSG("Unknown cynara socket status = " << m_status << ","
- << " fd = " << m_fd << ".");
- return UNKNOWN;
-}
-
-}// namespace CynaraTestClientAsync
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
-#define CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
-
-#include <cynara-client-async.h>
-
-#include <functional>
-
-namespace CynaraTestClientAsync {
-
-enum SocketStatus
-{
- READ,
- READWRITE,
- DISCONNECTED,
- UNKNOWN,
-};
-
-typedef std::function<void(int oldFd, int newFd, cynara_async_status status)> StatusFunction;
-
-class StatusMonitor
-{
-public:
-
- StatusMonitor(const StatusFunction &userFunction);
-
- static void updateStatus(int oldFd, int newFd, cynara_async_status status, void *data);
-
- int getFd(void) const;
- enum SocketStatus getStatus(void) const;
-
-private:
- int m_fd;
- cynara_async_status m_status;
- StatusFunction m_userFunction;
-};
-
-}// namespace CynaraTestClientAsync
-
-#endif // CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_commons.h>
-#include <cynara_test_file_operations.h>
-#include <cynara_test_cynara_mask.h>
-#include <service_manager.h>
-
-namespace CynaraTestConsts
-{
-
-const std::string DB_DIR(CYNARA_DB_DIR);
-const std::string USER("cynara");
-const std::string LABEL("System");
-const std::string SERVICE("cynara.service");
-const std::string SOCKET_CLIENT("cynara.socket");
-const std::string SOCKET_ADMIN("cynara-admin.socket");
-const std::string SOCKET_AGENT("cynara-agent.socket");
-
-const std::string SERVICE_PLUGINS_DIR("/usr/lib/cynara/plugin/service/");
-
-}
-
-void loadServicePlugins(const DirectoryPaths &pluginDirectories)
-{
- CynaraMask mask;
-
- FileOperations::removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- for (const auto &dir : pluginDirectories)
- FileOperations::copyCynaraFiles(dir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR);
-}
-
-void restartCynaraService()
-{
- ServiceManager service(CynaraTestConsts::SERVICE);
- service.restartService();
-}
-
-void restartCynaraServiceAndSockets()
-{
- ServiceManager service(CynaraTestConsts::SERVICE, { CynaraTestConsts::SOCKET_CLIENT,
- CynaraTestConsts::SOCKET_ADMIN,
- CynaraTestConsts::SOCKET_AGENT });
-
- service.restartService(true);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file cynara_test_commons.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Definition of environment wrap for test cases
- */
-
-#ifndef CYNARA_TEST_COMMONS_H_
-#define CYNARA_TEST_COMMONS_H_
-
-#include <string>
-#include <vector>
-
-#include <cynara_test_env.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace CynaraTestConsts
-{
-
-extern const std::string DB_DIR;
-extern const std::string USER;
-extern const std::string LABEL;
-extern const std::string SERVICE;
-extern const std::string SERVICE_PLUGINS_DIR;
-extern const std::string SOCKET_CLIENT;
-extern const std::string SOCKET_ADMIN;
-extern const std::string SOCKET_AGENT;
-
-}
-
-struct CheckKey
-{
- const char *m_client;
- const char *m_user;
- const char *m_privilege;
-};
-
-#define RUN_CYNARA_TEST(Proc) \
- RUNNER_TEST(Proc, CynaraTestEnv) \
- { \
- Proc##_func(); \
- }
-
-typedef std::vector<std::string> DirectoryPaths;
-void loadServicePlugins(const DirectoryPaths &pluginDirectories);
-
-void restartCynaraService();
-void restartCynaraServiceAndSockets();
-
-#endif /* CYNARA_TEST_COMMONS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_cynara_mask.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Implementation of scoped cynara service masker
- */
-
-#include <exception>
-
-#include <cynara_test_commons.h>
-#include <dpl/test/test_runner.h>
-
-#include <cynara_test_cynara_mask.h>
-
-CynaraMask::CynaraMask() : m_serviceManager(CynaraTestConsts::SERVICE)
-{
- m_serviceManager.maskService();
- m_serviceManager.stopService();
-}
-
-CynaraMask::~CynaraMask() noexcept(false)
-{
- bool oops = std::uncaught_exception();
- try {
- m_serviceManager.unmaskService();
- m_serviceManager.startService();
- } catch (...) {
- if (!oops)
- throw;
- RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraMask.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_cynara_mask.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Definition of scoped cynara service masker
- */
-
-#ifndef CYNARA_TEST_CYNARA_MASK_H_
-#define CYNARA_TEST_CYNARA_MASK_H_
-
-#include <service_manager.h>
-
-class CynaraMask
-{
-public:
- CynaraMask();
- ~CynaraMask() noexcept(false);
-
-private:
- ServiceManager m_serviceManager;
-};
-
-#endif // CYNARA_TEST_CYNARA_MASK_H_
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cynara_test_commons.h>
-#include <cynara_test_cynara_mask.h>
-#include <cynara_test_file_operations.h>
-#include <tests_common.h>
-
-#include <cynara_test_env.h>
-
-using namespace FileOperations;
-
-CynaraTestEnv::CynaraTestEnv()
- : m_dbPresent(false)
-{
-}
-
-CynaraTestEnv::~CynaraTestEnv()
-{
-}
-
-void CynaraTestEnv::init(const std::string &testName)
-{
- m_saveDir = TMP_DIR + "/" + testName;
- m_dbSaveDir = m_saveDir + "/db";
- m_pluginsSaveDir = m_saveDir + "/plugins";
- m_defaultDir = "/etc/security-tests/db_patterns/default";
-
- CynaraMask mask;
-
- removeDirFiles(m_dbSaveDir);
- removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
- removeDirIfExists(m_saveDir);
-
- makeDir(m_saveDir);
- m_dbPresent = dirExists(CynaraTestConsts::DB_DIR);
- if (m_dbPresent) {
- makeDir(m_dbSaveDir);
- copyCynaraFiles(CynaraTestConsts::DB_DIR, m_dbSaveDir);
- }
- makeDir(m_pluginsSaveDir);
- copyCynaraFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR, m_pluginsSaveDir);
- unmaskedLoadDefaultDatabase();
-}
-
-void CynaraTestEnv::finish()
-{
- CynaraMask mask;
-
- removeDirFiles(CynaraTestConsts::DB_DIR);
- if (m_dbPresent)
- copyCynaraFiles(m_dbSaveDir, CynaraTestConsts::DB_DIR);
- else
- removeDirIfExists(CynaraTestConsts::DB_DIR);
-
- removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- copyCynaraFiles(m_pluginsSaveDir, CynaraTestConsts::SERVICE_PLUGINS_DIR);
-
- removeDirFiles(m_dbSaveDir);
- removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
- removeDirIfExists(m_saveDir);
-}
-
-void CynaraTestEnv::unmaskedLoadDefaultDatabase()
-{
- if (m_dbPresent) {
- removeDirFiles(CynaraTestConsts::DB_DIR);
- copyCynaraFiles(m_defaultDir, CynaraTestConsts::DB_DIR);
- }
-}
-
-void CynaraTestEnv::loadDefaultDatabase()
-{
- CynaraMask mask;
- unmaskedLoadDefaultDatabase();
-}
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_ENV_H
-#define CYNARA_TEST_ENV_H
-
-#include <string>
-
-class CynaraTestEnv
-{
-public:
- explicit CynaraTestEnv();
- ~CynaraTestEnv();
- void init(const std::string &testName);
- void finish();
- void loadDefaultDatabase();
-
-private:
- void unmaskedLoadDefaultDatabase();
- std::string m_saveDir;
- std::string m_dbSaveDir;
- std::string m_pluginsSaveDir;
- std::string m_defaultDir;
- bool m_dbPresent;
-};
-
-#endif // CYNARA_TEST_ENV_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cstdlib>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <ftw.h>
-#include <pwd.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <cynara_test_commons.h>
-#include <dpl/test/test_runner.h>
-#include <memory.h>
-
-#include <cynara_test_file_operations.h>
-
-namespace FileOperations
-{
-
-static int removeFile(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW * /*ftwbuf*/)
-{
- if (tflag == FTW_F)
- RUNNER_ASSERT_ERRNO_MSG(!unlink(fpath), "Unable to unlink " << fpath << " file");
- else
- RUNNER_ASSERT_MSG(tflag == FTW_DP, "Visited file should not exist. Path: " << fpath);
- return 0;
-}
-
-bool dirExists(const std::string &directory)
-{
- struct stat st;
- int ret = stat(directory.c_str(), &st);
- if (ret == -1 && errno == ENOENT) {
- return false;
- } else if (ret == -1) {
- RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory
- << " not due to its nonexistence");
- }
- RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory");
- return true;
-}
-
-void copyCynaraFile(const std::string &src, const std::string &dst)
-{
- using PwBufPtr = CStringPtr;
- int inFd = TEMP_FAILURE_RETRY(open(src.c_str(), O_RDONLY));
- RUNNER_ASSERT_ERRNO_MSG(inFd > 0, "Opening " << src << " file failed");
- FdUniquePtr inFdPtr(&inFd);
-
- int outFd = TEMP_FAILURE_RETRY(creat(dst.c_str(), 0700));
- RUNNER_ASSERT_ERRNO_MSG(outFd > 0, "Creating " << dst << " file failed");
- FdUniquePtr outFdPtr(&outFd);
-
- long int len = sysconf(_SC_GETPW_R_SIZE_MAX);
- RUNNER_ASSERT_MSG(len != -1, "No suggested buflen");
- size_t buflen = len;
- char *buf = static_cast<char*>(malloc(buflen));
-
- PwBufPtr pwBufPtr(buf);
-
- struct passwd pwbuf, *pwbufp = nullptr;
- int ret = TEMP_FAILURE_RETRY(getpwnam_r(CynaraTestConsts::USER.c_str(),
- &pwbuf, buf, buflen, &pwbufp));
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "getpwnam_r failed on " << CynaraTestConsts::USER << " user");
- RUNNER_ASSERT_MSG(pwbufp, "User " << CynaraTestConsts::USER << " does not exist");
-
- ret = fchown(outFd, pwbufp->pw_uid, pwbufp->pw_gid);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fchown failed");
-
- ret = smack_fsetlabel(outFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
-
- struct stat statSrc;
- ret = fstat(inFd, &statSrc);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fstat failed");
-
- ret = sendfile(outFd, inFd, 0, statSrc.st_size);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "sendfile failed");
-
- ret = fsync(outFd);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed");
-}
-
-void copyCynaraFiles(const std::string &source, const std::string &destination)
-{
- DIR *dirPtr = nullptr;
- struct dirent *direntPtr;
-
- RUNNER_ASSERT_ERRNO_MSG(dirPtr = opendir(source.c_str()),
- "opening " << source << " dir failed");
- DirPtr dirScopedPtr(dirPtr);
-
- while((direntPtr = readdir(dirPtr)) != nullptr) {
- if (!strcmp(direntPtr->d_name, ".")
- || !strcmp(direntPtr->d_name, ".."))
- continue;
- std::string tempDest = destination + "/" + direntPtr->d_name;
- std::string tempSrc = source + "/" + direntPtr->d_name;
- copyCynaraFile(tempSrc, tempDest);
- }
-
- syncDir(destination);
-}
-
-void syncElem(const std::string &filename, int flags, mode_t mode)
-{
- int fileFd = TEMP_FAILURE_RETRY(open(filename.c_str(), flags, mode));
- RUNNER_ASSERT_ERRNO_MSG(fileFd != -1, "open failed name=" << filename);
- FdUniquePtr fdPtr(&fileFd);
-
- int ret = fsync(fileFd);
- RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed name=" << filename);
-}
-
-void syncDir(const std::string &dirname, mode_t mode) {
- syncElem(dirname, O_DIRECTORY, mode);
-}
-
-void makeDir(const std::string &directory)
-{
- RUNNER_ASSERT_ERRNO_MSG(!mkdir(directory.c_str(), S_IRWXU | S_IRWXG | S_IRWXO),
- "Unable to make " << directory << " test directory");
-
- syncDir(directory);
-}
-
-void removeDirFiles(const std::string &dir)
-{
- int ret = nftw(dir.c_str(), removeFile, 2, FTW_DEPTH | FTW_PHYS);
- if (ret == -1)
- RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "nftw failed");
- else
- syncDir(dir);
-}
-
-void removeDirIfExists(const std::string &dir)
-{
- RUNNER_ASSERT_ERRNO_MSG(!rmdir(dir.c_str()) || errno == ENOENT,
- "Removing " << dir << " dir failed");
-}
-
-} // namespace FileOperations
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CYNARA_TEST_FILE_OPERATIONS_H
-#define CYNARA_TEST_FILE_OPERATIONS_H
-
-#include <fcntl.h>
-#include <string>
-
-namespace FileOperations
-{
-
-bool dirExists(const std::string &directory);
-void copyCynaraFile(const std::string &src, const std::string &dst);
-void copyCynaraFiles(const std::string &source, const std::string &destination);
-void syncElem(const std::string &filename, int flags = O_RDONLY, mode_t mode = S_IRUSR | S_IWUSR);
-void syncDir(const std::string &dirname, mode_t mode = S_IRUSR | S_IWUSR);
-void makeDir(const std::string &directory);
-void removeDirFiles(const std::string &dir);
-void removeDirIfExists(const std::string &dir);
-
-} // namespace FileOperations
-
-#endif //CYNARA_TEST_FILE_OPERATIONS_H
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_helpers.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Helpers for cynara-helpers
- */
-
-#include <dpl/test/test_runner.h>
-
-#include <cynara-creds-socket.h>
-
-#include "cynara_test_helpers.h"
-
-namespace CynaraHelperCredentials {
-
-char *socketGetClient(int sock, cynara_client_creds method, int expectedResult) {
- char *buff;
- auto ret = cynara_creds_socket_get_client(sock, method, &buff);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_creds_socket_get_client failed, ret = " << ret
- << "; expected = " << expectedResult);
- return buff;
-}
-
-char *socketGetUser(int sock, cynara_user_creds method, int expectedResult) {
- char *buff;
- auto ret = cynara_creds_socket_get_user(sock, method, &buff);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_creds_socket_get_user failed, ret = " << ret
- << "; expected = " << expectedResult);
- return buff;
-}
-
-pid_t socketGetPid(int sock, int expectedResult) {
- pid_t pid;
- auto ret = cynara_creds_socket_get_pid(sock, &pid);
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_creds_socket_get_pid failed, ret = " << ret << "; expected = "
- << expectedResult);
- return pid;
-}
-
-} //namespace CynaraHelperCredentials
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file cynara_test_helpers.h
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Helpers for cynara-helpers
- */
-
-#ifndef CYNARA_TEST_HELPERS_H_
-#define CYNARA_TEST_HELPERS_H_
-
-#include <sys/types.h>
-
-#include <cynara-creds-commons.h>
-#include <cynara-error.h>
-
-namespace CynaraHelperCredentials {
-
-char *socketGetClient(int sock, cynara_client_creds method,
- int expectedResult = CYNARA_API_SUCCESS);
-
-char *socketGetUser(int sock, cynara_user_creds method,
- int expectedResult = CYNARA_API_SUCCESS);
-
-pid_t socketGetPid(int sock, int expectedResult = CYNARA_API_SUCCESS);
-
-} // namespace CynaraHelperCredentials
-
-
-#endif // CYNARA_TEST_HELPERS_H_
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-buckets;$1$$6ZlVs5lw2nZgVmiw0BdY21
-_;$1$$qRPK7m23GJusamGpoGLby/
+++ /dev/null
-buckets;$1$$UYHKvrIkGoSTO5hIgvCLg0
-_;$1$$qRPK7m23GJusamGpoGLby/
+++ /dev/null
-client;user;privilege;0x0;
+++ /dev/null
-buckets;$1$$6ZlVs5lw2nZgVmiw0BdY21
-_;$1$$nssatAXP6yl4N8gjldhxf0
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file BaseCynaraTestPlugin.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of base class for cynara test plugins
- */
-
-#ifndef BASE_CYNARA_TEST_PLUGIN_H
-#define BASE_CYNARA_TEST_PLUGIN_H
-
-#include <string>
-
-#include <cynara-plugin.h>
-#include <cynara/types/PolicyDescription.h>
-#include <plugins.h>
-
-class BaseCynaraTestPlugin : public Cynara::ServicePluginInterface
-{
-public:
- BaseCynaraTestPlugin(const std::string &name)
- {
- m_descriptions = CynaraTestPlugins::POLICY_DESCRIPTIONS.at(name);
- }
-
- virtual ~BaseCynaraTestPlugin() {}
-
- virtual CynaraTestPlugins::Descriptions &getSupportedPolicyDescr()
- {
- return m_descriptions;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- Cynara::PolicyResult &result,
- Cynara::AgentType &requiredAgent,
- Cynara::PluginData &pluginData)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
- (void) requiredAgent;
- (void) pluginData;
-
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- const Cynara::PluginData &agentData,
- Cynara::PolicyResult &result)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
- (void) agentData;
-
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY;
- }
-
- virtual void invalidate()
- {
- }
-
-private:
- CynaraTestPlugins::Descriptions m_descriptions;
-};
-
-#endif // BASE_CYNARA_TEST_PLUGIN_H
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-ADD_SUBDIRECTORY(single-policy)
-ADD_SUBDIRECTORY(multiple-policy)
-ADD_SUBDIRECTORY(test-agent)
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY "cynara-test-plugin-multiple-policy")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/multiple-policy/plugin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling multiple policy type
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class MultiplePolicyPlugin : public BaseCynaraTestPlugin
-{
-public:
- MultiplePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::MULTIPLE_POLICY) {}
- virtual ~MultiplePolicyPlugin() {}
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new MultiplePolicyPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugins.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of types, constants and functions common for both tests and plugins
- */
-
-#include <vector>
-#include <sstream>
-#include <string>
-
-#include <plugins.h>
-
-namespace CynaraTestPlugins {
-
-Cynara::PluginData wrapAgentData(const AgentDataVector &data) {
- std::stringstream wrappedData;
- wrappedData << AGENT_DATA_RECORD_SEPARATOR;
- for (size_t i = 0; i < data.size(); ++i) {
- wrappedData << AGENT_DATA_UNIT_SEPARATOR
- << data[i]
- << AGENT_DATA_UNIT_SEPARATOR;
- }
- wrappedData << AGENT_DATA_RECORD_SEPARATOR;
- return wrappedData.str();
-}
-
-static bool unwrapAgentDataFromSeparator(const Cynara::PluginData &wrappedData,
- const std::string &separator,
- size_t &pos, std::string &unit) {
-//check if wrapped data starts with separator
- size_t separatorSize = separator.size();
- if (wrappedData.compare(pos, separatorSize, separator) != 0)
- return false;
-
-//find ending separator
- size_t unitStartIndex = pos + separatorSize;
- size_t endingSeparatorIndex = wrappedData.find(separator, unitStartIndex);
- if (endingSeparatorIndex == std::string::npos)
- return false;
-
-//return found unit
- pos = endingSeparatorIndex + separatorSize;
- size_t unitSize = endingSeparatorIndex - unitStartIndex;
- unit.assign(wrappedData, unitStartIndex, unitSize);
- return true;
-}
-
-bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data) {
- std::string record;
- size_t pos = 0;
- if (!unwrapAgentDataFromSeparator(wrappedData, AGENT_DATA_RECORD_SEPARATOR, pos, record))
- return false;
-
- pos = 0;
- while (pos < record.size()) {
- std::string unit;
- if (!unwrapAgentDataFromSeparator(record, AGENT_DATA_UNIT_SEPARATOR, pos, unit))
- return false;
- data.push_back(unit);
- }
- return true;
-}
-
-} // namespace CynaraTestPlugins
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugins.h
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Definition of types, constants and functions common for both tests and plugins
- */
-
-#ifndef CYNARA_TEST_PLUGINS_H
-#define CYNARA_TEST_PLUGINS_H
-
-#include <cstdint>
-#include <vector>
-#include <map>
-#include <string>
-
-#include <cynara-plugin.h>
-#include <cynara/types/PolicyDescription.h>
-#include <cynara/types/PolicyType.h>
-
-namespace CynaraTestPlugins {
-
-typedef std::vector<Cynara::PolicyDescription> Descriptions;
-typedef std::pair<std::string, Descriptions> DescriptionsPair;
-typedef std::map<std::string, Descriptions> DescriptionsMap;
-
-static const std::string TEST_PLUGIN_PATH("/usr/lib/security-tests/cynara-tests/plugins/");
-
-static const std::string DEFAULT_POLICY("");
-static const std::string SINGLE_POLICY("single-policy");
-static const std::string MULTIPLE_POLICY("multiple-policy");
-static const std::string TEST_AGENT("test-agent");
-
-static const DescriptionsMap POLICY_DESCRIPTIONS = {
- DescriptionsPair(DEFAULT_POLICY, {
- { Cynara::PredefinedPolicyType::DENY, "Deny" },
- { Cynara::PredefinedPolicyType::ALLOW, "Allow" },
- }),
- DescriptionsPair(SINGLE_POLICY, {
- { 2001, "Single Policy Type 1" }
- }),
- DescriptionsPair(MULTIPLE_POLICY, {
- { 3001, "Multiple Policy Type 1" },
- { 3002, "Multiple Policy Type 2" },
- { 3003, "Multiple Policy Type 3" },
- }),
- DescriptionsPair(TEST_AGENT, {
- { 4001, "Test Agent Type 1" }
- }),
-};
-
-static const std::string TEST_AGENT_TYPE("SecurityCynaraTestsAgentType");
-
-static const std::string AGENT_DATA_UNIT_SEPARATOR("\31");
-static const std::string AGENT_DATA_RECORD_SEPARATOR("\30");
-static const std::string AGENT_DATA_ALLOW("Allow");
-static const std::string AGENT_DATA_DENY("Deny");
-
-typedef std::vector<std::string> AgentDataVector;
-
-Cynara::PluginData wrapAgentData(const AgentDataVector &data);
-bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data);
-
-} // namespace CynaraTestPlugins
-
-#endif // CYNARA_TEST_PLUGINS_H
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY "cynara-test-plugin-single-policy")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/single-policy/plugin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/single-policy/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling single policy type
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class SinglePolicyPlugin : public BaseCynaraTestPlugin
-{
-public:
- SinglePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::SINGLE_POLICY) {}
- virtual ~SinglePolicyPlugin() {}
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new SinglePolicyPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
-#
-
-CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-
-SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT "cynara-test-plugin-test-agent")
-
-PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP
- REQUIRED
- cynara-plugin
- )
-
-INCLUDE_DIRECTORIES(
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP_INCLUDE_DIRS}
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- )
-
-SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/test-agent/plugin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- )
-
-ADD_DEFINITIONS("-fvisibility=default")
-
-ADD_LIBRARY(
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- SHARED
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES}
- )
-
-TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEPS}
- )
-
-INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT}
- DESTINATION /usr/lib/security-tests/cynara-tests/plugins/test-agent/)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file plugin.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @brief Implementation of cynara test plugin handling communication with test-agent
- */
-
-#include <new>
-
-#include <cynara-plugin.h>
-#include <BaseCynaraTestPlugin.h>
-#include <plugins.h>
-
-class TestAgentPlugin : public BaseCynaraTestPlugin
-{
-public:
- TestAgentPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::TEST_AGENT) {}
- virtual ~TestAgentPlugin() {}
-
- virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- Cynara::PolicyResult &result,
- Cynara::AgentType &requiredAgent,
- Cynara::PluginData &pluginData)
- noexcept
- {
- (void) result;
-
- try {
- requiredAgent = CynaraTestPlugins::TEST_AGENT_TYPE;
- pluginData = CynaraTestPlugins::wrapAgentData({client, user, privilege});
- } catch (...) {
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
- return Cynara::ServicePluginInterface::PluginStatus::ANSWER_NOTREADY;
- }
-
- virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client,
- const std::string &user,
- const std::string &privilege,
- const Cynara::PluginData &agentData,
- Cynara::PolicyResult &result)
- noexcept
- {
- (void) client;
- (void) user;
- (void) privilege;
-
- try {
- CynaraTestPlugins::AgentDataVector data;
- if (!CynaraTestPlugins::unwrapAgentData(agentData, data))
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
-
- if (data.size() != 1)
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
-
- if (data[0] == CynaraTestPlugins::AGENT_DATA_ALLOW) {
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::ALLOW);
- return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
- }
- else if (data[0] == CynaraTestPlugins::AGENT_DATA_DENY) {
- result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY);
- return Cynara::ServicePluginInterface::PluginStatus::SUCCESS;
- }
- } catch (...) {
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
- return Cynara::ServicePluginInterface::PluginStatus::ERROR;
- }
-};
-
-extern "C" {
-Cynara::ExternalPluginInterface *create(void) {
- return new TestAgentPlugin();
-}
-
-void destroy(Cynara::ExternalPluginInterface *ptr) {
- delete ptr;
-}
-} // extern "C"
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
- * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.1
- * @brief Tests for libcynara-client and libcynara-admin
- */
-
-#include <cynara_test_commons.h>
-
-#include <tests_common.h>
-#include <cynara_test_client.h>
-#include <cynara_test_admin.h>
-#include <cynara_test_env.h>
-#include <plugins.h>
-
-#include <climits>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestClient;
-
-void tc01_cynara_initialize_func()
-{
- Client();
-}
-
-void tc02_admin_initialize_func(bool isOnline)
-{
- Admin admin(isOnline);
-}
-
-void tc03_cynara_check_invalid_params_func()
-{
- Client cynara;
-
- const char *client = "client03";
- const char *user = "user03";
- const char *privilege = "privilege03";
- const char *session = "session03";
-
- cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
- cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
-}
-
-void checkInvalidPolicy(Admin &admin,
- const char *bucket,
- const char *client,
- const char *user,
- const char *privilege,
- const int result,
- const char *resultExtra)
-{
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, privilege, result, resultExtra);
-
- admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
-}
-
-void tc04_admin_set_policies_invalid_params_func(bool isOnline)
-{
- Admin admin(isOnline);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client04";
- const char *user = "user04";
- const char *privilege = "privilege04";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultBucket = CYNARA_ADMIN_BUCKET;
- const int resultNone = CYNARA_ADMIN_NONE;
- const char *resultExtra = nullptr;
-
- checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
-}
-
-void tc05_admin_set_bucket_invalid_params_func(bool isOnline)
-{
- Admin admin(isOnline);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const int operationAllow = CYNARA_ADMIN_ALLOW;
- const int operationDelete = CYNARA_ADMIN_DELETE;
- const int operationNone = CYNARA_ADMIN_NONE;
- const char *extra = nullptr;
-
- admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM);
- admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM);
- admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
- admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
-}
-
-void tc06_cynara_check_empty_admin1_func()
-{
- Client cynara;
-
- const char *client = "client06_1";
- const char *session = "session06_1";
- const char *user = "user06_1";
- const char *privilege = "privilege06_1";
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc06_cynara_check_empty_admin2_func()
-{
- Client cynara;
-
- const char *client = CYNARA_ADMIN_WILDCARD;
- const char *session = "session06_2";
- const char *user = CYNARA_ADMIN_WILDCARD;
- const char *privilege = CYNARA_ADMIN_WILDCARD;
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc07_admin_set_bucket_admin_allow_deny_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client07";
- const char *session = "session07";
- const char *user = "user07";
- const char *privilege = "privilege07";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove1_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_1";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_1_a", "user08_1_a", "privilege08_1_a" },
- { "client08_1_b", "user08_1_b", "privilege08_1_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove2_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_2";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_2_a", "user08_2_a", "privilege08_2_a" },
- { "client08_2_b", "user08_2_b", "privilege08_2_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // delete first, allow second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void tc08_admin_set_policies_allow_remove3_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session08_3";
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- const int resultDelete = CYNARA_ADMIN_DELETE;
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client08_3_a", "user08_3_a", "privilege08_3_a" },
- { "client08_3_b", "user08_3_b", "privilege08_3_b" },
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- // allow first and second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
- admin.setPolicies(cp);
- }
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
-
- // delete first and second policy
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
- cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-}
-
-void checkAllDeny(const std::vector< std::vector<const char *> > &data,
- const char *session)
-{
- Client cynara;
-
- for (auto it = data.begin(); it != data.end(); ++it) {
- RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
- }
-
- for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
- for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
- for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
- cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
- }
- }
- }
-}
-
-void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
-{
- RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
- for (auto it = data.begin(); it != data.end(); ++it) {
- RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
- }
-}
-
-void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
- const char *session)
-{
- Client cynara;
-
- checkSingleWildcardData(data);
-
- for (size_t c = 0; c < data.size(); ++c) {
- for (size_t u = 0; u < data.size(); ++u) {
- for (size_t p = 0; p < data.size(); ++p) {
- if ((u == 0 && p == 0)
- || (c == 1 && p == 1)
- || (c == 2 && u == 2)) {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
- } else {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
- }
- }
- }
- }
-}
-
-void setSingleWildcardPolicies(const char *bucket,
- const std::vector< std::vector<const char *> > &data,
- const int result, const char* resultExtra, bool isOnline)
-{
- Admin admin(isOnline);
- CynaraPoliciesContainer cp;
-
- checkSingleWildcardData(data);
-
- cp.add(bucket,
- CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
- result, resultExtra);
- cp.add(bucket,
- data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
- result, resultExtra);
- cp.add(bucket,
- data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
- result, resultExtra);
-
- admin.setPolicies(cp);
-}
-
-void tc09_admin_set_policies_wildcard_accesses_func(bool isOnline)
-{
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *session = "session09";
- const char *resultExtra = nullptr;
-
- const std::vector< std::vector<const char *> > data = {
- { "client09_a", "user09_a", "privilege09_a" },
- { "client09_b", "user09_b", "privilege09_b" },
- { "client09_c", "user09_c", "privilege09_c" }
- };
-
- checkAllDeny(data, session);
-
- setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra, isOnline);
-
- checkSingleWildcardAllowRestDeny(data, session);
-
- setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra, isOnline);
-
- checkAllDeny(data, session);
-}
-
-void tc10_admin_change_extra_bucket_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket10";
- const char *session = "session10";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
-
- const std::vector< std::vector<const char *> > data = {
- { "client10_a", "user10_a", "privilege10_a" },
- { "client10_b", "user10_b", "privilege10_b" }
- };
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- data[0][0], data[0][1], data[0][2],
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- data[0][0], data[0][1], data[0][2],
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
-}
-
-void tc11_admin_bucket_not_found_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket11";
- const char *client = "client11";
- const char *session = "session11";
- const char *user = "user11";
- const char *privilege = "privilege11";
-
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc12_admin_delete_bucket_with_policies_pointing_to_it_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket12";
- const char *client = "client12";
- const char *session = "session12";
- const char *user = "user12";
- const char *privilege = "privilege12";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc13_admin_set_policies_to_extra_bucket_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket13";
- const char *client = "client13";
- const char *session = "session13";
- const char *user = "user13";
- const char *privilege = "privilege13";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-
- admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc14_admin_set_policies_integrity_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket14";
- const char *client = "client14";
- const char *session = "session14";
- const char *user = "user14";
- const char *privilege = "privilege14";
- const char *extraResult = nullptr;
-
- {
- Client cynara;
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
- }
-
- {
- Admin admin(isOnline);
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
- }
-
- {
- Client cynara;
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
- }
-}
-
-void tc15_admin_set_bucket_admin_none1_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_1";
- const char *client = "client15_1";
- const char *session = "session15_1";
- const char *user = "user15_1";
- const char *privilege = "privilege15_1";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc15_admin_set_bucket_admin_none2_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_2";
- const char *client = "client15_2";
- const char *session = "session15_2";
- const char *user = "user15_2";
- const char *privilege = "privilege15_2";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc15_admin_set_bucket_admin_none3_func(bool isOnline)
-{
- Admin admin(isOnline);
- Client cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_3";
- const char *client = "client15_3";
- const char *session = "session15_3";
- const char *user = "user15_3";
- const char *privilege = "privilege15_3";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucketDefault,
- client, user, CYNARA_ADMIN_WILDCARD,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc16_admin_check_single_bucket_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client16";
- const char *user = "user16";
- const char *privilege = "privilege16";
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
-
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc17_admin_check_nested_bucket_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket17";
- const char *client = "client17";
- const char *user = "user17";
- const char *privilege = "privilege17";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc18_admin_check_multiple_matches_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client18";
- const char *user = "user18";
- const char *privilege = "privilege18";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
-
- auto check = [&](int expected_result)
- {
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- expected_result, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- expected_result, nullptr, CYNARA_API_SUCCESS);
- };
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DENY, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-}
-
-void tc19_admin_check_none_bucket_func(bool isOnline)
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket1 = "bucket19_a";
- const char *bucket2 = "bucket19_b";
- const char *client = "client19";
- const char *user = "user19";
- const char *privilege = "privilege19";
- const char *extra = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- Admin admin(isOnline);
- admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
- admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket1);
- cp.add(bucket1,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket2);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
-}
-
-void tc20_admin_list_empty_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket20";
- const char *client = "client20";
- const char *user = "user20";
- const char *privilege = "privilege20";
- const char *extra = nullptr;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- CynaraPoliciesContainer emptyPolicies;
-
- admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies);
-}
-
-void tc21_admin_list_no_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket21";
- const char *notExistingBucket = "not_existing_bucket21";
- const char *client = "client21";
- const char *user = "user21";
- const char *privilege = "privilege21";
- const char *extra = nullptr;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- CynaraPoliciesContainer emptyPolicies;
-
- admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies,
- CYNARA_API_BUCKET_NOT_FOUND);
-}
-
-void tc22_admin_list_bucket_func(bool isOnline)
-{
- const char *bucket = "bucket22";
- const char *emptyBucket = "empty_bucket22";
- const char *client = "client22";
- const char *user = "user22";
- const char *privilege = "privilege22";
- const char *client2 = "client22_2";
- const char *user2 = "user22_2";
- const char *privilege2 = "privilege22_2";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
-
- const char *extra = nullptr;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.setPolicies(cp);
- }
-
- CynaraPoliciesContainer expectedPolicies;
- expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
-
- admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
-}
-
-void tc23_admin_erase_empty_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket23";
- const char *client = "client23";
- const char *user = "user23";
- const char *privilege = "privilege23";
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- admin.erasePolicies(emptyBucket, recursive, client, user, privilege);
-}
-
-void tc24_admin_erase_no_bucket_func(bool isOnline)
-{
- const char *emptyBucket = "empty_bucket24";
- const char *notExistingBucket = "not_existing_bucket24";
- const char *client = "client24";
- const char *user = "user24";
- const char *privilege = "privilege24";
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- admin.erasePolicies(notExistingBucket, recursive, client, user, privilege,
- CYNARA_API_BUCKET_NOT_FOUND);
-}
-
-void tc25_admin_erase_single_bucket_func(bool isOnline)
-{
- const char *bucket = "bucket25";
- const char *emptyBucket = "empty_bucket25";
- const char *client = "client25";
- const char *user = "user25";
- const char *privilege = "privilege25";
- const char *client2 = "client25_2";
- const char *user2 = "user25_2";
- const char *privilege2 = "privilege25_2";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, client, wildcard, any);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- // WAS ERASED (bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- // WAS ERASED (bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- // WAS ERASED (bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- expPolicies.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- admin.listPolicies(emptyBucket, any, any, any, expPolicies);
- }
-}
-
-void tc26_admin_erase_recursive_not_linked_buckets_func(bool isOnline)
-{
- const char *bucket = "bucket26";
- const char *subBucket = "sub_bucket26";
- const char *client = "client26";
- const char *user = "user26";
- const char *privilege = "privilege26";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc27_admin_erase_recursive_linked_buckets_func(bool isOnline)
-{
- const char *bucket = "bucket27";
- const char *subBucket = "sub_bucket27";
- const char *client = "client27";
- const char *user = "user27";
- const char *privilege = "privilege27";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc28_admin_erase_non_recursive_linked_buckets_func(bool isOnline)
-{
- const char *bucket = "bucket28";
- const char *subBucket = "sub_bucket28";
- const char *client = "client28";
- const char *user = "user28";
- const char *privilege = "privilege28";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 0;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(bucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void tc29_admin_erase_recursive_from_sub_bucket_func(bool isOnline)
-{
- const char *bucket = "bucket29";
- const char *subBucket = "sub_bucket29";
- const char *client = "client29";
- const char *user = "user29";
- const char *privilege = "privilege29";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *any = CYNARA_ADMIN_ANY;
- const char *extra = nullptr;
- int recursive = 1;
-
- Admin admin(isOnline);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
-
- cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
-
- cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp);
- }
-
- admin.erasePolicies(subBucket, recursive, any, user, wildcard);
-
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
- expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
- expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(bucket, any, any, any, expPolicies);
- }
- {
- CynaraPoliciesContainer expPolicies;
- expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.listPolicies(subBucket, any, any, any, expPolicies);
- }
-}
-
-void testPlugins(const std::vector<std::string> &plugins, bool isOnline)
-{
- using namespace CynaraTestPlugins;
-
- DirectoryPaths paths;
- Descriptions expectedDescriptions(POLICY_DESCRIPTIONS.at(DEFAULT_POLICY));
-
- for (auto &plugin : plugins) {
- paths.push_back(TEST_PLUGIN_PATH + plugin);
-
- const Descriptions &pluginDescriptions = POLICY_DESCRIPTIONS.at(plugin);
- expectedDescriptions.insert(expectedDescriptions.end(),
- pluginDescriptions.begin(), pluginDescriptions.end());
- }
-
- loadServicePlugins(paths);
-
- Admin admin(isOnline);
- admin.listPoliciesDescriptions(expectedDescriptions);
-}
-
-void tc30_admin_list_descriptions_no_plugins_func(bool isOnline)
-{
- testPlugins({}, isOnline);
-}
-
-void tc31_admin_list_descriptions_1_plugin_single_policy_func(bool isOnline)
-{
- testPlugins({CynaraTestPlugins::SINGLE_POLICY}, isOnline);
-}
-
-void tc32_admin_list_descriptions_1_plugin_multiple_policy_func(bool isOnline)
-{
- testPlugins({CynaraTestPlugins::MULTIPLE_POLICY}, isOnline);
-}
-
-void tc33_admin_list_descriptions_multiple_plugins_func(bool isOnline)
-{
- testPlugins({CynaraTestPlugins::SINGLE_POLICY,
- CynaraTestPlugins::MULTIPLE_POLICY}, isOnline);
-}
-
-#define ONLINE(Proc) \
- RUNNER_TEST(Proc##_online, CynaraTestEnv) \
- { \
- Proc##_func(true); \
- }
-
-#define OFFLINE(Proc) \
- RUNNER_TEST(Proc##_offline, CynaraTestEnv) \
- { \
- Proc##_func(false); \
- }
-
-RUNNER_TEST_GROUP_INIT(cynara_tests_online)
-
-RUN_CYNARA_TEST(tc01_cynara_initialize)
-ONLINE(tc02_admin_initialize)
-RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
-ONLINE(tc04_admin_set_policies_invalid_params)
-ONLINE(tc05_admin_set_bucket_invalid_params)
-RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
-RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
-ONLINE(tc07_admin_set_bucket_admin_allow_deny)
-ONLINE(tc08_admin_set_policies_allow_remove1)
-ONLINE(tc08_admin_set_policies_allow_remove2)
-ONLINE(tc08_admin_set_policies_allow_remove3)
-ONLINE(tc09_admin_set_policies_wildcard_accesses)
-ONLINE(tc10_admin_change_extra_bucket)
-ONLINE(tc11_admin_bucket_not_found)
-ONLINE(tc12_admin_delete_bucket_with_policies_pointing_to_it)
-ONLINE(tc13_admin_set_policies_to_extra_bucket)
-ONLINE(tc14_admin_set_policies_integrity)
-ONLINE(tc15_admin_set_bucket_admin_none1)
-ONLINE(tc15_admin_set_bucket_admin_none2)
-ONLINE(tc15_admin_set_bucket_admin_none3)
-ONLINE(tc16_admin_check_single_bucket)
-ONLINE(tc17_admin_check_nested_bucket)
-ONLINE(tc18_admin_check_multiple_matches)
-ONLINE(tc19_admin_check_none_bucket)
-ONLINE(tc20_admin_list_empty_bucket)
-ONLINE(tc21_admin_list_no_bucket)
-ONLINE(tc22_admin_list_bucket)
-ONLINE(tc23_admin_erase_empty_bucket)
-ONLINE(tc24_admin_erase_no_bucket)
-ONLINE(tc25_admin_erase_single_bucket)
-ONLINE(tc26_admin_erase_recursive_not_linked_buckets)
-ONLINE(tc27_admin_erase_recursive_linked_buckets)
-ONLINE(tc28_admin_erase_non_recursive_linked_buckets)
-ONLINE(tc29_admin_erase_recursive_from_sub_bucket)
-ONLINE(tc30_admin_list_descriptions_no_plugins)
-ONLINE(tc31_admin_list_descriptions_1_plugin_single_policy)
-ONLINE(tc32_admin_list_descriptions_1_plugin_multiple_policy)
-ONLINE(tc33_admin_list_descriptions_multiple_plugins)
-
-
-RUNNER_TEST_GROUP_INIT(cynara_tests_offline)
-
-OFFLINE(tc02_admin_initialize)
-OFFLINE(tc04_admin_set_policies_invalid_params)
-OFFLINE(tc05_admin_set_bucket_invalid_params)
-OFFLINE(tc07_admin_set_bucket_admin_allow_deny)
-OFFLINE(tc08_admin_set_policies_allow_remove1)
-OFFLINE(tc08_admin_set_policies_allow_remove2)
-OFFLINE(tc08_admin_set_policies_allow_remove3)
-OFFLINE(tc09_admin_set_policies_wildcard_accesses)
-OFFLINE(tc10_admin_change_extra_bucket)
-OFFLINE(tc11_admin_bucket_not_found)
-OFFLINE(tc12_admin_delete_bucket_with_policies_pointing_to_it)
-OFFLINE(tc13_admin_set_policies_to_extra_bucket)
-OFFLINE(tc14_admin_set_policies_integrity)
-OFFLINE(tc15_admin_set_bucket_admin_none1)
-OFFLINE(tc15_admin_set_bucket_admin_none2)
-OFFLINE(tc15_admin_set_bucket_admin_none3)
-OFFLINE(tc16_admin_check_single_bucket)
-OFFLINE(tc17_admin_check_nested_bucket)
-OFFLINE(tc18_admin_check_multiple_matches)
-OFFLINE(tc19_admin_check_none_bucket)
-OFFLINE(tc20_admin_list_empty_bucket)
-OFFLINE(tc21_admin_list_no_bucket)
-OFFLINE(tc22_admin_list_bucket)
-OFFLINE(tc23_admin_erase_empty_bucket)
-OFFLINE(tc24_admin_erase_no_bucket)
-OFFLINE(tc25_admin_erase_single_bucket)
-OFFLINE(tc26_admin_erase_recursive_not_linked_buckets)
-OFFLINE(tc27_admin_erase_recursive_linked_buckets)
-OFFLINE(tc28_admin_erase_non_recursive_linked_buckets)
-OFFLINE(tc29_admin_erase_recursive_from_sub_bucket)
-OFFLINE(tc30_admin_list_descriptions_no_plugins)
-OFFLINE(tc31_admin_list_descriptions_1_plugin_single_policy)
-OFFLINE(tc32_admin_list_descriptions_1_plugin_multiple_policy)
-OFFLINE(tc33_admin_list_descriptions_multiple_plugins)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file test_cases_agent.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @author Radoslaw Bartosiak <r.bartosiak@samsung.com>
- * @version 1.0
- * @brief Tests for libcynara-agent
- */
-
-#include <chrono>
-#include <string>
-
-#include <cynara-error.h>
-#include <cynara-admin-types.h>
-#include <cynara-client-async.h>
-
-#include <dpl/test/test_runner.h>
-#include <cynara_test_admin.h>
-#include <cynara_test_agent.h>
-#include <cynara_test_agent_request.h>
-#include <cynara_test_agent_response.h>
-#include <cynara_test_client_async_client.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_env.h>
-#include <service_manager.h>
-#include <timeout.h>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestAgent;
-using namespace CynaraTestClientAsync;
-using namespace CynaraTestPlugins;
-
-void loadAgentPlugin()
-{
- DirectoryPaths paths;
- paths.push_back(TEST_PLUGIN_PATH + TEST_AGENT);
- loadServicePlugins(paths);
-}
-
-void setAgentPolicy(int expectedResult = CYNARA_API_SUCCESS)
-{
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *extra = nullptr;
-// collection of policy descriptions defined by plugin that causes use of TestAgent
- auto testAgentPolicies = POLICY_DESCRIPTIONS.at(TEST_AGENT);
-// any policy type from above collection
- auto policyType = testAgentPolicies[0].type;
-
- CynaraPoliciesContainer cp;
- cp.add(bucket, wildcard, wildcard, wildcard, policyType, extra);
-
- Admin admin;
- admin.setPolicies(cp, expectedResult);
-}
-
-void getAgentRequest(Agent &agent, AgentRequest &request, Client &client,
- int expectedResult = CYNARA_API_SUCCESS,
- Timeout::ExpectMode expectTimeoutMode = Timeout::ExpectMode::TIMEOUT)
-{
- auto timeLimit = std::chrono::seconds(2);
- auto hangOnGetRequest = [&agent, &request, &expectedResult]() {
- agent.getRequest(request, expectedResult);
- };
- Timeout::CancelFunction sendClientRequest = [&client]() {
- client.process();
- client.assertStatus(READ);
- };
-
- Timeout::callAndWait(timeLimit, expectTimeoutMode,
- sendClientRequest, hangOnGetRequest);
-}
-
-void tcag01_set_agent_type_policy_without_plugin_func()
-{
- loadServicePlugins(DirectoryPaths());
- setAgentPolicy(CYNARA_API_INVALID_PARAM);
-}
-
-void tcag02_set_agent_type_policy_with_plugin_loaded_func()
-{
- loadAgentPlugin();
- setAgentPolicy();
-}
-
-void tcag03_check_with_no_agent_func()
-{
- std::string testNo("03");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tcag04_agent_initialize_func()
-{
- Agent();
-}
-
-void tcag05_agent_request_timeout_func()
-{
- Agent agent;
- AgentRequest request;
-
- auto testTimeLimit = std::chrono::seconds(2);
- auto hangOnGetRequest = [&agent, &request]() {
- agent.getRequest(request, CYNARA_API_SERVICE_NOT_AVAILABLE);
- };
-
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT,
- restartCynaraServiceAndSockets, hangOnGetRequest);
-}
-
-void tcag06_check_with_unregistered_agent_func()
-{
- std::string testNo("06");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
-
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tcag07_get_request_func()
-{
- std::string testNo("07");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
-
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id()));
- client.process();
-}
-
-void tcag08_get_request_and_respond_with_wrong_id_func()
-{
- std::string testNo("08");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_SUCCESS,
- CYNARA_CALL_CAUSE_FINISH};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id() + 1));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_TIMEOUT, 2);
-}
-
-void tcag09_get_request_and_correct_responded_id_func()
-{
- std::string testNo("09");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id() + 1));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_TIMEOUT, 2);
- agent.putResponse(AgentResponse::createAllow(agentRequest.id()));
- client.process();
-}
-
-void tcag10_cancel_request_func()
-{
- std::string testNo("10");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
-
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- client.cancel(id);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertCancel();
- agent.putResponse(AgentResponse::createCancel(id));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
-}
-
-void tcag11_cancel_processed_request_func()
-{
- std::string testNo("11");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest;
-
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege);
- agent.putResponse(AgentResponse::createCancel(id));
- client.cancel(id);
- // we do not expect getting the cancel request in the agent
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SERVICE_NOT_AVAILABLE, Timeout::ExpectMode::TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
-}
-
-void tcag12_create_two_requests_func()
-{
- std::string testNo("12");
- CheckData data1(testNo, 1), data2(testNo, 2);
- cynara_check_id id1, id2;
- RequestEntity callbackData1 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequest1, agentRequest2, agentRequest3;
- Client client;
- client.createRequest(data1, id1, callbackData1);
- client.assertStatus(READWRITE);
- client.createRequest(data2, id2, callbackData2);
- client.assertStatus(READWRITE);
-
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest1), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest2), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::IGNORE);
- client.cancel(id2);
- client.assertStatus(READWRITE);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest3), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequest1.assertAction(data1.m_client, data1.m_user, data1.m_privilege);
- agentRequest2.assertAction(data2.m_client, data2.m_user, data2.m_privilege);
- agentRequest3.assertCancel();
-
- agent.putResponse(AgentResponse::createDeny(id1));
- agent.putResponse(AgentResponse::createCancel(id2));
-
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 3);
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::IGNORE_TIMEOUT, 1);
-}
-
-void tcag13_create_many_requests_func()
-{
- const int numberOfRequests = 4;
- std::string testNo("13");
- cynara_check_id ids[numberOfRequests];
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- loadAgentPlugin();
- setAgentPolicy();
-
- Agent agent;
- AgentRequest agentRequests[numberOfRequests];
- Client client;
- for (int i = 0; i < numberOfRequests; i++) {
- CheckData data(testNo, i);
- client.createRequest(data, ids[i], callbackData);
- client.assertStatus(READWRITE);
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequests[i]), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- agentRequests[i].assertAction(data.m_client, data.m_user, data.m_privilege);
- };
- for (int i = numberOfRequests - 1; i >= 0; i--) {
- agent.putResponse(AgentResponse::createDeny(ids[i]));
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
- }
-}
-
-void tcag14_client_disconnects_func()
-{
- std::string testNo("14");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_FINISH};
-
- loadAgentPlugin();
- setAgentPolicy();
- Agent agent;
- AgentRequest agentRequest;
- auto testTimeLimit = std::chrono::seconds(5);
- {
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- };
- auto getAgentRequestWrap = [&agent, &agentRequest]() {
- agent.getRequest(agentRequest, CYNARA_API_SUCCESS);
- };
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequestWrap);
- agentRequest.assertCancel();
-}
-
-void tcag15_agent_disconnects_func()
-{
- std::string testNo("15");
- CheckData data(testNo);
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- loadAgentPlugin();
- setAgentPolicy();
- Client client;
- client.createRequest(data, id, callbackData);
- client.assertStatus(READWRITE);
- AgentRequest agentRequest;
- {
- Agent agent;
- auto testTimeLimit = std::chrono::seconds(5);
- Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED,
- restartCynaraServiceAndSockets, getAgentRequest,
- std::ref(agent), std::ref(agentRequest), std::ref(client),
- CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT);
- };
- client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_agent_tests)
-
-RUN_CYNARA_TEST(tcag01_set_agent_type_policy_without_plugin)
-RUN_CYNARA_TEST(tcag02_set_agent_type_policy_with_plugin_loaded)
-RUN_CYNARA_TEST(tcag03_check_with_no_agent)
-RUN_CYNARA_TEST(tcag04_agent_initialize)
-RUN_CYNARA_TEST(tcag05_agent_request_timeout)
-RUN_CYNARA_TEST(tcag06_check_with_unregistered_agent)
-RUN_CYNARA_TEST(tcag07_get_request)
-RUN_CYNARA_TEST(tcag08_get_request_and_respond_with_wrong_id)
-RUN_CYNARA_TEST(tcag09_get_request_and_correct_responded_id)
-RUN_CYNARA_TEST(tcag10_cancel_request)
-RUN_CYNARA_TEST(tcag11_cancel_processed_request)
-RUN_CYNARA_TEST(tcag12_create_two_requests)
-RUN_CYNARA_TEST(tcag13_create_many_requests)
-RUN_CYNARA_TEST(tcag14_client_disconnects)
-RUN_CYNARA_TEST(tcag15_agent_disconnects)
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases_async.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Tests for libcynara-client-async
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_client_async_client.h>
-
-#include <service_manager.h>
-#include <dpl/test/test_runner.h>
-
-#include <cynara-client-async.h>
-
-#include <cstdint>
-#include <unistd.h>
-
-using namespace CynaraTestClientAsync;
-using namespace CynaraTestAdmin;
-
-void tca01_initialize_func()
-{
- Client client;
-}
-
-void tca02_empty_cache_miss_func()
-{
- std::string testNo("02");
- Client client;
-
- client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
- client.checkCache({testNo}, CYNARA_API_CACHE_MISS);
-}
-
-void tca03_create_max_requests_func()
-{
- std::string testNo("03");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(), 0, CYNARA_CALL_CAUSE_FINISH};
-
- Client client;
-
- for (auto i = 0; i <= UINT16_MAX; ++i) {
- client.createRequest({testNo, i}, id, callbackData, CYNARA_API_SUCCESS);
- client.assertStatus(READWRITE);
- }
-
- client.createRequest({testNo}, id, callbackData, CYNARA_API_MAX_PENDING_REQUESTS);
- client.assertStatus(READWRITE);
-}
-
-void tca04_request_and_process_func()
-{
- std::string testNo("04");
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- Client client;
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel1_func()
-{
- std::string testNo("05");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- //send request and cancel
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel2_func()
-{
- std::string testNo("05");
- int subtest = 2;
- cynara_check_id id1, id2;
- Client client;
-
- RequestEntity callbackData1 = {[&]()->void {client.cancel(id2);},
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- client.createRequest({testNo, subtest}, id1, callbackData1);
- client.createRequest({testNo, subtest}, id2, callbackData2);
- client.assertStatus(READWRITE);
-
- //send requests
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca05_request_and_cancel3_func()
-{
- std::string testNo("05");
- int subtest = 3;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.cancel(id, CYNARA_API_INVALID_PARAM);
-}
-
-void tca06_cancel_fail_func()
-{
- cynara_check_id id = 0xDEAD;
-
- Client client;
-
- client.cancel(id, CYNARA_API_INVALID_PARAM);
-}
-
-void tca07_request_with_data_insertion_func()
-{
- std::string testNo("07");
- Admin admin;
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const int resultAllow = CYNARA_ADMIN_ALLOW;
- CheckData data[2] = {{testNo, 1}, {testNo, 2}};
- RequestEntity callbackAllow = {RequestFunction(),
- CYNARA_API_ACCESS_ALLOWED,
- CYNARA_CALL_CAUSE_ANSWER};
- RequestEntity callbackDeny = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- cynara_check_id id;
- Client client;
-
- client.checkCache(data[0], CYNARA_API_CACHE_MISS);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- client.createRequest(data[0], id, callbackDeny);
- client.assertStatus(READWRITE);
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.checkCache(data[0], CYNARA_API_ACCESS_DENIED);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, data[0].toAdminPolicy(), resultAllow);
- admin.setPolicies(cp);
- }
-
- client.checkCache(data[0], CYNARA_API_CACHE_MISS);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-
- client.createRequest(data[0], id, callbackAllow);
- client.assertStatus(READWRITE);
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-
- client.checkCache(data[0], CYNARA_API_ACCESS_ALLOWED);
- client.checkCache(data[1], CYNARA_API_CACHE_MISS);
-}
-
-void tca08_disconnect1_func()
-{
- std::string testNo("08");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- restartCynaraServiceAndSockets();
-
- client.process();
- client.assertStatus(READ);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca08_disconnect2_func()
-{
- std::string testNo("08");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- restartCynaraServiceAndSockets();
-
- client.process();
- client.assertStatus(READ);
-
- restartCynaraServiceAndSockets();
-
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca08_disconnect3_func()
-{
- std::string testNo("08");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {restartCynaraServiceAndSockets,
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.assertStatus(READ);
-
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca09_disconnect_and_cancel1_func()
-{
- std::string testNo("09");
- int subtest = 1;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- restartCynaraServiceAndSockets();
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- //send cancel
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.assertStatus(READ);
-}
-
-void tca09_disconnect_and_cancel2_func()
-{
- std::string testNo("09");
- int subtest = 2;
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_CANCEL};
-
- Client client;
-
- client.createRequest({testNo, subtest}, id, callbackData);
- client.assertStatus(READWRITE);
-
- //send request
- client.process();
- client.assertStatus(READ);
-
- client.cancel(id);
- client.assertStatus(READWRITE);
-
- restartCynaraServiceAndSockets();
-
- //handle reconnect
- client.process();
- client.assertStatus(READ);
-
- //get answer
- client.process(CYNARA_API_SUCCESS, Client::EXPECT_TIMEOUT);
- client.assertStatus(READ);
-}
-
-void tca10_double_request_func()
-{
- std::string testNo("10");
- cynara_check_id id, id2;
- Client client;
-
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- RequestEntity callbackData = {[&](){client.createRequest({testNo}, id2, callbackData2);},
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca11_double_request_with_restart_func()
-{
- std::string testNo("11");
- cynara_check_id id, id2;
- Client client;
-
- RequestEntity callbackData2 = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
- RequestEntity callbackData = {[&](){
- restartCynaraServiceAndSockets();
- client.createRequest({testNo}, id2, callbackData2);
- },
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_ANSWER};
-
-
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
-
- client.process();
- client.process();
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
- client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT);
-}
-
-void tca12_multiple_connections_without_requests_func()
-{
- std::string testNo("12");
-
- cynara_check_id id;
- RequestEntity callbackData = {RequestFunction(),
- CYNARA_API_ACCESS_DENIED,
- CYNARA_CALL_CAUSE_FINISH};
-
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
- pid_t before = serviceManager.getServicePid();
- timeval beforeTimestamp = serviceManager.getServiceStartTimestamp();
-
- for (int i = 0; i < 10; ++i)
- {
- Client client;
- client.createRequest({testNo}, id, callbackData);
- client.assertStatus(READWRITE);
- }
-
-//wait until cynara possibly restarts
- sleep(3);
-
- pid_t after = serviceManager.getServicePid();
- timeval afterTimestamp = serviceManager.getServiceStartTimestamp();
- RUNNER_ASSERT_MSG(after != 0,
- "cynara service not running. After = " << after << ".");
- RUNNER_ASSERT_MSG(before == after
- && beforeTimestamp.tv_sec == afterTimestamp.tv_sec
- && beforeTimestamp.tv_usec == afterTimestamp.tv_usec,
- "cynara service was restarted during the test. Before pid / timestamp = "
- << before << " / " << beforeTimestamp.tv_sec << "."
- << beforeTimestamp.tv_usec << " and after pid / timestamp = "
- << after << " / " << afterTimestamp.tv_sec << "."
- << afterTimestamp.tv_usec);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_async_tests)
-
-RUN_CYNARA_TEST(tca01_initialize)
-RUN_CYNARA_TEST(tca02_empty_cache_miss)
-RUN_CYNARA_TEST(tca03_create_max_requests)
-RUN_CYNARA_TEST(tca04_request_and_process)
-RUN_CYNARA_TEST(tca05_request_and_cancel1)
-RUN_CYNARA_TEST(tca05_request_and_cancel2)
-RUN_CYNARA_TEST(tca05_request_and_cancel3)
-RUN_CYNARA_TEST(tca06_cancel_fail)
-RUN_CYNARA_TEST(tca07_request_with_data_insertion)
-RUN_CYNARA_TEST(tca08_disconnect1)
-RUN_CYNARA_TEST(tca08_disconnect2)
-RUN_CYNARA_TEST(tca08_disconnect3)
-RUN_CYNARA_TEST(tca09_disconnect_and_cancel1)
-RUN_CYNARA_TEST(tca09_disconnect_and_cancel2)
-RUN_CYNARA_TEST(tca10_double_request)
-RUN_CYNARA_TEST(tca11_double_request_with_restart)
-RUN_CYNARA_TEST(tca12_multiple_connections_without_requests)
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file test_cases_db.cpp
- * @author Pawel Wieczorek <p.wieczorek2@samsung.com>
- * @version 0.1
- * @brief Tests for Cynara's mechanism assuring integrity of database
- */
-
-#include <cynara_test_admin.h>
-#include <cynara_test_client.h>
-#include <cynara_test_commons.h>
-#include <cynara_test_env.h>
-#include <dpl/test/test_runner.h>
-#include <sys/smack.h>
-
-#include <service_manager.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <fstream>
-#include <glob.h>
-#include <iterator>
-#include <memory.h>
-#include <set>
-#include <string>
-#include <unistd.h>
-#include <vector>
-
-using namespace CynaraTestAdmin;
-using namespace CynaraTestClient;
-
-namespace
-{
-
-const std::string defDb("default");
-const std::string defDbAllow("defaultAllowed");
-const std::string nonEmptyDb("nonEmptyDatabase");
-const std::string cynaraTestPatternsPath("/etc/security-tests/db_patterns/");
-const std::string directoryWildcard("/*");
-const char directorySeparator('/');
-
-void createDbFile(const std::string &filename)
-{
- int fileFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), 0000));
- RUNNER_ASSERT_ERRNO_MSG(fileFd > 0, "Creating " << filename << " file failed");
- FdUniquePtr fileFdPtr(&fileFd);
-
- int ret = smack_fsetlabel(fileFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed");
-}
-
-void deleteDbFile(const std::string &filename)
-{
- RUNNER_ASSERT_ERRNO_MSG(!unlink(filename.c_str()), "Unable to unlink " << filename << " file");
-}
-
-bool unordered_files_match(const std::string &patternFilePath, const std::string &resultFilePath) {
- std::ifstream patternFile(patternFilePath, std::ifstream::in | std::ifstream::binary);
- std::ifstream resultFile(resultFilePath, std::ifstream::in | std::ifstream::binary);
-
- RUNNER_ASSERT_MSG(patternFile.is_open(), "Failed to open " << patternFile << ".");
- RUNNER_ASSERT_MSG(resultFile.is_open(), "Failed to open " << resultFile << ".");
-
- auto patternRecords = std::multiset<std::string>(std::istream_iterator<std::string>(patternFile),
- std::istream_iterator<std::string>());
-
- auto resultRecords = std::multiset<std::string>(std::istream_iterator<std::string>(resultFile),
- std::istream_iterator<std::string>());
-
- return patternRecords == resultRecords;
-}
-
-size_t glob_count(const std::string &source, const std::string &wildcard) {
- //for counting files in directory
- glob_t globbuf;
- std::string pattern = source + wildcard;
-
- //for freeing allocated memory
- GlobPtr globbufPtr(&globbuf);
-
- //actually count files in directory - including dotfiles
- RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf),
- "Failed to search for requested pathnames in " << source << ".");
-
- return globbuf.gl_pathc;
-}
-
-size_t db_files_count(const std::string &source) {
- size_t dbFilesCount = 0;
-
- //database directory must not be empty
- RUNNER_ASSERT_MSG(0 != (dbFilesCount = glob_count(source, directoryWildcard)),
- "Unexpected condition: " << source << " was empty.");
-
- return dbFilesCount;
-}
-
-const std::set<std::string> dump_glob_filenames(const glob_t &globbuf) {
- std::set<std::string> set;
-
- for (unsigned i = 0; i < globbuf.gl_pathc; ++i) {
- std::string filename(globbuf.gl_pathv[i]);
- set.insert(filename.substr(filename.find_last_of(directorySeparator)+1));
- }
-
- return set;
-}
-
-const std::set<std::string> glob_filenames(const std::string &source, const std::string &wildcard) {
- //for finding files matching pattern in directory
- glob_t globbuf;
- std::string pattern = source + wildcard;
-
- //for freeing allocated memory
- GlobPtr globbufPtr(&globbuf);
-
- //actually find files matching pattern in directory - including dotfiles
- RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf),
- "Failed to search for requested pathnames in " << source << ".");
-
- return dump_glob_filenames(globbuf);
-}
-
-const std::set<std::string> db_files_pathnames(const std::string &source) {
- return glob_filenames(source, directoryWildcard);
-}
-
-std::ostream& operator<<(std::ostream& os, const std::set<std::string> &set)
-{
- os << "{";
- for (const auto &item : set) {
- os << " " << item;
- }
- os << " }";
- return os;
-}
-
-void compareDbs(const std::string &source)
-{
- //for accessing files in directory
- std::string patternDir = cynaraTestPatternsPath + source;
- std::string resultDir = CynaraTestConsts::DB_DIR;
- DIR *patternDirPtr = nullptr;
- struct dirent *direntPtr;
-
- size_t patternFileCount = db_files_count(patternDir);
- size_t resultFileCount = db_files_count(resultDir);
-
- //directories do not match if there is different number of files
- RUNNER_ASSERT_MSG(patternFileCount == resultFileCount,
- "No match in database and pattern directory file count: "
- << resultFileCount << " != " << patternFileCount << "." << std::endl
- << "Expected: " << db_files_pathnames(patternDir) << std::endl
- << "Actual: " << db_files_pathnames(resultDir));
-
- //compare files in database directory with pattern directory
- RUNNER_ASSERT_ERRNO_MSG(patternDirPtr = opendir(patternDir.c_str()),
- "Opening " << patternDir << " directory failed");
- DirPtr patternDirScopedPtr(patternDirPtr);
-
- while ((direntPtr = readdir(patternDirPtr)) != nullptr) {
- if (!strcmp(direntPtr->d_name, ".")
- || !strcmp(direntPtr->d_name, ".."))
- continue;
- std::string patternName = patternDir + directorySeparator + direntPtr->d_name;
- std::string resultName = CynaraTestConsts::DB_DIR + directorySeparator + direntPtr->d_name;
-
- //comparing file saved db dir with reference file from patterns dir
- RUNNER_ASSERT_MSG(true == unordered_files_match(patternName, resultName),
- "No match in stored file and pattern file: " << resultName);
- }
-}
-
-} // anonymous namespace
-
-
-/**
- * @brief Lockdown initialization failure caused by fake guard existence
- * @test Expected result: refuse to write data to storage as long as guard file creation fails
- * 1. Create fake guard file with 0000 attributes in policy database
- * 2. Try to make a change (ALLOW) in default bucket (data dump should fail)
- * 3. Delete fake guard file from policy database
- * 4. Retry to make a change (ALLOW) in default bucket (data dump should proceed)
- * 5. Check if database is saved correctly
- */
-void tcdb01_lockdown_init_failure_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto fakeBackupGuard = CynaraTestConsts::DB_DIR + directorySeparator + "guard";
-
- createDbFile(fakeBackupGuard);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
-
- deleteDbFile(fakeBackupGuard);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Failure during writing to backup (before lockdown)
- * @test Expected result: read from primary policy database
- * 1. Write ALLOW to default bucket
- * 2. Check if data is saved correctly
- * 3. Create fake backup file with 0000 attributes in policy database
- * 4. Try to make a change (DENY) in default bucket (data dump should fail)
- * 5. Reload Cynara - policies loaded from default bucket should still be ALLOW
- */
-void tcdb02_write_to_backup_failure_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto fakeBucketDumpFile = CynaraTestConsts::DB_DIR + directorySeparator + "_~";
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- compareDbs(defDbAllow);
-
- createDbFile(fakeBucketDumpFile);
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra, CYNARA_API_OPERATION_FAILED);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Check whether both invalid and valid backup databases are removed
- * @test Expected result: no unnecessary backup files in policy database directory
- * 1. Fail writing to backup database
- * 2. Reload Cynara - policies should be loaded from primary (valid) database
- * 3. Check if all backup files were removed
- * 4. Successfully write changes to database
- * 5. Reload Cynara - policies should be loaded from primary (revalidated) database
- * 6. Check if all backup files were removed
- */
-void tcdb03_invalid_and_valid_backup_removal_func()
-{
- Admin admin;
- Client cynara;
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *extra = nullptr;
-
- const auto defaultBucketDumpFile = CynaraTestConsts::DB_DIR + directorySeparator + "_~";
-
- createDbFile(defaultBucketDumpFile);
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDb);
-
- admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
-
- restartCynaraServiceAndSockets();
- compareDbs(defDbAllow);
-}
-
-/**
- * @brief Comparison between database modified by Cynara with expected one
- * @test Expected result: no differences between those files
- * 1. Write sample policy to database (and let it save to storage)
- * 2. Compare freshly saved files with samples from test patterns directory
- */
-void tcdb04_dumped_file_binary_comparison_func()
-{
- Admin admin;
- Client cynara;
- ServiceManager serviceManager(CynaraTestConsts::SERVICE);
-
- const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client";
- const char *user = "user";
- const char *privilege = "privilege";
- const char *extra = nullptr;
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
- admin.setPolicies(cp, CYNARA_API_SUCCESS);
- }
-
- compareDbs(nonEmptyDb);
-}
-
-/**
- * @brief Invalid database files removal
- * @test Expected result: no unnecessary files in policy database directory
- * 1. Fill Cynara's policy database directory with garbage:
- * - Sample backup file which should be removed earlier
- * - Sample bucket file which is not mentioned in index (shouldn't exist at all)
- * - Sample files which don't belong to database
- * 2. Reload Cynara
- * 3. Check if any of mentioned above files still remained
- */
-void tcdb05_non_indexed_files_removal_func()
-{
- std::vector<std::string> filenames = { "_broken-backup~", "_non-indexed-bucket",
- "some-file-that-doesnt-belong-here" };
-
- for (const auto &filename : filenames) {
- auto garbageFilename = CynaraTestConsts::DB_DIR + directorySeparator + filename;
- createDbFile(garbageFilename);
- }
-
- restartCynaraServiceAndSockets();
- compareDbs(defDb);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_db_tests)
-
-RUN_CYNARA_TEST(tcdb01_lockdown_init_failure)
-RUN_CYNARA_TEST(tcdb02_write_to_backup_failure)
-RUN_CYNARA_TEST(tcdb03_invalid_and_valid_backup_removal)
-RUN_CYNARA_TEST(tcdb04_dumped_file_binary_comparison)
-RUN_CYNARA_TEST(tcdb05_non_indexed_files_removal)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file test_cases_helpers.cpp
- * @author Aleksander Zdyb <a.zdyb@samsung.com>
- * @version 1.0
- * @brief Tests for cynara-helper-credentials-socket
- */
-
-#include <cstdlib>
-#include <functional>
-#include <string>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <unistd.h>
-
-#include <access_provider.h>
-#include <dpl/test/test_runner.h>
-#include <memory.h>
-#include <synchronization_pipe.h>
-#include <tests_common.h>
-#include <uds.h>
-#include <passwd_access.h>
-
-#include <cynara_test_helpers.h>
-
-class ProcessCredentials {
-public:
- ProcessCredentials() {}
-
- const std::string &label(void) const {
- return m_label;
- }
-
- uid_t uid(void) const {
- return PasswdAccess::uid(APP_USER);
- }
-
- gid_t gid(void) const {
- return PasswdAccess::gid("users");
- }
-
-private:
- std::string m_label = "cynara_helpers";
-};
-
-pid_t runInChild(const std::function<void(void)> &process) {
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed");
-
- if (pid == 0) {
- process();
- exit(EXIT_SUCCESS);
- }
-
- return pid;
-}
-
-void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr,
- const struct ProcessCredentials &peerCredentials) {
- SecurityServer::AccessProvider ap(peerCredentials.label());
- ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid());
- pipe.claimChildEp();
-
- int sock = UDSHelpers::createServer(&sockaddr);
- SockUniquePtr sockPtr(&sock);
- pipe.post();
- int clientSock = UDSHelpers::acceptClient(sock);
-
- UDSHelpers::waitForDisconnect(clientSock);
-}
-
-typedef std::function<void(int sock, pid_t pid,
- const ProcessCredentials &peerCredentials)> SocketAssertionFn;
-
-void socketTestTemplate(SocketAssertionFn assertion, const std::string &scope) {
- const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_" + scope + ".socket");
- const ProcessCredentials peerCredentials;
-
- SynchronizationPipe pipe;
-
- pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
- std::cref(peerCredentials)));
-
- pipe.claimParentEp();
- pipe.wait();
- int sock = UDSHelpers::createClient(&sockaddr);
- SockUniquePtr sockPtr(&sock);
-
- assertion(sock, pid, peerCredentials);
-}
-
-RUNNER_TEST_GROUP_INIT(cynara_creds_socket)
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK));
- RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
- "Labels don't match ret = " << label.get()
- << "; expected = " << peerCredentials.label());
- }, "tccs01");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs02_socket_credentials_client_pid)
-{
- socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) {
- CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID));
- pid_t clientPid = std::stoi(clientPidStr.get());
- RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
- << "; expected = " << pid);
- }, "tccs02");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_user_uid)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID));
- uid_t uid = std::stoul(uidStr.get());
- RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
- << "; expected = "<< peerCredentials.uid());
- }, "tccs03");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs04_socket_credentials_user_gid)
-{
- socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) {
- CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID));
- gid_t gid = std::stoul(gidStr.get());
- RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
- << "; expected = "<< peerCredentials.gid());
- }, "tccs04");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tccs05_cynara_creds_socket_pid)
-{
- const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket");
- const ProcessCredentials peerCredentials;
-
- SynchronizationPipe pipe;
- pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr),
- std::cref(peerCredentials)));
-
- pipe.claimParentEp();
- pipe.wait();
- int sock = UDSHelpers::createClient(&sockaddr);
- SockUniquePtr sockPtr(&sock);
-
- pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock);
- RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
- << "; expected = " << expectedPid);
-}
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Jan Olszak (j.olszak@samsung.com)
-# @author Rafal Krypa (r.krypa@samsung.com)
-# @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-
-SET(TEST_APP_EFL "test-app-efl")
-SET(TEST_APP_WGT "test-app-wgt")
-SET(TEST_APP_OSP "test-app-osp")
-SET(HELLO_TIZEN_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/hello-tizen.cpp
- )
-ADD_EXECUTABLE( ${TEST_APP_EFL} ${HELLO_TIZEN_TEST_SOURCES} )
-INSTALL(TARGETS ${TEST_APP_EFL}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_OSP}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-INSTALL(FILES ${TEST_APP_EFL}
- DESTINATION /usr/bin
- RENAME ${TEST_APP_WGT}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
-
-SET(LPC_TARGET_TEST "libprivilege-control-test")
-
-#dependencies
-PKG_CHECK_MODULES(LPC_TARGET_DEP
- libsmack
- libprivilege-control
- sqlite3
- libtzplatform-config
- REQUIRED
- libiri
- )
-
-#files to compile
-SET(LPC_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/db.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/duplicates.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control-test.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_nosmack.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_incorrect_params.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_stress.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${LPC_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${LPC_TARGET_TEST} ${LPC_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${LPC_TARGET_TEST}
- ${LPC_TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- -lcrypt
- )
-
-#place for output file
-INSTALL(TARGETS ${LPC_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-# Test SMACK rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_privilege_control_DIR
- DESTINATION /etc/smack/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac
- DESTINATION /usr/share/privilege-control/
- )
-
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack
- DESTINATION /usr/share/privilege-control/
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac
- DESTINATION /usr/share/privilege-control/
- )
+++ /dev/null
-24567
-75678
+++ /dev/null
-~APP~ test_book_efl r
+++ /dev/null
-56789
-67890
+++ /dev/null
-~APP~ test_book_osp_8 r
-~APP~ test_book_osp_9 w
-~APP~ test_book_osp_10 x
-~APP~ test_book_osp_11 rw
-~APP~ test_book_osp_12 rx
-~APP~ test_book_osp_13 wx
-~APP~ test_book_osp_14 rwx
-~APP~ test_book_osp_15 rwxat
-test_subject_osp_8 ~APP~ r
-test_subject_osp_9 ~APP~ w
-test_subject_osp_10 ~APP~ x
-test_subject_osp_11 ~APP~ rw
-test_subject_osp_12 ~APP~ rx
-test_subject_osp_13 ~APP~ wx
-test_subject_osp_14 ~APP~ rwx
-test_subject_osp_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_1 r
-~APP~ test_book_2 w
-~APP~ test_book_3 x
-~APP~ test_book_4 rw
-~APP~ test_book_5 rx
-~APP~ test_book_6 wx
-~APP~ test_book_7 rwx
-test_subject_1 ~APP~ r
-test_subject_2 ~APP~ w
-test_subject_3 ~APP~ x
-test_subject_4 ~APP~ rw
-test_subject_5 ~APP~ rx
-test_subject_6 ~APP~ wx
-test_subject_7 ~APP~ rwx
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 rw
-~APP~ test_book_12 rx
-~APP~ test_book_13 wx
-~APP~ test_book_14 rwx
-~APP~ test_book_15 rwxat
-test_subject_8 ~APP~ r
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ rw
-test_subject_12 ~APP~ rx
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ rwx
-test_subject_15 ~APP~ rwxat
+++ /dev/null
-~APP~ test_book_9 w
-~APP~ test_book_10 x
-~APP~ test_book_11 w
-~APP~ test_book_12 x
-~APP~ test_book_13 wx
-~APP~ test_book_14 wx
-~APP~ test_book_15 wxat
-test_subject_9 ~APP~ w
-test_subject_10 ~APP~ x
-test_subject_11 ~APP~ w
-test_subject_12 ~APP~ x
-test_subject_13 ~APP~ wx
-test_subject_14 ~APP~ wx
-test_subject_15 ~APP~ wxat
+++ /dev/null
-~APP~ test_book_8 r
-~APP~ test_book_11 r
-~APP~ test_book_12 r
-~APP~ test_book_14 r
-~APP~ test_book_15 r
-test_subject_8 ~APP~ r
-test_subject_11 ~APP~ r
-test_subject_12 ~APP~ r
-test_subject_14 ~APP~ r
-test_subject_15 ~APP~ r
+++ /dev/null
-34567
-45678
+++ /dev/null
-~APP~ test_book_wgt_8 r
-~APP~ test_book_wgt_9 w
-~APP~ test_book_wgt_10 x
-~APP~ test_book_wgt_11 rw
-~APP~ test_book_wgt_12 rx
-~APP~ test_book_wgt_13 wx
-~APP~ test_book_wgt_14 rwx
-~APP~ test_book_wgt_15 rwxat
-test_subject_wgt_8 ~APP~ r
-test_subject_wgt_9 ~APP~ w
-test_subject_wgt_10 ~APP~ x
-test_subject_wgt_11 ~APP~ rw
-test_subject_wgt_12 ~APP~ rx
-test_subject_wgt_13 ~APP~ wx
-test_subject_wgt_14 ~APP~ rwx
-test_subject_wgt_15 ~APP~ rwxat
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#include <tests_common.h>
-#include <privilege-control.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include <string.h>
-#include "db.h"
-#include "db_sqlite.h"
-#include "duplicates.h"
-
-const std::string DBASE_PATH = tzplatform_mkpath(TZ_SYS_DB, ".rules-db.db3");
-const std::string ALL_APPS ="ALL_APPS";
-
-const int PERMISSION_VOLATILE = 1;
-const int PERMISSION_PERSISTENT = 0;
-
-const int PERMISSION_ENABLED = 1;
-const int PERMISSION_DISABLED = 0;
-
-using std::ostringstream;
-using std::string;
-
-TestLibPrivilegeControlDatabase::TestLibPrivilegeControlDatabase() : m_base(DBASE_PATH)
-{
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_install(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_label(name);
- app_permission(name, ALL_APPS, ALL_APPS, PERMISSION_PERSISTENT, PERMISSION_ENABLED);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_uninstall(const char* name)
-{
- if (!m_base.is_open())
- m_base.open();
-
- app_not_label(name);
-}
-
-void TestLibPrivilegeControlDatabase::test_db_after__perm_app_enable_permissions(
- const char* name, app_type_t app_type, const char** perm_list, bool persistent)
-{
- if (!m_base.is_open())
- m_base.open();
-
- string permission_type_name = app_type_name(app_type);
- string permission_group_type_name = app_type_group_name(app_type);
- const int is_volatile = persistent ? PERMISSION_PERSISTENT : PERMISSION_VOLATILE;
- string permission_name;
- int ret;
-
- app_permission(name, permission_type_name, permission_type_name, is_volatile,
- PERMISSION_ENABLED);
-
- int i;
- for (i = 0; perm_list[i] != nullptr; ++i) {
- // Ignore empty lines
- if (strspn(perm_list[i], " \t\n") == strlen(perm_list[i]))
- continue;
-
- ret = base_name_from_perm(perm_list[i], permission_name);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "permission : <" << perm_list[i] <<
- "> cannot be converted to basename (iri parse error)");
- app_permission(name, permission_name, permission_group_type_name, is_volatile,
- PERMISSION_ENABLED);
- }
-}
-
-void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT app_id FROM app "
- "NATURAL JOIN label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 1, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_not_label(const std::string& app_name)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT label_id FROM label "
- "WHERE name == '" << app_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
-
-void TestLibPrivilegeControlDatabase::app_permission(const std::string& app_name,
- const std::string& permission_name, const std::string& permission_type_name,
- int is_volatile, int is_enabled)
-{
- Sqlite3DBaseSelectResult result;
- ostringstream sql;
- sql << "SELECT * FROM app_permission "
- "INNER JOIN app USING(app_id) "
- "INNER JOIN permission USING(permission_id) "
- "INNER JOIN permission_type USING(permission_type_id)"
- "INNER JOIN label USING(label_id)"
- "WHERE "
- "label.name == '" << app_name << "' "
- "AND app_permission.is_enabled == " << is_enabled << " "
- "AND app_permission.is_volatile == " << is_volatile << " "
- "AND permission.name == '" << permission_name << "' "
- "AND permission_type.type_name == '" << permission_type_name << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_db.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests database record check functions
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DB_H_
-
-#include <privilege-control.h>
-#include "libprivilege-control_test_common.h"
-#include "db_sqlite.h"
-
-/**
- * @class TestLibPrivilegeControlDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestLibPrivilegeControlDatabase
-{
-public:
-/**
- * @brief A constructor
- */
- TestLibPrivilegeControlDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestLibPrivilegeControlDatabase() = default;
-
-/**
- * @brief Method for testing database after "perm_app_install" was run.
- *
- * It checks existence of proper: label, app records and permission for ALL_APPS for installed app.
- *
- * @param name name of installed app
- */
- void test_db_after__perm_app_install(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_uninstall" was run.
- *
- * It checks absence of proper: label for installed app.
- *
- * @param name name of uninstalled app
- */
- void test_db_after__perm_app_uninstall(const char* name);
-
-/**
- * @brief Method for testing database after "perm_app_enable_permissions" was run.
- *
- * It checks existence of proper permissions from perm_list and main permission for whole app_type.
- *
- * @param name name of application
- * @param app_type type of application (EFL, WRT, etc. )
- * @param perm_list list of permission to enable
- * @param persistent persistence or volatileness of permissions
- */
- void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type,
- const char** perm_list, bool persistent);
-
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestLibPrivilegeControlDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check existence of label related records for given app.
- *
- * @param app_name name of application
- */
- void app_label(const std::string& app_name);
-
-/**
- * @brief Check absence of label record for given app.
- *
- * @param app_name name of application
- */
- void app_not_label(const std::string& app_name);
-
-/**
- * @brief It checks existence of single permission.
- *
- * @param app_name name of application
- * @param permission_name name of permission
- * @param permission_type_name name of permission type
- * @param is_volatile persistence or volatileness of permissions
- * @param is_enabled permission enable flag
- */
- void app_permission(const std::string& app_name, const std::string& permission_name,
- const std::string& permission_type_name, int is_volatile, int is_enabled);
-};
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.cpp
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#include <stdlib.h>
-#include <iri.h>
-#include <algorithm>
-#include <string>
-#include <set>
-#include <sys/smack.h>
-#ifndef _XOPEN_SOURCE
-#define _XOPEN_SOURCE
-#endif
-#include <unistd.h>
-#include "duplicates.h"
-
-std::string app_type_name(app_type_t app_type)
-{
- switch(app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-std::string app_type_group_name(app_type_t app_type)
-{
- switch (app_type)
- {
- case APP_TYPE_WGT:
- return "WRT";
- case APP_TYPE_OSP:
- return "OSP";
- case APP_TYPE_EFL:
- return "EFL";
- default:
- return "";
- }
-}
-
-
-/*
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- */
-int base_name_from_perm(const char *perm, std::string& name)
-{
- iri_t *iris = iri_parse(perm);
- if (iris == nullptr || iris->host == nullptr)
- {
- iri_destroy(iris);
- return PC_ERR_INVALID_PARAM;
- }
-
- std::string host_dot;
- std::string host;
- std::string path;
- std::string::size_type pos;
-
- if (iris->path == nullptr)
- {
- path = iris->host;
- }
- else
- {
- path = iris->path;
- host = iris->host;
- pos = host.rfind('.');
- if (pos != std::string::npos)
- {
- host_dot = host.substr(pos + 1) + ".";
- host = host.substr(0, pos);
- }
- }
-
- iri_destroy(iris);
-
- std::replace(path.begin(), path.end(), '/', '.');
-
- name = host_dot + host + path;
-
- return PC_OPERATION_SUCCESS;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file libprivilege-control_test_duplicates.h
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control private functions duplicates
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-#define LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_
-
-#include <string>
-#include <privilege-control.h>
-
-/**
- * @brief Get the permission family type name.
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_name(app_type_t app_type);
-
-/**
- * @brief Get the permission type name
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param app_type type of the application
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-std::string app_type_group_name(app_type_t app_type);
-
-/**
- * @brief URI to basename conversion
- *
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- *
- * @ingroup RDB internal functions test duplicate
- *
- * @param perm permission URI
- * @param name created basename
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int base_name_from_perm(const char *perm, std::string& name);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control tests commons
- */
-
-#ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-#define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_
-
-#include <vector>
-#include <string>
-#include <set>
-#include <ftw.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <unistd.h>
-#include <tzplatform_config.h>
-
-// How many open file descriptors should ftw() function use?
-#define FTW_MAX_FDS 16
-
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir"
-#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir"
-
-#define APP_ID "test_APP"
-#define APPID_DIR "test_APP_ID_dir"
-#define GENERATED_APP_ID "User" // TODO to be replaced in the future
-
-const uid_t TZ_APP_UID = tzplatform_getuid(TZ_USER_NAME);
-const gid_t TZ_APP_GID = tzplatform_getgid(TZ_USER_NAME);
-
-#define PERM_TO_REDEFINE "Test::RedefinePermission"
-#define PERM_SUB_TO_REDEFINE "Test::RedefinePermission::Sub"
-
-#define APP_1 "app_1"
-#define APP_1_DIR "/tmp/app_1"
-
-#define APP_2 "app_2"
-#define APP_2_DIR "/tmp/app_2"
-
-#define APP_TEST "app_test"
-
-#define EFL_APP_ID "hello-tizen"
-
-#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac"
-#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac"
-
-#define OSP_APP_ID "uqNfgEjqc7"
-
-#define WGT_APP_PATH "/usr/bin/test-app-wgt"
-#define OSP_APP_PATH "/usr/bin/test-app-osp"
-#define EFL_APP_PATH "/usr/bin/test-app-efl"
-
-#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP"
-
-extern const char *USER_APP_ID;
-
-extern const char *PRIVS1[];
-extern const char *PRIVS2[];
-extern const char *PRIVS2_NO_R[];
-extern const char *PRIVS2_R[];
-extern const char *PRIVS2_R_AND_NO_R[];
-
-extern const char *PRIVS_WGT[];
-extern const char *PRIVS_OSP[];
-extern const char *PRIVS_EFL[];
-
-extern const char *PRIV_APPSETTING[];
-extern const char *PRIV_APPSETTING_RULES[];
-
-typedef std::vector< std::vector<std::string> > rules_t;
-
-// Rules from WRT_test_privilege_control_rules1.smack for wgt
-const rules_t rules1 = {
- { USER_APP_ID, "test_book_1", "r" },
- { USER_APP_ID, "test_book_2", "w" },
- { USER_APP_ID, "test_book_3", "x" },
- { USER_APP_ID, "test_book_4", "rw" },
- { USER_APP_ID, "test_book_5", "rx" },
- { USER_APP_ID, "test_book_6", "wx" },
- { USER_APP_ID, "test_book_7", "rwx" },
- { "test_subject_1", USER_APP_ID, "r" },
- { "test_subject_2", USER_APP_ID, "w" },
- { "test_subject_3", USER_APP_ID, "x" },
- { "test_subject_4", USER_APP_ID, "rw" },
- { "test_subject_5", USER_APP_ID, "rx" },
- { "test_subject_6", USER_APP_ID, "wx" },
- { "test_subject_7", USER_APP_ID, "rwx" }
-};
-
-// Rules from WRT_test_privilege_control_rules2.smack
-const rules_t rules2 = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "rw" },
- { USER_APP_ID, "test_book_12", "rx" },
- { USER_APP_ID, "test_book_13", "wx" },
- { USER_APP_ID, "test_book_14", "rwx" },
- { USER_APP_ID, "test_book_15", "rwxat" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "rw" },
- { "test_subject_12", USER_APP_ID, "rx" },
- { "test_subject_13", USER_APP_ID, "wx" },
- { "test_subject_14", USER_APP_ID, "rwx" },
- { "test_subject_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_no_r = {
- { USER_APP_ID, "test_book_9", "w" },
- { USER_APP_ID, "test_book_10", "x" },
- { USER_APP_ID, "test_book_11", "w" },
- { USER_APP_ID, "test_book_12", "x" },
- { USER_APP_ID, "test_book_13", "x" },
- { USER_APP_ID, "test_book_14", "wx" },
- { USER_APP_ID, "test_book_15", "wxat" },
- { "test_subject_9", USER_APP_ID, "w" },
- { "test_subject_10", USER_APP_ID, "x" },
- { "test_subject_11", USER_APP_ID, "w" },
- { "test_subject_12", USER_APP_ID, "x" },
- { "test_subject_13", USER_APP_ID, "x" },
- { "test_subject_14", USER_APP_ID, "wx" },
- { "test_subject_15", USER_APP_ID, "wxat" }
-};
-
-// Rules from test_privilege_control_rules.smack
-// minus WRT_test_privilege_control_rules_no_r.smack
-const rules_t rules2_r = {
- { USER_APP_ID, "test_book_8", "r" },
- { USER_APP_ID, "test_book_11", "r" },
- { USER_APP_ID, "test_book_12", "r" },
- { USER_APP_ID, "test_book_14", "r" },
- { USER_APP_ID, "test_book_15", "r" },
- { "test_subject_8", USER_APP_ID, "r" },
- { "test_subject_11", USER_APP_ID, "r" },
- { "test_subject_12", USER_APP_ID, "r" },
- { "test_subject_14", USER_APP_ID, "r" },
- { "test_subject_15", USER_APP_ID, "r" }
-};
-
-// Rules from EFL_test_privilege_control_rules_efl.smack for rpm
-const rules_t rules_efl = {
- { USER_APP_ID, "test_book_efl", "r" }
-};
-
-// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt
-const rules_t rules_wgt = {
- { USER_APP_ID, "test_book_wgt_8", "r" },
- { USER_APP_ID, "test_book_wgt_9", "w" },
- { USER_APP_ID, "test_book_wgt_10", "x" },
- { USER_APP_ID, "test_book_wgt_11", "rw" },
- { USER_APP_ID, "test_book_wgt_12", "rx" },
- { USER_APP_ID, "test_book_wgt_13", "wx" },
- { USER_APP_ID, "test_book_wgt_14", "rwx" },
- { USER_APP_ID, "test_book_wgt_15", "rwxat" },
- { "test_subject_wgt_8", USER_APP_ID, "r" },
- { "test_subject_wgt_9", USER_APP_ID, "w" },
- { "test_subject_wgt_10", USER_APP_ID, "x" },
- { "test_subject_wgt_11", USER_APP_ID, "rw" },
- { "test_subject_wgt_12", USER_APP_ID, "rx" },
- { "test_subject_wgt_13", USER_APP_ID, "wx" },
- { "test_subject_wgt_14", USER_APP_ID, "rwx" },
- { "test_subject_wgt_15", USER_APP_ID, "rwxat" }
-};
-
-// Rules from OSP_test_privilege_control_rules_osp.smack for osp
-const rules_t rules_osp = {
- { USER_APP_ID, "test_book_osp_8", "r" },
- { USER_APP_ID, "test_book_osp_9", "w" },
- { USER_APP_ID, "test_book_osp_10", "x" },
- { USER_APP_ID, "test_book_osp_11", "rw" },
- { USER_APP_ID, "test_book_osp_12", "rx" },
- { USER_APP_ID, "test_book_osp_13", "wx" },
- { USER_APP_ID, "test_book_osp_14", "rwx" },
- { USER_APP_ID, "test_book_osp_15", "rwxat" },
- { "test_subject_osp_8", USER_APP_ID, "r" },
- { "test_subject_osp_9", USER_APP_ID, "w" },
- { "test_subject_osp_10", USER_APP_ID, "x" },
- { "test_subject_osp_11", USER_APP_ID, "rw" },
- { "test_subject_osp_12", USER_APP_ID, "rx" },
- { "test_subject_osp_13", USER_APP_ID, "wx" },
- { "test_subject_osp_14", USER_APP_ID, "rwx" },
- { "test_subject_osp_15", USER_APP_ID, "rwxat" }
-};
-
-int test_have_all_accesses(const rules_t &rules);
-int test_have_any_accesses(const rules_t &rules);
-int test_have_nosmack_accesses(const rules_t &rules);
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id);
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file);
-
-int file_exists(const char *path);
-void check_app_installed(const char *app_path);
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected);
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/);
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack);
-void test_revoke_permissions(int line_no, const char* app_id);
-void test_app_enable_permissions_efl(bool smack);
-void test_app_disable_permissions_efl(bool smack);
-void test_app_disable_permissions(bool smack);
-bool check_all_accesses(bool smack, const rules_t &rules);
-bool check_no_accesses(bool smack, const rules_t &rules);
-
-#endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */
+++ /dev/null
-#include <iostream>
-
-int main() {
- std::cout << "Hello Tizen!" << std::endl;
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-int main (int argc, char *argv[])
-{
- LogInfo("Starting libprivilege-control tests");
-
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file libprivilege-control-test.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief Main file for libprivilege-control unit tests.
- */
-
-#include <fcntl.h>
-#include <fstream>
-#include <iostream>
-#include <set>
-#include <string>
-#include <string.h>
-#include <sys/sendfile.h>
-#include <sys/smack.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <vector>
-#include <grp.h>
-#include <pwd.h>
-
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include "common/duplicates.h"
-#include <memory.h>
-
-#define CANARY_LABEL "tiny_yellow_canary"
-
-const char *USER_APP_ID = "User";
-
-const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr };
-const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr };
-const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr };
-const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr };
-const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr };
-
-const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr };
-const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr };
-const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr };
-
-const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr};
-const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx",
- "~APP~ ~ALL_APPS~ rx",
- nullptr};
-/**
- * Check if every rule is true.
- * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure
- */
-int test_have_all_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access <= 0)
- return 0;
- }
- return 1;
-}
-
-/**
- * Check if every rule is true.
- * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure
- */
-int test_have_any_accesses(const rules_t &rules)
-{
- for (size_t i = 0; i < rules.size(); ++i) {
- int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (access > 0)
- return 1;
- }
- return 0;
-}
-
-/**
- * NOSMACK version of test_have_accesses functions.
- *
- * This will be used in many tests. Checks if for every rule smack_have_access returns error.
- * If for any of rules smack_have_access will return something different than error, this result
- * is being returned to caller.
- */
-int test_have_nosmack_accesses(const rules_t &rules)
-{
- int result;
- for (uint i = 0; i < rules.size(); ++i) {
- result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str());
- if (result != -1)
- return result;
- }
- return -1;
-}
-
-bool check_all_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_all_accesses(rules) == 1;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-bool check_no_accesses(bool smack, const rules_t &rules)
-{
- if (smack)
- return test_have_any_accesses(rules) == 0;
- else
- return test_have_nosmack_accesses(rules) == -1;
-}
-
-void read_gids(std::set<unsigned> &set, const char *file_path)
-{
- FILE *f = fopen(file_path, "r");
- RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path);
- unsigned gid;
- while (fscanf(f, "%u\n", &gid) == 1) {
- set.insert(gid);
- }
- fclose(f);
-}
-
-void read_user_gids(std::set<unsigned> &set, const uid_t user_id)
-{
- int ret;
-
- errno = 0;
- struct passwd *pw = getpwuid(user_id);
- RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed");
-
- int groups_cnt = 0;
- gid_t *groups_list = nullptr;
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed.");
- if (groups_cnt == 0)
- return;
- groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
-
- ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt);
- if (ret == -1) {
- free(groups_list);
- RUNNER_FAIL_MSG("getgrouplist() failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void read_current_gids(std::set<unsigned> &set)
-{
- int groups_cnt = getgroups(0, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups");
- gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t));
- RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed.");
- if (getgroups(groups_cnt, groups_list) == -1){
- free(groups_list);
- RUNNER_FAIL_MSG("getgroups failed.");
- }
-
- for (int i = 0; i < groups_cnt; ++i) {
- set.insert(groups_list[i]);
- }
- free(groups_list);
-}
-
-void check_groups(const std::set<unsigned> &groups_prev, const char *dac_file)
-{
- std::set<unsigned> groups_check;
- std::set<unsigned> groups_current;
- if(dac_file != nullptr)
- read_gids(groups_check, dac_file);
- read_current_gids(groups_current);
-
- std::string groups_left;
- for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it)
- {
- (void)groups_check.erase(*it);
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application lost some groups: " << groups_left);
-
- for (auto it = groups_check.begin(); it != groups_check.end(); ++it)
- {
- if(groups_current.erase(*it) == 0)
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application doesn't belong to some required groups: " << groups_left);
-
- for (auto it = groups_current.begin(); it != groups_current.end(); ++it)
- {
- groups_left.append(std::to_string(*it)).append(" ");
- }
- RUNNER_ASSERT_MSG(groups_left.empty(),
- "Application belongs to groups it should't belong to: " << groups_left);
-}
-
-int file_exists(const char *path)
-{
- FILE *file = fopen(path, "r");
- if (file) {
- fclose(file);
- return 0;
- }
- return -1;
-}
-
-void check_app_installed(const char *app_path)
-{
- RUNNER_ASSERT_MSG(file_exists(app_path) == 0,
- " App not installed: " << app_path);
-}
-
-int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-void check_perm_app_has_permission(const char *app_label,
- const char *permission,
- bool is_enabled_expected)
-{
- int result;
- bool is_enabled_result;
-
- result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error calling perm_app_has_permission. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected,
- " Result of perm_app_has_permission should be: " << is_enabled_expected);
-}
-
-int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-
-int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID);
-}
-
-int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_labels_app_dir(fpath, sb, "_");
-}
-
-int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char *label;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- if (S_ISDIR(sb->st_mode)) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set");
- result = strcmp("TRUE", label);
- RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set");
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS);
- smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC);
- smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE);
-
- return 0;
-}
-
-int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten");
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- result = strcmp(CANARY_LABEL, labelPtr.get());
- RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten");
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set");
-
- return 0;
-}
-
-void test_perm_app_setup_path_PUBLIC_RO(bool smack)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-
- RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}}));
-}
-
-void test_revoke_permissions(int line_no, const char* app_id)
-{
- int result;
-
- // Cleanup
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- // Close transaction to commit uninstallation before further actions
- DB_END
-
- DB_BEGIN
-
- // Install test apps
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_install returned " << result);
-
- // Close transaction to commit installation before further actions
- DB_END
-
- DB_BEGIN
-
- // TEST:
- // Revoke permissions
- result = perm_app_revoke_permissions(app_id);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no <<
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- DB_BEGIN
-
- // Cleanup - uninstall test apps
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no <<
- "perm_app_uninstall returned " << result);
-
- DB_END
-}
-
-void test_app_enable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- // Register a permission:
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions_efl(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Register a permission
- result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not granted for EFL_APP");
-
- DB_BEGIN
-
- // Disable a permission
- result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}),
- "SMACK accesses not disabled for EFL_APP");
-
- DB_BEGIN
-
- // Cleanup
- result = perm_app_uninstall(EFL_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- DB_END
-}
-
-void test_app_disable_permissions(bool smack)
-{
- int result;
-
- DB_BEGIN
-
- // Prepare
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2),
- "SMACK accesses not disabled.");
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1),
- "SMACK accesses not disabled.");
-
- DB_BEGIN
-
-/**
- * Test - disable all granted permissions.
- */
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions enabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- // Are all the permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled.");
-
-/**
- * Test - disable some granted permissions leaving non complementary and then disabling those too.
- */
-
- DB_BEGIN
-
- // Prepare permissions that will not be disabled
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app first permissions. Result: " << result);
-
- // Prepare permissions that we want to disable
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app second permissions. Result: " << result);
-
- // Disable second permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app second permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled.");
-
- // Are all first permissions not disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled.");
-
- DB_BEGIN
-
- // Disable first permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app first permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled.");
-
-/**
- * Test - disable only no r granted permissions.
- */
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app r permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app no r permissions. Result: " << result);
-
- // Disable same permissions without r
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app no r permissions. Result: " << result);
-
- DB_END
-
- // Is any r permissions disabled?
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled.");
- // Are all no r permissions disabled?
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled.");
-
- DB_BEGIN
-
- // Prepare permissions
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app no r permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled.");
-
- DB_BEGIN
-
- // Disable all permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-
- RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled.");
-
- DB_BEGIN
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <string>
-#include <vector>
-#include <fstream>
-#include <sstream>
-#include <set>
-
-#include <fcntl.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/smack.h>
-
-#include <privilege-control.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/duplicates.h"
-#include "common/db.h"
-#include "memory.h"
-
-// Error codes for test_libprivilege_strerror
-const std::vector<int> error_codes {
- PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED,
- PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN,
- PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION,
- PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN
-};
-
-namespace {
-
-std::vector<std::string> gen_names(std::string prefix, std::string suffix, size_t size)
-{
- std::vector<std::string> names;
- for(size_t i = 0; i < size; ++i) {
- names.push_back(prefix + "_" + std::to_string(i) + suffix);
- }
- return names;
-}
-
-const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack";
-const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack";
-const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack";
-const std::vector<std::string> OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16);
-const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac";
-const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac";
-const std::vector<std::string> BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16);
-
-void osp_blahblah_dac_check(int line_no, const std::vector<unsigned> &gids, std::string dac_file_path)
-{
- std::ifstream dac_file(dac_file_path);
- RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path);
-
- auto it = gids.begin();
- std::string line;
- while (std::getline(dac_file,line)) {
- std::istringstream is(line);
- unsigned gid;
- is >> gid;
- RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid);
- RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid);
- it++;
- }
-
- RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it);
-
- dac_file.close();
-}
-
-void remove_smack_files()
-{
- // TODO array
- unlink(OSP_BLAHBLAH);
- unlink(WRT_BLAHBLAH);
- unlink(OTHER_BLAHBLAH);
- unlink(WRT_BLAHBLAH_DAC);
- unlink(OTHER_BLAHBLAH_DAC);
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-
- for(size_t i=0; i<OSP_BLAHBLAH_DAC.size(); ++i)
- unlink(OSP_BLAHBLAH_DAC[i].c_str());
-}
-
-} // namespace
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol)
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_01_PRIVATE)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_PRIVATE failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_private_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-RUNNER_TEST(privilege_control02_perm_app_setup_path_02_FLOOR)
-{
- int result;
-
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR);
-
- DB_BEGIN
-
- result = perm_app_setup_path(APPID_DIR, TEST_APP_DIR, APP_PATH_FLOOR);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() for APP_PATH_FLOOR type failed");
-
- DB_END
-
- result = nftw(TEST_APP_DIR, &nftw_check_labels_app_floor_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir");
-
- result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir");
-}
-
-
-RUNNER_TEST_SMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO)
-{
- test_perm_app_setup_path_PUBLIC_RO(true);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_wgt)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control06_revoke_permissions_osp)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-void test_set_app_privilege(
- const char* app_id, app_type_t APP_TYPE,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules) {
- check_app_installed(app_path);
-
- int result;
-
- /* Remove the group file to make sure other tests do not affect current one. This is because all
- apps get the same label "User" */
- const char* db_file = tzplatform_mkpath(TZ_SYS_DB,".privilege_control_app_gids.db");
- RUNNER_ASSERT_MSG(db_file, "Failed to get groups db path");
- result = unlink(db_file);
- RUNNER_ASSERT_MSG(result == 0, "Removing group db failed " << strerror(errno));
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_uninstall returned " << result << ". "
- "Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- " perm_app_install returned " << result << ". "
- "Errno: " << strerror(errno));
-
- // TEST:
- result = perm_app_enable_permissions(app_id, APP_TYPE, privileges, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_all_accesses(rules);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- // Check if SMACK label really set
- char *label;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
-
- result = strcmp(USER_APP_ID, label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label " << label << " is incorrect");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * Set APP privileges. wgt.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * Set APP privileges. osp app.
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl)
-{
- test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Add new API feature
- */
-RUNNER_TEST(privilege_control08_add_api_feature)
-{
- int result;
-
- remove_smack_files();
-
- DB_BEGIN
-
- // argument validation
- result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
- result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0);
- RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM);
-
-
- // Already existing feature:
- // TODO: Database will be malformed. (Rules for these features will be removed.)
- result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty features
- result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty rules
- const char *test1[] = { nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test2[] = { "", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // malformed rules
- const char *test4[] = { "malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test5[] = { "malformed malformed", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test6[] = { "-malformed malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test7[] = { "~/\"\\ malformed rwxat", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
- const char *test8[] = { "subject object rwxat something else", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result);
-
-
- // correct rules
- const char *test9[] = {
- "~APP~ object\t rwxatl",
- " \t \n",
- "subject2\t~APP~ ltxarw",
- "",
- nullptr};
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr };
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails.
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
-
- // TODO For now identical/complementary rules are not merged.
- const char *test12[] = {
- "subject1 ~APP~ rwxatl",
- " \t \n",
- "subject2 ~APP~ ltxarw",
- "",
- nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
-
- // empty group ids
- const char *test13[] = { "~APP~ b a", nullptr};
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- result = file_exists(OSP_BLAHBLAH_DAC[12].c_str());
- RUNNER_ASSERT(result == -1);
- remove_smack_files();
-
-
- // valid group ids
- result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]);
- remove_smack_files();
-
- result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result);
- osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]);
- remove_smack_files();
-
- DB_END
-}
-
-/**
- * Add new API feature, assign it to an app and redefine the API feature.
- * Check if app rules has changed after redefinition.
- */
-RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine)
-{
- int result;
- const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr};
-
- // Rules to be used with the first check
- const rules_t test_rules1 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules that contain differences - to be used with the second check (after re-def)
- const rules_t test_rules2 = {
- { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" },
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" }
- };
-
- // Differences between rules1 and rules2 - should be revoked after re-def)
- const rules_t diff_rules = {
- { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" },
- { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" }
- };
-
- // Rules to be used with the first definition
- const char *perm_rules1[] = {
- "~APP~ " PERM_TO_REDEFINE " rx",
- PERM_TO_REDEFINE " ~APP~ rwx",
- "~APP~ " PERM_SUB_TO_REDEFINE " rx",
- nullptr
- };
-
- // Rules that contain differences - to be used with the second definition (re-def)
- const char *perm_rules2[] = {
- "~APP~ " PERM_TO_REDEFINE " rwx",
- PERM_TO_REDEFINE " ~APP~ rx",
- "~APP~ " PERM_SUB_TO_REDEFINE " watl",
- nullptr
- };
-
- DB_BEGIN
-
- // uninstall app to make sure that all rules and permissions are revoked
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall failed: " << perm_strerror(result));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install failed: " << perm_strerror(result));
-
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_enable_permissions failed: " << perm_strerror(result));
-
- DB_END
-
- // Check if rules are applied
- result = test_have_all_accesses(test_rules1);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Redefine the permission
- result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_add_api_feature failed: " << result);
-
- DB_END
-
- // Check if rules are updated
- result = test_have_all_accesses(test_rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update.");
- // The difference between rules1 and rules2 should be revoked!
- result = test_have_any_accesses(diff_rules);
- RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated.");
-}
-
-/*
- * Check perm_app_uninstall function
- */
-void check_perm_app_uninstall(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_uninstall)
-{
- check_perm_app_uninstall(APP_ID);
-}
-
-/*
- * Check perm_app_install function
- */
-void check_perm_app_install(const char* pkg_id)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(pkg_id);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_TEST(privilege_control01_app_install)
-{
- check_perm_app_uninstall(APP_ID);
- check_perm_app_install(APP_ID);
- // try install second time app with the same ID - it should pass.
- check_perm_app_install(APP_ID);
-}
-
-/*
- * Check perm_rollback function
- */
-RUNNER_TEST(privilege_control07_app_rollback)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- DB_END
-}
-
-RUNNER_TEST(privilege_control07_app_rollback_2)
-{
- check_perm_app_uninstall(APP_ID);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- // transaction rollback
- result = perm_rollback();
- RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result));
-
- // install once again after the rollback
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result));
-
- DB_END
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-/**
- * Grant SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions)
-{
- int result;
-
- // Clean up after test:
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
-/**
- * Test - Enabling all permissions with persistant mode enabled
- */
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling all permissions with persistant mode disabled
- */
-
- DB_BEGIN
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Registering new permissions in two complementary files
- */
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
-/**
- * Test - Enabling some permissions and then enabling complementary permissions
- */
-
- DB_BEGIN
-
- // Register permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Register permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app all permissions. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Permissions all not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-/**
- * Test - Enabling some permissions and then enabling all permissions
- */
-
- // Enable permission for rules 2 no r
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions without r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_no_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added.");
-
- DB_BEGIN
-
- // Enable permission for rules 2
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions with only r. Result: " << result);
-
- DB_END
-
- // Check if the accesses are realy applied..
- result = test_have_all_accesses(rules2_r);
- RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added.");
-
- DB_BEGIN
-
- // Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
-
-
- // Clean up after test:
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl)
-{
- test_app_enable_permissions_efl(true);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl)
-{
- test_app_disable_permissions_efl(true);
-}
-
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions)
-{
- test_app_disable_permissions(true);
-}
-
-/**
- * Reset SMACK permissions for an application by revoking all previously
- * granted rules and enabling them again from a rules file from disk.
- */
-// TODO: This test is incomplete.
-RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions)
-{
- int result;
-
-/**
- * Test - doing reset and checking if rules exist again.
- */
-
- DB_BEGIN
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error registering app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- // Are all second permissions not disabled?
- result = test_have_all_accesses(rules2);
- RUNNER_ASSERT_MSG(result == 1, "Not all permissions added.");
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- DB_END
-}
-
-static void smack_set_random_label_based_on_pid_on_self(void)
-{
- int result;
- std::stringstream ss;
-
- ss << "s-" << getpid() << "-" << getppid();
- result = smack_set_label_for_self(ss.str().c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self("
- << ss.str().c_str() << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *smack_label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- if (fd < 0)
- return;
-
- FdUniquePtr fdPtr(&fd);
-
- result = smack_new_label_from_self(&smack_label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- SmackLabelPtr smackLabelPtr(smack_label);
-
- ssize_t bitsNum = write(fd, smack_label, strlen(smack_label));
- RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast<size_t>(bitsNum) == strlen(smack_label),
- "write() failed");
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- unlink(SOCK_PATH);
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- smack_set_random_label_based_on_pid_on_self();
-
- if (!pid) { /* child process, server */
- int sock, result;
-
- /* Set the process label before creating a socket */
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = bind(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- /* Change the process label with listening socket */
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Now running two concurrent servers.
- Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- /* Let's give the two servers different labels */
- smack_unix_sock_server(sock);
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- int i;
- for (i = 0; i < 4; ++i) {
- int sock;
- int result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- result = connect(sock,
- (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
-
- smack_label1[result] = '\0';
- smack_label2 = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed");
- result = strcmp(smack_label1, smack_label2);
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "-" << random() << "'");
- }
- }
-}
-
-RUNNER_TEST(privilege_control20_perm_app_has_permission)
-{
- int result;
- const char *other_app_label = "test_other_app_label";
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false);
- check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false);
- check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false);
-}
-
-RUNNER_TEST(privilege_control25_test_libprivilege_strerror) {
- int POSITIVE_ERROR_CODE = 1;
- int NONEXISTING_ERROR_CODE = -239042;
- const char *result;
-
- for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) {
- RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0,
- "Returned invalid error code description.");
- }
-
- result = perm_strerror(POSITIVE_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-
- result = perm_strerror(NONEXISTING_ERROR_CODE);
- RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0,
- "Bad message returned for invalid error code: \"" << result << "\"");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-
-
-
-//////////////////////////////////////////////////////
-//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS
-//////////////////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_incorrect_params)
-
-RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege)
-{
- RUNNER_ASSERT_MSG(perm_app_set_privilege(nullptr, nullptr, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM,
- "perm_app_set_privilege didn't check if package name isn't nullptr.");
-}
-
-RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install)
-{
- RUNNER_ASSERT_MSG(perm_app_install(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM,
- "perm_app_install didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall)
-{
- RUNNER_ASSERT_MSG(perm_app_uninstall(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM,
- "perm_app_uninstall didn't check if pkg_id isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, nullptr, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM,
- "perm_app_enable_permissions didn't check if pkg_id is valid");
-}
-
-RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_revoke_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_reset_permissions(nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM,
- "perm_app_reset_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path)
-{
- RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, nullptr, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if path isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path(nullptr, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM,
- "perm_app_setup_path didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature)
-{
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM,
- "perm_add_api_feature didn't check if api_feature_name isn't empty.");
-}
-
-RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions)
-{
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if perm_list isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id isn't empty.");
- RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM,
- "perm_app_disable_permissions didn't check if pkg_id is valid.");
-}
-
-RUNNER_TEST(privilege_control21m_incorrect_params_perm_app_has_permission)
-{
- bool has_permission;
- const char *app_label = "test_app_label";
-
- RUNNER_ASSERT_MSG(perm_app_has_permission(nullptr, APP_TYPE_WGT,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if pkg_id isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_OTHER,
- PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission should not accept app_type = OTHER.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- nullptr, &has_permission) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if permission_name isn't nullptr.");
- RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT,
- PRIVS2[0], nullptr) == PC_ERR_INVALID_PARAM,
- "perm_app_has_permission didn't check if has_permission isn't nullptr.");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <memory>
-#include <functional>
-#include <fstream>
-#include <set>
-
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <sys/smack.h>
-#include <privilege-control.h>
-#include <tests_common.h>
-#include <libprivilege-control_test_common.h>
-#include "common/db.h"
-#include <memory.h>
-
-#define APP_USER_NAME "app"
-#define APP_HOME_DIR "/opt/home/app"
-
-
-#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL"
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack)
-
-RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack)
-{
- test_perm_app_setup_path_PUBLIC_RO(false);
-}
-
-/**
- * NOSMACK version of privilege_control04 test.
- *
- * Tries to add permisions from test_privilege_control_rules template and checks if
- * smack_have_access returns -1 on check between every rule.
- */
-RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- //Add permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error adding app permissions. Result: " << result);
-
- DB_END
-
- //Check if smack_have_access always fails on every rule
- result = test_have_nosmack_accesses(rules_efl);
- RUNNER_ASSERT_MSG(result == -1,
- "Despite SMACK being off some accesses were added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling permissions: " << perm_strerror(result));
- DB_END
-}
-
-void test_set_app_privilege_nosmack(
- const char* app_id, app_type_t app_type,
- const char** privileges, const char* type,
- const char* app_path, const char* dac_file,
- const rules_t &rules)
-{
- check_app_installed(app_path);
-
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(app_id);
- RUNNER_ASSERT_MSG(result == 0,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_enable_permissions(app_id, app_type, privileges, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error enabling app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules);
- RUNNER_ASSERT_MSG(result == -1,
- " Permissions shouldn't be added. Result: " << result);
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- result = perm_app_set_privilege(app_id, type, app_path);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- " new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr,
- " new_label_from_self shouldn't allocate memory for label.");
-
- check_groups(groups_before, dac_file);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege test.
- *
- * Another very similar test to it's SMACK version, this time smack_new_label_from_self is
- * expected to return different result.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack)
-{
- int result;
-
- check_app_installed(APP_SET_PRIV_PATH);
-
- //Preset exec label
- smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC);
- smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC);
-
- DB_BEGIN
- perm_app_uninstall(APP_ID);
- DB_END
-
- std::set<unsigned> groups_before;
- read_user_gids(groups_before, TZ_APP_UID);
-
- //Set app privileges
- result = perm_app_set_privilege(APP_ID, nullptr, APP_SET_PRIV_PATH);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_set_privilege. Error: " << result);
-
- //Even though app privileges are set, no smack label should be extracted.
- char* label = nullptr;
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1,
- "new_label_from_self should return error (SMACK is off). Result: " << result);
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory for label.");
-
- //Check if DAC privileges really set
- RUNNER_ASSERT_MSG(getuid() == TZ_APP_UID, "Wrong UID");
- RUNNER_ASSERT_MSG(getgid() == TZ_APP_GID, "Wrong GID");
-
- result = strcmp(getenv("HOME"), APP_HOME_DIR);
- RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result);
-
- result = strcmp(getenv("USER"), APP_USER_NAME);
- RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result);
-
- check_groups(groups_before, nullptr);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_wgt test.
- *
- * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack)
-{
- test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt);
-}
-
-/**
- * NOSMACK version of privilege_control05_set_app_privilege_osp test.
- *
- * Same as the above.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack)
-{
- test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack)
-{
- test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL,
- "rpm", EFL_APP_PATH,
- LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack)
-{
- test_revoke_permissions(__LINE__, WGT_APP_ID);
-}
-
-/**
- * Revoke permissions from the list. Should be executed as privileged user.
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack)
-{
- test_revoke_permissions(__LINE__, OSP_APP_ID);
-}
-
-/**
- * NOSMACK version of privilege_control11_app_enable_permissions test.
- *
- * Since the original test did the same thing around five times, there is no need to redo the
- * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once,
- * test_have_nosmack_accesses will check if smack_have_access still returns error and then
- * we will check if SMACK file was correctly created.
- */
-RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling app permissions. Result: " << result);
-
- DB_END
-
- //Check if accesses aren't added
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result);
-
- TestLibPrivilegeControlDatabase db_test;
- db_test.test_db_after__perm_app_install(USER_APP_ID);
- db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true);
-
- DB_BEGIN
-
- //Clean up
- result = perm_app_revoke_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error revoking app permissions. Result: " << result);
-
- DB_END
-
- db_test.test_db_after__perm_app_install(USER_APP_ID);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack)
-{
- test_app_enable_permissions_efl(false);
-}
-
-/*
- * Check perm_app_install function
- */
-RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack)
-{
- test_app_disable_permissions_efl(false);
-}
-
-/**
- * Remove previously granted SMACK permissions based on permissions list.
- */
-RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack)
-{
- test_app_disable_permissions(false);
-}
-
-/**
- * NOSMACK version of privilege_control13 test.
- *
- * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has
- * changed.
- */
-RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno));
-
- result = perm_app_install(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "perm_app_install returned " << result << ". Errno: " << strerror(errno));
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- // Prepare permissions to reset
- result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error adding app permissions. Result: " << result);
-
- // Reset permissions
- result = perm_app_reset_permissions(WGT_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error reseting app permissions. Result: " << result);
-
- DB_END
-
- result = test_have_nosmack_accesses(rules2);
- RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result);
-
- DB_BEGIN
-
- // Disable permissions
- result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app permissions. Result: " << result);
-
- DB_END
-}
-
-/**
- * NOSMACK version of privilege_control15_app_id_from_socket.
- *
- * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self.
- * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on
- * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are
- * assumed to react correctly and are not tested in this test case.
- *
- * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and
- * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env
- * correct behavior for perm_app_id_from_socket would be returning nullptr label.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
-
- //Clean up before creating socket
- unlink(SOCK_PATH);
-
- //Create our server and client with fork
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
-
- if (!pid) { //child (server)
- int sock, result, fd;
-
- //Create a socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept connection
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed");
-
- //Wait a little bit for client to use perm_app_id_from_socket
- usleep(200);
-
- //cleanup
- exit(0);
- } else { //parent (client)
- // Give server some time to setup listening socket
- sleep(1);
- int sock, result;
- char* smack_label = nullptr;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
-
- //Try connecting to address
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Use perm_app_id_from_socket. Should fail and return nullptr smack_label.
- smack_label = perm_app_id_from_socket(sock);
- RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail.");
-
- //cleanup
- RUNNER_ASSERT_MSG(smack_label == nullptr, "perm_app_id_from_socket should fail.");
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file test_cases.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Rafal Krypa (r.krypa@samsung.com)
- * @version 1.0
- * @brief libprivilege-control test runner
- */
-
-#include <vector>
-#include <ftw.h>
-#include <dpl/test/test_runner.h>
-#include <privilege-control.h>
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-
-// ---- Macros and arrays used in stress tests ----
-#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app"
-#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app"
-#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl"
-#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl"
-
-#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1"
-// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also!
-const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl",
- "~APP~ " TEST_WGT_FEATURE_APP_ID " rl",
- nullptr };
-const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, nullptr };
-// WGT Api Feature Test data - rwx access only to WGT app
-const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx",
- nullptr };
-const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, nullptr };
-
-rules_t rules_to_test_any_access1 = {
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" },
- { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" }
-};
-
-rules_t rules_to_test_any_access2 = {
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" },
- { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" }
-};
-
-#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \
- (const rules_t) { \
- { sub, obj, "r" }, \
- { sub, obj, "w" }, \
- { sub, obj, "x" }, \
- { sub, obj, "a" }, \
- { sub, obj, "t" }, \
- { sub, obj, "l" } }
-
-RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress)
-
-/**
- * Test - Simulation of 100 installations and uninstallations of one application.
- * Installed application will have various kind of permissions from api
- * features and shared folders.
- */
-void privilege_control22_app_installation_1x100(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- std::string shared_dir_auto_label;
-
- // Clear any previously created apps, files, labels and permissions
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_APP_DIR
- << ". Result: " << result);
-
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR
- << ". Result: " << result);
-
- DB_BEGIN
-
- result = perm_app_revoke_permissions(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
-
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling App-Setting permissions. Result: " << result);
-
- // Install one additional app (used to check perm to shared directories)
- result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Result: " << result);
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_install(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Result: " << result);
- const char *test1[] = { nullptr };
- result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID,
- APP_TYPE_OSP, test1, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error enabling permissions. Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install app loop
- for (int i = 0; i < 100; ++i)
- {
- DB_BEGIN
-
- // Add application
- result = perm_app_install(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. Loop index: " << i
- << ". Result: " << result);
-
- // Add persistent permissions
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from OSP Feature. Loop index: "
- << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. Loop index: "
- << i << ". Result: " << result);
-
- DB_END
-
- // add shared dirs
- switch (i%2) // separate odd and even loop runs
- {
- case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_PRIVATE
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Verify that some previously installed app does not have any access
- // to APP_ID private label
- result = check_no_accesses(smack, rules_to_test_any_access1);
- RUNNER_ASSERT_MSG(result == 1,
- "Error - other app has access to private label. Loop index: "
- << i);
-
- // Get autogenerated Public RO label
- char *label;
- result = smack_getlabel(TEST_NON_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
-
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);
-
- /* all apps are getting the label "User" at the moment. Calling smack_have_access with
- "User" as an argument is no different from previous call */
- /*result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" );
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Public RO dir are granted. Loop index: "
- << i);*/
-
- break;
- }
- case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW
- {
- DB_BEGIN
-
- // Add app shared dir - APP_PATH_SETTINGS_RW
- result = perm_app_setup_path(APP_ID, TEST_APP_DIR,
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW
- result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR,
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. Loop index: " << i
- << ". Result: " << result);
-
- DB_END
-
- // Get autogenerated App-Setting label
- char *label;
- result = smack_getlabel(TEST_APP_DIR, &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir. Loop index: "
- << i << ". Result: " << result);
- shared_dir_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app dir
- // and rx permissions to app
- result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_ID << " "<< shared_dir_auto_label << " rwxatl "
- << "Loop index: " << i);
-
- /* all apps are getting the label "User" at the moment. Calling smack_have_access with
- "User" as an argument is no different from previous call */
- /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. "
- << "Loop index: " << i);
-
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, GENERATED_APP_ID, "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted. "
- << APP_TEST_SETTINGS_ASP1 << " " << GENERATED_APP_ID << " rx"
- << "Loop index: " << i);*/
-
- // Verify that all permissions to public dir have been added
- // correctly, also to other app
- result = smack_have_access(GENERATED_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- break;
- }
- } // END switch
-
- // check if api-features permissions are added properly
- result = check_all_accesses(smack,
- (const rules_t) {
- { GENERATED_APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" },
- { GENERATED_APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added. Loop index: "
- << i);
-
- // revoke permissions
- result = perm_app_revoke_permissions(GENERATED_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. Loop index: " << i
- << ". Result: " << result);
-
- // check if api-features permissions are removed properly
- result = check_no_accesses(smack, rules_to_test_any_access2);
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Loop index: " << i);
-
- // remove labels from app folder
- result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
- // remove labels from shared folder
- result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in " << TEST_NON_APP_DIR
- << " . Loop index: " << i << ". Result: " << result);
-
- // uninstall app
- result = perm_app_uninstall(APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Loop index: " << i
- << ". Result: " << result);
- } // END Install app loop
-
- DB_BEGIN
-
- // Uninstall setting app and additional app
- result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
- DB_END
-}
-
-/**
- * Test - Simulation of 10 installations and uninstallations of set of 10 applications.
- * Installed applications will have various kind of permissions to each other
- * from api-features and shared folders.
- *
- * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app
- *
- * Permissions:
- * test_APP0-4 - receive test_osp_feature_rule_set2
- * test_APP5-9 - receive test_wgt_feature_rule_set2
- *
- * During this test there is one directory created for each app for each loop run,
- * dir name syntax is: /tmp/<app_name>_<i-loop_run>
- *
- * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE
- * test_APP1, test_APP2 & test_APP6 register their directories as
- * APP_PATH_GROUP_RW using the same label
- * LABEL_FOR_PUBLIC_SHARED_DIRS
- * test_APP3, test_APP7 & test_APP8 register their directories as
- * APP_PATH_PUBLIC_RO
- * test_APP4 & test_APP9 register their directories as
- * APP_PATH_SETTINGS_RW
- */
-void privilege_control23_app_installation2_10x10(bool smack)
-{
- int result;
- const int expected_smack_result = smack ? 1:-1;
- const int app_count = 10;
- std::string shared_dir3_auto_label;
- std::string shared_dir7_auto_label;
- std::string shared_dir8_auto_label;
- std::string setting_dir4_auto_label;
- std::string setting_dir9_auto_label;
- char app_ids[app_count][strlen(APP_ID) + 3];
- char app_dirs[app_count][strlen(APP_ID) + 12];
- const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r",
- "~APP~ " APP_ID "7 rxl",
- "~APP~ " APP_ID "8 rwxal",
- "~APP~ " APP_ID "9 rwxatl",
- nullptr };
- const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r",
- "~APP~ " APP_ID "2 rxl",
- "~APP~ " APP_ID "3 rwxal",
- "~APP~ " APP_ID "4 rwxatl",
- nullptr };
-
-
- // generate app ids: test_APP0, test_APP1, test_APP2 etc.:
- for (int i = 0; i < app_count; ++i)
- {
- /* Libprivilege-control assigns "User" label to all apps. Replace it when individual labels
- are supported. */
- result = sprintf(app_ids[i], GENERATED_APP_ID);
- RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i);
- }
-
- DB_BEGIN
-
- // Clear any previously created apps, files, labels and permissions
- for (int i = 0; i < app_count; ++i)
- {
- result = perm_app_revoke_permissions(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions for app: "
- << app_ids[i] << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[i]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[i] << ". Result: " << result);
- }
-
- // Install setting app and give it app-setting permissions
- result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions."
- << " Result: " << result);
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall."
- << " Result: " << result);
- result = perm_app_install(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install."
- << " Result: " << result);
-
- // Register appsettings feature
- result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- " Error while registering api feature. Result: " << result);
-
- result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1,
- APP_TYPE_OSP, PRIV_APPSETTING, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering App-Setting permissions."
- << " Result: " << result);
-
- // Register two valid api features
- result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE,
- test_osp_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: "
- << TEST_OSP_FEATURE << ". Result: " << result);
-
- result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE,
- test_wgt_feature_rule_set2, nullptr, 0);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: "
- << TEST_WGT_FEATURE << ". Result: " << result);
-
- DB_END
-
-
- // Install apps loop
- for (int i = 0; i < 10; ++i)
- {
- DB_BEGIN
-
- // Install 10 apps
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_install(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_install. App id: "
- << app_ids[j]
- << " Loop index: " << i
- << ". Result: " << result);
-
- // Create 10 directories
- result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i);
- RUNNER_ASSERT_MSG(result > 0,
- "Cannot generate directory name for app nr: " << j
- << " Loop index: " << i);
- result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP);
- RUNNER_ASSERT_ERRNO_MSG(result == 0 || errno == EEXIST,
- "Cannot create directory: " << app_dirs[j]);
- result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: " << app_dirs[j]
- << ". Result: " << result);
- }
-
- // Give permissions from api-features
- for (int j = 0; j < (app_count/2); ++j)
- {
- // add persistent api feature permissions
- result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP,
- TEST_OSP_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app__permissions from OSP Feature. App id: "
- << app_ids[j] << " Loop index: " << i << ". Result: " << result);
-
- result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT,
- TEST_WGT_FEATURE_PRIVS, true);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_enable_permissions from WGT Feature. App id: "
- << app_ids[j+5] << " Loop index: " << i << ". Result: " << result);
- }
-
- // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5)
- result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[0]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[5]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6)
- result = perm_app_setup_path(app_ids[1], app_dirs[1],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[2], app_dirs[2],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[2]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[6], app_dirs[6],
- APP_PATH_GROUP_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[6]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8)
- result = perm_app_setup_path(app_ids[3], app_dirs[3],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[1]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[7], app_dirs[7],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[7]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[8], app_dirs[8],
- APP_PATH_PUBLIC_RO);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[8]
- << " Loop index: " << i << ". Result: " << result);
-
- // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9)
- result = perm_app_setup_path(app_ids[4], app_dirs[4],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[4]
- << " Loop index: " << i << ". Result: " << result);
- result = perm_app_setup_path(app_ids[9], app_dirs[9],
- APP_PATH_SETTINGS_RW);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_setup_path. App id: " << app_ids[9]
- << " Loop index: " << i << ". Result: " << result);
-
- DB_END
-
- // All apps have the same label "User" so this check makes no sense.
- // Verify that some previously installed app does not have
- // any acces to app 0 and app 5 PRIVATE folders
- /*for (int j = 0; j < app_count; ++j)
- {
- // Apps 1-9 should not have any access to app 0
- if (j != 0)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[0] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
-
- // Apps 0-4 and 6-9 should not have any access to app 5
- if (j != 5)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Other app (app id: " << app_ids[j] <<
- ") has access to private label of: " << app_ids[5] <<
- ". It may not be shared. Loop index: " << i << ".");
- }
- }*/ // End for Verify PRIVATE
-
- // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" },
- { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Group RW dir are granted. Loop index: "
- << i);
-
- // Get autogenerated Public_RO labels
- char *label;
- result = smack_getlabel(app_dirs[3], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[3]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir3_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[7], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[7]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir7_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[8], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from Public RO shared dir: " << app_dirs[8]
- << " . Loop index: " << i << ". Result: " << result);
- shared_dir8_auto_label = label;
- free(label);
-
- // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8
- // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs
- for (int j = 0; j < app_count; ++j)
- {
- if (j == 3)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
- if (j == 7)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
- if (j == 8)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to owned Public RO dir are granted. App id: "
- << app_ids[j] << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- // Verify that there are no extra permissions to other public dirs
- /*result = check_no_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir3_auto_label.c_str(), "t" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "w" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Unexpected extra permissions added for app:" << app_ids[j]
- << ". Loop index: " << i);*/
- }
-
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], shared_dir3_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir7_auto_label.c_str(), "rx" },
- { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all accesses to Public RO dirs are granted. App id: "
- << app_ids[j] << ". Loop index: " << i);
- } // End for Verify PUBLIC_RO
-
- // Get autogenerated SETTING_RW labels
- result = smack_getlabel(app_dirs[4], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[4] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir4_auto_label = label;
- free(label);
-
- result = smack_getlabel(app_dirs[9], &label,
- SMACK_LABEL_ACCESS );
- RUNNER_ASSERT_MSG(result == 0,
- "Cannot get access label from App-Setting shared dir: "
- << app_dirs[9] << " . Loop index: " << i
- << ". Result: " << result);
- setting_dir9_auto_label = label;
- free(label);
-
- // Verify that setting app has rwx permission to app-settings dirs and rx to apps
- result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[4] << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << app_ids[9] << " " << setting_dir9_auto_label
- << " Loop index: " << i);
- // All apps have the same label "User" so this check makes no sense.
- /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9]
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label
- << " Loop index: " << i);
- result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx");
- RUNNER_ASSERT_MSG(result == expected_smack_result,
- "Not all accesses to App-Setting dir are granted."
- << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label
- << " Loop index: " << i);*/
-
-
-
- // Check if api-features permissions are added properly
- for (int j = 0; j < 5; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[6], "r" },
- { app_ids[j], app_ids[7], "rxl" },
- { app_ids[j], app_ids[8], "rwxal" },
- { app_ids[j], app_ids[9], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- for (int j = 5; j < app_count; ++j)
- {
- result = check_all_accesses(smack,
- (const rules_t) {
- { app_ids[j], app_ids[1], "r" },
- { app_ids[j], app_ids[2], "rxl" },
- { app_ids[j], app_ids[3], "rwxal" },
- { app_ids[j], app_ids[4], "rwxatl" } } );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions from api features added for app id: "
- << app_ids[j] << ". Loop index: " << i);
- }
-
- DB_BEGIN
-
- // Revoke permissions
- for (int j = 0; j < app_count; ++j)
- {
- result = perm_app_revoke_permissions(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_revoke_permissions. App id: "
- << app_ids[j] << " Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // All apps have the same label "User" so this check makes no sense.
- // Check if permissions are removed properly
- /*for (int j = 0; j < app_count; ++j)
- {
- // To all other apps
- for (int k = 0; k < app_count; ++k)
- if (j != k)
- {
- result = check_no_accesses(smack,
- FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k])
- );
- RUNNER_ASSERT_MSG(result == 1,
- "Not all permisions revoked. Subject: " << app_ids[j]
- << " Object: " << app_ids[k] << " Loop index: " << i);
- }
- }*/
-
- DB_BEGIN
-
- // Remove labels from folders and uninstall all apps
- for (int j = 0; j < app_count; ++j)
- {
- result = nftw(app_dirs[j], &nftw_remove_labels,
- FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder
- RUNNER_ASSERT_MSG(result == 0,
- "Unable to clean up Smack labels in: "
- << app_dirs[j] << " . Loop index: " << i
- << ". Result: " << result);
-
- result = perm_app_uninstall(app_ids[j]);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall for app: "
- << app_ids[j] << " . Loop index: " << i
- << ". Result: " << result);
- }
-
- DB_END
-
- // Remove created dirs
- for (int j = 0; j < app_count; ++j)
- {
- result = rmdir(app_dirs[j]);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Cannot remove directory: " << app_dirs[j]);
- }
- } // END Install app loop
-
- // Uninstall setting app
- result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error in perm_app_uninstall. Result: " << result);
-
-}
-
-RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack)
-{
- privilege_control22_app_installation_1x100(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack)
-{
- privilege_control22_app_installation_1x100(false);
-}
-
-RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack)
-{
- privilege_control23_app_installation2_10x10(true);
-}
-
-RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack)
-{
- privilege_control23_app_installation2_10x10(false);
-}
+++ /dev/null
-.
\ No newline at end of file
+++ /dev/null
-../
\ No newline at end of file
+++ /dev/null
-../../
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../non_app_dir/
\ No newline at end of file
+++ /dev/null
-../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-test_APP_REAL
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Pawel Polawski (p.polawski@samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-SET(TARGET_TEST "libsmack-test")
-
-#dependencies
-PKG_CHECK_MODULES(TARGET_DEP
- libsmack
- REQUIRED
- )
-
-#files to compile
-SET(TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/libsmack-test.cpp
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_cases.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-#preprocessor definitions
-#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-
-#output format
-ADD_EXECUTABLE(${TARGET_TEST} ${TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${TARGET_TEST}
- ${TARGET_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-#place for additional files
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
-#place for full rules
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules_full
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules2
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules2
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules3
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules3
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
-
-#place for rules4
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules4
- DESTINATION /etc/smack
- PERMISSIONS
- OWNER_READ
- GROUP_READ
- WORLD_READ
- )
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file libprivilege-test.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @version 1.0
- * @brief libsmack test runer
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @author Jan Olszak (j.olszak@samsung.com)
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief libsmack test runner
- */
-
-#include <string>
-#include <sstream>
-#include <fcntl.h>
-#include <unistd.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/xattr.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/file.h>
-#include <sys/wait.h>
-#include "tests_common.h"
-#include <access_provider.h>
-#include <fs_label_manager.h>
-#include "memory.h"
-
-const char* const TEST_SUBJECT = "test_subject";
-const char* const TEST_OBJECT = "test_object";
-const char* const TEST_OBJECT_2 = "test_object_2";
-
-const std::string testDir = "/tmp/";
-const std::vector<std::string> accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" };
-
-//This one define is required for sockaddr_un initialization
-#define SOCK_PATH "/tmp/test-smack-socket"
-
-RUNNER_TEST_GROUP_INIT(libsmack)
-/**
- * Helper method to reset privileges at the begginning of tests.
- */
-void clean_up()
-{
- smack_revoke_subject(TEST_SUBJECT);
-}
-
-/**
- * Checking if subject has any access to object
- */
-bool checkNoAccesses(const char *subject, const char *object)
-{
- int result;
-
- for(const auto &perm : std::vector<std::string> {"r", "w", "a","t", "l"}) {
- result = smack_have_access(subject, object, perm.c_str());
- if (result == 1) {
- return false;
- }
- }
- return true;
-}
-
-void removeAccessesAll()
-{
- for(int i = 1; i <=3; i++)
- //smack_revoke_subject will fail, when subject does not exist in kernel
- //as this function is called at test beginning we cannot check return value
- smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str());
-}
-
-/**
- * Add a new access with smack_accesses_add_modify()
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){
- int result;
-
- clean_up();
-
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // THE TEST
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify by empty rules");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr");
- RUNNER_ASSERT_MSG(result == 1, "Rule modified (added 'xr'), but no change made.");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Test if rules are applied in the right order, and modification works.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0,
- "Modification didn't work");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Test if rules are applied in the right order, and modification works.
- * Using different smack_accesses list to add and delete.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- // Add r privilage
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1,
- "Adding privileges didn't work");
-
- // Revoke r privilege
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result == 0, "Modification didn't work, rule has still 'r' privileges.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Add a list of privileges and then revoke just ONE of them.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Add a list of privileges and then revoke just ONE of them.
- * Without applying privileges in between those actions.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-
-/**
- * Add a list of privileges and then revoke just TWO of them.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){
- int result;
- struct smack_accesses *rules = nullptr;
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- clean_up();
-
- // THE TEST
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt","");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule.");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax");
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'wax' privileges.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r");
- RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege.");
-
- // CLEAN UP
- clean_up();
-}
-
-/**
- * Run smack_accesses_add_modify with the same accesses_add and accesses_del.
- */
-RUNNER_TEST_SMACK(smack_accesses_add_modify_test_7){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str(), accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Error while checking smack access. Accesses exist.");
-
- // CLEAN UP
- clean_up();
- }
-}
-
-/**
- * Revoke subject with previously added rules and revoke it again.
- */
-RUNNER_TEST_SMACK(smack_revoke_subject_test_1){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str(),"");
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
- "Rule " << accessesBasic[i].c_str() << " does not exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. "
- "Rule " << accessesBasic[i].c_str() << " does not exist.");
-
- // Revoking subject
- result = smack_revoke_subject(TEST_SUBJECT);
- RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Revoke didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Revoke didn't work. Accesses exist.");
-
-
- // Revoking subject again
- result = smack_revoke_subject(TEST_SUBJECT);
- RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Revoke didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Revoke didn't work. Accesses exist.");
-
- }
-}
-
-/**
- * Clearing accesses
- */
-RUNNER_TEST_SMACK(smack_accesses_clear_test_1){
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i) {
- // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
-
- // Creating and clearing rules with TEST_OBJECT
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work. Rule "
- << accessesBasic[i].c_str() << " does exist.");
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1, "Clearing rules didn't work. Rule "
- << accessesBasic[i].c_str() << " does not exist.");
-
- // Creating and clearing rules with TEST_OBJECT
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance");
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work.");
-
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT),
- " Clear didn't work. Accesses exist.");
- RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2),
- " Clear didn't work. Accesses exist.");
- }
-}
-
-RUNNER_TEST(smack01_storing_and_restoring_rules)
-{
- /*
- * author: Pawel Polawski
- * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file,
- * smack_accesses_free, smack_accesses_save
- * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be
- * stored and restored from file.
- * expect: Rules created and stored in file should be identical to predefined template.
- */
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- struct smack_accesses *import_test = nullptr; //rules imported from file
-
- int result; //result of each operation to be tested by RUNNER_ASSERT
- int fd, tmp, sample; //file descripptors for save / restore rules tests
-
- //int smack_accesses_new(struct smack_accesses **accesses);
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
- RUNNER_ASSERT(smack_accesses_new(&import_test) == 0);
- SmackAccessesPtr import_ptr(import_test);
-
- //opening files
- fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_rules");
- FdUniquePtr fd_ptr(&fd);
- tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp");
- FdUniquePtr tmp_ptr(&tmp);
- sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules
- RUNNER_ASSERT_ERRNO_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules");
- FdUniquePtr sample_ptr(&sample);
-
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx");
- RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules");
-
- result = smack_accesses_save(rules_ptr.get(), fd);
- RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file");
-
- result = lseek(fd, 0, SEEK_SET);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
- result = smack_accesses_add_from_file(import_ptr.get(), fd);
- RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file");
-
- result = smack_accesses_save(import_ptr.get(), tmp);
- RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file");
-
- //comparing rules saved in file, restored from it and stored one more time
- result = files_compare(fd, tmp);
- RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules");
-
- //comparing rules stored in file with reference preinstalled rules
- result = files_compare(tmp, sample);
- RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file");
-}
-
-RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel)
-{
- /*
- * author: Pawel Polawski
- * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new,
- * smack_accesses_add, smack_accesses_free
- * description: In this test case aplying rules to kernel will be tested. After that function for test
- * accesses will be used.
- * expect: In case of correct rules access should be granted.
- */
-
- //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing)
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- int result; //for storing functions results
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules to struct
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel
- RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
-
- //should have access - rule exist
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access");
- //should have no access - wrong rule, should be "r" only
- result = smack_have_access("reader", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
- //should have no access - rule not exist
- result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access");
-
- //this subject do not exist in kernel rules
- result = smack_revoke_subject("s02nonexistinglabel");
- RUNNER_ASSERT_MSG(result == 0, "Error in removing not existing subject from kernel");
- result = smack_revoke_subject("spy"); //this subject exist in kernel rules
- RUNNER_ASSERT_MSG(result == 0, "Error in removing existing subject from kernel");
-
- //testing access after revoke_subject() from kernel
- result = smack_have_access("spy", "book", "rwx");
- //now spy should have no access
- RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
-
- //for create new rule as a consequence of use accesses_clear() below
- result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //"spy" removed before by using smack_revoke_subject()
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
-
- //testing acces after acces_clear()
- result = smack_have_access("writer", "book", "rwx");
- //now writer also should have no access
- RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel");
-
-}
-
-//pairs of rules for test with mixed cases, different length and mixed order
-std::vector< std::vector<std::string> > correct_rules = {
- { "reader1", "-", "------" },
- { "reader2", "--------", "------" },
- { "reader3", "RwXaTl", "rwxatl" },
- { "reader4", "RrrXXXXTTT", "r-x-t-" },
- { "reader5", "-r-w-a-t-", "rw-at-" },
- { "reader6", "", "------" },
- { "reader7", "xa--Rt---W--L", "rwxatl" },
-};
-
-RUNNER_TEST_SMACK(smack03_mixed_rule_string_add)
-{
- /*
- * author: Pawel Polawski
- * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free
- * description: In thist test case rules based on mixed string are added to kernel.
- * Strings are presented above and contains lower / upper case alpha, numbers and special signs.
- * expect: Rules should be parsed correct and aplied to kernel.
- */
-
- //In thist test case mixed string are used as rules applied to kernel, next they are
- //readed and compared with correct form of rules
-
- struct smack_accesses *rules = nullptr; //rules prepared in this test case
- int result; //for storing functions results
- int expected;
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules with mixed string
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- //using mixed rules from table
- result = smack_accesses_add(rules_ptr.get(),
- (*rule)[0].c_str(),
- "book",
- (*rule)[1].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- }
-
- //clearing
- //FIXME: Using clear() here can cover error in accesses_apply() function
- //result = smack_accesses_clear(rules);
- //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel");
-
- //applying rules to kernel
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel");
-
- //checking accesses using normal rules
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- if ((*rule)[2] == "------")
- expected = 0;
- else
- expected = 1;
- //using normal rules from table
- result = smack_have_access((*rule)[0].c_str(),
- "book",
- (*rule)[2].c_str());
- RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
- }
-}
-
-RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access)
-{
- /*
- * author: Pawel Polawski
- * test: smack_have_access
- * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings.
- * expect: Subjects should have accesses to the objects.
- */
-
- //In this test case we checking previous aplied rules but for compare mixed strings are used
-
- int result;
- int expected;
-
- //rules were added in previous RUNNER_TEST section
- //checking accesses using mixed rules
- for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) {
- if ((*rule)[2] == "------")
- expected = 0;
- else
- expected = 1;
- //using mixed rules from table
- result = smack_have_access((*rule)[0].c_str(),
- "book",
- (*rule)[1].c_str());
- RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access");
- }
-}
-
-//RUNNER_TEST(smackXX_accesses_add_modify)
-//{
-//IDEAS FOR TESTS
-// - what if we want to apply rule that is already in kernel?
-// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule)
-// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule
-//}
-
-RUNNER_TEST_SMACK(smack05_self_label)
-{
- /*
- * author: Pawel Polawski
- * test: smack_set_label_for_self, smack_new_label_from_self
- * description: In this test case process test it own default label. Next label is changed
- * and tested one more time if change was successfull.
- * expect: Proces should have default "-" label and can change it to the oter one.
- */
-
- //In this test case process will manipulate it own label
-
- char *label = nullptr;
- int result;
- int fd;
-
- const int B_SIZE = 8;
- char buff[B_SIZE];
-
- const char *def_rule = "_";
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
- //comparing this label with default one "_"
- result = strcmp(label, def_rule);
- free(label);
- RUNNER_ASSERT_MSG(result == 0, "Wrong default process label");
-
- //comparing this rule with received from /proc/self/attr/current
- fd = open("/proc/self/attr/current", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /proc/self/attr/current");
- FdUniquePtr fd_ptr(&fd);
- result = read(fd, buff, B_SIZE);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
- result = strncmp(buff, def_rule, result);
- RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule");
-
- //now time for setting labels:
-
- result = smack_set_label_for_self("cola");
- RUNNER_ASSERT_MSG(result == 0, "Error in setting self label");
-
- //checking new label using smack function
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label");
- result = strcmp(label, "cola");
- free(label);
- RUNNER_ASSERT_MSG(result == 0, "Wrong process label");
-
- //checking new label using /proc/self/attr/current
- result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
- result = read(fd, buff, B_SIZE);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current");
- result = strncmp(buff, "cola", result);
- RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set");
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_0)
-{
- RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
- const std::string fsLabel = "smack06_setlabel_getlabel_test_0";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // reset labels first time
- fs.testSmackClearLabels(filePath);
-
- // reset labels second time
- fs.testSmackClearLabels(filePath);
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_1)
-{
- const std::string fsLabel = "smack06_setlabel_getlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // set and get labels first time
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- // set and get same labels second time
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_2)
-{
- RUNNER_IGNORED_MSG("Upstream does not support label removal yet");
- const std::string fsLabel = "smack06_setlabel_getlabel_test_2";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
- const std::string linkPath = "link";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
- fs.createLink(linkPath, filePath);
-
- // set and get labels for file to which link points
- fs.testSmackSetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackGetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC);
-
- // link labels should not be changed
- fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_ACCESS);
- fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_lsetlabel_lgetlabel_test_1)
-{
- const std::string fsLabel = "smack06_lsetlabel_lgetlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "fileAccess";
- const char* testLabelExec = "fileExec";
- const char* testLinkLabelAccess = "linkAccess";
- const char* testLinkLabelExec = "linkExec";
- const std::string filePath = "file";
- const std::string linkPath = "link";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
- fs.createLink(linkPath, filePath);
-
- // set different labels for link and file
- fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackLSetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackLSetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
-
- // get those labels
- fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackLGetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackLGetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack06_fsetlabel_fgetlabel_test_1)
-{
- const std::string fsLabel = "smack06_fsetlabel_fgetlabel_test_1";
- const std::string fsPath = std::string("/tmp/") + fsLabel;
-
- const char* testLabelAccess = "access";
- const char* testLabelExec = "exec";
- const std::string filePath = "file";
-
- FsLabelManager fs(fsPath, fsLabel);
- fs.createFile(filePath);
-
- // set and get labels for fd
- fs.testSmackFSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackFSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
- fs.testSmackFGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS);
- fs.testSmackFGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC);
-}
-
-RUNNER_TEST_SMACK(smack10_adding_removing_rules)
-{
- unsigned int i;
- int result;
-
- struct smack_accesses *rules = nullptr;
-
- for (i = 0; i < accessesBasic.size(); ++i)
- {
- // Creating rules
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- clean_up();
- }
-
- for (i = 0; i < 3; ++i)
- {
- // --- Creating rules (r or w or x)
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- // --- Modifying accesses (r for wx or w for rx or x for rw)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i + 3].c_str(),accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- rules_ptr.release();
- // --- Creating complementary rules (r or w or x)
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Adding accesses
- result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // --- Modifying accesses (adding rwx and removing r or w or x)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx",
- accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Checking if wrong accesses were not created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str());
- RUNNER_ASSERT_MSG(result == 0,
- " Error while checking smack access. Result: " << result);
-
- // --- Adding crossing accesses (rx or rw or wx)
- result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[3 + ((i + 1) % 3)].c_str(),"");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking if accesses were created
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,
- accessesBasic[3 + ((i + 1) % 3)].c_str());
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result);
-
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while checking smack access. Result: " << result);
-
- // Deleting all rules
- clean_up();
- }
-}
-
-RUNNER_TEST_SMACK(smack11_saving_loading_rules)
-{
- int result;
- int fd;
-
- struct smack_accesses *rules = nullptr;
-
- // Pre-cleanup
- removeAccessesAll();
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- SmackAccessesPtr rules_ptr(rules);
-
- // Loading file with rwxat rules - test_smack_rules_full
- fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- result = smack_have_access("test_subject_01", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_01", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_02", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_01", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_02", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
- result = smack_have_access("test_subject_03", "test_object_03", "rwxat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack accesses.");
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules2
- fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file");
-
- // Applying rules
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result);
-
- // Checking rules
- RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_01", "test_object_02", "rwatl");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_01", "test_object_03", "wat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"),
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist.");
- result = smack_have_access("test_subject_02", "test_object_02", "wa-lt");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_02", "test_object_03", "wr");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_01", "a");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_02", "rwat");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
- result = smack_have_access("test_subject_03", "test_object_03", "w---l-");
- RUNNER_ASSERT_MSG(result == 1,
- " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result );
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules3
- fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
-
- // Removing rules
- removeAccessesAll();
-
- // Creating rules
- rules_ptr.release();
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- rules_ptr.reset(rules);
-
- // Loading file with partial wrong rules - test_smack_rules4
- fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4");
-
- // Adding rules from file
- result = smack_accesses_add_from_file(rules_ptr.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file");
-
- // Removing rules
- removeAccessesAll();
-}
-
-//int smack_new_label_from_socket(int fd, char **label);
-
-
-static void smack_set_another_label_for_self(void)
-{
- static int number = time(nullptr);
-
- number++;
- std::string smack_label("s" + std::to_string(number));
-
- int result = smack_set_label_for_self(smack_label.c_str());
- RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << smack_label << ") failed");
-}
-
-static void smack_unix_sock_server(int sock)
-{
- int fd, result;
- char *label;
-
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO(fd >= 0);
- FdUniquePtr fd_ptr(&fd);
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed");
- CStringPtr label_ptr(label);
- result = write(fd, label, strlen(label));
- RUNNER_ASSERT_ERRNO_MSG(result == (int)strlen(label), "write() failed");
-
-}
-
-RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- unlink(SOCK_PATH);
- smack_set_another_label_for_self();
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- if (!pid) { /* child process, server */
- int sock, result;
-
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
- smack_unix_sock_server(sock);
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- /* Test if socket label was unaffected by fork() */
- smack_unix_sock_server(sock);
- if (!pid) {
- usleep (100);
- smack_set_another_label_for_self();
- smack_unix_sock_server(sock);
- }
-
- exit(0);
- } else { /* parent process, client */
- sleep(1); /* Give server some time to setup listening socket */
- for (int i = 0; i < 4; ++i) {
- int sock, result;
- char smack_label1[SMACK_LABEL_LEN + 1];
- char *smack_label2;
-
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
- result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
- alarm(2);
- result = read(sock, smack_label1, SMACK_LABEL_LEN);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed");
- smack_label1[result] = '\0';
- result = smack_new_label_from_socket(sock, &smack_label2);
- SmackLabelPtr label2_ptr(smack_label2);
- RUNNER_ASSERT_MSG(result >= 0, "smack_label_from_socket failed");
- result = strcmp(smack_label1, label2_ptr.get());
- if (i < 3)
- RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1
- << "' != '" << smack_label2 << "' i == " << i);
- else
- RUNNER_ASSERT_MSG(result != 0, "smack labels do not differ: '" << smack_label1
- << "' != '" << smack_label2 << "' i == " << i);
- }
- }
-}
-
-void createFileWithLabel(const std::string &filePath, const std::string &fileLabel)
-{
- //create temporary file and set label for it
- mode_t systemMask;
-
- unlink(filePath.c_str());
- //allow to create file with 777 rights
- systemMask = umask(0000);
- int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO);
- //restore system mask
- umask(systemMask);
- RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests");
-
- //for descriptor protection
- FdUniquePtr fd_ptr(&fd);
-
- //change owner and group to user APP
- int ret = chown(filePath.c_str(), APP_UID, APP_GID);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner");
-
- //set smack label on file
- ret = smack_setlabel(filePath.c_str(), fileLabel.c_str(), SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Unable to set label for file: " << ret);
-
- char *label = nullptr;
- ret = smack_getlabel(filePath.c_str(), &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(ret == 0, "Unable to get label from file");
- std::string label_str(label ? label : "");
- free(label);
- RUNNER_ASSERT_MSG(label_str == fileLabel, "File label not match set label");
-}
-
-void prepareEnvironment(const std::string &subject, const std::string &object, const std::string &access)
-{
- const std::string ruleAll = "x";
-
- SecurityServer::AccessProvider provider(subject);
- provider.addObjectRule("User", ruleAll);
- provider.addObjectRule(object, access);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-}
-
-//- Add "l" rule to system
-//
-//Should be able to add "l" rule to system
-RUNNER_CHILD_TEST_SMACK(smack13_0_checking_laccess_mode_enabled_on_device)
-{
- std::string selfLabel = "smack13_0";
- std::string filename = "smack13_0_file";
-
- //function inside checks if rule exist after add it
- SecurityServer::AccessProvider provider(selfLabel);
- provider.addObjectRule(filename, "l");
- provider.apply();
-
- int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l");
- RUNNER_ASSERT_MSG(ret == 1, "Error in adding laccess rule - l");
-}
-
-//- Create file
-//- Set label for file and self
-//- Drop privileges
-//
-//Should have no access due to missing SMACK rule
-RUNNER_CHILD_TEST_SMACK(smack13_1_checking_laccess_mode)
-{
- std::string selfLabel = "smack13_1";
- std::string filename = "smack13_1_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- SecurityServer::AccessProvider provider(selfLabel);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//
-//Should be able to lock file even without "w" rule
-RUNNER_CHILD_TEST_SMACK(smack13_2_checking_laccess_mode_with_l_rule)
-{
- std::string selfLabel = "smack13_2";
- std::string filename = "smack13_2_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- prepareEnvironment(selfLabel, filename, "l");
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "w"
-//- Drop privileges
-//
-//Should be able to lock file even without "l" rule
-RUNNER_CHILD_TEST_SMACK(smack13_3_checking_laccess_mode_with_w_rule)
-{
- std::string selfLabel = "smack13_3";
- std::string filename = "smack13_3_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
-
- prepareEnvironment(selfLabel, filename, "w");
-
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
- ret = flock(fd, LOCK_UN | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file");
- ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "rw"
-//- Drop privileges
-//- Lock file (shared lock)
-//- Spawn child process
-//- Child tries to lock file (shared)
-//
-//Child should be able to lock file due to shared lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child)
-{
- std::string selfLabel = "smack13_4_0";
- std::string filename = "smack13_4_0_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- prepareEnvironment(selfLabel, filename, "rw");
-
- int child_fd = open(filePath.c_str(), O_RDWR);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//- Lock file (shared lock)
-//- Spawn child process
-//- Child tries to lock file (shared)
-//
-//Child should be able to lock file due to shared lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child)
-{
- std::string selfLabel = "smack13_4_1";
- std::string filename = "smack13_4_1_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_str(&fd);
- int ret = flock(fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- //"r" is only for open in O_RDONLY mode
- prepareEnvironment(selfLabel, filename, "rl");
-
- int child_fd = open(filePath.c_str(), O_RDONLY, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_SH | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "rw"
-//- Drop privileges
-//- Lock file (exclusive lock)
-//- Spawn child process
-//- Child tries to lock file (exclusive / shared)
-//
-//Child should not be able to lock file due to exclusive lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child)
-{
- std::string selfLabel = "smack13_4_2";
- std::string filename = "smack13_4_2_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- prepareEnvironment(selfLabel, filename, "rw");
-
- int child_fd = open(filePath.c_str(), O_RDWR, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with exclusive lock");
- }
-}
-
-//- Create file
-//- Set label for file and self
-//- Add SMACK rule "l"
-//- Drop privileges
-//- Lock file (exclusive lock)
-//- Spawn child process
-//- Child tries to lock file (exclusive / shared)
-//
-//Child should not be able to lock file due to exclusive lock
-RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child)
-{
- std::string selfLabel = "smack13_4_3";
- std::string filename = "smack13_4_3_file";
- std::string filePath = testDir + filename;
-
- createFileWithLabel(filePath, filename);
- int fd = open(filePath.c_str(), O_RDWR, 0);
- FdUniquePtr fd_ptr(&fd);
- int ret = flock(fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file");
-
- pid_t pid = fork();
- if (pid == 0) {
- //child process
- //"r" is only for open in O_RDONLY mode
- prepareEnvironment(selfLabel, filename, "rl");
-
- int child_fd = open(filePath.c_str(), O_RDONLY, 0);
- RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file");
- //for descriptor protection
- FdUniquePtr child_fd_ptr(&child_fd);
-
- ret = flock(child_fd, LOCK_EX | LOCK_NB);
- RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with eclusive lock");
- }
-}
-
-
-/////////////////////////////////////////
-//////NOSMACK ENVIRONMENT TESTS//////////
-/////////////////////////////////////////
-
-/**
- * NOSMACK version of smack02 test. Functions, that should return error instead of success:
- * - smack_accesses_apply
- * - smack_have_access
- * - smack_revoke_subject
- * - smack_acceesses_clear
- *
- * Tests smack03, smack04, smack10, smack_accesses_clear, smack_revoke_subject all use functions
- * tested in smack02 test. Results from those functions (smack_have_access, smack_accesses_apply,
- * smack_accesses_clear, smack_revoke_subject) would be the same as in this test. Tests mentioned
- * above doesn't make much sense on NOSMACK environment when test smack02 exists and passes
- * correctly, thus those tests are are not implemented.
- */
-RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack)
-{
-
- smack_accesses *rules = nullptr;
- int result;
-
- //init rules
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
- //pass rules to unique_ptr
- SmackAccessesPtr rules_ptr(rules);
-
- //adding test rules to struct (same as SMACK version of smack02 test)
- result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
- result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //applying rules to kernel (should fail)
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1, "Unable to apply rules into kernel");
-
- //calls from SMACK version of this test - all should fail because of SMACK being turned off
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("reader", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
- result = smack_have_access("s02badsubjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)");
-
- //testing subject revoking - should return error (no accesses applied = no subjects to revoke)
- result = smack_revoke_subject("s02nonexistinglabel");
- RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
- result = smack_revoke_subject("spy");
- RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist.");
-
- //after revoking smack_have_access still should return error
- result = smack_have_access("spy", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
-
- result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx");
- RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules");
-
- //smack_accesses_clear should return error aswell
- result = smack_accesses_clear(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1, "Clearing rules should return error - no SMACK on system.");
-
- result = smack_have_access("writer", "book", "rwx");
- RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off).");
-}
-
-/**
- * NOSMACK version of smack11 test. Tests functions:
- * - smack_accesses_add_from_file
- *
- * Since other SMACK functions were tested in smack02 test, the only function needed to be checked
- * is applying rules loaded from file.
- */
-RUNNER_TEST_NOSMACK(smack03_saving_loading_rules_nosmack)
-{
- int result;
- int fd;
-
- smack_accesses* tmp = nullptr;
-
- RUNNER_ASSERT(smack_accesses_new(&tmp) == 0);
- SmackAccessesPtr rules(tmp);
-
- //open file with rules
- fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full");
-
- //load accesses from file
- result = smack_accesses_add_from_file(rules.get(), fd);
- close(fd);
- RUNNER_ASSERT_MSG(result == 0, "Error while importing accesses from file. Result: " << result);
-}
-
-/**
- * NOSMACK version of smack05 test. Tests if functions getting, or
- * setting self label work correctly (that is, return error).
- */
-RUNNER_TEST_NOSMACK(smack04_self_label_nosmack)
-{
- char* label = nullptr;
- int result;
- int fd;
-
- char buff[SMACK_LABEL_LEN+1];
-
- //smack_new_label_from_self should fail
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
- //We don't need to remember about freeing label - smack_new_label_from_self must return nullptr
- //label if it's working properly.
-
- // /proc/self/attr/current shouldn't keep any rules inside
- fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "/proc/self/attr/current failed to open");
- FdUniquePtr fd_ptr(&fd);
-
- result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error
- RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
-
- //setting label for self should fail
- result = smack_set_label_for_self("s04testlabel");
- RUNNER_ASSERT_MSG(result == -1, "set_label_for_self should return error (SMACK is off).");
-
- //getting previously set label should also fail
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off).");
- RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label.");
-
- // /proc/self/attr/current still shouldn't keep any rules inside
- result = lseek(fd, 0, SEEK_SET); //going to the file beginning
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error");
-
- result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error
- RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error");
-}
-
-/**
- * NOSMACK version of smack_accesses_add_modify_x tests.
- *
- * Because all smack_accesses_add_modify tests are basically the same (all use smack_accesses_apply
- * and smack_have_access, which return -1 when SMACK is turned off), it makes much more sense to
- * write one test which will create rules using smack_accesses_add_modify and then check if
- * smack_accesses_apply and smack_have_access indeed return -1 when SMACK is turned off.
- */
-RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack)
-{
- int result;
- smack_accesses* rules = nullptr;
-
- RUNNER_ASSERT(smack_accesses_new(&rules) == 0);
-
- SmackAccessesPtr rules_ptr(rules);
-
- //Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new
- //rule struct and removal of currenctly added and applied rules. clean_up() must be done only
- //after smack_accesses_apply().
- result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
-
- result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", "");
- RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result);
-
- result = smack_accesses_apply(rules_ptr.get());
- RUNNER_ASSERT_MSG(result == -1,
- "smack_accesses_apply should return error (SMACK is off). Result: " << result);
-
- result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx");
- if(result != -1) {
- clean_up();
- RUNNER_FAIL_MSG("smack_have_access should return error (SMACK is off). Result: "
- << result);
- }
-
- clean_up();
-}
-
-/**
- * NOSMACK version of smack09 test.
- *
- * This test checks if smack_new_label_from_socket reacts correctly. Since label should be
- * acquired from getsockopt, and it should fail, we must only set up socket and call
- * smack_new_label_from_socket. It should return error.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack)
-{
- int pid;
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- unlink(SOCK_PATH);
- char* smack_label;
-
- pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
- if (!pid) { //child (server)
- int sock, result;
- int fd;
-
- //Create new socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
-
- //Bind it to sockaddr
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
-
- //Prepare for listening
- result = listen(sock, 1);
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed");
-
- //Accept client
- alarm(2);
- fd = accept(sock, nullptr, nullptr);
- alarm(0);
- RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Failed when accepting connection from client");
- FdUniquePtr fd_ptr(&fd);
-
- //wait for smack_new_label_from_socket execution
- usleep(200);
-
- //Close server
- exit(0);
- }
- else { //parent (client)
- //Wait a little bit until server is set up
- sleep(1);
- int sock, result;
-
- //Create socket
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sock_ptr(&sock);
-
- //Connect to sockaddr
- result = connect(sock, (struct sockaddr*) &sockaddr,
- sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed");
-
- //Try getting label, should fail beacuse getsockopt won't get anything
- result = smack_new_label_from_socket(sock, &smack_label);
- RUNNER_ASSERT_MSG(result == -1, "smack_new_label_from_socket should fail.");
- }
-}
+++ /dev/null
-writer book rw----
-reader book r-----
+++ /dev/null
-test_subject_01 test_object_01 ---
-test_subject_01 test_object_02 rwatl
-test_subject_01 test_object_03 wat
-test_subject_02 test_object_01 -------
-test_subject_02 test_object_02 wa-lt
-test_subject_02 test_object_03 -rw--r------
-test_subject_03 test_object_01 aaaaaa ------
-test_subject_03 test_object_02 rwat
-test_subject_03 test_object_03 w---l-
+++ /dev/null
-test_subject_01 test_object_01 rwatl
-test_subject_01 test_object_02
-test_subject_01 test_object_03 xxxxx
+++ /dev/null
-test_subject_01 test_object_01 rwxatl
-test_subject_01 test_object_02 +rwh4r9d32!@#$ 49$%^x2 rwxat
-test_subject_01 test_object_03 aaaaaa xxxxxx
+++ /dev/null
-test_subject_01 test_object_01 rwxatl
-test_subject_01 test_object_02 rwxatl
-test_subject_01 test_object_03 rwxatl
-test_subject_02 test_object_01 rwxatl
-test_subject_02 test_object_02 rwxatl
-test_subject_02 test_object_03 rwxatl
-test_subject_03 test_object_01 rwxatl
-test_subject_03 test_object_02 rwxatl
-test_subject_03 test_object_03 rwxatl
+++ /dev/null
-# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# @file CMakeLists.txt
-# @author Dongsun Lee (ds73.lee@samsung.com)
-# @version 0.1
-# @brief
-#
-INCLUDE(FindPkgConfig)
-SET(TARGET_WAE_TEST "libwebappenc-tests")
-
-#dependencies
-PKG_CHECK_MODULES(TARGET_WAE_DEP
- libwebappenc
- REQUIRED
- )
-
-#files to compile
-SET(TARGET_WAE_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/src/libwebappenc-tests/libwebappenc-tests.cpp
- ${PROJECT_SOURCE_DIR}/src/libwebappenc-tests/test_cases.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${TARGET_WAE_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-#output format
-ADD_EXECUTABLE(${TARGET_WAE_TEST} ${TARGET_WAE_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${TARGET_WAE_TEST}
- ${TARGET_WAE_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-#place for output file
-INSTALL(TARGETS ${TARGET_WAE_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file libwebappenc-tests.cpp
- * @author Dongsun Lee (ds73.lee@samsung.com)
- * @version 1.0
- * @brief libwebappenc test runer
- */
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * @file test_cases.cpp
- * @author Dongsun Lee (ds73.lee@samsung.com)
- * @version 1.0
- * @brief libwebappenc test cases
- */
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <string>
-#include <sstream>
-#include <fcntl.h>
-#include <unistd.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dpl/log/log.h>
-#include "tests_common.h"
-#include <web_app_enc.h>
-
-#define TEST_PKGID_1 "testpkg_for_downloaded"
-#define TEST_PKGID_2 "testpkg_for_preloaded"
-#define TEST_PLAINTEXT "adbdfdfdfdfdererfdfdfererfdrerfdrer"
-#define PRELOADED_WAPP_FILE1 "/usr/share/wae/test/PRELOADED_WAPP_FILE1.enc"
-
-#define DOWNLOADED_ENC_FILE "/tmp/downloaded_enc_file"
-#define PRELOADED_ENC_FILE "/tmp/preloaded_enc_file"
-
-int _read_from_file(const char* path, unsigned char** data, size_t* len)
-{
- int ret = WAE_ERROR_NONE;
- FILE* f = NULL;
- int file_len = -1;
- unsigned char* file_contents = NULL;
- int ch = 0;
- int i = 0;
-
- f = fopen(path, "r");
- if( f == NULL) {
- ret = WAE_ERROR_FILE;
- goto error;
- }
-
- fseek(f, 0, SEEK_END); // move to the end of a file
- file_len = ftell(f);
- fseek(f, 0, SEEK_SET); // move to the start of a file
-
- file_contents = (unsigned char*) malloc(file_len);
- if(file_contents == NULL) {
- ret = WAE_ERROR_MEMORY;
- goto error;
- }
- memset(file_contents, 0x00, file_len);
-
- while( (ch = fgetc(f)) != EOF) {
- file_contents[i++]=(char)ch;
- }
-
- *data = file_contents;
- *len = file_len;
-
-error:
- if(f != NULL)
- fclose(f);
- if(ret != WAE_ERROR_NONE && file_contents != NULL)
- free(file_contents);
-
- return ret;
-}
-
-int _write_to_file(const char* path, const unsigned char* data, size_t len)
-{
- int ret = WAE_ERROR_NONE;
-
- FILE* f = NULL;
- int write_len = -1;
-
- f = fopen(path, "w");
- if( f == NULL) {
- ret = WAE_ERROR_FILE;
- goto error;
- }
-
- write_len = fwrite(data, 1, len, f);
- if(write_len != (int) len) {
- ret = WAE_ERROR_FILE;
- goto error;
- }
-error:
- if(f != NULL)
- fclose(f);
-
- return ret;
-}
-
-
-RUNNER_TEST_GROUP_INIT(libwebappenc)
-
-RUNNER_TEST(T01_init) {
- wae_remove_app_dek(TEST_PKGID_1, WAE_DOWNLOADED_GLOBAL_APP);
- wae_remove_app_dek(TEST_PKGID_2, WAE_PRELOADED_APP);
-}
-
-RUNNER_CHILD_TEST(T02_downloaded_web_app_enc){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_1;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
-
- wae_app_type_e appType = WAE_DOWNLOADED_GLOBAL_APP;
-
- ret = wae_encrypt_web_application(pkgId, appType,
- (const unsigned char*)plaintext, plaintextLen,
- &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_encrypt_web_application. ret=" << ret);
-
- ret = _write_to_file(DOWNLOADED_ENC_FILE, encrypted, encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _write_to_file. file=" << DOWNLOADED_ENC_FILE);
-}
-
-RUNNER_CHILD_TEST(T03_downloaded_web_app_dec){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_1;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
- unsigned char* decrypted = NULL;
- size_t decLen = 0;
-
- wae_app_type_e appType = WAE_DOWNLOADED_GLOBAL_APP;
-
- ret = _read_from_file(DOWNLOADED_ENC_FILE, &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _read_from_file. ret=" << ret);
-
- ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_decrypt_web_application. ret=" << ret);
-
- RUNNER_ASSERT_MSG(plaintextLen == decLen,
- "FAIL: plaintext_len("<<plaintextLen<<") != decrypted_len(" <<decLen<<")");
- RUNNER_ASSERT_MSG(strncmp(plaintext, (char *)decrypted, decLen) == 0,
- "FAIL: plaintext("<<plaintext <<") != decrypted("<<(char *)decrypted <<")");
-}
-
-
-RUNNER_CHILD_TEST(T04_preloaded_web_app_enc){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_2;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
-
- wae_app_type_e appType = WAE_PRELOADED_APP;
-
- ret = wae_encrypt_web_application(pkgId, appType,
- (const unsigned char*)plaintext, plaintextLen,
- &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_encrypt_web_application. ret=" << ret);
-
- ret = _write_to_file(PRELOADED_ENC_FILE, encrypted, encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _write_to_file. file=" << DOWNLOADED_ENC_FILE);
-}
-
-RUNNER_TEST(T05_reload_app_deks) {
- int ret = system("wae_initializer --reload");
- RUNNER_ASSERT_MSG(ret != -1, "FAIL: load_preloaded_app_deks. ret=" << ret);
-}
-
-RUNNER_CHILD_TEST(T06_preloaded_web_app_dec){
- int ret = WAE_ERROR_NONE;
- const char* pkgId = TEST_PKGID_2;
- const char* plaintext = TEST_PLAINTEXT;
- size_t plaintextLen = strlen(plaintext);
- unsigned char* encrypted = NULL;
- size_t encLen = 0;
- unsigned char* decrypted = NULL;
- size_t decLen = 0;
-
- wae_app_type_e appType = WAE_PRELOADED_APP;
-
- ret = _read_from_file(PRELOADED_ENC_FILE, &encrypted, &encLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _read_from_file. ret=" << ret);
-
- ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_decrypt_web_application. ret=" << ret);
-
- RUNNER_ASSERT_MSG(plaintextLen == decLen,
- "FAIL: plaintext_len("<<plaintextLen<<") != decrypted_len(" <<decLen<<")");
- RUNNER_ASSERT_MSG(strncmp(plaintext, (char *)decrypted, decLen) == 0,
- "FAIL: plaintext("<<plaintext <<") != decrypted("<<(char *)decrypted <<")");
-}
-
-
-RUNNER_CHILD_TEST(T07_remove_app_dek) {
- int ret = WAE_ERROR_NONE;
-
- ret = wae_remove_app_dek(TEST_PKGID_1, WAE_DOWNLOADED_GLOBAL_APP);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_remove_app_dek. ret=" << ret);
-
- ret = wae_remove_app_dek(TEST_PKGID_2, WAE_PRELOADED_APP);
- RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_remove_app_dek. ret=" << ret);
-}
--- /dev/null
+PKG_CHECK_MODULES(TEST_TPKP_DEP
+ REQUIRED
+ libcurl
+ openssl
+ tpkp-curl
+ tpkp-gnutls
+ )
+
+INCLUDE_DIRECTORIES(
+ SYSTEM
+ ${TEST_TPKP_DEP_INCLUDE_DIRS}
+ )
+
+SET(SRCS
+ main.cpp
+ curl_test.cpp
+ gnutls_test.cpp
+ )
+
+ADD_EXECUTABLE(${TARGET_TPKP_TEST} ${SRCS})
+
+TARGET_LINK_LIBRARIES(${TARGET_TPKP_TEST}
+ ${TEST_TPKP_DEP_LIBRARIES}
+ dpl-test-framework
+ )
+
+INSTALL(TARGETS ${TARGET_TPKP_TEST} DESTINATION bin)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file libcurl_sample.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief tpkp_curl unit test.
+ */
+#include <iostream>
+#include <string>
+#include <openssl/ssl.h>
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include <curl/curl.h>
+#include <thread>
+#include <vector>
+
+#include <tpkp_curl.h>
+
+#include <dpl/test/test_runner.h>
+
+static std::vector<std::string> UrlList = {
+ "https://www.google.com",
+ "https://www.facebook.com",
+ "https://www.twitter.com",
+ "https://www.dropbox.com",
+ "https://www.spideroak.com",
+ "https://www.youtube.com",
+ "https://thehackernews.com" /* no static pinned data */
+};
+
+const std::string targetUrl = "https://WwW.GooGle.cO.Kr";
+const std::string targetInvalidUrl = "https://WwW.GooGle.cO.Kr11143343jiuj::";
+
+int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ if (preverify_ok == 0)
+ return 0;
+
+ /*
+ * Do something which isn't related with HPKP here
+ * And update value to preverify_ok of validation result
+ */
+
+ /* call tpkp_verify_callback as additional step */
+ return tpkp_curl_verify_callback(preverify_ok, x509_ctx);
+}
+
+static CURLcode ssl_ctx_callback_set_verify(CURL *curl, void *ssl_ctx, void *userptr)
+{
+ (void)userptr;
+
+ SSL_CTX_set_verify((SSL_CTX *)ssl_ctx, SSL_VERIFY_PEER, verify_callback);
+ tpkp_e res = tpkp_curl_set_url_data(curl);
+ if (res != TPKP_E_NONE)
+ return CURLE_FAILED_INIT;
+
+ return CURLE_OK;
+}
+
+static CURLcode ssl_ctx_callback_not_set_verify(CURL *curl, void *ssl_ctx, void *userptr)
+{
+ (void)userptr;
+
+ tpkp_e res = tpkp_curl_set_verify(curl, (SSL_CTX *)ssl_ctx);
+ if (res != TPKP_E_NONE)
+ return CURLE_FAILED_INIT;
+
+ return CURLE_OK;
+}
+
+static CURL *makeLocalDefaultHandle(std::string url)
+{
+ CURL *handle = curl_easy_init();
+
+ RUNNER_ASSERT_MSG(
+ curl_easy_setopt(handle, CURLOPT_URL, url.c_str()) == CURLE_OK,
+ "Failed to set opt url : " << targetUrl);
+
+ RUNNER_ASSERT_MSG(
+ curl_easy_setopt(handle, CURLOPT_VERBOSE, 0L) == CURLE_OK,
+ "Failed to set opt verbose");
+
+ RUNNER_ASSERT_MSG(
+ curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L) == CURLE_OK,
+ "Failed to set opt verify peer");
+
+ RUNNER_ASSERT_MSG(
+ curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L) == CURLE_OK,
+ "Failed to set opt verify host");
+
+ RUNNER_ASSERT_MSG(
+ curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, 1L) == CURLE_OK,
+ "Failed to set opt follow location");
+
+ RUNNER_ASSERT_MSG(
+ curl_easy_setopt(handle, CURLOPT_NOBODY, 1L) == CURLE_OK,
+ "Failed to set opt no body");
+
+ return handle;
+}
+
+static CURL *makeDefaultHandle(std::string url)
+{
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ return makeLocalDefaultHandle(url);
+}
+
+static void performWithUrl(std::string url)
+{
+ CURL *curl = makeLocalDefaultHandle(url);
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+}
+
+RUNNER_TEST_GROUP_INIT(T001_TPKP_CURL_TEST)
+
+RUNNER_TEST(T00101_posivite_notusing_ssl_ctx_func_opt)
+{
+ CURL *curl = makeDefaultHandle(targetUrl);
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00102_posivite_using_ssl_ctx_func_opt_notusing_ssl_ctx_set_verify)
+{
+ CURL *curl = makeDefaultHandle(targetUrl);
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback_not_set_verify);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00103_posivite_using_ssl_ctx_func_opt_using_ssl_ctx_set_verify)
+{
+ CURL *curl = makeDefaultHandle(targetUrl);
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback_set_verify);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00104_negative_invalid_url)
+{
+ CURL *curl = makeDefaultHandle(targetInvalidUrl);
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback_set_verify);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res != CURLE_OK,
+ "Shouldnot success perform curl: " << curl_easy_strerror(res));
+ std::cout << "code: " << res << " description: " << curl_easy_strerror(res) << std::endl;
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00105_positive_facebook_with_https)
+{
+ CURL *curl = makeDefaultHandle("https://www.facebook.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00106_positive_facebook_with_http)
+{
+ CURL *curl = makeDefaultHandle("http://www.facebook.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00107_positive_facebook_with_hostname)
+{
+ CURL *curl = makeDefaultHandle("www.facebook.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00108_positive_twitter_with_https)
+{
+ CURL *curl = makeDefaultHandle("https://www.twitter.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00109_positive_dropbox_with_https)
+{
+ CURL *curl = makeDefaultHandle("https://www.dropbox.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00110_positive_spideroak_with_https)
+{
+ CURL *curl = makeDefaultHandle("https://www.spideroak.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00111_positive_https_but_no_pinned_data_youtube)
+{
+ CURL *curl = makeDefaultHandle("https://www.youtube.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00112_positive_https_but_no_pinned_data_hackernews)
+{
+ CURL *curl = makeDefaultHandle("https://thehackernews.com");
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res));
+
+ res = curl_easy_perform(curl);
+ RUNNER_ASSERT_MSG(
+ res == CURLE_OK,
+ "Failed to perform curl: " << curl_easy_strerror(res));
+
+ tpkp_curl_cleanup();
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+
+}
+
+RUNNER_TEST(T00113_positive_threads)
+{
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ std::vector<std::thread> threads;
+
+ for (const auto &url : UrlList)
+ threads.emplace_back(performWithUrl, url);
+
+ for (auto &t : threads)
+ t.join();
+
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00114_positive_threads_2times)
+{
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ std::vector<std::thread> threads;
+
+ for (int i = 0; i < 2; i++) {
+ for (const auto &url : UrlList)
+ threads.emplace_back(performWithUrl, url);
+ }
+
+ for (auto &t : threads)
+ t.join();
+
+ curl_global_cleanup();
+}
+
+RUNNER_TEST(T00113_positive_threads_3times)
+{
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ std::vector<std::thread> threads;
+
+ for (int i = 0; i < 3; i++) {
+ for (const auto &url : UrlList)
+ threads.emplace_back(performWithUrl, url);
+ }
+
+ for (auto &t : threads)
+ t.join();
+
+ curl_global_cleanup();
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file gnutls_sample.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief tpkp_gnutls unit test.
+ */
+#include <iostream>
+#include <vector>
+#include <string>
+#include <thread>
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <gnutls/gnutls.h>
+#include <tpkp_gnutls.h>
+
+#include <dpl/test/test_runner.h>
+
+namespace {
+
+struct DataSet {
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ int sockfd;
+};
+
+static std::vector<std::string> s_urlList = {
+ "www.google.com",
+ "www.youtube.com",
+ "www.spideroak.com",
+ "www.facebook.com",
+ "www.dropbox.com",
+ "www.twitter.com",
+ "www.hackerrank.com", /* no pinned data exist */
+ "www.algospot.com" /* no pinned data exist */
+};
+
+void connectWithUrl(const std::string &url, int &sockfd)
+{
+ struct addrinfo *result;
+ struct addrinfo hints;
+ memset(&hints, 0x00, sizeof(struct addrinfo));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_CANONNAME;
+
+ int s = getaddrinfo(url.c_str(), "https", &hints, &result);
+ RUNNER_ASSERT_MSG(s == 0, "getaddrinfo err code: " << s << " desc: " << gai_strerror(s));
+
+ struct addrinfo *rp;
+ for (rp = result; rp != nullptr; rp = rp->ai_next) {
+ sockfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+ if (sockfd == -1)
+ continue;
+
+ if (connect(sockfd, rp->ai_addr, rp->ai_addrlen) != -1) {
+ char *ipaddr = inet_ntoa(*((struct in_addr *)rp->ai_addr));
+ std::cout << "url: " << url << " connected with addr: " << ipaddr << std::endl;
+ break;
+ }
+
+ close(sockfd);
+ }
+
+ RUNNER_ASSERT_MSG(rp != nullptr, "Could not connect on url: " << url);
+
+ std::cout << "url[" << url << "] canonname[" << result->ai_canonname << "] connected!" << std::endl;
+
+ freeaddrinfo(result);
+}
+
+inline gnutls_certificate_credentials_t makeDefaultCred(gnutls_certificate_verify_function *verify_callback)
+{
+ gnutls_certificate_credentials_t cred;
+
+ int ret = gnutls_certificate_allocate_credentials(&cred);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to gnutls_certificate_allocate_credentials: " << gnutls_strerror(ret));
+
+ ret = gnutls_certificate_set_x509_trust_file(cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM);
+ RUNNER_ASSERT_MSG(
+ ret > 0,
+ "Failed to gnutls_certificate_set_x509_trust_file ret: " << ret);
+ std::cout << "x509 trust file loaded. cert num: " << ret << std::endl;
+
+ gnutls_certificate_set_verify_function(cred, verify_callback);
+
+ return cred;
+}
+
+DataSet makeDefaultSession(const std::string &url)
+{
+ DataSet data;
+
+ data.cred = makeDefaultCred(&tpkp_gnutls_verify_callback);
+
+ int ret = gnutls_init(&data.session, GNUTLS_CLIENT);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to gnutls init session: " << gnutls_strerror(ret));
+
+ ret = gnutls_set_default_priority(data.session);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to set default priority on session: " << gnutls_strerror(ret));
+
+ ret = gnutls_credentials_set(data.session, GNUTLS_CRD_CERTIFICATE, data.cred);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to gnutls_credentials_set: " << gnutls_strerror(ret));
+
+ connectWithUrl(url, data.sockfd);
+
+ RUNNER_ASSERT_MSG(
+ tpkp_gnutls_set_url_data(url.c_str()) == TPKP_E_NONE,
+ "Failed to tpkp_gnutls_set_url_data.");
+
+ gnutls_transport_set_int(data.session, data.sockfd);
+ gnutls_handshake_set_timeout(data.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ return data;
+}
+
+DataSet makeSessionWithoutPinning(const std::string &url)
+{
+ DataSet data;
+
+ int ret = gnutls_certificate_allocate_credentials(&data.cred);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to gnutls_certificate_allocate_credentials: " << gnutls_strerror(ret));
+
+ ret = gnutls_init(&data.session, GNUTLS_CLIENT);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to gnutls init session: " << gnutls_strerror(ret));
+
+ ret = gnutls_set_default_priority(data.session);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to set default priority on session: " << gnutls_strerror(ret));
+
+ ret = gnutls_credentials_set(data.session, GNUTLS_CRD_CERTIFICATE, data.cred);
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Failed to gnutls_credentials_set: " << gnutls_strerror(ret));
+
+ connectWithUrl(url, data.sockfd);
+
+ gnutls_transport_set_int(data.session, data.sockfd);
+ gnutls_handshake_set_timeout(data.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ return data;
+}
+
+void performHandshake(DataSet &data)
+{
+ int ret;
+ do {
+ ret = gnutls_handshake(data.session);
+ } while (ret != GNUTLS_E_SUCCESS && gnutls_error_is_fatal(ret) == 0);
+
+ RUNNER_ASSERT_MSG(
+ ret == GNUTLS_E_SUCCESS,
+ "Handshake failed! err code: " << ret << " desc: " << gnutls_strerror(ret));
+}
+
+void cleanup(DataSet &data)
+{
+ gnutls_bye(data.session, GNUTLS_SHUT_RDWR);
+ close(data.sockfd);
+ gnutls_certificate_free_credentials(data.cred);
+ gnutls_deinit(data.session);
+
+ tpkp_gnutls_cleanup();
+}
+
+void perform(const std::string &url)
+{
+ DataSet data = makeDefaultSession(url);
+ performHandshake(data);
+ cleanup(data);
+}
+
+void performWithoutPinning(const std::string &url)
+{
+ DataSet data = makeSessionWithoutPinning(url);
+ performHandshake(data);
+ cleanup(data);
+}
+
+}
+
+RUNNER_TEST_GROUP_INIT(T002_GNUTLS_TEST)
+
+RUNNER_TEST(T00201_positive_1)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[0]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00202_positive_2)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[1]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00203_positive_3)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[2]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00204_positive_4)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[3]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00205_positive_5)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[4]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00206_positive_6)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[5]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00207_positive_7)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[6]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00208_positive_8)
+{
+ gnutls_global_init();
+
+ perform(s_urlList[7]);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00209_positive_all_single_thread)
+{
+ gnutls_global_init();
+
+ for (const auto &url : s_urlList)
+ perform(url);
+
+ gnutls_global_deinit();
+}
+
+RUNNER_TEST(T00210_positive_all_single_thread_without_pinning)
+{
+ gnutls_global_init();
+
+ for (const auto &url : s_urlList)
+ performWithoutPinning(url);
+
+ gnutls_global_deinit();
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file main.cpp
+ * @author Kyungwook Tak(k.tak@samsung.com)
+ * @version 1.0
+ * @brief Https Public Key Pinning test main.
+ */
+#include <dpl/test/test_runner.h>
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Marcin Niesluchowski (m.niesluchow@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP
- REQUIRED
- libsmack
- libprivilege-control
- cynara-client
- cynara-admin
- security-manager
- libtzplatform-config
- sqlite3
- libcap
- dbus-1
- libgum)
-
-
-SET(TARGET_SEC_MGR_TESTS "security-manager-tests")
-
-SET(SEC_MGR_SOURCES
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SEC_MGR_TESTS_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${CYNARA_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/
- ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-FIND_PACKAGE(Threads)
-
-ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS}
- ${SEC_MGR_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- ${CMAKE_THREAD_LIBS_INIT}
- )
-
-INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin)
-
-INSTALL(DIRECTORY
- ${PROJECT_SOURCE_DIR}/src/security-manager-tests/app_files/
- DESTINATION /usr/apps/
-)
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/exec
\ No newline at end of file
+++ /dev/null
-../../non_app_dir/normal
\ No newline at end of file
+++ /dev/null
-normal
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_api.h>
-
-#include <dpl/test/test_runner.h>
-
-#include <memory>
-
-namespace SecurityManagerTest {
-
-namespace Api {
-
-void free_cstring_list(char **p, size_t count) {
- for (size_t i = 0; i < count; i++) {
- free(p[i]);
- }
- delete [] p;
-}
-
-void install(const InstallRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_app_install(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "installing app returned wrong value."
- << " InstallRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void uninstall(const InstallRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_app_uninstall(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "uninstalling app returned wrong value."
- << " InstallRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-std::string getPkgId(const char *appId, lib_retcode expectedResult)
-{
- char *pkgId = nullptr;
- int result = security_manager_get_app_pkgid(&pkgId, appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "getting pkg id from app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- if (expectedResult != SECURITY_MANAGER_SUCCESS)
- return std::string();
-
- RUNNER_ASSERT_MSG(pkgId != nullptr, "getting pkg id did not allocate memory");
- std::string str(pkgId);
- free(pkgId);
- return str;
-}
-
-void setProcessLabel(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_set_process_label_from_appid(appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting process label from app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void setProcessGroups(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_set_process_groups_from_appid(appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting process groups from app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void dropProcessPrivileges(lib_retcode expectedResult)
-{
- int result = security_manager_drop_process_privileges();
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "dropping process privileges returned wrong value."
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void prepareApp(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_prepare_app(appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "preparing app returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void addUser(const UserRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_user_add(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding user returned wrong value."
- << " UserRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void deleteUser(const UserRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_user_delete(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "deleting user returned wrong value."
- << " UserRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult)
-{
- int result = security_manager_policy_update_send(request.get());
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "sending policy update for self returned wrong value."
- << " PolicyRequest: [ " << request << "];"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-}
-
-void getConfiguredPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult, bool forAdmin)
-{
- policy_entry **pp_privs_policy = NULL;
- size_t policy_size = 0;
- int result;
-
- if (forAdmin) {
- result = security_manager_get_configured_policy_for_admin(filter.get(), &pp_privs_policy, &policy_size);
- } else {
- result = security_manager_get_configured_policy_for_self(filter.get(), &pp_privs_policy, &policy_size);
- };
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "Unexpected result for filter: " << filter << std::endl
- << " Result: " << result << ";");
-
- for (unsigned int i = 0; i < policy_size; ++i) {
- PolicyEntry pe(*pp_privs_policy[i]);
- policyEntries.push_back(pe);
- };
-}
-
-void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
-{
- policy_entry **pp_privs_policy = NULL;
- size_t policy_size = 0;
- int result;
-
- result = security_manager_get_policy(filter.get(), &pp_privs_policy, &policy_size);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "Unexpected result" << std::endl
- << " Result: " << result << ";");
- for (unsigned int i = 0; i < policy_size; ++i) {
- PolicyEntry pe(*pp_privs_policy[i]);
- policyEntries.push_back(pe);
- };
-}
-
-void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
-{
- getConfiguredPolicy(filter, policyEntries, expectedResult, false);
-}
-
-void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult)
-{
- getConfiguredPolicy(filter, policyEntries, expectedResult, true);
-}
-
-void getPrivilegesMappings(const char *version_from,
- const char *version_to,
- const std::vector<std::string> &privileges,
- std::vector<std::string> &mappings,
- lib_retcode expectedResult)
-{
- char **mappings_buff = nullptr;
- size_t mappings_count;
-
- size_t i = 0;
-
- std::unique_ptr<char *, std::function<void(char**)>> privileges_buff(new char*[privileges.size()],
- std::bind(free_cstring_list, std::placeholders::_1, std::ref(i)));
-
- for (; i < privileges.size(); i++) {
- if (privileges[i].empty())
- privileges_buff.get()[i] = nullptr;
- else
- privileges_buff.get()[i] = strdup(privileges[i].c_str());
- RUNNER_ASSERT_MSG(privileges_buff.get()[i], "Couldn't copy string");
- }
-
- int result;
- if (privileges.empty())
- result = security_manager_get_privileges_mapping(version_from, version_to, nullptr,
- privileges.size(), &mappings_buff, &mappings_count);
- else
- result = security_manager_get_privileges_mapping(version_from, version_to, privileges_buff.get(),
- privileges.size(), &mappings_buff, &mappings_count);
- RUNNER_ASSERT_MSG(static_cast<lib_retcode>(result) == expectedResult,
- "Unexpected result in security_manager_get_privileges_mapping()" << std::endl
- << "For version_from: " << version_from << " version_to: " << version_to << " for set of privileges" << std::endl
- << " Result: " << result << " Expected: " << expectedResult);
- for (size_t i = 0; i < mappings_count; i++) {
- mappings.push_back(mappings_buff[i]);
- }
- security_manager_privilege_mapping_free(mappings_buff, mappings_count);
-}
-
-} // namespace Api
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_API
-#define SECURITY_MANAGER_TEST_API
-
-#include <sm_request.h>
-#include <sm_user_request.h>
-#include <sm_policy_request.h>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-namespace Api {
-
-void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-std::string getPkgId(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void setProcessLabel(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void setProcessGroups(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void prepareApp(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPolicy(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPolicyForSelf(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPolicyForAdmin(const PolicyEntry &filter, std::vector<PolicyEntry> &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-void getPrivilegesMappings(const char *version_from,
- const char *version_to,
- const std::vector<std::string> &privileges,
- std::vector<std::string> &mappings,
- lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-} // namespace Api
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_API
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file sm_db.cpp
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-manager tests database record check functions
- */
-
-#include <tests_common.h>
-#include <tzplatform_config.h>
-#include <sstream>
-#include "sm_db.h"
-#include "db_sqlite.h"
-
-/* Keep this consistent with the database file path used in the security-manager */
-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-
-/* Initialize static constants */
-const bool TestSecurityManagerDatabase::NOT_REMOVED = false;
-const bool TestSecurityManagerDatabase::REMOVED = true;
-
-TestSecurityManagerDatabase::TestSecurityManagerDatabase() : m_base(PRIVILEGE_DB_PATH, SQLITE_OPEN_READWRITE)
-{
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
- const std::string &pkg_name)
-{
- const privileges_t dummy; /* just some empty privileges set */
-
- test_db_after__app_install(app_name, pkg_name, dummy);
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- if (!m_base.is_open())
- m_base.open();
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- check_app_and_pkg(app_name, pkg_name, NOT_REMOVED);
-
- if (!privileges.empty()) {
- check_privileges(app_name, pkg_name, privileges);
- }
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
- const std::string &pkg_name,
- const bool is_pkg_removed)
-{
- const privileges_t dummy; /* just some empty privileges set */
-
- test_db_after__app_uninstall(app_name, pkg_name, dummy, is_pkg_removed);
-}
-
-void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges,
- const bool is_pkg_removed)
-{
- if (!m_base.is_open())
- m_base.open();
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- check_app_and_pkg(app_name, pkg_name, REMOVED);
- check_pkg(pkg_name, is_pkg_removed);
-
- if (!privileges.empty()) {
- check_privileges_removed(app_name, pkg_name, privileges);
- }
-}
-
-void TestSecurityManagerDatabase::check_privileges(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- bool result;
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- result = check_privilege(app_name, pkg_name, *it);
-
- RUNNER_ASSERT_MSG(result == true, "privilege: <" << *it << "> not added to app: <" <<
- app_name << "> from pkg_id: <" << pkg_name << ">");
- }
-}
-
-void TestSecurityManagerDatabase::check_privileges_removed(const std::string &app_name,
- const std::string &pkg_name,
- const privileges_t &privileges)
-{
- bool result;
-
- RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty");
- RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty");
-
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- result = check_privilege(app_name, pkg_name, *it);
-
- RUNNER_ASSERT_MSG(result == false, "privilege: <" << *it << "> not removed for app: <" <<
- app_name << "> from pkg_id: <" << pkg_name << ">");
- }
-}
-
-void TestSecurityManagerDatabase::check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
- const bool is_app_removed)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT app_name, pkg_name FROM app_pkg_view"
- " WHERE app_name == '" << app_name << "' "
- " AND pkg_name == '" << pkg_name << "' ;";
- m_base.execute(sql.str(), result);
-
- if (is_app_removed) /* expect 0 results */
- RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() <<
- "> returned [" << result.rows.size() << "] rows, expected [0]");
- else /* expect exactly 1 result with 2 columns */
- RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 2, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows, expected [1]");
-}
-
-void TestSecurityManagerDatabase::check_pkg(const std::string &pkg_name,
- const bool is_pkg_removed)
-{
- const unsigned expected_rows = is_pkg_removed ? 0 : 1;
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT pkg_id FROM pkg"
- " WHERE name == '" << pkg_name << "' ;";
- m_base.execute(sql.str(), result);
-
- RUNNER_ASSERT_MSG(result.rows.size() == expected_rows, "query : <" <<
- sql.str() << "> returned [" << result.rows.size() << "] rows, expected [" <<
- expected_rows << "] rows");
-}
-
-bool TestSecurityManagerDatabase::check_privilege(const std::string &app_name,
- const std::string &pkg_name,
- const std::string &privilege)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
- sql << "SELECT privilege_id FROM app_privilege_view"
- " WHERE app_name == '" << app_name << "' "
- " AND pkg_name == '" << pkg_name << "' "
- " AND privilege_name == '" << privilege << "' "
- ";";
- m_base.execute(sql.str(), result);
-
- /* only 0 or 1 resulting rows are alowed */
- RUNNER_ASSERT_MSG(result.rows.size() == 0 || result.rows.size() == 1, "query : <" << sql.str() << "> returned [" <<
- result.rows.size() << "] rows");
-
- return result.rows.size() == 1;
-}
-
-void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &privilege,
- const std::vector<std::string> &groups)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
-
- if (!m_base.is_open())
- m_base.open();
-
- for (const auto &group : groups) {
- sql.clear();
- sql.str("");
- sql << "INSERT INTO privilege_group_view (privilege_name, group_name) "
- "VALUES ("
- << "'" << privilege << "'" << ","
- << "'" << group << "'" << ")";
- m_base.execute(sql.str(), result);
- }
-}
-
-void TestSecurityManagerDatabase::setup_privilege_mapping(const std::string &version_from,
- const std::string &version_to,
- const std::string &privilege,
- const std::string &mapping)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
-
- if (!m_base.is_open())
- m_base.open();
-
- sql.clear();
- sql.str("");
- sql << "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) "
- "VALUES ("
- << "'" << version_from << "'" << ","
- << "'" << version_to << "'" << ","
- << "'" << privilege << "'" << ","
- << "'" << mapping << "'" << ")";
- m_base.execute(sql.str(), result);
-}
-
-void TestSecurityManagerDatabase::setup_default_version_privilege(const std::string &version_from,
- const std::string &version_to,
- const std::string &privilege)
-{
- Sqlite3DBaseSelectResult result;
- std::ostringstream sql;
-
- if (!m_base.is_open())
- m_base.open();
-
- sql.clear();
- sql.str("");
- sql << "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) "
- "VALUES ("
- << "'" << version_from << "'" << ","
- << "'" << version_to << "'" << ","
- << "NULL,"
- << "'" << privilege << "'" << ")";
- m_base.execute(sql.str(), result);
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file sm_db.h
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-manager tests database record check functions
- */
-
-#ifndef SECURITY_MANAGER_TEST_DB_H_
-#define SECURITY_MANAGER_TEST_DB_H_
-
-#include <string>
-#include "db_sqlite.h"
-
-typedef std::vector<std::string> privileges_t;
-
-/**
- * @class TestSecurityManagerDatabase
- * @brief Class containing methods for testing libprivlege database.
- */
-class TestSecurityManagerDatabase
-{
-public:
-/**
- * @brief A usefull constant to indicate that app/pkg should be present in db
- */
- const static bool NOT_REMOVED;
-/**
- * @brief A usefull constant to indicate that app/pkg should not be present in db
- */
- const static bool REMOVED;
-/**
- * @brief A constructor
- */
- TestSecurityManagerDatabase();
-
-/**
- * @brief A destructor
- */
- ~TestSecurityManagerDatabase() = default;
-
-/**
- * @brief Method for testing database after "security_manager_app_install" was run.
- *
- * It checks existence of proper: - app_name
- * - pkg_name
- *
- * @param app_name name of the app previously used in security_manager_app_install.
- * @param pkg_name name of the pkg previously used in security_manager_app_install.
- */
- void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name);
-
-/**
- * @brief Method for testing database after "security_manager_app_install" was run.
- *
- * It checks existence of proper: - app_name
- * - pkg_name
- * - privileges
- * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
- *
- * @param app_name name of the app previously used in security_manager_app_install.
- * @param pkg_name name of the pkg previously used in security_manager_app_install.
- * @param privileges vector of privileges previously used in security_manager_app_install.
- */
- void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief Method for testing database after "security_manager_app_uninstall" was run.
- *
- * It checks absence of proper: - app_name
- * - optionally pkg_name
- *
- * @param app_name name of the app previously used in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
- * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
- */
- void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
- const bool is_pkg_removed);
-
-/**
- * @brief Method for testing database after "security_manager_app_uninstall" was run.
- *
- * It checks absence of proper: - app_name
- * - optionally pkg_name
- * - app privileges
- * TODO: appPaths are currently not handled directly by security-manager, so they are not tested.
- *
- * @param app_name name of the app previously used in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used in security_manager_app_uninstall.
- * @param privileges vector of privileges previously used in security_manager_app_uninstall.
- * @param is_pkg_removed tells if pkg_id is expected to remain in db or not.
- */
- void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges, const bool is_pkg_removed);
-
-/**
- * @brief It checks db for existence of a all privileges from install request.
- *
- * @param app_name name of the app previously used i.e. in security_manager_app_install.
- * @param pkg_name name of the pkg previously used i.e. in security_manager_app_install.
- * @param privileges vector of privileges previously used i.e. in security_manager_app_install.
- */
- void check_privileges(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief It checks in db if all app privileges from install request are removed.
- *
- * @param app_name name of the app previously used i.e. in security_manager_app_uninstall.
- * @param pkg_name name of the pkg previously used i.e. in security_manager_app_uninstall.
- * @param privileges vector of privileges previously used i.e. in security_manager_app_uninstall.
- */
- void check_privileges_removed(const std::string &app_name, const std::string &pkg_name,
- const privileges_t &privileges);
-
-/**
- * @brief Method for setting privilege to groups mapping in security-manager database
- *
- * @param privilege name of the privilege
- * @param groups vector of group names
- */
- void setup_privilege_groups(const std::string &privilege,
- const std::vector<std::string> &groups);
-
-/**
- * @brief Method for setting privilege to privilege mappings from one version to another
- * in security-manager database
- *
- * @param version_from version which mapping is from
- * @param version_to version which mapping is to
- * @param privilege privilege for which mapping is set
- * @param mappings mapping of given privielege
- *
- */
- void setup_privilege_mapping(const std::string &version_from,
- const std::string &version_to,
- const std::string &privilege,
- const std::string &mapping);
-/**
- * @brief Method for setting privilege to privilege mappings from one version to another
- * in security-manager database
- *
- * @param version_from version which mapping is from
- * @param version_to version which mapping is to
- * @param privilege privilege for which mapping is set
- * @param mappings default privilege
- *
- */
- void setup_default_version_privilege(const std::string &version_from,
- const std::string &version_to,
- const std::string &privilege);
-private:
-/**
- * @var base
- * @brief Sqlite3DBase object giving simple access to database
- *
- * Connection to database is open first time it is needed
- * and closed in destructor of TestSecurityManagerDatabase.
- */
- Sqlite3DBase m_base;
-
-/**
- * @brief Check db for [non]existence of given app_name in pkg_name
- *
- * @param app_name name of application
- * @param pkg_name name of package
- * @param is_app_removed tells if app is expected in db
- */
- void check_app_and_pkg(const std::string &app_name, const std::string &pkg_name,
- const bool is_app_removed);
-
-/**
- * @brief Check db for [non]existence of given pkg_name
- *
- * @param pkg_name name of the package
- * @param is_pkg_removed tells if pkg is expected in db
- */
- void check_pkg(const std::string &pkg_name,
- const bool is_pkg_removed);
-
-/**
- * @brief Check db for existence of a single privilege.
- *
- * @param app_name name of application
- * @param pkg_name application's package name
- * @param privilege name of the privilege
- *
- * @return true when privilege present
- * false when privilege not present
- */
- bool check_privilege(const std::string &app_name, const std::string &pkg_name,
- const std::string &privilege);
-};
-
-#endif /* SECURITY_MANAGER_TEST_DB_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_policy_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-PolicyEntry::PolicyEntry()
- : m_appId(true, std::string(SECURITY_MANAGER_ANY))
- , m_user(true, std::string(SECURITY_MANAGER_ANY))
- , m_privilege(true, std::string(SECURITY_MANAGER_ANY))
- , m_currentLevel(false, std::string(""))
- , m_maxLevel(false, std::string(""))
-{
- int result = security_manager_policy_entry_new(&m_entry);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new policy entry failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
-
- security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
- security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
- security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
-}
-
-PolicyEntry::PolicyEntry(const std::string &appId, const std::string &user,
- const std::string &privilege)
- : m_appId(true, std::string(appId))
- , m_user(true, std::string(user))
- , m_privilege(true, std::string(privilege))
- , m_currentLevel(false, std::string(""))
- , m_maxLevel(false, std::string(""))
-{
- int result = security_manager_policy_entry_new(&m_entry);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new policy entry failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory");
-
- security_manager_policy_entry_set_user(m_entry, m_user.second.c_str());
- security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str());
- security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str());
-}
-
-PolicyEntry::PolicyEntry(policy_entry &entry): m_entry(&entry)
-{
- m_appId.first = true;
- m_appId.second = std::string(security_manager_policy_entry_get_application(m_entry));
-
- m_user.first = true;
- m_user.second = std::string(security_manager_policy_entry_get_user(m_entry));
-
- m_privilege.first = true;
- m_privilege.second = std::string(security_manager_policy_entry_get_privilege(m_entry));
-
- m_currentLevel.first = true;
- m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
-
- m_maxLevel.first = true;
- m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
-};
-
-void PolicyEntry::setLevel(const std::string &level)
-{
- m_currentLevel.first = true;
- m_currentLevel.second = level;
- security_manager_policy_entry_set_level(m_entry, level.c_str());
- m_maxLevel.first = true;
- m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry));
-};
-
-void PolicyEntry::setMaxLevel(const std::string &level)
-{
- m_maxLevel.first = true;
- m_maxLevel.second = level;
- security_manager_policy_entry_admin_set_level(m_entry, level.c_str());
- m_currentLevel.first = true;
- m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry));
-};
-
-
-std::ostream& operator<<(std::ostream &os, const PolicyEntry &request)
-{
- if (request.m_appId.first)
- os << "appId: " << request.m_appId.second << "; ";
-
- if (request.m_user.first)
- os << "user: " << request.m_user.second << "; ";
-
- if (request.m_privilege.first)
- os << "privilege: " << request.m_privilege.second << "; ";
-
- if (request.m_currentLevel.first)
- os << "current: " << request.m_currentLevel.second << "; ";
-
- if (request.m_maxLevel.first)
- os << "max: " << request.m_maxLevel.second << "; ";
-
- return os;
-}
-
-PolicyEntry::~PolicyEntry()
-{
-}
-
-void PolicyEntry::free(void)
-{
- security_manager_policy_entry_free(m_entry);
-}
-
-
-PolicyRequest::PolicyRequest()
- : m_req(nullptr),
- m_entries()
-{
- int result = security_manager_policy_update_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new policy request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new policy request did not allocate memory");
-}
-
-PolicyRequest::~PolicyRequest()
-{
- for(std::vector<PolicyEntry>::iterator it = m_entries.begin(); it != m_entries.end(); ++it) {
- it->free();
- }
- security_manager_policy_update_req_free(m_req);
-}
-
-void PolicyRequest::addEntry(PolicyEntry &entry,
- lib_retcode expectedResult)
-{
- int result = 0;
-
- result = security_manager_policy_update_req_add_entry(m_req, entry.get());
-
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding policy entry to request returned wrong value."
- << " entry: " << entry << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
-
- m_entries.push_back(entry);
-}
-
-std::ostream& operator<<(std::ostream &os, const PolicyRequest &request)
-{
- if (request.m_entries.size() != 0)
- {
- os << "PolicyRequest m_entries size: " << request.m_entries.size() << "; ";
-
- for(unsigned int i = 0; i != request.m_entries.size(); i++) {
- os << "entry " << i << ": " << request.m_entries[i] << "; ";
- }
- }
-
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_POLICYREQUEST
-#define SECURITY_MANAGER_TEST_POLICYREQUEST
-
-#include <iostream>
-#include <sys/types.h>
-#include <utility>
-#include <vector>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class PolicyEntry
-{
-public:
- PolicyEntry();
-
- PolicyEntry(const std::string &appId,
- const std::string &user,
- const std::string &privilege
- );
- ~PolicyEntry();
-
- PolicyEntry(policy_entry &entry);
-
- policy_entry *get() const { return m_entry; }
- std::string getUser() const { return m_user.second; }
- std::string getAppId() const { return m_appId.second; }
- std::string getPrivilege() const { return m_privilege.second; }
- std::string getCurrentLevel() const { return m_currentLevel.second; }
- std::string getMaxLevel() const { return m_maxLevel.second; }
- void setLevel(const std::string &level);
- void setMaxLevel(const std::string &level);
- void free(void);
-
- friend std::ostream& operator<<(std::ostream &, const PolicyEntry&);
-
-private:
- policy_entry *m_entry;
- std::pair<bool, std::string> m_appId;
- std::pair<bool, std::string> m_user;
- std::pair<bool, std::string> m_privilege;
- std::pair<bool, std::string> m_currentLevel;
- std::pair<bool, std::string> m_maxLevel;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyEntry &request);
-
-class PolicyRequest
-{
-public:
- PolicyRequest();
- PolicyRequest(const PolicyRequest&) = delete;
- PolicyRequest& operator=(const PolicyRequest&) = delete;
- ~PolicyRequest();
-
- void addEntry(PolicyEntry &entry, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
-
- policy_update_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const PolicyRequest&);
-
-private:
- policy_update_req *m_req;
- std::vector<PolicyEntry> m_entries;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_USERREQUEST
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-InstallRequest::InstallRequest()
- : m_req(nullptr)
- , m_appId(nullptr)
- , m_pkgId(nullptr)
- , m_uid(false, 0)
-{
- int result = security_manager_app_inst_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
-}
-
-InstallRequest::~InstallRequest()
-{
- security_manager_app_inst_req_free(m_req);
-}
-
-void InstallRequest::setAppId(const char *appId, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_app_id(m_req, appId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting app id returned wrong value."
- << " App id: " << appId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_appId = appId;
-}
-
-void InstallRequest::setPkgId(const char *pkgId, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_pkg_id(m_req, pkgId);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting pkg id returned wrong value."
- << " Pkg id: " << pkgId << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_pkgId = pkgId;
-}
-
-void InstallRequest::addPrivilege(const char *privilege, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_add_privilege(m_req, privilege);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding privilege returned wrong value."
- << " Privilege: " << privilege << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_privileges.push_back(privilege);
-}
-
-void InstallRequest::addPath(const char *path, app_install_path_type pathType, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_add_path(m_req, path, pathType);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "adding path returned wrong value."
- << " Path: " << path << ";"
- << " Path type: " << pathType << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_paths.push_back(std::pair<std::string, app_install_path_type>(path, pathType));
-}
-
-void InstallRequest::setUid(const uid_t uid, lib_retcode expectedResult)
-{
- int result = security_manager_app_inst_req_set_uid(m_req, uid);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting uid returned wrong value."
- << " Uid: " << uid << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_uid.first = true;
- m_uid.second = uid;
-}
-
-std::ostream& operator<<(std::ostream &os, const InstallRequest &request)
-{
- if (request.m_appId != nullptr)
- os << "app id: " << request.m_appId << "; ";
- if (request.m_pkgId != nullptr)
- os << "pkg id: " << request.m_pkgId << "; ";
- if (!request.m_privileges.empty()) {
- os << "privileges: [ " << request.m_privileges[0];
- for (size_t i=1; i < request.m_privileges.size(); ++i) {
- os << "; " << request.m_privileges[i];
- }
- os << " ]";
- }
- if (!request.m_paths.empty()) {
- os << "paths: [ " << "< " << request.m_paths[0].first << "; "
- << request.m_paths[0].second << " >";
- for (size_t i=1; i < request.m_paths.size(); ++i) {
- os << "; < " << request.m_paths[i].first << "; "
- << request.m_paths[i].second << " >";
- }
- os << " ]";
- }
- if (request.m_uid.first)
- os << "uid: " << request.m_uid.second << "; ";
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_INSTALLREQUEST
-#define SECURITY_MANAGER_TEST_INSTALLREQUEST
-
-#include <iostream>
-#include <string>
-#include <sys/types.h>
-#include <utility>
-#include <vector>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class InstallRequest
-{
-public:
- InstallRequest();
- InstallRequest(const InstallRequest&) = delete;
- InstallRequest& operator=(const InstallRequest&) = delete;
- ~InstallRequest();
-
- void setAppId(const char *appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setPkgId(const char *pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void addPath(const char *path, app_install_path_type pathType,
- lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
- void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
-
- const app_inst_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const InstallRequest&);
-
-private:
- app_inst_req *m_req;
-
- const char *m_appId;
- const char *m_pkgId;
- std::vector<std::string> m_privileges;
- std::vector<std::pair<std::string, app_install_path_type> > m_paths;
- std::pair<bool, uid_t> m_uid;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::InstallRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_INSTALLREQUEST
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <sm_user_request.h>
-
-#include <dpl/test/test_runner.h>
-
-namespace SecurityManagerTest {
-
-UserRequest::UserRequest()
- : m_req(nullptr)
- , m_uid(false, 0)
- , m_utype(false, static_cast<security_manager_user_type>(0))
-{
- int result = security_manager_user_req_new(&m_req);
- RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS,
- "creation of new request failed. Result: " << result);
- RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory");
-}
-
-UserRequest::~UserRequest()
-{
- security_manager_user_req_free(m_req);
-}
-
-void UserRequest::setUid(const uid_t uid, lib_retcode expectedResult)
-{
- int result = security_manager_user_req_set_uid(m_req, uid);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting uid returned wrong value."
- << " Uid: " << uid << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_uid.first = true;
- m_uid.second = uid;
-}
-
-void UserRequest::setUserType(const security_manager_user_type utype, lib_retcode expectedResult)
-{
- int result = security_manager_user_req_set_user_type(m_req, utype);
- RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
- "setting user type returned wrong value."
- << " User type: " << utype << ";"
- << " Result: " << result << ";"
- << " Expected result: " << expectedResult);
- m_utype.first = true;
- m_utype.second = utype;
-}
-
-std::ostream& operator<<(std::ostream &os, const UserRequest &request)
-{
- if (request.m_uid.first)
- os << "uid: " << request.m_uid.second << "; ";
-
- if (request.m_utype.first)
- os << "utype: " << request.m_utype.second << "; ";
-
- return os;
-}
-
-} // namespace SecurityManagerTest
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SECURITY_MANAGER_TEST_USERREQUEST
-#define SECURITY_MANAGER_TEST_USERREQUEST
-
-#include <iostream>
-#include <sys/types.h>
-#include <utility>
-
-#include <security-manager.h>
-
-namespace SecurityManagerTest {
-
-class UserRequest
-{
-public:
- UserRequest();
- UserRequest(const UserRequest&) = delete;
- UserRequest& operator=(const UserRequest&) = delete;
- ~UserRequest();
-
- void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
- void setUserType(const security_manager_user_type utype,
- lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS);
-
- const user_req *get() const { return m_req; }
- friend std::ostream& operator<<(std::ostream &, const UserRequest&);
-
-private:
- user_req *m_req;
-
- std::pair<bool, uid_t> m_uid;
- std::pair<bool, security_manager_user_type> m_utype;
-};
-
-std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::UserRequest &request);
-
-} // namespace SecurityManagerTest
-
-#endif // SECURITY_MANAGER_TEST_USERREQUEST
+++ /dev/null
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <memory.h>
-#include <semaphore.h>
-#include <unistd.h>
-
-#include <attr/xattr.h>
-#include <linux/xattr.h>
-#include <sys/capability.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <sys/wait.h>
-
-#include <algorithm>
-#include <fstream>
-#include <string>
-#include <unordered_set>
-
-#include <grp.h>
-#include <pwd.h>
-
-#include <tzplatform_config.h>
-#include <security-manager.h>
-
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
-#include <libprivilege-control_test_common.h>
-#include <tests_common.h>
-#include <sm_api.h>
-#include <sm_db.h>
-#include <sm_request.h>
-#include <sm_user_request.h>
-#include <temp_test_user.h>
-#include <cynara_test_client.h>
-#include <cynara_test_admin.h>
-#include <service_manager.h>
-#include <cynara_test_admin.h>
-
-using namespace SecurityManagerTest;
-
-DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr);
-DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr);
-
-static const privileges_t SM_ALLOWED_PRIVILEGES = {
- "http://tizen.org/privilege/location",
- "http://tizen.org/privilege/camera"
-};
-
-static const privileges_t SM_DENIED_PRIVILEGES = {
- "http://tizen.org/privilege/bluetooth",
- "http://tizen.org/privilege/power"
-};
-
-static const privileges_t SM_NO_PRIVILEGES = {
-};
-
-static const std::vector<std::string> SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"};
-
-static const char *const SM_RW_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir";
-static const char *const SM_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_ro";
-static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_public_ro";
-static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir";
-
-static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/
-static const std::string EXEC_FILE("exec");
-static const std::string NORMAL_FILE("normal");
-static const std::string LINK_PREFIX("link_to_");
-
-static const std::string PRIVILEGE_MANAGER_APP = "privilege_manager";
-static const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager";
-static const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings";
-static const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin";
-
-static const std::vector<std::string> MANY_APPS = {
- "security_manager_10_app_1",
- "security_manager_10_app_2",
- "security_manager_10_app_3",
- "security_manager_10_app_4",
- "security_manager_10_app_5"
-};
-
-static const std::map<std::string, std::string> MANY_APPS_PKGS = {
- {"security_manager_10_app_1", "security_manager_10_pkg_1"},
- {"security_manager_10_app_2", "security_manager_10_pkg_2"},
- {"security_manager_10_app_3", "security_manager_10_pkg_3"},
- {"security_manager_10_app_4", "security_manager_10_pkg_4"},
- {"security_manager_10_app_5", "security_manager_10_pkg_5"},
- {PRIVILEGE_MANAGER_APP, PRIVILEGE_MANAGER_PKG}
-};
-
-static const std::vector<privileges_t> MANY_APPS_PRIVILEGES = {
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/location"
- },
- {
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/camera"
- },
- {
- "http://tizen.org/privilege/contact.read",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- },
- {
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email",
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/camera"
- },
- {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/location",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/email"
- }
-};
-
-/* PRIVILEGE MAPPING TEST CONSTS */
-
-static const std::string OLD_VERSION = "2.4";
-static const std::string NEW_VERSION = "3.0";
-
-static const std::vector<std::string> OLD_PRIVILEGES = {
- "http://tizen.org/privilege/internet.old",
- "http://tizen.org/privilege/telephony.old",
- "http://tizen.org/privilege/contact.old",
- "http://tizen.org/privilege/led.old",
- "http://tizen.org/privilege/email.old"
-};
-
-static const std::vector<privileges_t> &NEW_PRIVILEGES = MANY_APPS_PRIVILEGES;
-
-static const privileges_t DEFAULT_PRIVILEGES = {
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/internet"
-};
-
-static std::string generateAppLabel(const std::string &appId)
-{
- return "User::App::" + appId;
-}
-
-static std::string generatePkgLabel(const std::string &pkgId)
-{
- return "User::Pkg::" + pkgId;
-}
-
-static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb,
- const char* correctLabel, bool transmute_test, bool exec_test)
-{
- int result;
- CStringPtr labelPtr;
- char* label = nullptr;
-
- /* ACCESS */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
- RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"
- " (should be '" << correctLabel << "' and is '" << label << "')");
-
-
- /* EXEC */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
-
- if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) {
- RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set");
- result = strcmp(correctLabel, label);
- RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath);
- } else
- RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set");
-
-
- /* TRANSMUTE */
- result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE);
- RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path");
- labelPtr.reset(label);
-
- if (S_ISDIR(sb->st_mode) && transmute_test == true) {
- RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all");
- RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0,
- "TRANSMUTE label on " << fpath << " is not set properly: '"<<label<<"'");
- } else {
- RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set");
- }
-
- return 0;
-}
-
-// nftw doesn't allow passing user data to functions. Work around by using global variable
-static std::string nftw_expected_label;
-bool nftw_expected_transmute;
-bool nftw_expected_exec;
-
-static int nftw_check_sm_labels(const char *fpath, const struct stat *sb,
- int /*typeflag*/, struct FTW* /*ftwbuf*/)
-{
- return nftw_check_sm_labels_app_dir(fpath, sb,
- nftw_expected_label.c_str(), nftw_expected_transmute, nftw_expected_exec);
-}
-
-static void prepare_app_path()
-{
- int result;
-
- result = nftw(SM_RW_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RW_PATH);
-
- result = nftw(SM_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_RO_PATH);
-
- result = nftw(SM_PUBLIC_RO_PATH, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << SM_PUBLIC_RO_PATH);
-
- result = nftw(SM_DENIED_PATH, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << SM_DENIED_PATH);
-}
-
-static void prepare_app_env()
-{
- prepare_app_path();
-}
-
-static void check_app_path_after_install(const char *pkgId)
-{
- int result;
-
- nftw_expected_label = generatePkgLabel(pkgId);
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_RW_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RW_PATH);
-
- nftw_expected_label = generatePkgLabel(pkgId) + "::RO";
- nftw_expected_transmute = false;
- nftw_expected_exec = false;
-
- result = nftw(SM_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_RO_PATH);
-
- nftw_expected_label = "User::Home";
- nftw_expected_transmute = true;
- nftw_expected_exec = false;
-
- result = nftw(SM_PUBLIC_RO_PATH, &nftw_check_sm_labels, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_PUBLIC_RO_PATH);
-
- result = nftw(SM_DENIED_PATH, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS);
- RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for " << SM_DENIED_PATH);
-}
-
-
-static void check_app_permissions(const char *const app_id, const char *const pkg_id, const char *const user,
- const privileges_t &allowed_privs, const privileges_t &denied_privs)
-{
- (void) pkg_id;
- std::string smackLabel = generateAppLabel(app_id);
-
- CynaraTestClient::Client ctc;
-
- for (auto &priv : allowed_privs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_ALLOWED);
- }
-
- for (auto &priv : denied_privs) {
- ctc.check(smackLabel.c_str(), "", user, priv.c_str(), CYNARA_API_ACCESS_DENIED);
- }
-}
-
-static void check_app_gids(const char *const app_id, const std::vector<gid_t> &allowed_gids)
-{
- int ret;
- gid_t main_gid = getgid();
- std::unordered_set<gid_t> reference_gids(allowed_gids.begin(), allowed_gids.end());
-
- // Reset supplementary groups
- ret = setgroups(0, NULL);
- RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups");
-
- Api::setProcessGroups(app_id);
-
- ret = getgroups(0, nullptr);
- RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
-
- std::vector<gid_t> actual_gids(ret);
- ret = getgroups(ret, actual_gids.data());
- RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups");
-
- for (const auto &gid : actual_gids) {
- RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0,
- "Application shouldn't get access to group " << gid);
- reference_gids.erase(gid);
- }
-
- RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups");
-}
-
-static void check_app_after_install(const char *const app_id, const char *const pkg_id,
- const privileges_t &allowed_privs,
- const privileges_t &denied_privs,
- const std::vector<std::string> &allowed_groups)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs);
- dbtest.check_privileges_removed(app_id, pkg_id, denied_privs);
-
- /*Privileges should be granted to all users if root installs app*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs);
-
- /* Setup mapping of gids to privileges */
- /* Do this for each privilege for extra check */
- for (const auto &privilege : allowed_privs) {
- dbtest.setup_privilege_groups(privilege, allowed_groups);
- }
-
- std::vector<gid_t> allowed_gids;
-
- for (const auto &groupName : allowed_groups) {
- errno = 0;
- struct group* grp = getgrnam(groupName.c_str());
- RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found");
- allowed_gids.push_back(grp->gr_gid);
- }
-
- check_app_gids(app_id, allowed_gids);
-}
-
-static void check_app_after_install(const char *const app_id, const char *const pkg_id)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_install(app_id, pkg_id);
-}
-
-static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
- const privileges_t &privileges, const bool is_pkg_removed)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed);
-
-
- /*Privileges should not be granted anymore to any user*/
- check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges);
-}
-
-static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id,
- const bool is_pkg_removed)
-{
- TestSecurityManagerDatabase dbtest;
- dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed);
-}
-
-static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0)
-{
- InstallRequest request;
- request.setAppId(app_id);
- request.setPkgId(pkg_id);
- request.setUid(uid);
- Api::install(request);
-
- check_app_after_install(app_id, pkg_id);
-
-}
-
-static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed)
-{
- InstallRequest request;
- request.setAppId(app_id);
-
- Api::uninstall(request);
-
- check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed);
-}
-
-static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false)
-{
- InstallRequest request;
- request.setAppId(PRIVILEGE_MANAGER_APP.c_str());
- request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str());
- request.setUid(uid);
- request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str());
- if (forAdmin)
- request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str());
- Api::install(request);
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
-};
-
-static inline struct passwd *getUserStruct(const std::string &userName) {
- struct passwd *pw = nullptr;
- errno = 0;
-
- while(!(pw = getpwnam(userName.c_str()))) {
- RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- };
-
- return pw;
-};
-
-static inline struct passwd *getUserStruct(const uid_t uid) {
- struct passwd *pw = nullptr;
- errno = 0;
-
- while(!(pw = getpwuid(uid))) {
- RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed");
- };
-
- return pw;
-};
-
-RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER)
-
-
-RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall)
-{
- const char *const sm_app_id = "sm_test_01a_app_id_double";
- const char *const sm_pkg_id = "sm_test_01a_pkg_id_double";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
- Api::uninstall(requestUninst);
-
- /* Check records in the security-manager database */
- check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
-}
-
-
-RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id)
-{
- const char *const sm_app_id = "sm_test_01b_app";
- const char *const sm_pkg_id = "sm_test_01b_pkg";
- const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- InstallRequest requestInst2;
- requestInst2.setAppId(sm_app_id);
- requestInst2.setPkgId(sm_pkg_id_wrong);
-
- Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM);
-
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-
-
- /* Check records in the security-manager database */
- check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
-
-}
-
-RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored)
-{
- const char * const sm_app_id = "SM_TEST_01c_APPID";
- const char * const sm_pkg_id = "SM_TEST_01c_PKGID";
- const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong";
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
- requestUninst.setPkgId(sm_pkg_id_wrong);
-
- Api::uninstall(requestUninst);
-
- check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED);
-
-}
-
-RUNNER_TEST(security_manager_02_app_install_uninstall_full)
-{
- const char *const sm_app_id = "sm_test_02_app_id_full";
- const char *const sm_pkg_id = "sm_test_02_pkg_id_full";
-
- prepare_app_env();
-
- InstallRequest requestInst;
- requestInst.setAppId(sm_app_id);
- requestInst.setPkgId(sm_pkg_id);
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str());
- requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str());
- requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW);
- requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO);
- requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO);
-
- Api::install(requestInst);
-
- /* Check records in the security-manager database */
- check_app_after_install(sm_app_id, sm_pkg_id,
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS);
-
- /* TODO: add parameters to this function */
- check_app_path_after_install(sm_pkg_id);
-
- InstallRequest requestUninst;
- requestUninst.setAppId(sm_app_id);
-
- Api::uninstall(requestUninst);
-
- /* Check records in the security-manager database,
- * all previously allowed privileges should be removed */
- check_app_after_uninstall(sm_app_id, sm_pkg_id,
- SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED);
-}
-
-RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid)
-{
- const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack";
- const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack";
- const char *const socketLabel = "not_expected_label";
- std::string expected_label = generateAppLabel(app_id);
- char *label = nullptr;
- CStringPtr labelPtr;
- int result;
-
- uninstall_app(app_id, pkg_id, true);
- install_app(app_id, pkg_id);
-
- struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH};
- //Clean up before creating socket
- unlink(SOCK_PATH);
- int sock = socket(AF_UNIX, SOCK_STREAM, 0);
- RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed");
- SockUniquePtr sockPtr(&sock);
- //Bind socket to address
- result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un));
- RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed");
- //Set socket label to something different than expecedLabel
- result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Can't set socket label. Result: " << result);
- result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel);
- RUNNER_ASSERT_ERRNO_MSG(result == 0,
- "Can't set socket label. Result: " << result);
-
- Api::setProcessLabel(app_id);
-
- result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label);
- RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
- labelPtr.reset(label);
- result = expected_label.compare(label);
- RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- expected_label << " Actual: " << label);
-
- result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label);
- RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label);
- labelPtr.reset(label);
- result = expected_label.compare(label);
- RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " <<
- expected_label << " Actual: " << label);
-
- result = smack_new_label_from_self(&label);
- RUNNER_ASSERT_MSG(result >= 0,
- " Error getting current process label");
- RUNNER_ASSERT_MSG(label != nullptr,
- " Process label is not set");
- labelPtr.reset(label);
-
- result = expected_label.compare(label);
- RUNNER_ASSERT_MSG(result == 0,
- " Process label is incorrect. Expected: \"" << expected_label <<
- "\" Actual: \"" << label << "\"");
-
- uninstall_app(app_id, pkg_id, true);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack)
-{
- const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack";
- const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack";
-
- uninstall_app(app_id, pkg_id, true);
- install_app(app_id, pkg_id);
-
- Api::setProcessLabel(app_id);
-
- uninstall_app(app_id, pkg_id, true);
-}
-
-static void prepare_request(InstallRequest &request,
- const char *const app_id,
- const char *const pkg_id,
- app_install_path_type pathType,
- const char *const path,
- uid_t uid)
-{
- request.setAppId(app_id);
- request.setPkgId(pkg_id);
- request.addPath(path, pathType);
-
- if (uid != 0)
- request.setUid(uid);
-}
-
-static uid_t getGlobalUserId(void)
-{
- return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
-}
-
-static const std::string appDirPath(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- struct tzplatform_context *tzCtxPtr = nullptr;
-
- RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr));
- TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr);
-
- RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()),
- "Unable to set user <" << user.getUserName() << "> for tzplatform context");
-
- const char *appDir = tzplatform_context_getenv(tzCtxPtr,
- getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP);
- RUNNER_ASSERT_MSG(nullptr != appDir,
- "tzplatform_context_getenv failed"
- << "for getting sys rw app of user <" << user.getUserName() << ">");
-
- return std::string(appDir) + "/" + pkgId + "/" + appId;
-}
-
-static const std::string nonAppDirPath(const TemporaryTestUser &user)
-{
- return TMP_DIR + "/" + user.getUserName();
-}
-
-static const std::string uidToStr(const uid_t uid)
-{
- return std::to_string(static_cast<unsigned int>(uid));
-}
-
-static void install_and_check(const char *const sm_app_id,
- const char *const sm_pkg_id,
- const TemporaryTestUser& user,
- const std::string &appDir,
- bool requestUid)
-{
- InstallRequest requestPrivate;
-
- //install app for non-root user
- //should fail (users may only register folders inside their home)
- prepare_request(requestPrivate, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_RW, SM_RW_PATH,
- requestUid ? user.getUid() : 0);
-
- Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
-
- InstallRequest requestPrivateUser;
-
- //install app for non-root user
- //should succeed - this time i register folder inside user's home dir
- prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id,
- SECURITY_MANAGER_PATH_RW, appDir.c_str(),
- requestUid ? user.getUid() : 0);
-
- for (auto &privilege : SM_ALLOWED_PRIVILEGES)
- requestPrivateUser.addPrivilege(privilege.c_str());
-
- Api::install(requestPrivateUser);
-
- check_app_permissions(sm_app_id, sm_pkg_id,
- uidToStr(user.getUid()).c_str(),
- SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES);
-}
-
-static void createTestDir(const std::string &dir)
-{
- mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
- mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
- mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
-
- mktreeSafe(dir, dirMode);
- creatSafe(dir + "/" + EXEC_FILE, execFileMode);
- creatSafe(dir + "/" + NORMAL_FILE, normalFileMode);
- symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE);
- symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE);
-}
-
-static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir)
-{
- createTestDir(dir);
-
- symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir");
- symlinkSafe(nonAppDir + "/" + EXEC_FILE,
- dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE);
- symlinkSafe(nonAppDir + "/" + NORMAL_FILE,
- dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE);
-}
-
-static void generateAppDir(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- const std::string dir = appDirPath(user, appId, pkgId);
- const std::string nonAppDir = nonAppDirPath(user);
-
- createInnerAppDir(dir, nonAppDir);
- createInnerAppDir(dir + "/.inner_dir", nonAppDir);
- createInnerAppDir(dir + "/inner_dir", nonAppDir);
-}
-
-static void generateNonAppDir(const TemporaryTestUser &user)
-{
- const std::string dir = nonAppDirPath(user);
-
- createTestDir(dir);
- createTestDir(dir + "/.inner_dir");
- createTestDir(dir + "/inner_dir");
-}
-
-static void createTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- generateAppDir(user, appId, pkgId);
- generateNonAppDir(user);
-}
-
-static void removeTestDirs(const TemporaryTestUser &user,
- const std::string &appId, const std::string &pkgId)
-{
- removeDir(appDirPath(user, appId, pkgId));
- removeDir(nonAppDirPath(user));
-}
-
-RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self)
-{
- int result;
- const char *const sm_app_id = "sm_test_04a_app_id_uid";
- const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid";
- const std::string new_user_name = "sm_test_04a_user_name";
-
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- testUser.create();
-
- removeTestDirs(testUser, sm_app_id, sm_pkg_id);
- createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
- const std::string userAppDirPath = appDirPath(testUser, sm_app_id, sm_pkg_id);
-
- //switch user to non-root
- result = drop_root_privileges(testUser.getUid(), testUser.getGid());
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false);
-
- //uninstall app as non-root user
- InstallRequest request;
- request.setAppId(sm_app_id);
-
- Api::uninstall(request);
-
- check_app_permissions(sm_app_id, sm_pkg_id,
- uidToStr(testUser.getUid()).c_str(),
- SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-}
-
-RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user)
-{
- int result;
- const char *const sm_app_id = "sm_test_04b_app_id_uid";
- const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid";
- const std::string new_user_name = "sm_test_04b_user_name";
-
- TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false);
- testUser.create();
-
- removeTestDirs(testUser, sm_app_id, sm_pkg_id);
- createTestDirs(testUser, sm_app_id, sm_pkg_id);
-
- install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser, sm_app_id, sm_pkg_id), true);
-
- //switch user to non-root - root may not uninstall apps for specified users
- result = drop_root_privileges(testUser.getUid(), testUser.getGid());
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- //uninstall app as non-root user
- InstallRequest request;
- request.setAppId(sm_app_id);
-
- Api::uninstall(request);
-
- check_app_permissions(sm_app_id, sm_pkg_id,
- uidToStr(testUser.getUid()).c_str(),
- SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-}
-
-
-RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities)
-{
- int result;
- CapsSetsUniquePtr caps, caps_empty(cap_init());
-
- caps.reset(cap_from_text("all=eip"));
- RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text");
- result = cap_set_proc(caps.get());
- RUNNER_ASSERT_MSG(result == 0,
- "can't set capabilities. Result: " << result);
-
- Api::dropProcessPrivileges();
-
- caps.reset(cap_get_proc());
- RUNNER_ASSERT_MSG(caps, "can't get proc capabilities");
-
- result = cap_compare(caps.get(), caps_empty.get());
- RUNNER_ASSERT_MSG(result == 0,
- "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL));
-}
-
-RUNNER_CHILD_TEST(security_manager_06_install_app_offline)
-{
- const char *const app_id = "sm_test_06_app_id_install_app_offline";
- const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline";
-
- // Uninstall app on-line, off-line mode doesn't support it
- uninstall_app(app_id, pkg_id, true);
-
- ServiceManager("security-manager.service").stopService();
-
- ServiceManager serviceManager("security-manager.socket");
- serviceManager.stopService();
-
- install_app(app_id, pkg_id);
-
- serviceManager.startService();
-
- uninstall_app(app_id, pkg_id, true);
-}
-
-RUNNER_CHILD_TEST(security_manager_07_user_add_app_install)
-{
- const char *const sm_app_id = "sm_test_07_app_id_user";
- const char *const sm_pkg_id = "sm_test_07_pkg_id_user";
- const std::string new_user_name = "sm_test_07_user_name";
- std::string uid_string;
- TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
- test_user.create();
- test_user.getUidString(uid_string);
-
- removeTestDirs(test_user, sm_app_id, sm_pkg_id);
- createTestDirs(test_user, sm_app_id, sm_pkg_id);
-
- install_app(sm_app_id, sm_pkg_id, test_user.getUid());
-
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- test_user.remove();
-
- check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-
- check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
-}
-
-RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove)
-{
- UserRequest addUserRequest;
-
- const char *const sm_app_id = "sm_test_08_app_id_user";
- const char *const sm_pkg_id = "sm_test_08_pkg_id_user";
- const std::string new_user_name = "sm_test_08_user_name";
- std::string uid_string;
-
- // gumd user add
- TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false);
- test_user.create();
- test_user.getUidString(uid_string);
-
- removeTestDirs(test_user, sm_app_id, sm_pkg_id);
- createTestDirs(test_user, sm_app_id, sm_pkg_id);
-
- addUserRequest.setUid(test_user.getUid());
- addUserRequest.setUserType(SM_USER_TYPE_NORMAL);
-
- //sm user add
- Api::addUser(addUserRequest);
-
- install_app(sm_app_id, sm_pkg_id, test_user.getUid());
-
- check_app_after_install(sm_app_id, sm_pkg_id);
-
- test_user.remove();
-
- UserRequest deleteUserRequest;
- deleteUserRequest.setUid(test_user.getUid());
-
- Api::deleteUser(deleteUserRequest);
-
- check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES);
-
- check_app_after_uninstall(sm_app_id, sm_pkg_id, true);
-}
-
-RUNNER_CHILD_TEST(security_manager_09_add_user_offline)
-{
- const char *const app_id = "security_manager_09_add_user_offline_app";
- const char *const pkg_id = "security_manager_09_add_user_offline_pkg";
- const std::string new_user_name("sm_test_09_user_name");
-
- ServiceManager("security-manager.service").stopService();
-
- ServiceManager serviceManager("security-manager.socket");
- serviceManager.stopService();
-
- TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true);
- test_user.create();
-
- removeTestDirs(test_user, app_id, pkg_id);
- createTestDirs(test_user, app_id, pkg_id);
-
- install_app(app_id, pkg_id, test_user.getUid());
-
- check_app_after_install(app_id, pkg_id);
-
- serviceManager.startService();
-
- test_user.remove();
-
- check_app_after_uninstall(app_id, pkg_id, true);
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self)
-{
- //TEST DATA
- const std::string username("sm_test_10_user_name");
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
- ++privileges_count;
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- //TEST DATA END
-
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
- pid_t pid = fork();
-
- if (pid != 0) { //parent process
- TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false);
- tmpUser.create();
-
- for(const auto &user : users2AppsMap) {
-
- for(const auto &app : user.second) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(tmpUser.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
- //Start child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
-
- int status;
- wait(&status);
-
- tmpUser.remove();
- };
-
- if (pid == 0) { //child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
- //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
-
- struct passwd *pw = getUserStruct(username);
- register_current_process_as_privilege_manager(pw->pw_uid);
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter;
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
-
- for (const auto &policyEntry : policyEntries) {
- std::string user = policyEntry.getUser();
- std::string app = policyEntry.getAppId();
- std::string privilege = policyEntry.getPrivilege();
-
- try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
- };
- };
- exit(0);
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"};
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
- //Only entries for one of the users will be listed
- privileges_count = 0;
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(0)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
-
- ++privileges_count;
- //TEST DATA END
-
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
- pid_t pid = fork();
-
- if (pid != 0) { //parent process
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
-
- //Install apps for both users
- for(const auto &user : users) {
- for(const auto &app : users2AppsMap.at(user.getUserName())) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(user.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
- //Start child
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
-
- int status;
- wait(&status);
-
- for(auto &user : users) {
- user.remove();
- };
- };
-
- if (pid == 0) {
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
- struct passwd *pw = getUserStruct(usernames.at(0));
- register_current_process_as_privilege_manager(pw->pw_uid);
-
- //change uid to normal user
- errno = 0;
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter;
-
- //this call should only return privileges belonging to the current uid
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
-
- for (const auto &policyEntry : policyEntries) {
- std::string user = policyEntry.getUser();
- std::string app = policyEntry.getAppId();
- std::string privilege = policyEntry.getPrivilege();
-
- try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
- };
- };
- exit(0);
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"};
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE}));
-
- privileges_count += 2;
- //TEST DATA END
-
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
- pid_t pid = fork();
-
- if (pid != 0) { //parent process
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
- //Install apps for both users
- for(const auto &user : users) {
- for(const auto &app : users2AppsMap.at(user.getUserName())) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(user.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
-
- //Start child
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
-
- //Wait for child to finish
- int status;
- wait(&status);
-
- for(auto &user : users) {
- user.remove();
- };
- };
-
- if (pid == 0) { //child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno);
-
- struct passwd *pw = getUserStruct(usernames.at(1));
- register_current_process_as_privilege_manager(pw->pw_uid, true);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter;
- //this call should succeed as the calling user is privileged
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size());
-
- for (const auto &policyEntry : policyEntries) {
- std::string user = policyEntry.getUser();
- std::string app = policyEntry.getAppId();
- std::string privilege = policyEntry.getPrivilege();
-
- try {
- struct passwd *pw_current = getUserStruct(static_cast<uid_t>(std::stoul(user)));
- std::set<std::string>::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege);
- if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end())
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry);
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what());
- } catch (const std::invalid_argument& e) {
- RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what());
- };
- };
-
- exit(0);
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"};
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
-
- //TEST DATA END
-
- pid_t pid[2];
- sem_t *mutex[2];
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex[0] = sem_open("mutex_1", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #1, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex[1] = sem_open("mutex_2", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #2, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex[0], 1, 0) == 0, "failed to setup mutex #1, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex[1], 1, 0) == 0, "failed to setup mutex #2, errno: " << errno);
- std::vector<PolicyEntry> policyEntries;
-
- pid[0] = fork();
-
- if(pid[0] == 0) { //child #1 process
- RUNNER_ASSERT_MSG(sem_wait(mutex[0]) == 0, "sem_wait in child #1 failed, errno: " << errno);
- struct passwd *pw = getUserStruct(usernames.at(0));
- register_current_process_as_privilege_manager(pw->pw_uid);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry filter;
- PolicyRequest policyRequest;
- //this call should succeed as the calling user is privileged
- Api::getPolicyForSelf(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
-
- PolicyEntry policyEntry(
- MANY_APPS[0],
- std::to_string(pw->pw_uid),
- "http://tizen.org/privilege/internet"
- );
- policyEntry.setLevel("Deny");
-
- policyRequest.addEntry(policyEntry);
- policyEntry = PolicyEntry(
- MANY_APPS[1],
- std::to_string(pw->pw_uid),
- "http://tizen.org/privilege/location"
- );
- policyEntry.setLevel("Deny");
-
- policyRequest.addEntry(policyEntry);
- Api::sendPolicy(policyRequest);
- Api::getPolicyForSelf(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
- exit(0);
- };
-
- if (pid[0] != 0) {//parent process
- pid[1] = fork();
-
- if (pid[1] == 0) { //child #2 process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex[1]) == 0, "sem_wait in child #2 failed, errno: " << errno);
- struct passwd *pw_target = getUserStruct(usernames.at(0));
- struct passwd *pw = getUserStruct(usernames.at(1));
- register_current_process_as_privilege_manager(pw->pw_uid);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry filter = PolicyEntry(
- SECURITY_MANAGER_ANY,
- std::to_string(pw_target->pw_uid),
- SECURITY_MANAGER_ANY
- );
-
- //U2 requests contents of U1 privacy manager - should fail
- Api::getPolicyForSelf(filter, policyEntries);
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
-
- filter = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY
- );
-
- policyEntries.clear();
-
- //U2 requests contents of ADMIN bucket - should fail
- Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED);
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
- exit(0);
- };
-
- if (pid[1] != 0) { //parent
-
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
-
- //Install apps for both users
- for(const auto &user : users2AppsMap) {
-
- for(const auto &app : user.second) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(users.at(0).getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
-
- //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str());
- };
-
- int status;
- //Start child #1
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex[0]) == 0, "Error while opening mutex #1, errno: " << errno);
-
- //Wait until child #1 finishes
- pid_t ret = wait(&status);
- RUNNER_ASSERT_MSG((ret != -1) && WIFEXITED(status), "Updating privileges failed");
-
- //Start child #2
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex[1]) == 0, "Error while opening mutex #2, errno: " << errno);
- //Wait until child #2 finishes
- ret = wait(&status);
- RUNNER_ASSERT_MSG((ret =-1) && WIFEXITED(status), "Listing privileges failed");
-
- for(auto &user : users) {
- user.remove();
- };
-
- sem_close(mutex[0]);
- sem_close(mutex[1]);
- };
- };
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin)
-{
- //TEST DATA
- const std::vector<std::string> usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"};
- unsigned int privileges_count = 0;
-
- std::map<std::string, std::map<std::string, std::set<std::string>>> users2AppsMap;
- std::map<std::string, std::set<std::string>> apps2PrivsMap;
-
- for (const auto &username : usernames) {
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- apps2PrivsMap.insert(std::pair<std::string, std::set<std::string>>(
- MANY_APPS.at(i), std::set<std::string>(
- MANY_APPS_PRIVILEGES.at(i).begin(),
- MANY_APPS_PRIVILEGES.at(i).end())));
- privileges_count+=MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- users2AppsMap.insert(std::pair<std::string, std::map<std::string, std::set<std::string>>>(username, apps2PrivsMap));
- };
-
- users2AppsMap.at(usernames.at(1)).insert(std::pair<std::string, std::set<std::string>>(
- PRIVILEGE_MANAGER_APP, std::set<std::string>{PRIVILEGE_MANAGER_SELF_PRIVILEGE}));
-
- privileges_count += 2;
- //TEST DATA END
- sem_t *mutex;
- errno = 0;
- RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno);
- errno = 0;
- RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno);
-
- pid_t pid = fork();
- if (pid != 0) {
- std::vector<TemporaryTestUser> users = {
- TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false),
- TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false)
- };
-
- users.at(0).create();
- users.at(1).create();
-
- //Install apps for both users
- for(const auto &user : users) {
-
- for(const auto &app : users2AppsMap.at(user.getUserName())) {
- InstallRequest requestInst;
- requestInst.setAppId(app.first.c_str());
- try {
- requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str());
- } catch (const std::out_of_range &e) {
- RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first);
- };
- requestInst.setUid(user.getUid());
-
- for (const auto &privilege : app.second) {
- requestInst.addPrivilege(privilege.c_str());
- };
-
- Api::install(requestInst);
- };
- };
- //Start child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno);
- int status;
- //Wait for child process to finish
- wait(&status);
-
- //switch back to root
- for(auto &user : users) {
- user.remove();
- };
-
- sem_close(mutex);
- }
-
- if (pid == 0) { //child process
- errno = 0;
- RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno);
-
- struct passwd *pw = getUserStruct(usernames.at(0));
- register_current_process_as_privilege_manager(pw->pw_uid, true);
-
- //change uid to normal user
- int result = drop_root_privileges(pw->pw_uid, pw->pw_gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyRequest *policyRequest = new PolicyRequest();
- PolicyEntry filter;
- std::vector<PolicyEntry> policyEntries;
- //this call should succeed as the calling user is privileged
- Api::getPolicyForSelf(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty");
-
- PolicyEntry policyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/internet"
- );
- policyEntry.setMaxLevel("Deny");
-
- policyRequest->addEntry(policyEntry);
- policyEntry = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/location"
- );
- policyEntry.setMaxLevel("Deny");
-
- policyRequest->addEntry(policyEntry);
- Api::sendPolicy(*policyRequest);
- Api::getPolicyForAdmin(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
-
- delete policyRequest;
- policyRequest = new PolicyRequest();
- policyEntry = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/internet"
- );
- policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
- policyRequest->addEntry(policyEntry);
-
- policyEntry = PolicyEntry(
- SECURITY_MANAGER_ANY,
- SECURITY_MANAGER_ANY,
- "http://tizen.org/privilege/location"
- );
- policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE);
-
- policyRequest->addEntry(policyEntry);
- Api::sendPolicy(*policyRequest);
-
- policyEntries.clear();
- Api::getPolicyForAdmin(filter, policyEntries);
- RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size());
-
- delete policyRequest;
-
- exit(0);
- };
-
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin)
-{
- const char *const update_app_id = "security_manager_15_update_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "ADMIN";
- const std::string username("sm_test_15_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), true);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setMaxLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard)
-{
- const char *const update_other_app_id = "security_manager_15_update_other_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "ADMIN";
- const std::string username("sm_test_15_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), true);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // use wildcard as appId
- PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setMaxLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self)
-{
- const char *const update_app_id = "security_manager_15_update_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "";
- const std::string username("sm_test_15_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), false);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get)
-{
- const std::string username("sm_test_16_user_cynara_policy");
- CynaraTestAdmin::Admin admin;
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- }
- if(pid == 0)
- {
- int ret;
- char** levels;
- std::string allow_policy, deny_policy;
- size_t count;
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // without plugins there should only be 2 policies - Allow and Deny
- ret = security_manager_policy_levels_get(&levels, &count);
-
- RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS,
- "Invlid return code: " << ret);
-
- RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast<int>(count));
-
- deny_policy = std::string(levels[0]);
- allow_policy = std::string(levels[count-1]);
-
- // first should always be Deny
- RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0,
- "Invalid first policy level. Should be Deny, instead there is: " << levels[0]);
-
- // last should always be Allow
- RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0,
- "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]);
-
- security_manager_policy_levels_free(levels, count);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_delete_policy_for_self)
-{
- const char *const update_app_id = "security_manager_17_update_app_id";
- const char *const update_privilege = "http://tizen.org/privilege/led";
- const char *const check_start_bucket = "";
- const std::string username("sm_test_17_username");
- PolicyRequest addPolicyRequest;
- CynaraTestAdmin::Admin admin;
-
- struct message {
- uid_t uid;
- gid_t gid;
- } msg;
-
- int pipefd[2];
- int pipefd2[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
- RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed");
-
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false);
- user.create();
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- register_current_process_as_privilege_manager(user.getUid(), false);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr);
-
- pid = fork();
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd2+1);
- close(pipefd2[0]);
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- //wait for child
- waitpid(-1, &result, 0);
-
- admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(),
- std::to_string(static_cast<int>(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr);
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd2);
- close(pipefd2[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // delete this entry
- PolicyRequest deletePolicyRequest;
- PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- deleteEntry.setLevel(SECURITY_MANAGER_DELETE);
-
- deletePolicyRequest.addEntry(deleteEntry);
- Api::sendPolicy(deletePolicyRequest);
- exit(0);
- }
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- PolicyEntry entry(update_app_id, std::to_string(static_cast<int>(msg.uid)), update_privilege);
- entry.setLevel("Allow");
-
- addPolicyRequest.addEntry(entry);
- Api::sendPolicy(addPolicyRequest);
- exit(0);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered)
-{
- const std::string username("sm_test_17_user_name");
-
- struct message {
- uid_t uid;
- gid_t gid;
- unsigned int privileges_count;
- } msg;
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
-
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- TemporaryTestUser user(username, static_cast<GumUserType>(GUM_USERTYPE_NORMAL), false);
- user.create();
-
- unsigned int privileges_count = 0;
-
- register_current_process_as_privilege_manager(user.getUid(), false);
- //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable
- ++privileges_count;
-
- for(unsigned int i = 0; i < MANY_APPS.size(); ++i) {
- InstallRequest requestInst;
- requestInst.setAppId(MANY_APPS[i].c_str());
- requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).c_str());
- requestInst.setUid(user.getUid());
-
- for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) {
- requestInst.addPrivilege(priv.c_str());
- };
-
- Api::install(requestInst);
- privileges_count += MANY_APPS_PRIVILEGES.at(i).size();
- };
-
- //send info to child
- msg.uid = user.getUid();
- msg.gid = user.getGid();
- msg.privileges_count = privileges_count;
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
- }
- if(pid == 0)
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
-
- // filter by privilege
- std::vector<PolicyEntry> policyEntries;
- PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet");
- Api::getPolicy(filter, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size());
-
- // filter by other privilege
- policyEntries.clear();
- PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email");
- Api::getPolicy(filter2, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size());
-
- // filter by appId
- policyEntries.clear();
- PolicyEntry filter3(MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY);
- Api::getPolicy(filter3, policyEntries);
-
- RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty");
- RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size());
- }
-}
-
-RUNNER_CHILD_TEST(security_manager_18_user_cynara_policy)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- const char *const MAIN_BUCKET = "MAIN";
- const char *const MANIFESTS_BUCKET = "MANIFESTS";
- const char *const ADMIN_BUCKET = "ADMIN";
- const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL";
- const std::string username("sm_test_10_user_cynara_policy");
- CynaraTestAdmin::Admin admin;
- std::string uid_string;
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
- user.create();
- user.getUidString(uid_string);
-
- CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer;
- nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET);
- admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS);
-
- user.remove();
- CynaraTestAdmin::CynaraPoliciesContainer emptyContainer;
-
- admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
- admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
- admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
- admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS);
-}
-
-RUNNER_CHILD_TEST(security_manager_19_security_manager_cmd_install)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- int ret;
- const int SUCCESS = 0;
- const int FAILURE = 256;
- const std::string app_id = "security_manager_10_app";
- const std::string pkg_id = "security_manager_10_pkg";
- const std::string username("sm_test_10_user_name");
- std::string uid_string;
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
- user.create();
- user.getUidString(uid_string);
- const std::string path1 = appDirPath(user, app_id, pkg_id) + "/p1";
- const std::string path2 = appDirPath(user, app_id, pkg_id) + "/p2";
- const std::string pkgopt = " --pkg=" + pkg_id;
- const std::string appopt = " --app=" + app_id;
- const std::string uidopt = " --uid=" + uid_string;
-
- mktreeSafe(path1.c_str(), 0);
- mktreeSafe(path2.c_str(), 0);
-
- const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt;
-
- struct operation {
- std::string command;
- int expected_result;
- };
- std::vector<struct operation> operations = {
- {"security-manager-cmd", FAILURE},//no option
- {"security-manager-cmd --blah", FAILURE},//blah option is not known
- {"security-manager-cmd --help", SUCCESS},
- {"security-manager-cmd --install", FAILURE},//no params
- {"security-manager-cmd -i", FAILURE},//no params
- {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid
- {installcmd, SUCCESS},
- {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS},
- {installcmd + " --path " + path1 + " writable", SUCCESS},
- {installcmd + " --path " + path1, FAILURE},//no path type
- {installcmd + " --path " + path1 + " writable" + " --path " + path2 + " readable", SUCCESS},
- {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " readable", FAILURE},//wrong path type
- {installcmd + " --path " + path1 + " writable" + " --privilege somepriv --privilege somepriv2" , SUCCESS},
- };
-
- for (auto &op : operations) {
- ret = system(op.command.c_str());
- RUNNER_ASSERT_MSG(ret == op.expected_result,
- "Unexpected result for command '" << op.command <<"': "
- << ret << " Expected was: "<< op.expected_result);
- }
-}
-
-RUNNER_CHILD_TEST(security_manager_20_security_manager_cmd_users)
-{
- RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts");
- int ret;
- const int SUCCESS = 0;
- const int FAILURE = 256;
- const std::string username("sm_test_11_user_name");
- std::string uid_string;
- TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true);
- user.create();
- user.getUidString(uid_string);
- const std::string uidopt = " --uid=" + uid_string;
-
- struct operation {
- std::string command;
- int expected_result;
- };
- std::vector<struct operation> operations = {
- {"security-manager-cmd --manage-users=remove", FAILURE},//no params
- {"security-manager-cmd -m", FAILURE},//no params
- {"security-manager-cmd -mr", FAILURE},//no uid
- {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid
- {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj?
- {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf?
- {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed
- {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah
- {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added
- {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added
- {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added
- };
-
- for (auto &op : operations) {
- ret = system(op.command.c_str());
- RUNNER_ASSERT_MSG(ret == op.expected_result,
- "Unexpected result for command '" << op.command <<"': "
- << ret << " Expected was: "<< op.expected_result);
- }
-}
-
-RUNNER_MULTIPROCESS_TEST(security_manager_21_security_manager_admin_deny_user_priv)
-{
- const int BUFFER_SIZE = 128;
- struct message {
- uid_t uid;
- gid_t gid;
- char buf[BUFFER_SIZE];
- } msg;
-
- privileges_t admin_required_privs = {
- "http://tizen.org/privilege/systemsettings.admin",
- "http://tizen.org/privilege/systemsettings"};
- privileges_t manifest_privs = {
- "http://tizen.org/privilege/internet",
- "http://tizen.org/privilege/camera"};
- privileges_t real_privs_allow = {"http://tizen.org/privilege/camera"};
- privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"};
-
- const std::string pirivman_id = "sm_test_13_ADMIN_APP";
- const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG";
- const std::string app_id = "sm_test_13_SOME_APP";
- const std::string pkg_id = "sm_test_13_SOME_PKG";
-
- int pipefd[2];
- pid_t pid;
- int result = 0;
-
- RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed");
- pid = fork();
- RUNNER_ASSERT_MSG(pid >= 0, "fork failed");
- if (pid != 0)//parent process
- {
- std::string childuidstr;
- TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, true);
- TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, true);
-
- InstallRequest request,request2;
- FdUniquePtr pipeptr(pipefd+1);
- close(pipefd[0]);
-
- admin.create();
- child.create();
- child.getUidString(childuidstr);
-
- //install privacy manager for admin
- request.setAppId(pirivman_id.c_str());
- request.setPkgId(pirivman_pkg_id.c_str());
- request.setUid(admin.getUid());
- for (auto &priv: admin_required_privs)
- request.addPrivilege(priv.c_str());
- Api::install(request);
-
- //install app for child that has internet privilege
- request2.setAppId(app_id.c_str());
- request2.setPkgId(pkg_id.c_str());
- request2.setUid(child.getUid());
- for (auto &priv: manifest_privs)
- request2.addPrivilege(priv.c_str());
- Api::install(request2);
-
- check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
- manifest_privs, SM_NO_PRIVILEGES);
-
- //send info to child
- msg.uid = admin.getUid();
- msg.gid = admin.getGid();
- strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE);
-
- ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed");
-
- //wait for child
- RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed");
-
- check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(),
- real_privs_allow, real_privs_deny);
- }
- if (pid == 0)//child
- {
- FdUniquePtr pipeptr(pipefd);
- close(pipefd[1]);
-
- ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message)));
- RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed");
-
- //become admin privacy manager manager
- Api::setProcessLabel(pirivman_id.c_str());
- result = drop_root_privileges(msg.uid, msg.gid);
- RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed");
- PolicyRequest addPolicyReq;
- //change rights
- for (auto &denypriv:real_privs_deny) {
- /*this entry will deny some privileges for user whose uid (as c string)
- was sent in message's buf field.
- That user would be denying internet for child in this case*/
- PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv);
- entry.setMaxLevel("Deny");
- addPolicyReq.addEntry(entry);
- }
- Api::sendPolicy(addPolicyReq);
- exit(0);
- }
-}
-
-void saveMappingsToDb(const std::string &version_from, const std::string &version_to,
- const privileges_t &privileges, const std::vector<privileges_t> &mappings) {
- TestSecurityManagerDatabase db;
- RUNNER_ASSERT_MSG(privileges.size() == mappings.size(), "Wrong given privileges and mappings size");
- auto privIt = privileges.begin();
- auto mappIt = mappings.begin();
- for (; privIt != privileges.end() && mappIt != mappings.end(); privIt++, mappIt++) {
- for (const auto &mapping : *mappIt) {
- db.setup_privilege_mapping(version_from, version_to, *privIt, mapping);
- }
- }
-}
-
-void saveDefaultMappingsToDb(const std::string &version_from, const std::string &version_to,
- const privileges_t &privileges) {
- TestSecurityManagerDatabase db;
- for (auto &privilege : privileges) {
- db.setup_default_version_privilege(version_from, version_to, privilege);
- }
-}
-
-void concatUnique(privileges_t &to, const privileges_t &from) {
- to.reserve(to.size() + from.size());
- for (auto &new_priv : from) {
- if (std::find(to.begin(), to.end(), new_priv) == to.end())
- to.push_back(new_priv);
- }
-}
-
-RUNNER_TEST(security_manager_22_get_privilege_mappings)
-{
- saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
- saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
- privileges_t retrievedMapping;
- std::string current;
- auto expectedIt = NEW_PRIVILEGES.begin();
- for (const auto &privilege : OLD_PRIVILEGES) {
- retrievedMapping.clear();
- std::vector<std::string> privilegeToMap = {privilege};
- Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(),
- privilegeToMap, retrievedMapping);
- std::vector<std::string> expectedPrivileges = *expectedIt;
- concatUnique(expectedPrivileges, DEFAULT_PRIVILEGES);
- RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
- "Wrong count of mappings returned for " << privilege << "."
- " Got " << retrievedMapping.size()
- << " expected " << expectedPrivileges.size());
- RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
- "Wrong mapping returned for " << privilege);
- ++expectedIt;
- }
-}
-
-RUNNER_TEST(security_manager_23_get_privileges_mappings)
-{
- saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
- saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
-
- std::vector<std::string> retrievedMapping;
- std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
- for(auto &expected : NEW_PRIVILEGES) {
- concatUnique(expectedPrivileges, expected);
- }
- const std::vector<std::string> &privilegesToMap = OLD_PRIVILEGES;
-
- Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegesToMap, retrievedMapping);
- RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
- "Wrong count of mappings returned. Got " << retrievedMapping.size()
- << " expected " << expectedPrivileges.size());
- RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
- "Wrong mapping returned for privileges set");
-}
-
-RUNNER_TEST(security_manager_24_get_privileges_mappings_default_version)
-{
- saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES);
- saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
-
- std::vector<std::string> retrievedMapping;
- std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
- for(auto &expected : NEW_PRIVILEGES) {
- concatUnique(expectedPrivileges, expected);
- }
- const std::vector<std::string> &privilegesToMap = OLD_PRIVILEGES;
-
- Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegesToMap, retrievedMapping);
- RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
- "Wrong count of mappings returned. Got " << retrievedMapping.size()
- << " expected " << expectedPrivileges.size());
- RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
- "Wrong mapping returned for privileges set");
-}
-
-RUNNER_TEST(security_manager_25_get_default_mappings)
-{
- saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
-
- std::vector<std::string> retrievedMapping;
- std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
-
- // Empty privilege to map vector will indicate nullptr privilege array in security-manager API
- std::vector<std::string> privilegeToMap;
-
- Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegeToMap, retrievedMapping);
- RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
- "Wrong count of mappings returned. Got " << retrievedMapping.size()
- << " expected " << expectedPrivileges.size());
- RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
- "Wrong default mapping returned");
-}
-
-RUNNER_TEST(security_manager_26_get_default_mappings_default_version)
-{
- saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES);
-
- std::vector<std::string> retrievedMapping;
- std::vector<std::string> expectedPrivileges = DEFAULT_PRIVILEGES;
-
- // Empty privilege to map vector will indicate nullptr privilege array in security-manager API
- std::vector<std::string> privilegeToMap;
-
- Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegeToMap, retrievedMapping);
- RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(),
- "Wrong count of mappings returned. Got " << retrievedMapping.size()
- << " expected " << expectedPrivileges.size());
- RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()),
- "Wrong default mapping returned");
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @author Mariusz Domanski (m.domanski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SEC_SRV_TESTS_DEP
- libsmack
- libprivilege-control
- security-server
- dlog
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-SET(TARGET_SEC_SRV_COMMON "security-server-tests-common")
-SET(TARGET_SEC_SRV_CLIENT_SMACK_TESTS "security-server-tests-client-smack")
-SET(TARGET_SEC_SRV_TC_SERVER_TESTS "security-server-tests-server")
-SET(TARGET_SEC_SRV_PWD_TESTS "security-server-tests-password")
-SET(TARGET_SEC_SRV_PRIVILEGE_TESTS "security-server-tests-privilege")
-SET(TARGET_SEC_SRV_STRESS_TESTS "security-server-tests-stress")
-SET(TARGET_SEC_SRV_MT_TESTS "security-server-tests-mt")
-SET(TARGET_SEC_SRV_MEASURER "security-server-tests-api-speed")
-
-
-# Sources definition
-
-SET(SEC_SRV_COMMON_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/security_server_tests_common.cpp
- )
-
-SET(SEC_SRV_CLIENT_SMACK_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_client_smack.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp
- )
-
-SET(SEC_SRV_TC_SERVER_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/server.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/cookie_api.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/weird_arguments.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp
- )
-
-SET(SEC_SRV_PWD_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_password.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp
- )
-
-SET(SEC_SRV_PRIVILEGE_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_privilege.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-SET(SEC_SRV_STRESS_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_stress.cpp
- )
-
-SET(SEC_SRV_MT_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_mt.cpp
- )
-
-SET(SEC_SRV_MEASURER_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_measurer_API_speed.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SEC_SRV_TESTS_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-#LINK_DIRECTORIES(${SEC_SRV_PKGS_LIBRARY_DIRS})
-
-ADD_LIBRARY(${TARGET_SEC_SRV_COMMON} STATIC ${SEC_SRV_COMMON_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} ${SEC_SRV_CLIENT_SMACK_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_TC_SERVER_TESTS} ${SEC_SRV_TC_SERVER_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_PWD_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_PRIVILEGE_TESTS} ${SEC_SRV_PRIVILEGE_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_STRESS_TESTS} ${SEC_SRV_STRESS_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_MT_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_MEASURER} ${SEC_SRV_MEASURER_SOURCES})
-
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_TC_SERVER_TESTS}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PWD_TESTS}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PRIVILEGE_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_STRESS_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MT_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MEASURER}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_TC_SERVER_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_PWD_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_PRIVILEGE_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_STRESS_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_MT_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_MEASURER} DESTINATION /usr/bin)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules1.smack
- DESTINATION /usr/share/privilege-control/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules2.smack
- DESTINATION /usr/share/privilege-control/
-)
+++ /dev/null
-~APP~ sstp_test_book_1 rwxatl
-sstp_test_subject_1 ~APP~ rwxatl
+++ /dev/null
-~APP~ sstp_test_book_1 rwxatl
-sstp_test_subject_1 ~APP~ rwxatl
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file security_server_tests_common.cpp
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-server tests commons
- */
-
-#include "security_server_tests_common.h"
-
-const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
-
-Cookie getCookieFromSS() {
- Cookie cookie(security_server_get_cookie_size());
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS ==
- security_server_request_cookie(cookie.data(), cookie.size()),
- "Error in security_server_request_cookie.");
-
- return cookie;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file security_server_tests_common.h
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-server tests commons
- */
-
-#include <security-server.h>
-#include <tests_common.h>
-
-#ifndef SECURITY_SERVER_TESTS_COMMON_H_
-#define SECURITY_SERVER_TESTS_COMMON_H_
-
-extern const unsigned int PASSWORD_RETRY_TIMEOUT_US;
-typedef std::vector<char> Cookie;
-
-Cookie getCookieFromSS();
-
-#endif /* SECURITY_SERVER_TESTS_COMMON_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-
-/*
- * @file security_server_tests_cookie_api.cpp
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @version 1.0
- * @brief Test cases for security server cookie api
- *
- */
-
-/*
-Tested API functions in this file:
-
- int security_server_get_cookie_size(void);
- int security_server_request_cookie(char *cookie, size_t bufferSize);
-
- int security_server_check_privilege(const char *cookie, gid_t privilege);
- int security_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
- int security_server_get_cookie_pid(const char *cookie);
- char *security_server_get_smacklabel_cookie(const char *cookie);
- int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
- int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
-*/
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <cstddef>
-#include <sys/types.h>
-#include <unistd.h>
-#include <access_provider.h>
-#include <security-server.h>
-#include <smack_access.h>
-#include <security_server_tests_common.h>
-#include <memory.h>
-
-const char *ROOT_USER = "root";
-const char *PROC_AUDIO_GROUP_NAME = "audio";
-
-const int KNOWN_COOKIE_SIZE = 20;
-
-RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
-
-/*
- * **************************************************************************
- * Test cases fot check various functions input params cases
- * **************************************************************************
- */
-
-//---------------------------------------------------------------------------
-//passing nullptr as a buffer pointer
-RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
-{
- int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_request_cookie() argument checking: " << ret);
-}
-
-//passing too small value as a buffer size
-RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
-{
- Cookie cookie(KNOWN_COOKIE_SIZE);
-
- int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
- "Error in security_server_request_cookie() argument checking: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
-{
- int ret = security_server_check_privilege(nullptr, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege() argument checking: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//passing nullptr as an object pointer
-RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//passing nullptr as an access pointer
-RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
-{
- int ret = security_server_get_cookie_pid(nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_get_cookie_pid() argument checking: " << ret);
-}
-
-//getting pid of non existing cookie
-RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
-{
- const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
- RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) ==
- SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
-{
- char *label = nullptr;
- label = security_server_get_smacklabel_cookie(nullptr);
- RUNNER_ASSERT_MSG(label == nullptr,
- "Error in security_server_get_smacklabel_cookie() argument checking");
-}
-
-
-
-/*
- * **************************************************************************
- * Unit tests for each function from API
- * **************************************************************************
- */
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
-{
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Get cookie size when smack is not loaded
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
-{
- int ret;
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie in normal case when smack is not loaded
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
-{
- int ret;
- int cookieSize = security_server_get_cookie_size();
- Cookie cookie(cookieSize);
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie when smack is not loaded but with too small
-// buffer size
-RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
-{
- int ret;
- int cookieSize = security_server_get_cookie_size();
- Cookie cookie(cookieSize);
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Get cookie size when smack is loaded
-RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
-{
- SecurityServer::AccessProvider provider("selflabel_01_05");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie in normal case when smack is loaded
-RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
-
- SecurityServer::AccessProvider provider("selflabel_02_01");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie when smack is loaded but with too small buffer
-// size
-RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
- cookieSize >>= 1;
-
- SecurityServer::AccessProvider provider("selflabel_02_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_check_privilege(): " << ret);
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_03_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege() should return access denied: " << ret);
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_03_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_check_privilege(): " << ret);
-}
-
-// invalid gid
-RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
-{
- remove_process_group(PROC_AUDIO_GROUP_NAME);
-
- Cookie cookie = getCookieFromSS();
- int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(audio_gid > -1,
- "security_server_get_gid() failed. result = " << audio_gid);
-
- int ret = security_server_check_privilege(cookie.data(), audio_gid);
-
- // security_server_check_privilege fails, because the process does not belong to "audio" group
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-
-// add gid
-RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- Cookie cookie = getCookieFromSS();
- int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(audio_gid > -1,
- "security_server_get_gid() failed. result = " << audio_gid);
-
- int ret = security_server_check_privilege(cookie.data(), audio_gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-// test invalid cookie name
-RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
-{
- // create invalid cookie
- int size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
-
- Cookie cookie(size);
- cookie[0] = 'a';
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
-
- int pid = getpid();
- RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_05_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_cookie_pid() should return access denied: " << ret);
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_05_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
-
- int pid = getpid();
- RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
-{
- setLabelForSelf(__LINE__, "selflabel_06_01");
-
- Cookie cookie = getCookieFromSS();
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
- "No match in smack label received from cookie, received label: "
- << label.get());
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
-{
- Cookie cookie = getCookieFromSS();
-
- char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
- RUNNER_ASSERT_MSG(receivedLabel != nullptr,
- "security_server_get_smacklabel_cookie returned nullptr");
- std::string label(receivedLabel);
- free(receivedLabel);
- RUNNER_ASSERT_MSG(label.empty(),
- "security_server_get_smacklabel_cookie returned: "
- << label);
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_06_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(label.get() == nullptr,
- "nullptr should be received due to access denied, received label: "
- << label.get());
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
-{
- SecurityServer::AccessProvider provider("selflabel_06_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie = getCookieFromSS();
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
- "No match in smack label received from cookie, received label: "
- << label.get());
-}
-
-//---------------------------------------------------------------------------
-// apply smack labels and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- SecurityServer::AccessProvider provider("subject_1d6eda7d");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
- << "\" gid. Result: " << ret);
-
- ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- int root_gid = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get());
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-// disable access and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
-{
- SecurityServer::AccessProvider provider("subject_1d414140");
-
- Cookie cookie = getCookieFromSS();
-
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege should return access denied, "
- "ret: " << ret);
-
- ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_gid should return access denied, "
- "ret: " << ret);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_cookie_pid should return access denied, "
- "ret: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() == nullptr,
- "access should be denied so label should be nullptr: " << ss_label.get());
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege_by_pid should return access denied, "
- "ret: " << ret);
-}
-
-// NOSMACK version of the test above
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- // drop root privileges
- int ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- Cookie cookie = getCookieFromSS();
-
- ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
- << "\" gid. Result: " << ret);
-
- ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege failed. Result: " << ret);
-
- ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == getpid(),
- "get_cookie_pid returned different pid than it should. Result: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed.");
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid failed. Result: " << ret);
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <service_manager.h>
-
-int restart_security_server() {
- ServiceManager serviceManager("security-server.service");
- serviceManager.restartService();
-
- return 0;
-}
-
-static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW *ftwbuf)
-{
- if (tflag == FTW_F)
- unlink(fpath);
- else if (tflag == FTW_DP && ftwbuf->level != 0)
- rmdir(fpath);
-
- return 0;
-}
-
-/**
- * This function should be called at the begining of every SS test, so all the tests
- * are independent of each other.
- */
-int reset_security_server()
-{
- const char* path = "/opt/data/security-server/";
- const int max_descriptors = 10; //max number of open file descriptors by nftw function
-
- // Clear /opt/data/security-server/ directory
- if (access(path, F_OK) == 0) {
- if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
- return 1;
- }
- sync();
- }
-
- restart_security_server();
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_clean_env.h
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions definitions to prepare clean env for tests.
- */
-
-#ifndef SECURITY_SERVER_CLEAN_ENV_H
-#define SECURITY_SERVER_CLEAN_ENV_H
-
-int reset_security_server();
-int restart_security_server();
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-/*
- * @file security_server_measurer_API_speed.cpp
- * @author Radoslaw Bartosiak (radoslaw.bartosiak@samsung.com)
- * @version 1.0
- * @brief Log security server API functions average execution times and some aproximation of maximal and minimal execution time.
- * @details The functions are run at least NUMBER_OF_CALLS times (time is measured at the beginning and at the end, the difference is taken as the execution time).
- * @details One test case for one function of security-server. Test pass always when there was no connection error (API calls themselves may fail).
- * @details Measured times are logged using DLP testing framework logging functions. Calls each API function many times to take the average.
- * @details This file contains TEST_CASEs. Each TEST_CASE consist of one or more RUNs, each RUN consist of one or more function calls.
- * @details Each test case contains RUNs of one function only. The time is being measured before & after each run.
- */
-
-#include <dpl/log/log.h>
-#include <dpl/singleton.h>
-#include <dpl/singleton_safe_impl.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <errno.h>
-#include <float.h>
-#include <fcntl.h>
-#include <security-server.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/smack.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <memory.h>
-#include "security_server_mockup.h"
-#include <smack_access.h>
-
-IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem);
-#include <security_server_tests_common.h>
-#include <tests_common.h>
-
-/*Number of calls in a single test*/
-#define NUMBER_OF_CALLS (5)
-#define MICROSECS_PER_SEC (1000000)
-/* number of miliseconds, process will be suspended for multiplications of this quantum */
-#define QUANTUM (10000)
-/*Strings used in tests*/
-/*name of existing user group on test device like "tel_gprs"*/
-#define EXISTING_GROUP_NAME "telephony_makecall"
-/*below labels should not be used in the system*/
-#define M60_OBJECT_LABEL "tc060MeasurerLabel"
-#define M60_SUBJECT_LABEL "tc060Subject"
-#define M70_OBJECT_LABEL "tc070MeasurerLabel"
-#define M70_SUBJECT_LABEL "tc070Subject"
-#define M160_CUSTOMER_LABEL "my_customer_label"
-#define M170_OBJECT_LABEL "myObject"
-
-namespace {
-void securityClientEnableLogSystem(void) {
- DPL::Log::LogSystemSingleton::Instance().SetTag("SEC_SRV_API_SPEED");
-}
-}
-
-/** Store statistics from a set of function calls
-*/
-struct readwrite_stats
-{
- timeval current_start_time; /*of last API call*/
- timeval current_end_time; /*of last API call*/
- int number_of_calls; /*till now*/
- double total_duration; /*of all API calls*/
- double average_duration;
- double minimal_duration; /*minimum of averages*/
- double maximal_duration; /*maximum of averages*/
-};
-
-/*Auxiliary functions*/
-
-/**Sleep for the given time
- @param seconds
- @param nanoseconds
- @return 0 on success, -1 on error if process woken earlier
-*/
-int my_nanosecsleep(long nanoseconds) {
- timespec sleep_spec;
- sleep_spec.tv_sec = 0;
- sleep_spec.tv_nsec = nanoseconds;
- return nanosleep(&sleep_spec, nullptr);
-}
-
-/**Read from pipe descriptor to buffer; retries if less than count bytes were read.
- @param fd descriptor
- @param buf start of buffer
- @param count number of bytes read
- @return number of bytes read (count)
-*/
-int my_pipe_read(int fd, void *buf, size_t count) {
- ssize_t readf = 0;
- ssize_t rest = count;
- ssize_t s;
- while (rest > 0) {
- RUNNER_ASSERT_ERRNO_MSG(0 < (s = TEMP_FAILURE_RETRY(read(fd, ((char*)buf) + readf, rest))),
- "Error in read from pipe");
- rest -= s;
- readf += s;
- }
- return readf;
-}
-
-/**Write from buffer to a pipe ; retries if less than count bytes were written.
- @param fd descriptor
- @param buf start of buffer
- @param count number of bytes to write
- @return number of bytes written (count)
-*/
-int my_pipe_write(int fd, void *buf, size_t count) {
- ssize_t writef = 0;
- ssize_t rest = count;
- ssize_t s;
- while (rest > 0) {
- RUNNER_ASSERT_ERRNO_MSG(0 <= (s = TEMP_FAILURE_RETRY(write(fd, ((char*)buf) + writef, rest))),
- "Error in write to pipe");
- rest -= s;
- writef += s;
- }
- return writef;
-}
-
-
-/** Check whether there was connection error during function call (Security Server API) based on exit code
- @param result_code the exit code of a function
- @return -1 if the function result code indicated network error, 0 otherwise
-*/
-int communication_succeeded(int result_code) {
- switch(result_code)
- {
- case SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE:
- case SECURITY_SERVER_API_ERROR_SOCKET:
- case SECURITY_SERVER_API_ERROR_BAD_REQUEST:
- case SECURITY_SERVER_API_ERROR_BAD_RESPONSE:
- return -1;
- default:
- return 0;
- }
-}
-
-/** Returns current system time (wrapper for standard system function)
- @return current system time
-*/
-timeval my_gettime() {
- timeval t;
- int res = gettimeofday(&t, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(res == 0, "gettimeofday() returned error value: " << res);
- return t;
-}
-
-/** Return a difference between two times (wrapper for standard system function)
- @param time t1
- @param time t2
- @return t1 - t2
-*/
-timeval my_timersub(timeval t1, timeval t2) {
- timeval result;
- timersub(&t1, &t2, &result);
- return result;
-}
-
-double timeval_to_microsecs(timeval t) {
- return ((double)t.tv_sec * (double)MICROSECS_PER_SEC) + ((double)t.tv_usec);
-}
-
-/** Initialize statistics at the beginning of a TEST_CASE
- @param stats [in/out] statistics to be initialized
-*/
-void initialize_stats(readwrite_stats *stats) {
- stats->number_of_calls = 0;
- stats->total_duration = 0.0;
- stats->average_duration = 0.0;
- stats->minimal_duration = DBL_MAX;
- stats->maximal_duration = 0.0;
-}
-
-/** Save time at the beginning of a RUN
- @param stats [in/out] statistics
-*/
-void start_stats_update(readwrite_stats *stats) {
- stats->current_start_time = my_gettime();
- //LogDebug("start_stats_update at: %ld.%06ld\n", stats->current_start_time.tv_sec, stats->current_start_time.tv_usec);
-}
-
-/** Save time at the end of a RUN and updates the statistics (current_end_time, number_of_calls, total_duration, minimal_duration, maximal_duration)
- @param stats [in/out] statistics
-*/
-void end_stats_update(readwrite_stats *stats) {
- stats->current_end_time = my_gettime();
- double current_duration = timeval_to_microsecs(my_timersub(stats->current_end_time, stats->current_start_time));
- stats->total_duration += current_duration;
- stats->number_of_calls += 1;
- if (current_duration < stats->minimal_duration)
- (stats->minimal_duration) = current_duration;
- if (current_duration > stats->maximal_duration)
- (stats->maximal_duration) = current_duration;
-}
-
-/** Updates the statistics (average_duration, number_of_new_calls, total_duration, minimal_duration, maximal_duration)
- Function is used instead of start_stats_update and end_stats_update (e.g when current_duration and number_of_new_calls are reported by child process.
- @param stats [in/out] statistics
- @param number_of_new_calls number of function calls in the RUN
- @param current_duration (total) of number_of_new calls
-*/
-void stats_update(readwrite_stats *stats, int number_of_new_calls, double current_duration) {
- if (number_of_new_calls > 0) {
- double current_average = (double)current_duration / (double)number_of_new_calls;
- stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
- stats->total_duration += current_duration;
- stats->number_of_calls += number_of_new_calls;
- if (current_average < stats->minimal_duration)
- (stats->minimal_duration) = current_average;
- if (current_average > stats->maximal_duration)
- (stats->maximal_duration) = current_average;
- }
- else
- LogDebug("stats_update called after zero successful function calls \n");
-}
-
-/** Calculate the average time and calculates statistics taken by a single function call.
- Called at the end of a TEST_CASE.
- @param stats [in/out] statistics
- @param function_name of the function called in tests (to be printed)
-*/
-void finish_stats(readwrite_stats *stats, const char* function_name) {
- if ((stats->number_of_calls) > 0) {
- stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
- printf("The approx (min, max, avg) execution times for function:\n%s are: \n---(%'.2fus, %'.2fus, %'.2fus)\n", function_name, stats->minimal_duration, stats->maximal_duration, stats->average_duration);
- }
- else
- LogDebug("No function call succeeded\n");
-}
-
-/*TEST CASES*/
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_API_SPEED_MEASURER)
-
-/*
- * test: Tests the tests
- * expected: The minimum shall be about (QUANTUM) = 10^-2s = 10000 us, max about (NUMBER_OF_CALLS*QUANTUM) = 5*10^-2s = 50000us, avg (average) about (0.5*NUMBER_OF_CALLS+1*QUANTUM)=3*10^-2s = 30000us. Max is no more than 50% bigger than minimum.
- */
-RUNNER_TEST(m000_security_server_test_the_tests) {
- int ret;
- readwrite_stats stats;
- double expected_min_min = QUANTUM;
- double expected_min_max = 1.5 * expected_min_min;
- double expected_avarage_min = (((double)(NUMBER_OF_CALLS + 1)) / 2.0) * expected_min_min;
- double expected_avarage_max = 1.5 * expected_avarage_min;
- double expected_max_min = ((double)(NUMBER_OF_CALLS)) * expected_min_min;
- double expected_max_max = 1.5 * expected_max_min;
- initialize_stats(&stats);
- for (int i=0; i < NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = my_nanosecsleep((long) ((i+1)*QUANTUM*1000));
- RUNNER_ASSERT_MSG(ret == 0, "system sleep function returned premature wake-up; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "my_nanosecsleep");
- RUNNER_ASSERT_MSG((stats.average_duration>expected_avarage_min) && (stats.average_duration<expected_avarage_max), "Avarage time is suspicious - check the issue; stats.average_duration=" << stats.average_duration);
- RUNNER_ASSERT_MSG((stats.minimal_duration>expected_min_min) && (stats.minimal_duration<expected_min_max), "Minimal time is suspicious - check the issue; stats.minimal_duration=" << stats.minimal_duration);
- RUNNER_ASSERT_MSG((stats.maximal_duration>expected_max_min) && (stats.maximal_duration<expected_max_max), "Maximal time is suspicious - check the issue; stats.maximal_duration=" << stats.maximal_duration);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m010_security_server_security_server_get_gid) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_get_gid(EXISTING_GROUP_NAME);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_get_gid");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m030_security_server_request_cookie) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_request_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- * Create new processes and measures times of first calls of security_server_request_cookie in them
- *
- */
-RUNNER_MULTIPROCESS_TEST(m031_security_server_request_cookie_first_time_only) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- readwrite_stats stats;
-
- int pipefd[2];
- int cpid;
- int number_of_calls;
- double duration_of_calls;
- /*initialize pipes - one pipe for one child process*/
- RUNNER_ASSERT_ERRNO_MSG(0 == pipe(pipefd), "error in pipe");
- initialize_stats(&stats);
- for (int i = 0; i < NUMBER_OF_CALLS; i++) {
- RUNNER_ASSERT_ERRNO_MSG(-1 != (cpid = fork()), "error in fork #i = " << i);
- if (cpid == 0) { /* Child*/
- close(pipefd[0]); /* Close unused read end */
- timeval start_time;
- timeval end_time;
- start_time = my_gettime();
- ret = security_server_request_cookie(cookie, cookie_size);
- end_time = my_gettime();
- if (communication_succeeded(ret) == 0) {
- number_of_calls = 1;
- duration_of_calls = timeval_to_microsecs(my_timersub(end_time, start_time));
-
- } else
- {
- number_of_calls = 0;
- duration_of_calls = 0.0;
- }
- RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in write number of calls to pipe");
- RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in write duration of calls to pipe");
- close(pipefd[1]);
- exit(EXIT_SUCCESS);
- } else
- { /* Parent */
- RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in read number of calls to pipe");
- RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in read duration of calls to pipe");
-
- RUNNER_ASSERT_MSG(number_of_calls > 0, "commmunication error");
- stats_update(&stats, number_of_calls, duration_of_calls);
- }
- /*parent*/
- }
- close(pipefd[1]); /* Close parent descriptors */
- close(pipefd[0]);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m040_security_server_get_cookie_size) {
- size_t cookie_size;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookie_size > 0, "cookie_size = " << cookie_size);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_get_cookie_size");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m050_security_server_check_privilege) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- const char *existing_group_name = EXISTING_GROUP_NAME;
- size_t cookie_size;
- int call_gid;
- // we use existing group name for the measurment, however this is not neccessary
- call_gid = security_server_get_gid(existing_group_name);
- cookie_size = security_server_get_cookie_size();
- char recved_cookie[cookie_size];
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_check_privilege(recved_cookie, (gid_t)call_gid);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege");
-}
-
-void testSecurityServerCheckPrivilegeByCookie(bool smack) {
- const char *object_label = M60_OBJECT_LABEL;
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = M60_SUBJECT_LABEL;
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
-
- if (smack) {
- SmackAccess smackAccess;
- smackAccess.add(subject_label, object_label, access_rights);
- smackAccess.apply();
- RUNNER_ASSERT_MSG(0 == (ret = smack_set_label_for_self(subject_label)),
- "Error in smack_set_label_for_self(); ret = " << ret);
- }
-
- Cookie cookie = getCookieFromSS();
-
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
- if (i%2)
- ret = security_server_check_privilege_by_cookie(
- cookie.data(),
- object_label,
- access_rights);
- else
- ret = security_server_check_privilege_by_cookie(
- cookie.data(),
- object_label,
- access_rights_ext);
-
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege_by_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_TEST_SMACK(m060_security_server_check_privilege_by_cookie_smack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeByCookie(true);
-}
-
-RUNNER_TEST_NOSMACK(m060_security_server_check_privilege_by_cookie_nosmack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeByCookie(false);
-}
-
-void testSecurityServerCheckPrivilegeBySockfd(bool smack) {
- const char *object_label = M70_OBJECT_LABEL;
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = M70_SUBJECT_LABEL;
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
-
- if (smack) {
- SmackAccess smackAccess;
- smackAccess.add(subject_label, object_label, access_rights);
- smackAccess.apply();
- }
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
- if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- if (smack)
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- close(csockfd);
- exit(EXIT_SUCCESS);
- //end child
- } else {
- //parent
- sleep(2);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
- if (i%2)
- ret = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
- else
- ret = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
-
- finish_stats(&stats, "check_privilege_by_sockfd");
- }
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_MULTIPROCESS_TEST_SMACK(m070_security_server_check_privilege_by_sockfd_smack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeBySockfd(true);
-}
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(m070_security_server_check_privilege_by_sockfd_nosmack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeBySockfd(false);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m080_security_server_get_cookie_pid) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "security_server_request_cookie failed; ret = " << ret);
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_get_cookie_pid(cookie);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_request_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m090_security_server_is_pwd_valid) {
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_is_pwd_valid");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m100_security_server_set_pwd) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m110_security_server_set_pwd_validity) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_validity");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m120_security_server_set_pwd_max_challenge) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_max_challenge(3);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_max_challenge");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m130_security_server_reset_pwd) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_reset_pwd("apud", 1, 2);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_reset_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m140_security_server_chk_pwd) {
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_chk_pwd("is_this_password", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_chk_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m150_security_server_set_pwd_history) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_history");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m160_security_server_app_give_access) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- const char* customer_label = M160_CUSTOMER_LABEL;
- int customer_pid = getpid();
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_app_give_access(customer_label, customer_pid);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_app_give_access");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m170_security_server_check_privilege_by_pid) {
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- int pid = getpid();
- const char *object = M170_OBJECT_LABEL;
- const char *access_rights = "rw";
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_check_privilege_by_pid(pid, object, access_rights);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege_by_pid");
-}
-
-
-int main(int argc, char *argv[])
-{
- securityClientEnableLogSystem();
- DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_mockup.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief All mockups required in security-server tests.
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <poll.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <security-server.h>
-
-#include <dpl/log/log.h>
-
-#define SECURITY_SERVER_TEST_SOCK_PATH "/tmp/.security_server_sock_mockup"
-
-/* Create a Unix domain socket and bind */
-int create_new_socket()
-{
- int localsockfd = -1, flags;
- struct sockaddr_un serveraddr;
- mode_t sock_mode;
-
- if (-1 == remove(SECURITY_SERVER_TEST_SOCK_PATH)) {
- LogDebug("Unable to remove " << SECURITY_SERVER_TEST_SOCK_PATH);
- }
-
- /* Create Unix domain socket */
- if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- {
- localsockfd = -1;
- LogDebug("Socket creation failed");
- goto error;
- }
-
- /* Make socket as non blocking */
- if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
- fcntl(localsockfd, F_SETFL, flags) < 0)
- {
- close(localsockfd);
- localsockfd = -1;
- LogDebug("Cannot go to nonblocking mode");
- goto error;
- }
-
- bzero (&serveraddr, sizeof(serveraddr));
- serveraddr.sun_family = AF_UNIX;
- strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
- strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
-
- /* Bind the socket */
- if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
- {
- LogDebug("Cannot bind");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-
- /* Change permission to accept all processes that has different uID/gID */
- sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
-
- /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
- * * Flawfinder recommends to user fchmod insted of chmod
- * * But, fchmod doesn't work on socket file so there is no other choice at this point */
- if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
- {
- LogDebug("chmod() error");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-error:
- return localsockfd;
-}
-
-int connect_to_testserver()
-{
- struct sockaddr_un clientaddr;
- int client_len = 0, localsockfd;
-
- /* Create a socket */
- if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- {
- LogDebug("Error on socket. Errno: " << errno);
- return -1;
- }
-
- bzero(&clientaddr, sizeof(clientaddr));
- clientaddr.sun_family = AF_UNIX;
- strncpy(clientaddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH, strlen(SECURITY_SERVER_TEST_SOCK_PATH));
- clientaddr.sun_path[strlen(SECURITY_SERVER_TEST_SOCK_PATH)] = 0;
- client_len = sizeof(clientaddr);
- if (connect(localsockfd, (struct sockaddr*)&clientaddr, client_len) < 0)
- {
- LogDebug("Error on connect. Errno: " << errno);
- close(localsockfd);
- return -1;
- }
- return localsockfd;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_client_smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Mockups.
- */
-
-#ifndef _SS_CLIENT_SERVER_
-#define _SS_CLIENT_SERVER_
-
-int create_new_socket();
-int connect_to_testserver();
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_client_smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.1
- * @brief Test cases for security-server-client-smack.
- */
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/smack.h>
-#include <sys/wait.h>
-#include <sys/un.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#include <memory>
-#include <functional>
-
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include "security_server_mockup.h"
-
-#include <security-server.h>
-#include <access_provider.h>
-#include "tests_common.h"
-#include <memory.h>
-
-#define PROPER_COOKIE_SIZE 20
-
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
-
-/*
- * test: tc04_security_server_get_gid
- * description: Checking for security_server_get_gid
- * with nonexisting gid and existing one
- * expected: security_server_get_gid should return
- * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call
- * and group id with second call
- */
-RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
-{
- SecurityServer::AccessProvider provider("tc04mylabel");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_gid("abc123xyz_pysiaczek");
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
- ret = security_server_get_gid("root");
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret);
-}
-
-/*
- * test: tc05_check_privilege_by_cookie
- * description: Function security_server_check_privilege_by_cookie should
- * return status of access rights of cookie owner. In this case cookie owner
- * is the same process that ask for the rights.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_CHILD_TEST_SMACK(tc05_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- char cookie[20];
- const char *object_label = "tc05objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc05subjectlabel";
-
- SecurityServer::AccessProvider provider(subject_label);
- provider.allowSS();
- provider.addObjectRule(object_label, access_rights);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_request_cookie(cookie,20));
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(
- cookie,
- object_label,
- access_rights));
-
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
- security_server_check_privilege_by_cookie(
- cookie,
- object_label,
- access_rights_ext));
-}
-
-/*
- * test: security_server_check_privilege_by_sockfd
- * description: This test will create dummy server that will accept connection
- * and die. The client will try to check access rights using connection descriptor.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_MULTIPROCESS_TEST_SMACK(tc06_check_privilege_by_sockfd)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char *object_label = "tc06objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc06subjectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- smack_accesses *handle;
- RUNNER_ASSERT(0 == smack_accesses_new(&handle));
- RUNNER_ASSERT(0 == smack_accesses_add(handle,
- subject_label,
- object_label,
- access_rights));
- RUNNER_ASSERT(0 == smack_accesses_apply(handle));
- smack_accesses_free(handle);
-
- int pid = fork();
- char *label;
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
- // child
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
- free(label);
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
- free(label);
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- usleep(500);
-
- close(csockfd);
- exit(0);
- } else {
- // parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
- free(label);
-
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
- }
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
-}
-
-/*
- * test: security_server_check_privilege_by_sockfd
- * description: This test will create dummy server that will accept connection
- * and die. The client will try to check access rights using connection descriptor.
- * Because we read a smack label not from socket directly, but from from pid of process
- * on the other end of socket - that's why smack label will be updated.
- * In this test client is running under root and server is not - to test the extreme case.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_MULTIPROCESS_TEST_SMACK(tc07_check_privilege_by_sockfd)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char *object_label = "tc07objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc07subjectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- SmackAccess access;
- access.add(subject_label, object_label, access_rights);
- access.apply();
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
-
- pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len));
- if (csockfd >= 0)
- close(csockfd);
- LogDebug("Exit!");
- exit(0);
- } else {
- // parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
-
- close(sockfd);
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
- }
- }
-}
-
-///////////////////////////
-/////NOSMACK ENV TESTS/////
-///////////////////////////
-
-RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
-{
- int ret;
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_get_gid("definitely_not_existing_object");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
- ret = security_server_get_gid("root");
- RUNNER_ASSERT_MSG(ret == 0, "ret = " << ret);
-}
-
-/*
- * NOSMACK version of tc05 test.
- *
- * Correct behaviour of smack_accesses_apply and smack_set_label_for_self was checked by libsmack
- * tests. We assume, that those tests pass. Additionally security_server_check_privilege_by_cookie
- * should return SUCCESS no matter what access_rights we give to this function.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc05_check_privilege_by_cookie_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- char cookie[20];
- const char* object_label = "tc05objectlabel";
-
- RUNNER_ASSERT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(cookie, object_label, "r"));
-
- //On NOSMACK env security server should return success on any accesses, even those that are
- //incorrect.
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(cookie, object_label, "rw"));
-}
-
-/**
- * NOSMACK version of tc06 test.
- *
- * Differences between this and SMACK version (server):
- * - Skipped setting access_rights
- * - Skipped setting label for server
- * - get_smacklabel_sockfd is called only once for server, almost right after fork and creation
- * of socket (because it should do nothing when SMACK is off)
- * - After get_smacklabel_sockfd privileges are dropped and server is prepared to accept connections
- * from client
- *
- * For client the only difference are expected results from check_privilege_by_sockfd - both should
- * return SUCCESS.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc06_check_privilege_by_sockfd_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char* object_label = "tc06objectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- int pid = fork();
- char* label;
- RUNNER_ASSERT_ERRNO(pid >= 0);
-
- int ret;
-
- if (pid == 0) { //child process - server
- //create new socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- //check if get_smacklabel_sockfd works correctly
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- ret = strcmp(label, "");
- free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
-
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- //wait a little bit for parent to do it's job
- usleep(200);
-
- //if everything works, cleanup and return 0
- close(csockfd);
- exit(0);
- } else {
- //parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to connect to server.");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "get_smacklabel_sockfd failed.");
- ret = strcmp(label, "");
- free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
-
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
- }
-
- RUNNER_ASSERT_MSG(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
- RUNNER_ASSERT_MSG(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
-}
-
-/**
- * NOSMACK version of tc07 test.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc07_check_privilege_by_sockfd_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char* object_label = "tc07objectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (pid == 0) {
-
- pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (pid == 0) { //child process
- //Create socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- //Drop privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- //Prepare for accepting
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
-
- //Accept connections
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- //wait a little bit for parent to do it's job
- usleep(200);
-
- //cleanup and kill child
- close(csockfd);
- exit(0);
- } else { //parent process
- //Drop root privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- //Wait for server to set up
- sleep(1);
-
- //Connect and check privileges
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
-
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
-
- close(sockfd);
-
- //Both results (just like in the previous test case) should return success.
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
- }
- }
-}
-
-RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
- int res;
-
- char *label_smack = nullptr;
- char *label_ss = nullptr;
- char *cookie = nullptr;
-
- int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
-
- cookie = (char*) calloc(cookie_size, 1);
- RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
-
- res = security_server_request_cookie(cookie, cookie_size);
- if (res != SECURITY_SERVER_API_SUCCESS) {
- free(cookie);
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
- }
-
- label_ss = security_server_get_smacklabel_cookie(cookie);
- free(cookie);
- RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
-
-
- std::string label_cookie(label_ss);
- free(label_ss);
-
- res = smack_new_label_from_self(&label_smack);
- if (res < 0) {
- free(label_smack);
- RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label");
- }
- std::string label_self(label_smack ? label_smack : "");
- free(label_smack);
-
- RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels");
-
-
- //TODO: here could be label change using SMACK API and checking if it
- //is changed using security-server API function based on the same cookie
-}
-
-/**
- * NOSMACK version of tc_security_server_get_smacklabel_cookie test.
- *
- * Most of this test goes exactly as the original one. The only difference are the labels:
- * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and nullptr
- * label - there is no need to re-check it.
- * - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
- */
-RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
- int res;
-
- char* label_ss = nullptr;
- char* cookie = nullptr;
-
- int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size,
- "Wrong cookie size from security-server. Size: " << cookie_size);
-
- cookie = (char*) calloc(cookie_size, sizeof(char));
- RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
-
- //Request cookie from SS
- res = security_server_request_cookie(cookie, cookie_size);
- CookieUniquePtr cookie_ptr(cookie);
- cookie = nullptr;
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
- "Error in requesting cookie from security-server. Result: " << res);
-
- label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
- RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
-
- std::string label(label_ss);
- free(label_ss);
- RUNNER_ASSERT_MSG(label.empty(), "label_ss is not an empty string.");
-
-}
-
-////////////////////
-/////MAIN///////////
-////////////////////
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_server_tests_mt.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- * @brief This test creates multiple processes that connect to security
- * server and perform random operations using its API. The purpose
- * of this test is to check if security-server crashes when under
- * heavy load. Test succeeds if all processes finish.
- */
-
-#include <dpl/log/log.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <security-server.h>
-#include <sys/wait.h>
-#include <random>
-#include <functional>
-#include <chrono>
-
-namespace {
-const size_t PROC_TOTAL = 1000; // total number of processes to spawn
-const size_t PROC_MAX = 10; // max number of processes working at the same time
-const size_t LOOPS = 50; // number of loop repeats
-
-std::default_random_engine generator(std::chrono::system_clock::now().time_since_epoch().count());
-
-// common function data
-struct Data {
- char *cookie; // not owned
-
- Data(char *c) : cookie(c) {}
-};
-
-
-// test functions
-void request_cookie(const Data&)
-{
- char cookie[20];
- security_server_request_cookie(cookie, 20);
-}
-
-void check_privilege(const Data &d)
-{
- int ret = security_server_get_gid("audio");
- security_server_check_privilege(d.cookie, ret);
-}
-
-void check_privilege_by_cookie(const Data &d)
-{
- security_server_check_privilege_by_cookie(d.cookie, "label", "rwxat");
-}
-
-void get_cookie_pid(const Data &d)
-{
- security_server_get_cookie_pid(d.cookie);
-}
-
-void get_smack_label(const Data &d)
-{
- char *label = security_server_get_smacklabel_cookie(d.cookie);
- free(label);
-}
-
-void random_sleep(const Data&)
-{
- std::uniform_int_distribution<size_t> distribution(0,100);
- usleep(distribution(generator));
-}
-
-
-// list of test functions
-std::vector<std::function<void(const Data&)> > functions = {
- random_sleep,
- request_cookie,
- check_privilege,
- check_privilege_by_cookie,
- get_cookie_pid,
- get_smack_label
-};
-} // namespace
-
-// randomly calls test functions
-void security_server_magic()
-{
- char cookie[20];
- security_server_request_cookie(cookie, 20);
- Data d(cookie);
-
- // random loop number
- std::uniform_int_distribution<size_t> l_dist(0,LOOPS);
- size_t loops = l_dist(generator);
-
- // random function call
- std::uniform_int_distribution<size_t> distribution(0,functions.size() - 1);
- auto rnd = std::bind(distribution, generator);
- for (size_t i = 0; i < loops; ++i) {
- functions[rnd()](d);
- }
-}
-
-int main()
-{
- size_t current = 0;
- size_t spawned = 0;
- for (;;) {
- if (current >= PROC_MAX || spawned >= PROC_TOTAL) {
- int status;
- int ret = wait(&status);
-
- // all processes spawned, no more children to wait for
- if (spawned >= PROC_TOTAL && ret <= 0)
- break;
-
- current--;
- }
-
- // spawn predefined number of processes
- if (spawned < PROC_TOTAL) {
- pid_t pid = fork();
- if (pid == 0) {
- LogDebug("START " << spawned);
- security_server_magic();
- LogError("STOP " << spawned);
- exit(0);
- }
- else {
- //LogWarning("PID " << pid);
- spawned++;
- current++;
- }
- }
- }
- LogInfo("Finished");
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_password.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 2.0
- * @brief Test cases for security server
- *
- * WARNING: In this file test order is very important. They have to always be run
- * in correct order. This is done by correct test case names ("tcXX_").
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <dirent.h>
-#include "security-server.h"
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <dlog.h>
-#include "security_server_clean_env.h"
-#include "security_server_tests_common.h"
-
-
-// the maximum time (in seconds) passwords can expire in
-const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
-
-// test passwords
-const char* TEST_PASSWORD = "IDLEPASS";
-const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
-const char* THIRD_TEST_PASSWORD = "THIRDPASS";
-const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
-
-struct SystemClock {
- SystemClock(time_t sft)
- : m_original(time(0))
- , m_shift(0)
- {
- shift(sft);
- }
-
- SystemClock()
- : m_original(time(0))
- , m_shift(0)
- {}
-
- void shift(time_t sft) {
- m_shift += sft;
- time_t shifted = m_original + m_shift;
- RUNNER_ASSERT_ERRNO(0 == stime(&shifted));
- }
-
- ~SystemClock() {
- if (std::uncaught_exception()) {
- stime(&m_original);
- return;
- }
-
- RUNNER_ASSERT_ERRNO(0 == stime(&m_original));
- }
-private:
- time_t m_original;
- time_t m_shift;
-};
-
-
-/**
- * Confirm there is no password before tests are run.
- */
-RUNNER_TEST(tc01_clear_environment)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- if (getuid() == 0)
- {
- reset_security_server();
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
- }
- else
- {
- SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
- SLOGD("If not, you will see some failures\n");
-
- RUNNER_IGNORED_MSG("I'm not root");
- }
-}
-
-/**
- * Basic test of setting validity period.
- */
-RUNNER_TEST(tc02_security_server_set_pwd_validity)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TESTS:
- // WITHOUT password
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- // WITH password
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Basic test of setting maximum number of password challenges.
- */
-RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TESTS:
- // WITHOUT password
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- // WITH password
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Test checking a too long password.
- */
-RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // 33 char password
- ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Test various parameter values when checking a password.
- */
-RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- ret = security_server_chk_pwd(nullptr, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", nullptr, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", &attempt, nullptr, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", &attempt, &max_attempt, nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check the given password when no password is set.
- */
-RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment - there is no password now!
- reset_security_server();
-
- // TEST
- ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-}
-
-/**
- * Checks various parameter values.
- */
-RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_set_pwd(nullptr, nullptr, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Test setting too long password.
- */
-RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- // 33 char password
- ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Basic password setting.
- */
-RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set a maximum password period.
- */
-RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- // UINT_MAX will cause api error, it is to big value
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- // calculate max applicable valid days that will not be rejected by ss
- // ensure, that after conversion from days to seconds in ss there will be no uint overflow
- unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set a maximum password challenge number.
- */
-RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set empty password.
- */
-RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Change password to a too long password.
- */
-RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- std::string lng_pwd(5000, 'A');
- ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check empty password.
- */
-RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Various validity parameter values.
- */
-RUNNER_TEST(tc16_security_server_set_pwd_validity)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_set_pwd_validity(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //When trying to set UINT_MAX we should get error.
- ret = security_server_set_pwd_validity(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check passwords validity
- */
-RUNNER_TEST(tc17_security_server_is_pwd_valid)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST:
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
-}
-
-/**
- * Various numbers of challenges.
- */
-RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- // calculate max applicable valid days that will not be rejected by ss
- // ensure, that after conversion from days to seconds in ss there will be no uint overflow
- unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TESTS
- ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-
-/**
- * Check the max number of challenges.
- */
-RUNNER_TEST(tc19_security_server_is_pwd_valid)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
-}
-
-/**
- * Basic password check.
- */
-RUNNER_TEST(tc20_security_server_chk_pwd)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-/**
- * Check an incorrect password.
- */
-RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Check an incorrect password
- */
-RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Change password
- */
-RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check wrong password multiple times and then check a correct one.
- */
-RUNNER_TEST(tc24_security_server_attempt_exceeding)
-{
- int ret;
- unsigned int i, attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- printf("5 subtests started...");
- for (i = 1; i <= 5; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
- }
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
-}
-
-/**
- * Try to exceed maximum number of challenges.
- */
-RUNNER_TEST(tc25_security_server_attempt_exceeding)
-{
- int ret;
- unsigned int i, attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- printf("10 subtests started...");
- for (i = 1; i <= 10; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
- }
-
- // The check, that exceeds max number
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
-}
-
-/**
- * Reset password
- */
-RUNNER_TEST(tc26_security_server_reset_pwd)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check too long password.
- */
-RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- std::string lng_pwd(5000, 'A');
- ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check passwords expiration (not expired)
- */
-RUNNER_TEST(tc28_security_server_check_expiration)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
-}
-
-/**
- * Use various parameter values of parameters.
- */
-RUNNER_TEST(tc29_security_server_set_pwd_history)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TESTS
- ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(51);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(-5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(50);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_history(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_history(INT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(INT_MIN);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-
-
-int dir_filter(const struct dirent *entry)
-{
- if ((strcmp(entry->d_name, ".") == 0) ||
- (strcmp(entry->d_name, "..") == 0) ||
- (strcmp(entry->d_name, "attempts") == 0) ||
- (strcmp(entry->d_name, "history") == 0))
- return (0);
- else
- return (1);
-}
-
-void clean_password_dir(void)
-{
- int ret;
- int i;
- struct dirent **mydirent;
-
- ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
- i = ret;
- while (i--)
- free(mydirent[i]);
- free(mydirent);
-}
-
-
-/**
- * Check password history.
- */
-RUNNER_TEST(tc30_security_server_check_history)
-{
- int ret;
- int i;
- char buf1[33], buf2[33];
-
- // Prepare environment
- reset_security_server();
-
- clean_password_dir();
-
- ret = security_server_set_pwd_history(9);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd("history0", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- printf("11 subtests started...");
- for (i = 0; i < 11; i++) {
- sprintf(buf1, "history%d", i);
- sprintf(buf2, "history%d", i + 1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- }
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history11", "history1", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history1", "history8", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history1", "history12", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- printf("48 subtests started...");
- for (i = 12; i < 60; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- sprintf(buf1, "history%d", i);
- sprintf(buf2, "history%d", i + 1);
-
- ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- }
- printf("DONE\n");
-
- clean_password_dir();
-}
-
-/**
- * Replay attack
- */
-RUNNER_TEST(tc31_security_server_replay_attack)
-{
- int ret;
- int i = 0;
- unsigned int attempt, max_attempt, expire_sec;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
-
- while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
- i += 100000;
-
- ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
- usleep(i);
- }
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Expired password
- */
-RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- struct timeval cur_time;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 4, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = gettimeofday(&cur_time, nullptr);
- RUNNER_ASSERT_ERRNO(ret != -1);
-
- cur_time.tv_sec += (expire_sec + 1);
- ret = settimeofday(&cur_time, nullptr);
- RUNNER_ASSERT_ERRNO(ret != -1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Reset password
- */
-RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_reset_pwd(nullptr, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/*
- * Use this instead of security_server_chk_pwd directly to verify the function output.
- * For example:
- * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
- */
-void verify_chk_pwd (
- const char* challenge,
- int expected_result,
- unsigned int expected_current_attempt,
- unsigned int expected_max_attempt,
- const std::string &info = std::string())
-{
- /* ensure that initial values differ from expected ones */
- unsigned int attempt = expected_current_attempt - 1;
- unsigned int max_attempt = expected_max_attempt - 1;
- unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
-
- // validate returned value
- RUNNER_ASSERT_MSG(ret == expected_result,
- info << "security_server_chk_pwd returned "
- << ret << " (expected: " << expected_result << ")");
-
- // validate current attempts value
- RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
- info << "security_server_chk_pwd returned attempt = " << attempt <<
- " (expected: " << expected_current_attempt << ")");
-
- // validate max attempt value
- RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
- info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
- " (expected: " << expected_max_attempt << ")");
-
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
- info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
- " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
-}
-
-/**
- * Reach last attempt few times in a row (before exceeding max_attempt).
- */
-RUNNER_TEST(tc34_security_server_max_attempts)
-{
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // change max attempts number few times
- std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
-
- for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
- unsigned int max_challenges = max_challenge_tab[pass];
-
- ret = security_server_set_pwd_max_challenge(max_challenges);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // max_challenges-1 wrong password attempts
- for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
- verify_chk_pwd(SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt_nr,
- max_challenges,
- std::string("pass = ") + std::to_string(pass) +
- ", attempt = " + std::to_string(attempt_nr));
-
- // Check correct password finally
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- max_challenges, max_challenges);
- }
-}
-
-/**
- * Decrease 'max challenge' number after several missed attempts.
- */
-RUNNER_TEST(tc35_security_server_decrease_max_attempts)
-{
- const unsigned int max_challenge_more = 10;
- const unsigned int max_challenge_less = 5;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge_more, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // missed attempts
- for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
- verify_chk_pwd(SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt,
- max_challenge_more,
- std::string("attempt = ") + std::to_string(attempt));
-
- // lower max_challenge
- ret = security_server_set_pwd_max_challenge(max_challenge_less);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // try valid password - should pass (curr attempts is reset)
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
-
- // remove max attempts limit
- ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // try valid password again - should pass
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
-
- // try to change the password - should pass
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // validate new password
- verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
-}
-
-/**
- * Change password few times and challenge previous passwords - checks if security_server_set_pwd
- * works as it should.
- */
-RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
-{
- const int history_depth = 5;
- const unsigned int max_challenge = 3;
- std::string prev_pass, new_pass = TEST_PASSWORD;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- for (int depth = 0; depth < history_depth; ++depth) {
- prev_pass = new_pass;
-
- //generate password name
- new_pass = "history" + std::to_string(depth+1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // challenge initial password
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1,
- max_challenge,
- std::string("depth = ") + std::to_string(depth));
-
- // challenge previous password
- verify_chk_pwd(
- prev_pass.c_str(),
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 2,
- max_challenge,
- std::string("depth = ") + std::to_string(depth));
- }
-}
-
-/**
- * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
- * This test simulates user's behaviour - challenges valid and invalid passwords
- * in various combinations.
- */
-RUNNER_TEST(tc37_security_server_challenge_mixed)
-{
- // Prepare environment
- reset_security_server();
-
- const unsigned int max_challenge = 2;
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
- for (unsigned int i = 0; i < max_challenge; ++i)
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 1,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // Ensure that challenging valid password resets 'cuurrent attempt' value.
- // If it didn't, the test would fail in third loop pass.
- for (unsigned int i = 0; i < max_challenge + 1; ++i) {
- // incorrect pwd
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // correct pwd
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 2,
- max_challenge,
- std::string("i = ") + std::to_string(i));
- }
-
- // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
- // any further attempts (even correct) are blocked
- for (unsigned int i = 1; i <= max_challenge; ++i)
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- i,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // correct - refused
- for (unsigned int i = 1; i <= max_challenge; ++i)
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
- max_challenge + i,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-}
-
-/*
- * Pasword change mixed with history depth change.
- */
-RUNNER_TEST(tc38_security_server_history_depth_change)
-{
- int ret;
- const int initial_history_depth = 2;
- const int decreased_history_depth = 1;
- const int increased_history_depth = 3;
-
- // Prepare environment
- reset_security_server();
-
- ret = security_server_set_pwd_history(initial_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- /*
- * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
- * and SECOND_TEST_PASSWORD as a part of history.
- */
- ret = security_server_set_pwd_history(decreased_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- /*
- * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
- * and THIRD_TEST_PASSWORD only.
- */
- ret = security_server_set_pwd_history(increased_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-}
-
-/**
- * Challenge invalid password, reset server and check if 'current attempts' is restored.
- */
-RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
-{
- unsigned int attempt, max_attempt, expire_sec;
- const unsigned int max_challenge = 10;
- const unsigned int invalid_attempts_num = 3;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // missed attempts
- for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt,
- max_challenge);
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
- expire_sec);
-
- // restart server - triggers loading password data from file
- restart_security_server();
-
- // challenge invalid password
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- invalid_attempts_num + 1,
- max_challenge);
-
- // challenge valid password
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- invalid_attempts_num + 2,
- max_challenge);
-}
-
-/**
- * Validate passwords history after security server reset.
- */
-RUNNER_TEST(tc40_security_server_history_check_after_reset)
-{
- const unsigned int history_depth = 2;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // restart server - triggers loading password data from file
- restart_security_server();
-
- // try to reuse history passwords
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check if SS has correct behaviour when changing history depth to 0.
- */
-RUNNER_TEST(tc41_security_server_empty_history_check)
-{
- const unsigned int history_depth = 2;
- const unsigned int empty_history_depth = 0;
-
- //prepare environment
- reset_security_server();
-
- //set new history count
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //set new password and fill history
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //make sure, that everything went OK - try setting something that would cause reuse error
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- //reset history limit to no history at all
- ret = security_server_set_pwd_history(empty_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //make sure, that current password still exists in memory
- //expected attempt 3 because our previous tries increased attempt counter
- verify_chk_pwd(
- THIRD_TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 3,
- 0);
-
- //make sure that it's possible to reuse old password once history limit is set to 0
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //once again try setting earlier used passwords - now API should return success
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //try setting different password and giving nullptr as current once again
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- unsigned int attempt, max_attempt, expire_sec;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- unsigned int attempt, max_attempt, expire_sec;
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
-}
-
-RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
-}
-
-RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_history(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_history(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // Assert security server sets infinite expiration time
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
- "invalid expiration time " << expire_sec);
-
- clean_password_dir();
-}
-
-RUNNER_TEST(tc51_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
- " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
-
-
- SystemClock clock(60*60*24*2);
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
- "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
- << " validSec=" << validSec);
-}
-
-RUNNER_TEST(tc52_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
- " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
-}
-
-RUNNER_TEST(tc53_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 3);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
-
- SystemClock clock;
- clock.shift(-60*60*24); // one day back
-
- // password should be valid for 4 days == (60*60*24*4) 345600 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
-
- clock.shift(-60*60*24*2); // 3 days back
-
- // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-#include <dpl/test/test_runner.h>
-
-#include <libprivilege-control_test_common.h>
-
-#include <security-server.h>
-#include <privilege-control.h>
-
-const char *SSTP_APP_ID = "sstp_test_app";
-const char *SSTP_OTHER_LABEL = "sstp_test_other_label";
-
-const char *SSTP_PERMS[] = {
- "sstp_test_rules1",
- "sstp_test_rules2",
- nullptr
-};
-
-const char *SSTP_PERMS1[] = {
- SSTP_PERMS[0],
- nullptr
-};
-
-const char *SSTP_PERMS2[] = {
- SSTP_PERMS[1],
- nullptr
-};
-
-void check_security_server_app_has_privilege(const char *app_label,
- const char *permission,
- int is_enabled_expected)
-{
- int result;
- int is_enabled;
-
- result = security_server_app_has_privilege(app_label, APP_TYPE_WGT, permission, &is_enabled);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error calling security_server_app_has_privilege. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled == is_enabled_expected,
- "Result of security_server_app_has_privilege should be: " << is_enabled_expected);
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PRIVILEGE);
-
-RUNNER_TEST(sstp_01_security_server_app_has_privilege)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(SSTP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(SSTP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_stress.cpp
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @version 1.0
- * @brief Test cases for security server stress tests
- *
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <tests_common.h>
-#include <iostream>
-#include <sys/smack.h>
-#include <cstddef>
-#include <thread>
-#include <mutex>
-#include <string>
-#include <sys/types.h>
-#include <unistd.h>
-#include "security-server.h"
-#include <memory.h>
-
-std::mutex g_mutex;
-std::mutex g_msgMutex;
-size_t g_successes = 0;
-
-//number of threads
-const size_t g_threadsNumber = 5;
-
-//environment setup
-const std::string g_subject("woda");
-const std::string g_object("wiadro");
-const std::string g_rule("rwx");
-
-//for storing errors
-std::string g_errors;
-
-
-void appendError(const std::string &message)
-{
- std::lock_guard<std::mutex> lock(g_msgMutex);
- g_errors += message;
- g_errors += "\n";
-}
-
-void cookie_api_thread_function(bool isSmack)
-{
- /*
- Tested API functions:
-
- int security_server_get_cookie_size(void);
- int security_server_request_cookie(char *cookie, size_t bufferSize);
- int security_server_check_privilege(const char *cookie, gid_t privilege);
- int security_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
- int security_server_get_cookie_pid(const char *cookie);
- char *security_server_get_smacklabel_cookie(const char *cookie);
- */
-
- int ret;
- size_t COOKIE_SIZE;
-
- //security_server_get_cookie_size()
- COOKIE_SIZE = security_server_get_cookie_size();
- if (COOKIE_SIZE != 20) {
- appendError("Error in security_server_get_cookie_size(): " + std::to_string(COOKIE_SIZE));
- return;
- }
-
- //security_server_request_cookie()
- std::vector<char> cookie(COOKIE_SIZE);
- ret = security_server_request_cookie(cookie.data(), COOKIE_SIZE);
- if (ret < 0) {
- appendError("Error in security_server_request_cookie(): " + std::to_string(ret));
- return;
- }
-
- //security_server_check_privilege()
- ret = security_server_check_privilege(cookie.data(), 0);
- if (ret < 0) {
- appendError("Error in security_server_check_privilege(): " + std::to_string(ret));
- return;
- }
-
- //security_server_check_privilege_by_cookie()
- ret = security_server_check_privilege_by_cookie(cookie.data(), g_object.data(), g_rule.data());
- if (ret < 0) {
- appendError("Error in security_server_check_privilege_by_cookie(): " + std::to_string(ret));
- return;
- }
-
- //security_server_get_cookie_pid
- ret = security_server_get_cookie_pid(cookie.data());
- if (ret < 0) {
- appendError("Error in security_server_get_cookie_pid(): " + std::to_string(ret));
- return;
- }
-
- if (isSmack) {
- //security_server_get_smacklabel_cookie()
- char *tmp = security_server_get_smacklabel_cookie(cookie.data());
- std::string labelFromCookie(tmp ? tmp : "");
- free(tmp);
- if (labelFromCookie.size() == 0) {
- appendError("Error in security_server_get_smacklabel_cookie(): " + labelFromCookie);
- return;
- }
-
- char *labelFromSelfTmp = nullptr;
- ret = smack_new_label_from_self(&labelFromSelfTmp);
- if (ret < 0) {
- appendError("Error in smack_new_label_from_self(): " + std::to_string(ret));
- return;
- }
-
- std::string labelFromSelf(labelFromSelfTmp ? labelFromSelfTmp : "");
- free(labelFromSelfTmp);
- if (labelFromSelf != labelFromCookie) {
- appendError("Error in comparing SMACK label: " + std::to_string(ret));
- return;
- }
- }
-
- std::lock_guard<std::mutex> lock(g_mutex);
- ++g_successes;
-}
-
-void testFunction(bool isSmack)
-{
- std::vector<std::thread> threadsVector;
-
- if (isSmack) {
- //preapre environment
- int ret = smack_set_label_for_self(g_subject.data());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self()");
-
- struct smack_accesses *rulesRaw = nullptr;
- ret = smack_accesses_new(&rulesRaw);
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_new()");
- SmackAccessesPtr rules(rulesRaw);
- ret = smack_accesses_add(rules.get(), g_subject.data(), g_object.data(), g_rule.data());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_add()");
- ret = smack_accesses_apply(rules.get());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_apply()");
- }
-
- //spawning threads
- for (size_t i = 0 ; i < g_threadsNumber; ++i)
- threadsVector.push_back(std::thread(cookie_api_thread_function, isSmack));
-
- //waiting for threads end
- for (auto itr = threadsVector.begin(); itr != threadsVector.end(); ++itr)
- itr->join();
-}
-
-
-RUNNER_TEST_GROUP_INIT(stress_tests)
-
-RUNNER_CHILD_TEST_SMACK(tc_stress_cookie_api_smack)
-{
- testFunction(true);
-
- RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
- "Not all threads exit with success: "
- << g_successes << "/ " << g_threadsNumber
- << std::endl << "Errors:" << std::endl << g_errors);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc_stress_cookie_api_no_smack)
-{
- testFunction(false);
-
- RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
- "Not all threads exit with success: "
- << g_successes << "/ " << g_threadsNumber
- << std::endl << "Errors:" << std::endl << g_errors);
-}
-
-
-
-int main (int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_server.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Mariusz Domanski (m.domanski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <poll.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/wait.h>
-#include "security-server.h"
-#include "security_server_clean_env.h"
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dlog.h>
-#include <privilege-control.h>
-#include <ftw.h>
-#include "security_server_tests_common.h"
-#include "tests_common.h"
-#include <smack_access.h>
-#include <access_provider.h>
-
-const char *TEST03_SUBJECT = "subject_0f09f7cc";
-const char *TEST04_SUBJECT = "subject_57dfbfc5";
-const char *TEST07_SUBJECT = "subject_cd738844";
-const char *TEST08_SUBJECT = "subject_fd84ba7f";
-
-void clear_password()
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- reset_security_server();
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
- RUNNER_ASSERT(expire_sec == 0);
- RUNNER_ASSERT(max_attempt == 0);
- RUNNER_ASSERT(attempt == 0);
-
- sleep(1);
-}
-
-void check_API_passwd(bool smack) {
- int ret = -1;
- int err, err_is_pwd_valid;
- unsigned int attempt, max_attempt, expire_sec;
-
- err = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_SUCCESS;
- err_is_pwd_valid = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
- attempt = max_attempt = expire_sec = 0;
-
- if (smack) {
- SecurityServer::AccessProvider privider(TEST04_SUBJECT);
- privider.applyAndSwithToUser(APP_UID, APP_GID);
- } else {
- RUNNER_ASSERT_MSG((ret = drop_root_privileges()) == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- }
-
- ret = security_server_set_pwd_validity(APP_UID);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_validity has failed,"
- " ret: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_max_challenge has failed,"
- " ret: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == err_is_pwd_valid,
- "security_server_is_pwd_valid should return password exist,"
- " ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("12345", "12346", 0, 0);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd has failed, ret: " << ret);
-
- ret = security_server_reset_pwd("12346",0, 0);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_reset_pwd has failed, ret: " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_chk_pwd has failed, ret: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_history has failed, ret: " << ret);
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
-
-RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
-{
- RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
-}
-
-RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
-{
- RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
-}
-
-RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
-{
- RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
-{
- const char *subject = "abc345v34sfa";
- const char *object = "efg678x2lkjz";
-
- SecurityServer::AccessProvider provider(object);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- security_server_app_give_access(subject, getpid());
-
- RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
-}
-
-/*
- * Currently we are NOT revoking any permissions given by
- * security_server_app_give_access function
- */
-/*RUNNER_TEST(tc01b_security_server_app_give_access)
-{
- const char *subject = "abc345v34sfa";
- const char *object = "efg678x2lkjz";
-
- // After part A thread from security-server will be notified about
- // process end and revoke permissions. We need to give him some
- // time.
- sleep(1);
-
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
-}*/
-
-RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
-{
- const char *subject = "xxx45v34sfa";
- const char *object = "yyy78x2lkjz";
-
- SmackAccess smack;
- smack.add(subject, object, "-----");
- smack.apply();
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(object), "Error in smack_label_for_self");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
- security_server_app_give_access(subject, getpid()));
-
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
-}
-
-RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- int pid;
-
- pid = getpid();
-
- //we checking existing rule, it should return positive
- ret = security_server_check_privilege_by_pid(pid, "_", "rx");
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
-
- //we checking rule with label that not exist
- ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
- RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- attempt = max_attempt = expire_sec = 0;
-
- clear_password();
-
- SecurityServer::AccessProvider provider(TEST03_SUBJECT);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, "12345", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_reset_pwd("12345",0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc04_check_API_passwd_denied)
-{
- check_API_passwd(true);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc04_check_API_app_user_passwd_allow_nosmack)
-{
- check_API_passwd(false);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
-{
- SecurityServer::AccessProvider provider(TEST07_SUBJECT);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
-{
- SecurityServer::AccessProvider provider(TEST08_SUBJECT);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_app_give_access(TEST08_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_app_give_access should return access denied,"
- " ret: " << ret);
-}
-
-//////////////////////////////////////////
-/////////NOSMACK ENV TESTS////////////////
-//////////////////////////////////////////
-
-/**
- * NOSMACK version of tc01a and tc01c tests.
- *
- * SMACK is turned off - that means for us, that we don't need any accesses added to our process
- * in SMACK before dropping root privileges. This test drops root privileges, calls
- * security_server_app_give_access and then checks if smack_have_access returns error (because
- * SMACK is off).
- *
- * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
- * hence there is only one test that replaces tests tc01a and tc01c.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
-{
- const char* subject = "abc345v34sfa";
- const char* object = "efg678x2lkjz";
- int result = 0;
-
- result = drop_root_privileges();
- RUNNER_ASSERT_MSG(result == 0,
- "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
-
- result = security_server_app_give_access(subject, getpid());
- RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_app_give_access. Result: " << result);
-
- result = smack_have_access(subject, object, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error when SMACK is off. Result: " << result);
-}
-
-/**
- * NOSMACK version of tc02 test.
- *
- * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
- * real or not.
- */
-RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- int pid;
-
- pid = getpid();
-
- //we checking existing rule, it should return positive
- ret = security_server_check_privilege_by_pid(pid, "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid for existing label failed. Result: " << ret);
-
- //we checking rule with label that not exist
- ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
-}
-
-/**
- * NOSMACK version of clear_password function.
- *
- * Compared to SMACK version of this function, this one skips adding rules and setting label.
- */
-int clear_password_nosmack()
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- if (getuid() == 0) {
- reset_security_server();
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "is_pwd_faild should return no password error. Result: " << ret);
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
-
- return 0;
- }
- return -1;
-}
-
-/**
- * NOSMACK version of tc03 test.
- *
- * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
- * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
- * First clear password, then drop privileges and proceed to regular testing.
- */
-
-RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- attempt = max_attempt = expire_sec = 0;
-
- clear_password_nosmack();
-
- // drop root privileges
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "set_pwd_validity should return no password error. Result: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "set_pwd_max_challenge should return no password error. Result: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "is_pwd_valid should return no password error. Result: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, "12345", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "set_pwd failed. Result: " << ret);
-
- ret = security_server_reset_pwd("12345",0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "reset_pwd failed. Result: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "chk_pwd failed. Result: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "set_pwd_history failed. Result: " << ret);
-}
-
-/**
- * NOSMACK version of tc07 test.
- *
- * Similarily to previous tests - no need to set self label because SMACK is off. Just as
- * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
- * NOSMACK version of tc08 test is skipped.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
-{
- int ret = -1;
-
- // drop root privileges
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "app_give_access failed. Result: " << ret);
-}
-
-int main(int argc, char *argv[]) {
- if (0 != getuid()) {
- printf("Error: %s must be executed by root\n", argv[0]);
- exit(1);
- }
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_weird_arguments.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server
- *
- */
-#include "tests_common.h"
-#include "security-server.h"
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_WEIRD_ARGUMENTS);
-
-RUNNER_TEST(tc01_security_server_get_gid_weird_input_case)
-{
- int ret = 0;
- char weird[] = {static_cast <char> (0xe3), 0x79, static_cast <char> (0x82), 0x0};
-
- /* normal param case */
- ret = security_server_get_gid("tel_sim");
- RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
-
- /* wrong param case */
- ret = security_server_get_gid("elephony_akecall");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
-
- /* weird param case */
- ret = security_server_get_gid(weird);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
-
- /* null param case */
- ret = security_server_get_gid(nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* param too long case */
- ret = security_server_get_gid("abcdefghijklmnopqrstuvwxyz01234");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* empty param case */
- ret = security_server_get_gid("");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-/* from security_server_tests_server.cpp */
-
-RUNNER_TEST(tc03_security_server_request_cookie_weird_input_case)
-{
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();
-
- /* null cookie case */
- char *cookie = nullptr;
-
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* buffer size too small case */
- cookie_size = 19;
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret: " << ret);
-}
-
-RUNNER_TEST(tc04_security_server_check_privilege_weird_input_case)
-{
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();
- gid_t gid = DB_ALARM_GID;
-
- /* null cookie case */
- char *cookie = nullptr;
-
- ret = security_server_check_privilege(cookie, gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- /* big gid case */
- gid = 70666;
-
- ret = security_server_check_privilege(cookie2, gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-RUNNER_TEST(tc05_security_server_check_privilege_by_cookie_weird_input_case)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();;
- const char *object = "telephony_makecall";
- const char *access_rights = "r";
-
- /* null cookie case */
- char *cookie = nullptr;
- ret = security_server_check_privilege_by_cookie(cookie, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null object case */
- char *object2 = nullptr;
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_check_privilege_by_cookie(cookie2, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null access rights case */
- access_rights = nullptr;
- ret = security_server_check_privilege_by_cookie(cookie2, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-RUNNER_TEST_SMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- int ret = 0;
- int sockfd = -1;
- const char *object = "telephony_makecall";
- const char *access_rights = "r";
-
- /* invalid sockfd case */
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
- sockfd = 0;
-
- /* null object case */
- char *object2 = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null access rights case */
- access_rights = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-RUNNER_TEST(tc07_security_server_get_cookie_pid_weird_input_case)
-{
- int ret = 0;
- char *cookie = nullptr;
-
- ret = security_server_get_cookie_pid(cookie);
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
-}
-
-///////////////////////////
-/////NOSMACK ENV TESTS/////
-///////////////////////////
-
-/**
- * NOSMACK version of tc06 test.
- *
- * security_server_check_privilege_by_sockfd at first checks if SMACK exists and then checks if
- * params are correct. Even with incorrect params we should expect SUCCESS instead of
- * ERROR_INPUT_PARAM.
- */
-
-RUNNER_TEST_NOSMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- int ret = 0;
- int sockfd = -1;
- const char* object = "telephony_makecall";
- const char* access_rights = "r";
-
- //invalid sockfd case
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
- sockfd = 0;
-
- //null object case
- char *object2 = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
-
- //null access rights case
- access_rights = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
-}
-
+++ /dev/null
-#!/bin/sh
-echo "[Trigerring all tests...]"
-
-total=0
-passed=0
-failed=0
-ignored=0
-
-ign="--runignored"
-if [ $# -gt 0 ]; then
- if [ "$1" = "--noignored" ]; then
- ign=""
- fi
-fi
-
-function addSummary
-{
- read -a words < summary.txt
- total=$((total + words[0]))
- passed=$((passed + words[1]))
- failed=$((failed + words[2]))
- ignored=$((ignored + words[3]))
-
- rm summary.txt
-}
-
-function runTest
-{
- # 'text' - console output
- # 'summary' - used for summary view
- security-tests.sh "$1" --output=text --output=summary "$ign"
- addSummary
-}
-
-function printSummary
-{
- COLOR_GREEN_START="\033[1;32m"
- COLOR_DARK_GREEN_START="\033[0;36m"
- COLOR_END="\033[m"
-
- printf "\n"
- printf "$COLOR_GREEN_START"
- printf "Summary\n"
- printf "$COLOR_END"
-
- printf "$COLOR_DARK_GREEN_START"
- printf " Total: %i\n" "$total"
- printf " Passed: %i\n" "$passed"
- printf " Failed: %i\n" "$failed"
- printf " Ignored: %i\n" "$ignored"
- printf "$COLOR_END"
- printf "\n"
-}
-
-runTest smack
-runTest smack-dbus
-runTest libprivilege-control
-#runTest ss-clientsmack
-#runTest ss-server
-#runTest ss-password
-#runTest ss-privilege
-#runTest ss-stress
-runTest security-manager
-runTest cynara
-runTest ckm
-
-printSummary
-
-echo "[Done]"
+++ /dev/null
-#!/bin/sh
-
-#####################################################################
-# Copyright (c) 2012-2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#####################################################################
-
-#testing internet access and date on the target
-
-echo "### Starting tests ######################################################"
-
-case $1 in
-
-"smack")
- echo "========================================================================="
- echo $1
- echo
- libsmack-test "${@:2}" # propagate all remaining arguments (except first)
- ;;
-"smack-dbus")
- echo "========================================================================="
- echo "SMACK DBUS TEST"
- echo
- smack-dbus-tests "${@:2}"
- ;;
-"libprivilege-control")
- echo "========================================================================="
- echo $1
- echo
- libprivilege-control-test "${@:2}"
- ;;
-"ss-clientsmack")
- echo "========================================================================="
- echo "SECURITY SERVER TEST CLIENT SMACK"
- echo
- security-server-tests-client-smack "${@:2}"
- ;;
-"ss-stress")
- echo "========================================================================="
- echo "SECURITY SERVER TEST STRESS"
- echo
- security-server-tests-stress "${@:2}"
- ;;
-"ss-server")
- echo "========================================================================="
- echo "SECURITY SERVER TEST SERVER"
- echo
- security-server-tests-server "${@:2}"
- ;;
-"ss-api-speed")
- echo "========================================================================="
- echo "SECURITY SERVER MEASURER SERVER"
- echo
- security-server-tests-api-speed "${@:2}"
- ;;
-"ss-password")
- echo "========================================================================="
- echo "SECURITY SERVER TEST PASSWORD"
- echo
- security-server-tests-password "${@:2}"
- ;;
-"ss-privilege")
- echo "========================================================================="
- echo "SECURITY SERVER TEST PRIVILEGE"
- echo
- security-server-tests-privilege "${@:2}"
- ;;
-"security-manager")
- echo "========================================================================="
- echo "SECURITY MANAGER TESTS"
- echo
- security-manager-tests "${@:2}"
- ;;
-"cynara")
- echo "========================================================================="
- echo "CYNARA TEST"
- echo
- cynara-test "${@:2}"
- ;;
-"ckm")
- echo "========================================================================="
- echo "KEY MANAGER TESTS"
- echo
- ckm-tests "${@:2}"
- ;;
-*)
- echo "Correct using:"
- echo " security_test.sh <module> <args_for_module>"
- echo
- echo "modules: smack, smack-dbus, libprivilege-control, ss-clientsmack"
- echo " ss-server, ss-api-speed, ss-password, ss-stress"
- echo " ss-privilege, security-manager, cynara, ckm"
- ;;
-
-esac
-
-echo "### Tests done ##########################################################"
+++ /dev/null
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Michal Eljasiewicz (m.eljasiewic@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SMACK_DBUS_TESTS_DEP
- libsmack
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SMACK_DBUS_TESTS_DEP_INCLUDE_DIRS}
- )
-
-SET(TARGET_SMACK_DBUS_TESTS "smack-dbus-tests")
-
-# Sources definition
-
-SET(SMACK_DBUS_SOURCES
- ${PROJECT_SOURCE_DIR}/src/smack-dbus-tests/smack_dbus_tests.cpp
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- )
-
-ADD_EXECUTABLE(${TARGET_SMACK_DBUS_TESTS} ${SMACK_DBUS_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SMACK_DBUS_TESTS}
- ${SMACK_DBUS_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SMACK_DBUS_TESTS} DESTINATION /usr/bin)
+++ /dev/null
-#include <cstring>
-#include <unistd.h>
-#include <sys/smack.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <dbus/dbus.h>
-#include "tests_common.h"
-
-#define DBUS_SERVER_NAME "test.method.server"
-#define DBUS_CALLER_NAME "test.method.caller"
-
-#define DBUS_SMACK_NAME "org.freedesktop.DBus"
-#define DBUS_SMACK_OBJECT "/org/freedesktop/DBus"
-#define DBUS_SMACK_INTERFACE "org.freedesktop.DBus"
-#define DBUS_SMACK_METHOD "GetConnectionCredentials"
-
-RUNNER_TEST_GROUP_INIT(SMACK_DBUS);
-
-RUNNER_MULTIPROCESS_TEST_SMACK(tc01_smack_context_from_DBus)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char *subject_parent = "subject_parent";
- const char *subject_child = "subject_child";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
- ret = smack_set_label_for_self(subject_child);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set__label_for_self() failed, ret: " << ret);
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(nullptr != msg,
- "dbus_message_new_method_call() failed, ret: " << ret);
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(1 == ret, "Out of memory");
- RUNNER_ASSERT_MSG(nullptr != pending, "Pending call null");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(nullptr != msg, "Reply null");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(0 != ret, "Message has no arguments");
-
- dbus_message_iter_recurse(&iter, &var);
-
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(0 == ret,
- "Context mismatch! context from dbus: " << smack_context);
-
- exit(0);
-
- } else {
- // parent
- ret = smack_set_label_for_self(subject_parent);
- RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS,
- "smack_set_label_for_self() failed, ret: " << ret);
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-///////////////////////////////////////
-//////NOSMACK ENV TESTS////////////////
-///////////////////////////////////////
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc01_smack_context_from_DBus_nosmack)
-{
- RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method"
- " yet.");
-
- int ret = -1;
- const char* subject_parent = "subject_parent";
-
- DBusMessage* msg = nullptr;
- DBusMessageIter args, iter, var, var_iter, var_value;
- DBusConnection* conn = nullptr;
- DBusError err;
- DBusPendingCall *pending = nullptr;
- const char *dbus_server_name = DBUS_SERVER_NAME;
- char *smack_context = nullptr;
-
- pid_t pid = fork();
- RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed");
-
- if (pid == 0) {
- // child
-
- // initialize the errors
- dbus_error_init(&err);
-
- // connect to the system bus and check for errors; failure = exit with result 1
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to connect to system bus. Ret " << ret);
- }
-
- // request our name on the bus; failure = exit with result 2
- ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_FAIL_MSG("Failed to request name on the bus. Ret " << ret);
- }
-
- // crate a new method call for checking SMACK context from DBus interface
- msg = dbus_message_new_method_call(DBUS_SMACK_NAME,
- DBUS_SMACK_OBJECT,
- DBUS_SMACK_INTERFACE,
- DBUS_SMACK_METHOD);
-
- RUNNER_ASSERT_MSG(msg != nullptr, "dbus_message_new_method_call() failed.");
-
- // append arguments, we need SMACK context for our parent process "test.method.server"
- dbus_message_iter_init_append(msg, &args);
- ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
-
- // wait for parent to connect to DBus
- sleep(3);
-
- // send message and get a handle for a reply
- // -1 is default timeout
- ret = dbus_connection_send_with_reply (conn, msg, &pending, -1);
- RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret);
- RUNNER_ASSERT_MSG(pending != nullptr, "Pending call is nullptr.");
-
- dbus_connection_flush(conn);
-
- // free message
- dbus_message_unref(msg);
-
- // block until reply
- dbus_pending_call_block(pending);
-
- // get the reply
- msg = dbus_pending_call_steal_reply(pending);
- RUNNER_ASSERT_MSG(msg != nullptr, "Failed to get the reply from bus.");
-
- // free message handle
- dbus_pending_call_unref(pending);
-
- ret = dbus_message_iter_init(msg, &iter);
- RUNNER_ASSERT_MSG(ret != 0, "DBus message has no arguments. Ret " << ret);
-
- dbus_message_iter_recurse(&iter, &var);
- while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var, &var_iter);
- while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) {
- dbus_message_iter_recurse(&var_iter, &var_value);
- switch(dbus_message_iter_get_arg_type(&var_value)) {
- case DBUS_TYPE_STRING:
- dbus_message_iter_get_basic(&var_value, &smack_context);
- break;
- default:
- ;
- }
- dbus_message_iter_next(&var_iter);
- }
- dbus_message_iter_next(&var);
- }
-
- // free reply and close connection
- dbus_message_unref(msg);
- dbus_connection_unref(conn);
-
- RUNNER_ASSERT(smack_context != nullptr);
- ret = strcmp(smack_context, subject_parent);
- RUNNER_ASSERT_MSG(ret == 0, "Context mismatch. Context " << smack_context);
-
- exit(0);
-
- } else {
- // parent
-
- // initialise the error
- dbus_error_init(&err);
-
- // connect to the bus and check for errors
- conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
- ret = dbus_error_is_set(&err);
- if (1 == ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret);
- }
-
- // request our name on the bus and check for errors
- ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err);
- if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) {
- dbus_error_free(&err);
- RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret,
- "dbus_bus_request_name() failed, ret: " << ret);
- }
-
- // close the connection
- dbus_connection_unref(conn);
- }
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-#!/bin/sh
-
-NOF_TRIES=3
-i=$NOF_TRIES
-ERR_FILE=error.log
-RESULTS_FILE=results.log
-
-SUM=0
-
-black="\033[0;30m";
-red="\033[0;31m";
-green="\033[0;32m";
-brown="\033[0;33m";
-blue="\033[0;34m";
-purple="\033[0;35m";
-grey="\033[1;30m";
-yellow="\033[1;33m";
-default="\033[0m";
-
-
-function echo_as_percent () {
-full=$(( $1 / 100 ))
-rest_full=$(( $1 % 100 ))
-dec=$(($rest_full / 10 ))
-rest_dec=$(($rest_full % 10 ))
-echo "$full.$dec$rest_dec%"
-echo "$full.$dec$rest_dec%" >> $RESULTS_FILE
-
-}
-
-date >> $RESULTS_FILE
-date >> $ERR_FILE
-
-while [ $((i--)) -gt 0 ]
-do
-echo -e "$blue==============test no $i=============$default"
-
-perf record -a -g & > /dev/null 2> /dev/null
-sleep 1
-security-tests-all.sh > /dev/null 2> /dev/null
-pkill -SIGINT perf
-
-sleep 2
-
-echo "perf results:"
-perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk
-OUTPUT=$(perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk | sed "s:%.*$::g;s:^[ \t]::g;s:[^0-9]::g;s:^0::g;s:^0::g;s:$:+:g;$ s:+::" | tr -d "\n")
-
-echo -e "$blue sum:"
-echo_as_percent $(($OUTPUT))
-echo -e "$default"
-
-SUM=$(($SUM + $OUTPUT))
-
-done
-echo -e "$blue==============done============="
-OUTPUT=$(($SUM/3))
-echo "average:"
-echo "average:" >> $RESULTS_FILE
-echo_as_percent $OUTPUT
-echo -e "$default"
-
-
+++ /dev/null
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-cmake_minimum_required(VERSION 2.8.3)
-
-INCLUDE(FindPkgConfig)
-SET(INNER_TARGET_TEST "security-tests-inner-test")
-
-PKG_CHECK_MODULES(INNER_TARGET_DEP
- REQUIRED
- glib-2.0
- )
-
-#files to compile
-SET(INNER_TARGET_TEST_SOURCES
- ${PROJECT_SOURCE_DIR}/tests/inner-test.cpp
- ${PROJECT_SOURCE_DIR}/tests/common/test_cases_timeout.cpp
- ${PROJECT_SOURCE_DIR}/tests/framework/test_cases_deferred.cpp
- )
-
-#header directories
-INCLUDE_DIRECTORIES(SYSTEM
- ${INNER_TARGET_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/framework/include/
- ${PROJECT_SOURCE_DIR}/src/
- )
-
-#output format
-ADD_EXECUTABLE(${INNER_TARGET_TEST} ${INNER_TARGET_TEST_SOURCES})
-
-#linker directories
-TARGET_LINK_LIBRARIES(${INNER_TARGET_TEST}
- ${INNER_TARGET_DEP_LIBRARIES}
- tests-common
- dpl-test-framework
- )
-
-#place for output file
-INSTALL(TARGETS ${INNER_TARGET_TEST}
- DESTINATION /usr/bin
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE
- )
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * @file test_cases_timeout.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Inner tests for timeout mechanism
- */
-
-#include <chrono>
-#include <string>
-#include <thread>
-
-#include <dpl/test/test_runner.h>
-#include <common/timeout.h>
-
-RUNNER_TEST_GROUP_INIT(TIMEOUT)
-
-void timeout_test_ret(int waitDuration, int functionDuration, Timeout::ExpectMode expect) {
- float fRet = 3.1415;
- auto ret = Timeout::callAndWait(std::chrono::seconds(waitDuration), expect,
- Timeout::CancelFunction(),
- ([fRet](int sec) -> float {
- std::this_thread::sleep_for(std::chrono::seconds(sec));
- return fRet;
- }), functionDuration);
- RUNNER_ASSERT_MSG(ret == fRet,
- "Function returned = " << ret << " while expected value was " << fRet);
-}
-
-RUNNER_TEST(it01_expected_timeout)
-{
- timeout_test_ret(3, 5, Timeout::ExpectMode::TIMEOUT);
-}
-
-RUNNER_TEST(it02_unexpected_finish)
-{
- bool thrown = false;
- try {
- timeout_test_ret(3, 5, Timeout::ExpectMode::FINISHED);
- } catch (const DPL::Test::TestException&) {
- thrown = true;
- }
- RUNNER_ASSERT_MSG(thrown,
- "Test should throw DPL::Test::TestException");
-}
-
-RUNNER_TEST(it03_ignored_timeout)
-{
- timeout_test_ret(3, 5, Timeout::ExpectMode::IGNORE);
-}
-
-RUNNER_TEST(it04_expected_finish)
-{
- timeout_test_ret(5, 3, Timeout::ExpectMode::FINISHED);
-}
-
-RUNNER_TEST(it05_unexpected_timeout)
-{
- bool thrown = false;
- try {
- timeout_test_ret(5, 3, Timeout::ExpectMode::TIMEOUT);
- } catch (const DPL::Test::TestException&) {
- thrown = true;
- }
- RUNNER_ASSERT_MSG(thrown,
- "Test should throw DPL::Test::TestException");
-}
-
-RUNNER_TEST(it06_ignored_finish)
-{
- timeout_test_ret(5, 3, Timeout::ExpectMode::IGNORE);
-}
-
-void timeout_test_throw(int waitDuration, int functionDuration, Timeout::ExpectMode expect) {
- std::string exceptionString("exceptionString");
- bool thrown = false;
- try {
- Timeout::callAndWait(std::chrono::seconds(waitDuration), expect,
- Timeout::CancelFunction(),
- ([exceptionString](int sec) -> float {
- std::this_thread::sleep_for(std::chrono::seconds(sec));
- throw exceptionString;
- }), functionDuration);
- } catch (const std::string &str) {
- RUNNER_ASSERT_MSG(str == exceptionString,
- "Function thrown = " << str
- << " while expected value was " << exceptionString);
- thrown = true;
- }
- RUNNER_ASSERT_MSG(thrown,
- "Test should throw std::string(" << exceptionString << ")");
-}
-
-RUNNER_TEST(it07_throw_expected_timeout)
-{
- timeout_test_throw(3, 5, Timeout::ExpectMode::TIMEOUT);
-}
-
-RUNNER_TEST(it08_throw_unexpected_finish)
-{
- bool thrown = false;
- try {
- timeout_test_throw(3, 5, Timeout::ExpectMode::FINISHED);
- } catch (const DPL::Test::TestException&) {
- thrown = true;
- }
- RUNNER_ASSERT_MSG(thrown,
- "Test should throw DPL::Test::TestException");
-}
-
-RUNNER_TEST(it09_throw_ignored_timeout)
-{
- timeout_test_throw(3, 5, Timeout::ExpectMode::IGNORE);
-}
-
-RUNNER_TEST(it10_throw_expected_finish)
-{
- timeout_test_throw(5, 3, Timeout::ExpectMode::FINISHED);
-}
-
-RUNNER_TEST(it11_throw_unexpected_timeout)
-{
- bool thrown = false;
- try {
- timeout_test_throw(5, 3, Timeout::ExpectMode::TIMEOUT);
- } catch (const DPL::Test::TestException&) {
- thrown = true;
- }
- RUNNER_ASSERT_MSG(thrown,
- "Test should throw DPL::Test::TestException");
-}
-
-RUNNER_TEST(it12_throw_ignored_finish)
-{
- timeout_test_throw(5, 3, Timeout::ExpectMode::IGNORE);
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file test_cases_deferred.cpp
- * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
- * @version 1.0
- * @brief Inner tests for defer macros mechanism
- */
-
-#include <dpl/test/test_exception.h>
-#include <dpl/test/test_runner.h>
-
-#define EXPECT_EXCEPTION(expectedCatch, F) { \
- bool catched = false; \
- try { \
- F; \
- } catch (const DPL::Test::TestException & ex) { \
- catched = true; \
- } \
- RUNNER_ASSERT_MSG(catched == expectedCatch, \
- "Exception catched = " << catched \
- << " while expected is = " << expectedCatch); \
-}
-
-#define FILTER(F) { \
- try { \
- F; \
- } catch (...) { \
- } \
-}
-
-#define TRYCATCH(F) { \
- RUNNER_DEFER_TRYCATCH( \
- F; \
- ); \
-}
-
-#define SCOPE(F) { \
- RUNNER_DEFER_SCOPE( \
- F; \
- ); \
-}
-
-void fail(void)
-{
- RUNNER_FAIL_MSG("Oops!");
-}
-
-void pass(void)
-{
-}
-
-RUNNER_TEST_GROUP_INIT(DEFERRED)
-
-RUNNER_TEST(id01_simple_fail)
-{
- EXPECT_EXCEPTION(true, fail());
-}
-
-RUNNER_TEST(id02_filtred_fail)
-{
- EXPECT_EXCEPTION(false, FILTER(fail()));
-}
-
-RUNNER_TEST(id03_saved_filtred_rethrown_fail)
-{
- EXPECT_EXCEPTION(true, SCOPE(FILTER(TRYCATCH(fail()))));
-}
-
-RUNNER_TEST(id04_saved_filtred_fail)
-{
- EXPECT_EXCEPTION(false, FILTER(TRYCATCH(fail())));
-}
-
-RUNNER_TEST(id05_filtred_rethrown_fail)
-{
- EXPECT_EXCEPTION(false, SCOPE(FILTER(fail())));
-}
-
-RUNNER_TEST(id06_saved_rethrown_fail)
-{
- EXPECT_EXCEPTION(true, SCOPE(TRYCATCH(fail())));
-}
-
-RUNNER_TEST(id07_saved_fail)
-{
- EXPECT_EXCEPTION(true, TRYCATCH(fail()));
-}
-
-RUNNER_TEST(id08_rethrown_fail)
-{
- EXPECT_EXCEPTION(true, SCOPE(fail()));
-}
-
-RUNNER_TEST(id09_nested_scope)
-{
- EXPECT_EXCEPTION(true, SCOPE(SCOPE(SCOPE(FILTER(TRYCATCH(fail()))))));
-}
-
-RUNNER_TEST(id10_nested_scope2)
-{
- EXPECT_EXCEPTION(true, SCOPE(SCOPE(FILTER(SCOPE(TRYCATCH(fail()))))));
-}
-
-RUNNER_TEST(id11_saved_filtred_rethrown_pass)
-{
- EXPECT_EXCEPTION(false, SCOPE(FILTER(TRYCATCH(pass()))));
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <dpl/test/test_runner.h>
-
-int main (int argc, char *argv[])
-{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return status;
-}
projects / platform / core / test / security-tests.git / commitdiff
