From: Kyungwook Tak Date: Mon, 14 Dec 2015 07:42:41 +0000 (+0900) Subject: Initial commit for pubkey-pinning test X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Fpubkey-pinning;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Initial commit for pubkey-pinning test Change-Id: Ic6676a3a457af3963fa034018e858b716356b871 Signed-off-by: Kyungwook Tak --- diff --git a/CMakeLists.txt b/CMakeLists.txt index c20c6bc1..4eb9a23b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,21 +36,16 @@ INCLUDE(FindPkgConfig) SET(CMAKE_C_FLAGS "-g") SET(CMAKE_CXX_FLAGS "-g -std=c++0x") SET(CMAKE_C_FLAGS_PROFILING "-O0 -pg") -SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -pg -std=c++0x") SET(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb") -SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -ggdb") +SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -ggdb -std=c++0x") SET(CMAKE_C_FLAGS_RELEASE "-O2") -SET(CMAKE_CXX_FLAGS_RELEASE "-O2") +SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x") -SET(SMACK_ENABLE ON) - -OPTION(DPL_LOG "DPL logs status" ON) -IF(DPL_LOG) - MESSAGE(STATUS "Logging enabled for DPL") - ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") -ELSE(DPL_LOG) - MESSAGE(STATUS "Logging disabled for DPL") -ENDIF(DPL_LOG) +IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") +ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") +ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") +ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") # If supported for the target machine, emit position-independent code,suitable # for dynamic linking and avoiding any limit on the size of the global offset @@ -69,22 +64,7 @@ ADD_DEFINITIONS("-Wextra") # Generate even more extra warni ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM) ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features ADD_DEFINITIONS("-Wno-deprecated-declarations") # No warnings about deprecated features -STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") -ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") -ADD_DEFINITIONS("-DCYNARA_DB_DIR=\"${CYNARA_DB_DIR}\"") -ADD_DEFINITIONS("-DAPP_USER=\"${APP_USER}\"") - -IF(SMACK_ENABLE) - ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") -ENDIF(SMACK_ENABLE) - -############################# Targets names ################################### - -SET(TARGET_CKM_TESTS "ckm-tests") -SET(TARGET_CKMI_TESTS "ckm-integration-tests") -SET(COMMON_TARGET_TEST "tests-common") -############################# subdirectories ################################## +SET(TARGET_TPKP_TEST "tpkp-test") ADD_SUBDIRECTORY(src) -ADD_SUBDIRECTORY(tests) diff --git a/README b/README deleted file mode 100644 index 83c2c054..00000000 --- a/README +++ /dev/null @@ -1,285 +0,0 @@ -README for security-tests project - -==WHAT IS====================================================================== - -security-tests is repository for testing packages from domain Security. - -==WHAT FOR===================================================================== - -The security-tests repository is designed for testing packages mentioned below -with binaries provided for testing them: - -libsmack - libsmack-test -libprivilege-control - libprivilege-control-test -security-server - security-server-tests-client-smack - security-server-tests-stress - security-server-tests-server - security-server-tests-api-speed - security-server-tests-password - security-server-tests-privilege - security-server-tests-dbus -security-manager - security-manager-tests -cynara - cynara-test - -There are also inner-tests for testing complex security-tests framework -mechanisms with binary: - security-tests-inner-test - -==HOW TO RUN=================================================================== - -Each test suite may be run with options: - --output= --output= ... - --output=xml - example: - test-binary --output=text --output=xml --file=output.xml - --only-from-xml= Run only testcases specified in XML file - --regexp='regexp' Only selected tests which names match regexp run - --start= Start from concrete test id - --group= Run tests only from one group - --runignored Run also ignored tests - --list Show a list of Test IDs - --listgroups Show a list of Test Group names - --only-from-xml= Run only testcases specified in XML file - XML name is taken from attribute id="part1_part2" as whole. - If part1 is not found (no _) then it is implicitily set according to - suite part1 from binary tests - --listingroup= Show a list of Test IDS in one group - --allowchildlogs Allow to print logs from child process on screen. - When active child process will be able to print logs on stdout and - stderr. Both descriptors will be closed after test. - --help Print help - -They can be run also by scripts: - security-tests.sh - security-tests-all.sh - -Each test can end with one of three possible statuses: - FAILED - OK - IGNORED - -==HOW TO WRITE================================================================= - -security-tests is based on extended dpl framework providing different macros. -Below are categories with macros listed as below: -library - include - macro - description - ---Test group registering macro------------------------------------------------- - -dpl-test-framework - test_runner.h - RUNNER_TEST_GROUP_INIT - Registers group of tests. Test are registered under this group until - another group registering macro is called. - ---Test registering macros------------------------------------------------------ -Adding/removing those macro calls will add/remove test cases they provide. To -change tests, change body of those macro calls. Registered tests are run within -group alphabetically. -Those macros allow additional arguments which are classes with mandatory -methods: -* (constructor) () - Called while registering test. - Should not throw any exceptions -* init(const std::string &testName) - Called before test case function in order of classes passed to macro. - Should not be forked. - testName argument is name of the test (first macro argument). -* finish(void) - called after test case function in reversed order of classes passed to - macro. - Should not be forked. -Created instances of those classes may be accessed from within test case body -as argument of test case funtion is - std::tuple &optionalArgsTuple - -dpl-test-framework - test_runner.h - RUNNER_TEST - Function registered by this macro will be run in the same process as - framework. No forking allowed unless forked process does not throw - any exception. - test_runner_child.h - RUNNER_CHILD_TEST - Function registered by this macro will be run in child process. No - forking allowed unless forked process does not throw any exception. - test_runner_multiprocess.h - RUNNER_MULTIPROCESS_TEST - Function registered by this macro will be run in the same process as - framework. Forking allowed. Exception of every process will be - registered. -tests-common - tests_common.h - RUNNER_TEST_SMACK - Same as RUNNER_TEST but run only with smack enabled. - RUNNER_TEST_NOSMACK - Same as RUNNER_TEST but run only with smack disabled. - RUNNER_CHILD_TEST_SMACK - Same as RUNNER_TEST_CHILD but run only with smack enabled. - RUNNER_CHILD_TEST_NOSMACK - Same as RUNNER_TEST_CHILD but run only with smack disabled. - RUNNER_MULTIPROCESS_TEST_SMACK - Same as RUNNER_TEST_MULTIPROCESS but run only with smack enabled. - RUNNER_MULTIPROCESS_TEST_NOSMACK - Same as RUNNER_TEST_MULTIPROCESS but run only with smack disabled. - ---Assert macros---------------------------------------------------------------- -Used within test registering macros. - -First failed assertion throws test failed exception. If another assertions -fail, information about fail conditions and backtrace is cumulated and -presented together with already thrown exception message. - -dpl-test-framework - test_runner.h - RUNNER_ASSERT_MSG - Assertion with message with backtrace information appended. - RUNNER_ASSERT_ERRNO_MSG - Assertion with message, error string and backtrace information - appended. - RUNNER_ASSERT_ERRNO - Assertion with error string and backtrace information appended. - RUNNER_FAIL_MSG - Fail with message and backtrace information appended. - RUNNER_ASSERT - Assertion with backtrace information appended. - RUNNER_IGNORED_MSG - Assertion with message classified as ignored. - ---Performence macros----------------------------------------------------------- -Used to do the time measurement. - -dpl-test-framework - test_runner.h - RUNNER_PERF_TEST_BEGIN - Start time measurement. - RUNNER_PERF_TEST_END - End time measurement. - ---Message macros--------------------------------------------------------------- -Used to print error messages during test run time. - -dpl-test-framework - test_runner.h - RUNNER_ERROR_MSG - Print error message using red color. - ---Defer macros----------------------------------------------------------------- -Used to defer throwing TestException exceptions (TestFailed, TestIgnored) -by catching them and rethrowing later. This mechanism can help in breaking -test and passing test result from places where throwing exceptions -is not allowed - -dpl-test-framework - test_runner.h - RUNNER_DEFER_TRYCATCH - Catches thrown TestException exceptions and stores them in TestRunner - structures for later use. This macro works only inside deffered scope - defined by RUNNER_DEFER_SCOPE, otherwise it won't catch exceptions - RUNNER_DEFER_SCOPE - Defines deferred scope. All RUNNER_DEFER_TRYCATCH macros used inside - the scope catch and save TestException exceptions. After scope is left - all saved exceptions take part in setting result of test. If there - is no any uncaught exception then additionally first of saved - exceptions is thrown. - ---Collectors------------------------------------------------------------------- -Collectors are classes which collect test results. Each class does it differently. -Collectors can be registered by --output parameter (see HOW TO RUN section) but -there is also another collector created to write summary. - -dpl-test-framework - test_results_collector_summary.h - SummaryCollector - Collector writing tests summary. Call SummaryCollector::Register() to - register it - ---Usage example---------------------------------------------------------------- - -#include -#include -#include - -#include -#include -#include - -RUNNER_TEST_GROUP_INIT(foo_module) - -RUNNER_TEST_SMACK(bar_allways_fails) -{ - RUNNER_ASSERT(false); -} - -RUNNER_TEST(bar_allways_passses) -{ - RUNNER_ASSERT(true); -} - -RUNNER_TEST(bar_file1) -{ - cosnt char *file = "bar_file1"; - int fd = TEMP_FAILURE_RETRY(open(file, O_RDONLY)); - RUNNER_ASSERT_ERRNO_MSG(fd != -1, "Cannot open " << file << " file"); - close(fd); -} - -RUNNER_CHILD_TEST_NOSMACK(bar_file2_dropped_root) -{ - RUNNER_ASSERT_ERRNO(setgid(5000) == 0); - RUNNER_ASSERT_ERRNO(setuid(5000) == 0); - - cosnt char *file = "bar_file2"; - int fd = TEMP_FAILURE_RETRY(open(file, O_RDONLY)); - if(fd != -1) { - close(fd); - RUNNER_FAIL_MSG("file " << file << "should not be opened"); - } - RUNNER_ASSERT_ERRNO_MSG(errno == EACCESS, - "Wrong errno on opening " << " file"); -} - -class Env -{ -public: - Env() { ... } - void init(const std::string &testName) { ... } - void finish() { ... } - void doEnv() { ... } -}; - -class Restore -{ -public: - Restore() { ... } - void init(const std::string &testName) { ... } - void finish() { ... } - void doRestore() { ... } -}; - -RUNNER_TEST(bar_optional_args, Env, Restore) -{ - std::get<0>(optionalArgsTuple).doEnv(); - std::get<1>(optionalArgsTuple).doRestore(); -} - -int main(int argc, char *argv[]) -{ - SummaryCollector::Register(); - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} - ---Notes------------------------------------------------------------------------ - - While changing body of test cases, be sure to remove functions and global -variables if not used by any other tests. - Use const variables instead of #define's. - Use mechanisms already provided in common library. diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index bb5d572d..f497e8bc 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -8,29 +8,14 @@ URL: N/A Source0: %{name}-%{version}.tar.gz Source1: %{name}.manifest BuildRequires: cmake -BuildRequires: libattr-devel -BuildRequires: pkgconfig(libcap) -BuildRequires: pkgconfig(libsmack) -BuildRequires: pkgconfig(libprivilege-control) -BuildRequires: pkgconfig(security-server) -BuildRequires: pkgconfig(security-manager) -BuildRequires: pkgconfig(key-manager) -BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(dbus-1) -BuildRequires: pkgconfig(libpcrecpp) +BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libiri) -BuildRequires: pkgconfig(sqlite3) -BuildRequires: pkgconfig(libwebappenc) -BuildRequires: cynara-devel -BuildRequires: pkgconfig(libtzplatform-config) -BuildRequires: boost-devel -BuildRequires: pkgconfig(vconf) -BuildRequires: pkgconfig(libgum) >= 1.0.5 -Requires: perf -Requires: gdb -Requires: key-manager-listener +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(tpkp-curl) +BuildRequires: pkgconfig(tpkp-gnutls) %description Security tests repository - for tests that can't be kept together with code. @@ -40,89 +25,28 @@ Security tests repository - for tests that can't be kept together with code. cp %{SOURCE1} . %build +export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE" +export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE" +export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" + export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib" -# password protection enabled -%define ckm_password_protection_disable 1 -cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ - -DDPL_LOG="ON" \ - -DVERSION=%{version} \ - -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:DEBUG} \ -%if "%{sec_product_feature_security_mdfpp_enable}" == "1" - -DSECURITY_MDFPP_STATE_ENABLE=1 \ -%endif -%if 0%{?ckm_password_protection_disable} - -DPASSWORD_PROTECTION_DISABLE=1 \ -%endif - -DCMAKE_VERBOSE_MAKEFILE=ON \ - -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \ - -DAPP_USER="security_test_user" -make %{?jobs:-j%jobs} +%{!?build_type:%define build_type "DEBUG"} +%cmake . -DCMAKE_INSTALL_PREFIX=%_prefix \ + -DVERSION=%version \ + -DCMAKE_BUILD_TYPE=%build_type \ + -DCMAKE_VERBOSE_MAKEFILE=ON + +make %{?_smp_mflags} %install %make_install -ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk - -%post -find /etc/smack/test_privilege_control_DIR/ -type f -name exec -exec chmod 0755 {} + - -# Load permissions templates -api_feature_loader --verbose -# Set vconf key for cc-mode testing if vconf key isn't there. -%if "%{sec_product_feature_security_mdfpp_enable}" != "1" - echo "Install vconf key (file/security_mdpp/security_mdpp_state) for testing key-manager" - vconftool set -t string file/security_mdpp/security_mdpp_state "Unset" -%endif - -id -u security_test_user 1>/dev/null 2>&1 || \ - useradd -r -g users -s /sbin/nologin -c "for tests only" security_test_user - -echo "security-tests postinst done ..." +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig %files -%manifest %{name}.manifest -%defattr(-, root, root, -) -/usr/bin/security-tests.sh -/usr/bin/security-tests-all.sh -/usr/bin/test-performance-check.sh - -/etc/dbus-1/system.d/security-tests.conf - -/usr/bin/libsmack-test -/usr/bin/smack-dbus-tests -/usr/bin/libprivilege-control-test -/usr/bin/security-server-tests-client-smack -/usr/bin/security-server-tests-server -/usr/bin/security-server-tests-password -/usr/bin/security-server-tests-privilege -/usr/bin/security-server-tests-stress -/etc/smack/test_smack_rules_full -/etc/smack/test_smack_rules2 -/etc/smack/test_smack_rules3 -/etc/smack/test_smack_rules4 -/usr/bin/security-server-tests-mt -/usr/bin/security-server-tests-api-speed -/usr/bin/security-manager-tests -/etc/smack/test_smack_rules -/etc/smack/test_smack_rules_lnk -/usr/share/privilege-control/* -/etc/smack/test_privilege_control_DIR/* -/usr/apps/* -/usr/bin/test-app-efl -/usr/bin/test-app-osp -/usr/bin/test-app-wgt -/usr/bin/cynara-test -/usr/bin/ckm-tests -/usr/bin/ckm-integration-tests -/usr/share/ckm-test/* -/etc/security-tests -/usr/lib/security-tests/cynara-tests/plugins/single-policy/* -/usr/lib/security-tests/cynara-tests/plugins/multiple-policy/* -/usr/lib/security-tests/cynara-tests/plugins/test-agent/* -/usr/bin/security-tests-inner-test -/usr/bin/libwebappenc-tests - -%postun -id -u security_test_user 1>/dev/null 2>&1 && userdel security_test_user +%manifest %name.manifest +/usr/lib/libdpl-test-framework.so +/usr/bin/tpkp-test diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a73e120c..3ef498b3 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -13,8 +13,6 @@ # limitations under the License. # -INCLUDE(FindPkgConfig) - PKG_CHECK_MODULES(SYS_FRAMEWORK_TEST REQUIRED libxml-2.0 @@ -46,48 +44,6 @@ TARGET_LINK_LIBRARIES(${DPL_FRAMEWORK_TEST_LIBRARY} ${SYS_FRAMEWORK_TEST_LIBRARIES} ) -INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/security-tests.sh - DESTINATION bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -INSTALL(FILES ${PROJECT_SOURCE_DIR}/src/security-tests-all.sh - DESTINATION bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/test-performance-check.sh - DESTINATION bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - +INSTALL(TARGETS ${DPL_FRAMEWORK_TEST_LIBRARY} DESTINATION lib) -ADD_SUBDIRECTORY(common) -ADD_SUBDIRECTORY(ckm) -ADD_SUBDIRECTORY(ckm-integration) -ADD_SUBDIRECTORY(libprivilege-control-tests) -ADD_SUBDIRECTORY(libsmack-tests) -ADD_SUBDIRECTORY(smack-dbus-tests) -ADD_SUBDIRECTORY(security-server-tests) -ADD_SUBDIRECTORY(security-manager-tests) -ADD_SUBDIRECTORY(cynara-tests) -ADD_SUBDIRECTORY(libwebappenc-tests) +ADD_SUBDIRECTORY(pinning-tests) diff --git a/src/ckm-integration/CMakeLists.txt b/src/ckm-integration/CMakeLists.txt deleted file mode 100644 index 9ee8ce40..00000000 --- a/src/ckm-integration/CMakeLists.txt +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) -# @brief -# - -INCLUDE(FindPkgConfig) - -PKG_CHECK_MODULES(CKMI_DEP - REQUIRED - libsmack - libgum - key-manager - security-manager - dbus-1 - vconf - REQUIRED) - -SET(CKMI_SOURCES_DIR ${PROJECT_SOURCE_DIR}/src/ckm-integration) - -SET(CKMI_SOURCES - ${CKMI_SOURCES_DIR}/process-settings/change-uid.cpp - ${CKMI_SOURCES_DIR}/process-settings/create-user.cpp - ${CKMI_SOURCES_DIR}/process-settings/change-smack.cpp - ${CKMI_SOURCES_DIR}/process-settings/install-app.cpp - ${CKMI_SOURCES_DIR}/process-settings/unlock-ckm.cpp - ${CKMI_SOURCES_DIR}/ckm-policy.cpp - ${CKMI_SOURCES_DIR}/group01.cpp - ${CKMI_SOURCES_DIR}/group02.cpp - ${CKMI_SOURCES_DIR}/main.cpp -) - -INCLUDE_DIRECTORIES(SYSTEM ${CKMI_DEP_INCLUDE_DIRS}) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ ) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm-integration/ ) - -ADD_EXECUTABLE(${TARGET_CKMI_TESTS} ${CKMI_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_CKMI_TESTS} ${CKMI_DEP_LIBRARIES} ${COMMON_TARGET_TEST}) - -INSTALL(TARGETS ${TARGET_CKMI_TESTS} DESTINATION bin) - diff --git a/src/ckm-integration/ckm-policy.cpp b/src/ckm-integration/ckm-policy.cpp deleted file mode 100644 index 9f33c3e0..00000000 --- a/src/ckm-integration/ckm-policy.cpp +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file ckm-policy.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -CKMPolicy::CKMPolicy( - std::string pkgId, - std::string userName, - ProcessSettings::PrivilegeVector priv) - : m_userName(std::move(userName)) - , m_pkgId(pkgId) - , m_appId(std::move(pkgId)) - , m_privileges(std::move(priv)) -{ - std::stringstream ss; - ss << "User::App::" << m_pkgId; - m_smackLabel = ss.str(); -} - -std::string CKMPolicy::GetUserName() const { - return m_userName; -} - -void CKMPolicy::SetUserName(std::string userName) { - m_userName = std::move(userName); -} - -gid_t CKMPolicy::GetGid() const { - return m_gid; -} - -void CKMPolicy::SetGid(gid_t gid) { - m_gid = gid; -} - -uid_t CKMPolicy::GetUid() const { - return m_uid; -} - -void CKMPolicy::SetUid(uid_t uid) { - m_uid = uid; -} - -std::string CKMPolicy::GetSmackLabel() const { - return m_smackLabel; -} - -void CKMPolicy::SetSmackLabel(std::string label) { - m_smackLabel = std::move(label); -} - -std::string CKMPolicy::GetAppId() const { - return m_appId; -} - -void CKMPolicy::SetAppId(std::string appId) { - m_appId = std::move(appId); -} - -std::string CKMPolicy::GetPkgId() const { - return m_pkgId; -} - -void CKMPolicy::SetPkgId(std::string pkgId) { - m_pkgId = std::move(pkgId); -} - -ProcessSettings::PrivilegeVector CKMPolicy::GetPrivileges() const { - return m_privileges; -} - -void CKMPolicy::SetPrivileges(ProcessSettings::PrivilegeVector priv) { - m_privileges = std::move(priv); -} - -const ProcessSettings::PrivilegeVector PrivNone; -const ProcessSettings::PrivilegeVector PrivCKMBoth { - "http://tizen.org/privilege/keymanager", - "http://tizen.org/privilege/keymanager.admin"}; -const ProcessSettings::PrivilegeVector PrivCKMControl { - "http://tizen.org/privilege/keymanager.admin"}; -const ProcessSettings::PrivilegeVector PrivCKMStore { - "http://tizen.org/privilege/keymanager"}; - - diff --git a/src/ckm-integration/ckm-policy.h b/src/ckm-integration/ckm-policy.h deleted file mode 100644 index 967e5804..00000000 --- a/src/ckm-integration/ckm-policy.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file ckm-policy.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include -#include -#include -#include -#include -#include -#include - -class CKMPolicy : public ProcessSettings::Policy { -public: - CKMPolicy( - std::string pkgId, - std::string userName, - ProcessSettings::PrivilegeVector priv); - virtual std::string GetUserName() const; - virtual void SetUserName(std::string); - virtual gid_t GetGid() const; - virtual void SetGid(gid_t); - virtual uid_t GetUid() const; - virtual void SetUid(uid_t); - virtual std::string GetSmackLabel() const; - virtual void SetSmackLabel(std::string); - virtual std::string GetAppId() const; - virtual void SetAppId(std::string); - virtual std::string GetPkgId() const; - virtual void SetPkgId(std::string); - virtual ProcessSettings::PrivilegeVector GetPrivileges() const; - virtual void SetPrivileges(ProcessSettings::PrivilegeVector); - virtual ~CKMPolicy() {} -private: - uid_t m_uid; - gid_t m_gid; - std::string m_userName; - std::string m_smackLabel; - std::string m_pkgId; - std::string m_appId; - ProcessSettings::PrivilegeVector m_privileges; -}; - -extern const ProcessSettings::PrivilegeVector PrivNone; -extern const ProcessSettings::PrivilegeVector PrivCKMBoth; -extern const ProcessSettings::PrivilegeVector PrivCKMControl; -extern const ProcessSettings::PrivilegeVector PrivCKMStore; - diff --git a/src/ckm-integration/group01.cpp b/src/ckm-integration/group01.cpp deleted file mode 100644 index 3b75177c..00000000 --- a/src/ckm-integration/group01.cpp +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file group01.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include -#include - -#include -#include - -#include -#include -#include -#include - -#include - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack, - ProcessSettings::ChangeUid> ProcSettings; - -RUNNER_TEST_GROUP_INIT(GROUP_01_ControlApiAccess); - -RUNNER_CHILD_TEST(G01T01_ControlNegative) { - // Socket is secured with 0700 - // in this test we have no access to this socket - // DAC should DENIED access to CKM - ProcSettings ps("PkgIdG01T01", "UserG01T01", PrivNone); - ps.Apply(); - - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), - "simple-password")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(G01T02_ControlPositive) { - // We have root privileges. - // We should be able to control data. - // The cynara should give us an access. - uid_t USER_UID = 5102; - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, - "simple-password")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)), - "Error=" << CKM::ErrorToString(temp)); -} - diff --git a/src/ckm-integration/group02.cpp b/src/ckm-integration/group02.cpp deleted file mode 100644 index 98320c6a..00000000 --- a/src/ckm-integration/group02.cpp +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file group02.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ - -#include -#include - -#include -#include - -#include -#include -#include -#include - -#include - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::UnlockCkm, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack, - ProcessSettings::ChangeUid> PS; - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::CreateUser, - ProcessSettings::UnlockCkm, - ProcessSettings::InstallApp, - ProcessSettings::ChangeSmack> PSNoUid; - -typedef ProcessSettings::Executor< - CKMPolicy, - ProcessSettings::ChangeUid> PSUid; - -RUNNER_TEST_GROUP_INIT(GROUP_02_StorageApiAccess); - -RUNNER_CHILD_TEST(G02T01_StorageNegative) { - // We are ordinary user without any privileges. - // Cynara should deny all accesses. - PS ps("PkgIdG02T01", "UserG02T01", PrivNone); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "dataG02T01"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(G02T02_StoragePositive) { - // We are root. We will be allowed. - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "/System dataG02T02"; - - // This funciton may return error. - manager->removeAlias(alias); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch."); -} - -RUNNER_CHILD_TEST(G02T03_StoragePositive) { - // We are oridinary user with proper privileges. - PS ps("PkgIdG02T03", "UserG02T03", PrivCKMStore); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *dataAlias = "dataG02T03"; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch."); -} - -RUNNER_CHILD_TEST(G02T04_StorageNegative) { - // There is some user with privileges but we are - // are ordinary user without any. - // Cynara should deny all accesses. - PSNoUid ps("PkgIdG02T04", "UserG02T04", PrivCKMBoth); - ps.Apply(); - - PSUid ps2("", "", PrivNone); - ps2.SetUid(ps.GetUid()+1); - ps2.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "dataG02T04"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(G02T05_StorageNegative) { - // We have wrong privilege. - // Cynara should deny all accesses to storage. - PSNoUid ps("PkgIdG02T05", "UserG02T05", PrivCKMControl); - ps.Apply(); - - int temp; - auto manager = CKM::Manager::create(); - std::string data = "Custom data"; - CKM::RawBuffer rawBuffer(data.begin(), data.end()); - CKM::RawBuffer output; - const char *alias = "dataG02T05"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)), - "Error=" << CKM::ErrorToString(temp)); -} - - diff --git a/src/ckm-integration/main.cpp b/src/ckm-integration/main.cpp deleted file mode 100644 index 6c5ea6bd..00000000 --- a/src/ckm-integration/main.cpp +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file main.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -int main (int argc, char *argv[]) { - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} - - diff --git a/src/ckm-integration/process-settings/change-smack.cpp b/src/ckm-integration/process-settings/change-smack.cpp deleted file mode 100644 index f56c5060..00000000 --- a/src/ckm-integration/process-settings/change-smack.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-smack.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include - -namespace ProcessSettings { - -ChangeSmack::ChangeSmack(const Policy &policy) - : m_policy(policy) -{} - -void ChangeSmack::Apply() { - char *my_label = nullptr; - - RUNNER_ASSERT(-1 != smack_new_label_from_self(&my_label)); - - if (my_label) - m_originalLabel = my_label; - - free(my_label); - - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_policy.GetSmackLabel().c_str()), - "Error in smack_set_label_for_self(" << m_policy.GetSmackLabel() << ")"); -} - -void ChangeSmack::Revoke() { - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_originalLabel.c_str()), - "Error in smack_set_label_for_self(" << m_originalLabel << ")"); -} - -ChangeSmack::~ChangeSmack() {} - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/change-smack.h b/src/ckm-integration/process-settings/change-smack.h deleted file mode 100644 index ac511991..00000000 --- a/src/ckm-integration/process-settings/change-smack.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-smack.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -namespace ProcessSettings { - -class ChangeSmack { -public: - ChangeSmack(const Policy &policy); - void Apply(); - void Revoke(); - virtual ~ChangeSmack(); -private: - const Policy &m_policy; - std::string m_originalLabel; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/change-uid.cpp b/src/ckm-integration/process-settings/change-uid.cpp deleted file mode 100644 index 70bb32f1..00000000 --- a/src/ckm-integration/process-settings/change-uid.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-uid.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include - -namespace ProcessSettings { - -ChangeUid::ChangeUid(const Policy &policy) - : m_policy(policy) -{} - -void ChangeUid::Apply() { - m_originalUid = getuid(); - m_originalGid = getgid(); - - RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_policy.GetGid()), - "Error in setegid(" << m_policy.GetGid() << ")"); - RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_policy.GetUid()), - "Error in seteuid(" << m_policy.GetUid() << ")"); -} - -void ChangeUid::Revoke() { - RUNNER_ASSERT_ERRNO_MSG(0 == seteuid(m_originalUid), - "Error in seteuid(" << m_originalUid << ")"); - RUNNER_ASSERT_ERRNO_MSG(0 == setegid(m_originalGid), - "Error in setegid(" << m_originalGid << ")"); -} - -ChangeUid::~ChangeUid() {} - -} // namespace ProcessSettings - - - diff --git a/src/ckm-integration/process-settings/change-uid.h b/src/ckm-integration/process-settings/change-uid.h deleted file mode 100644 index 4830e241..00000000 --- a/src/ckm-integration/process-settings/change-uid.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file change-uid.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -namespace ProcessSettings { - -class ChangeUid { -public: - ChangeUid(const Policy &policy); - - void Apply(); - void Revoke(); - - virtual ~ChangeUid(); -private: - const Policy &m_policy; - uid_t m_originalUid; - gid_t m_originalGid; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/create-user.cpp b/src/ckm-integration/process-settings/create-user.cpp deleted file mode 100644 index 0a5b05cb..00000000 --- a/src/ckm-integration/process-settings/create-user.cpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file create-user.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ - -#include -#include - -#include - -#include - -namespace ProcessSettings { - -CreateUser::CreateUser(Policy &policy) - : m_policy(policy) - , m_userType(GUM_USERTYPE_NORMAL) - , m_guser(nullptr) -{} - -void CreateUser::Apply() -{ - m_userName = m_policy.GetUserName(); - m_guser = gum_user_create_sync(false); - RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object"); - g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL); - g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL); - gboolean added = gum_user_add_sync(m_guser); - RUNNER_ASSERT_MSG(added, "Failed to add user: " << m_userName); - g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL); - RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0."); - g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL); - RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0."); - - m_policy.SetUid(m_uid); - m_policy.SetGid(m_gid); -} - -void CreateUser::Revoke() { - if (m_guser) { - gum_user_delete_sync(m_guser, TRUE); - g_object_unref(m_guser); - m_guser = nullptr; - } -} - -CreateUser::~CreateUser(){ - if (m_guser) - g_object_unref(m_guser); -} - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/create-user.h b/src/ckm-integration/process-settings/create-user.h deleted file mode 100644 index c78f6fc1..00000000 --- a/src/ckm-integration/process-settings/create-user.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file create-user.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include -#include -#include - -#include - -#include - -namespace ProcessSettings { - -class CreateUser { -public: - CreateUser(Policy &policy); - void Apply(); - void Revoke(); - virtual ~CreateUser(); -private: - Policy &m_policy; - uid_t m_uid; - gid_t m_gid; - std::string m_userName; - GumUserType m_userType; - GumUser *m_guser; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/executor.h b/src/ckm-integration/process-settings/executor.h deleted file mode 100644 index dc8835c4..00000000 --- a/src/ckm-integration/process-settings/executor.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file executor.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -#include - -#include - -namespace ProcessSettings { - -template -class Executor : public PolicyArg, public Args... { -public: - template - Executor(T&&... t) - : PolicyArg(std::forward(t)...) - , Args(static_cast(*this))... - , m_applied(false) - {} - - void Apply() { - if (!m_applied) - InternalApply(); - m_applied = true; - } - - void Revoke() { - if (m_applied) - InternalRevoke(); - m_applied = false; - } - - virtual ~Executor() { - try { - Revoke(); - } catch (const DPL::Test::TestException &e) { - // This is bad. The rest of test will not work properly! - std::cerr << "Error during cleaning up environment. " - "The rest of test will probably fail." << e.GetMessage() << std::endl; - } - } - -private: - - template - void InternalApply() { - First::Apply(); - } - - template - void InternalApply() { - First::Apply(); - InternalApply(); - } - - template - void InternalRevoke() { - First::Revoke(); - } - - template - void InternalRevoke() { - InternalRevoke(); - First::Revoke(); - } - - bool m_applied; -}; - -} // namespace ProcessSetings - diff --git a/src/ckm-integration/process-settings/install-app.cpp b/src/ckm-integration/process-settings/install-app.cpp deleted file mode 100644 index 1028815d..00000000 --- a/src/ckm-integration/process-settings/install-app.cpp +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file install-app.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include - -#define ERRORDESCRIBE(name) case name: return #name - -namespace { - -const char *ToString(int code) { - switch(static_cast(code)) { - ERRORDESCRIBE(SECURITY_MANAGER_SUCCESS); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_UNKNOWN); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_INPUT_PARAM); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_MEMORY); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); - ERRORDESCRIBE(SECURITY_MANAGER_ERROR_ACCESS_DENIED); - default: - return "Unknown code"; - } -} - -} // namespace anonymous - -#undef ERRORDESCRIBE - -namespace ProcessSettings { - -InstallApp::InstallApp(const Policy &policy) - : m_policy(policy) - , m_req(nullptr, security_manager_app_inst_req_free) -{} - -void InstallApp::Apply() { - app_inst_req *whatever = nullptr; - - int retcode = security_manager_app_inst_req_new(&whatever); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_new. Error: " << ToString(retcode)); - - m_req.reset(whatever); - - retcode = security_manager_app_inst_req_set_app_id(m_req.get(), m_policy.GetAppId().c_str()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_set_app_id. Error: " << ToString(retcode)); - - retcode = security_manager_app_inst_req_set_pkg_id(m_req.get(), m_policy.GetPkgId().c_str()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_set_pkg_id. Error: " << ToString(retcode)); - - for(auto &e : m_policy.GetPrivileges()) { - retcode = security_manager_app_inst_req_add_privilege(m_req.get(), e.c_str()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_add_privilege. Error: " << ToString(retcode)); - } - - retcode = security_manager_app_inst_req_set_uid(m_req.get(), m_policy.GetUid()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_inst_req_set_uid. Error: " << ToString(retcode)); - - retcode = security_manager_app_install(m_req.get()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_install. Error: " << ToString(retcode)); -} - -void InstallApp::Revoke() { - int retcode = security_manager_app_uninstall(m_req.get()); - RUNNER_ASSERT_MSG(SECURITY_MANAGER_SUCCESS == retcode, - "Error in security_manager_app_uninstall. Error: " << ToString(retcode)); -} - -InstallApp::~InstallApp() {} - -} // ProcessSettings - diff --git a/src/ckm-integration/process-settings/install-app.h b/src/ckm-integration/process-settings/install-app.h deleted file mode 100644 index fe724c02..00000000 --- a/src/ckm-integration/process-settings/install-app.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file install-app.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ - - -#pragma once - -#include -#include - -#include - -extern "C" { -struct app_inst_req; -typedef struct app_inst_req app_inst_req; -} // extern "C" - -namespace ProcessSettings { - -class InstallApp { -public: - InstallApp(const Policy &policy); - - void Apply(); - void Revoke(); - - virtual ~InstallApp(); -private: - const Policy &m_policy; - std::unique_ptr> m_req; -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/policy.h b/src/ckm-integration/process-settings/policy.h deleted file mode 100644 index 8001968d..00000000 --- a/src/ckm-integration/process-settings/policy.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file policy.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include -#include - -namespace ProcessSettings { -typedef std::vector PrivilegeVector; - -class Policy { -public: - virtual std::string GetUserName() const = 0; - virtual void SetUserName(std::string) = 0; - virtual gid_t GetGid() const = 0; - virtual void SetGid(gid_t) = 0; - virtual uid_t GetUid() const = 0; - virtual void SetUid(uid_t) = 0; - virtual std::string GetSmackLabel() const = 0; - virtual void SetSmackLabel(std::string) = 0; - virtual std::string GetAppId() const = 0; - virtual void SetAppId(std::string) = 0; - virtual std::string GetPkgId() const = 0; - virtual void SetPkgId(std::string) = 0; - virtual PrivilegeVector GetPrivileges() const = 0; - virtual void SetPrivileges(PrivilegeVector) = 0; - virtual ~Policy() {} -}; - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/unlock-ckm.cpp b/src/ckm-integration/process-settings/unlock-ckm.cpp deleted file mode 100644 index 59d86d63..00000000 --- a/src/ckm-integration/process-settings/unlock-ckm.cpp +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file unlock-ckm.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include - -#include - -#include - -namespace ProcessSettings { - -UnlockCkm::UnlockCkm(const Policy &policy) - : m_policy(policy) -{} - -void UnlockCkm::Apply() { - int temp; - - m_uid = m_policy.GetUid(); - - auto control = CKM::Control::create(); - - // Let's clean up environment. - // It will usually fails. - control->removeUserData(m_uid); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")), - "Error=" << CKM::ErrorToString(temp)); - -} - -void UnlockCkm::Revoke() { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)), - "Error=" << CKM::ErrorToString(temp)); -} - -UnlockCkm::~UnlockCkm() {} - -} // namespace ProcessSettings - diff --git a/src/ckm-integration/process-settings/unlock-ckm.h b/src/ckm-integration/process-settings/unlock-ckm.h deleted file mode 100644 index 9e12c3fd..00000000 --- a/src/ckm-integration/process-settings/unlock-ckm.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file unlock-ckm.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#pragma once - -#include - -#include - -#include - -namespace ProcessSettings { - -class UnlockCkm { -public: - UnlockCkm(const Policy &policy); - void Apply(); - void Revoke(); - virtual ~UnlockCkm(); -private: - const Policy &m_policy; - uid_t m_uid; -}; - -} // namespace ProcessSettings - - diff --git a/src/ckm/CMakeLists.txt b/src/ckm/CMakeLists.txt deleted file mode 100644 index d582601d..00000000 --- a/src/ckm/CMakeLists.txt +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) -# @brief -# - -INCLUDE(FindPkgConfig) - -# mdpp flag -IF (DEFINED SECURITY_MDFPP_STATE_ENABLED) - MESSAGE("SECURITY_MDFPP_STATE_ENABLE ENABLED !") - ADD_DEFINITIONS("-DSECURITY_MDFPP_STATE_ENABLE") -ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLED) - MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !") -ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLED) - -# password protection flag -IF (DEFINED PASSWORD_PROTECTION_DISABLE) - MESSAGE("PASSWORD_PROTECTION_DISABLE ENABLED !") - ADD_DEFINITIONS("-DPASSWORD_PROTECTION_DISABLE") -ENDIF (DEFINED PASSWORD_PROTECTION_DISABLE) - -# Dependencies -PKG_CHECK_MODULES(CKM_DEP - libsmack - key-manager - dbus-1 - vconf - REQUIRED) - -# Targets definition - -SET(CKM_SOURCES - ${PROJECT_SOURCE_DIR}/src/ckm/access_provider2.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/main.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/capi-certificate-chains.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/capi-access_control.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp -# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/clean-env.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/algo-params.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption-env.cpp - ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption.cpp -) - -INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS}) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ ) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm/ ) - -ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST}) - -# Installation - -INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin) -INSTALL(FILES - test1801.pkcs12 - pkcs.p12 - capi-t3096.p12 - XML_1_okay.xml - XML_2_okay.xml - XML_3_wrong.xml - device_key.xml - DESTINATION /usr/share/ckm-test - ) - -# C compilation -SET(TARGET_C_COMPILATION_TEST "ckm-c-compilation-test") - -SET(C_COMPILATION_SOURCES - ${PROJECT_SOURCE_DIR}/src/ckm/c-compilation.c -) - -PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP - key-manager - REQUIRED) - -ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES}) diff --git a/src/ckm/XML_1_okay.xml b/src/ckm/XML_1_okay.xml deleted file mode 100644 index eace3d89..00000000 --- a/src/ckm/XML_1_okay.xml +++ /dev/null @@ -1,304 +0,0 @@ - - - - - QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp - UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s - CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj - bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss - Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC - ZVOanzc0euaenw1q9b+yEQ== - - - - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 - +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui - tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB - x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 - QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8 - 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4 - m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA - +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp - f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4 - +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ - 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+ - 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ== - -----END PUBLIC KEY----- - - - - - - MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 - jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA - 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 - QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S - GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp - xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ - TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf - VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji - wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi - BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1 - 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23 - 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8 - pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT - 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK - 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee - RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O - bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE - jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH - 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H - 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO - GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO - UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD - /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB - AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As - ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9 - TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ - ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e - v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu - xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp - 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8 - eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk - 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a - xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL - sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew - WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i - gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH - W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY - G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x - oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub - yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD - 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+ - Vx676FQrM4EzjSSqgA== - - - - - - MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw - EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD - VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy - MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ - MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN - BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1 - 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm - 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x - 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY - +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID - AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1 - PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ - 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy - 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU - wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7 - 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK - kOg11TpPdNDkhb1J4ZCh2gupDg== - - - - - My secret data - - - - - - QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY= - - - - - - - - BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da - 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF - 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ - tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do - +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY - xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v - FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8 - vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r - 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy - Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz - wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo - j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s - bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14 - - - - - -----BEGIN PUBLIC KEY----- - MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt - JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B - CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+ - 3Op0tEjy0jpmzeyNiQIDAQAB - -----END PUBLIC KEY----- - - - - - - pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw - /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv - l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 - XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 - /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d - osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU - 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf - TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e - ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL - oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG - ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ - tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos - kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC - DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo - LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO - XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi - 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk - a+r+N4lsYPKJbX2ywUvDHg== - - - - - zuBDjp8ptFthrU69Ua5cfg== - - - - - weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC - Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF - oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf - kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk - KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy - iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8 - gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju - yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC - Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps - ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod - v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW - NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti - udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0 - FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx - IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h - ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx - asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0 - +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA - Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI - Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK - XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT - gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg - g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8 - DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4 - T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q - MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0 - CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz - traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c - q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP - ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n - Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t - gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3 - 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW - YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx - pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys - nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9 - pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI - 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY - hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp - VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka - lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP - 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32 - LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk - UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2 - rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/ - sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY - 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1 - H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv - e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt - ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW - MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP - zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J - 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un - TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb - aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS - eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09 - +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ - 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo - p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO - fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT - mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ - ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA - YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3 - aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC - jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK - vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T - INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA - wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3 - Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf - ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR - 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu - Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm - q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O - eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ - USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx - qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk - p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL - 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS - orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY - BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL - YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5 - ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm - HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h - TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9 - jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ - ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B - Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU - V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5 - RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc - Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc - Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh - PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1 - zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV - e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt - eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz - zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c - 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw - eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV - HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu - by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT - n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50 - mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL - PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe - xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg - wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0 - ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp - EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr - d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb - 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi - F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7 - HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM - yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC - Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV - lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw - xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm - LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi - eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A - CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb - U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB - +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw - IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx - 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe - FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD - yYRBt5UqwGovABM08jYkuA== - - - diff --git a/src/ckm/XML_2_okay.xml b/src/ckm/XML_2_okay.xml deleted file mode 100644 index bfdc2995..00000000 --- a/src/ckm/XML_2_okay.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 - +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui - tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB - x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 - QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8 - 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4 - m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA - +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp - f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4 - +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ - 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+ - 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ== - -----END PUBLIC KEY----- - - - - - - MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 - jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA - 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 - QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S - GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp - xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ - TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf - VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji - wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi - BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1 - 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23 - 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8 - pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT - 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK - 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee - RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O - bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE - jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH - 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H - 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO - GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO - UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD - /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB - AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As - ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9 - TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ - ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e - v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu - xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp - 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8 - eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk - 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a - xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL - sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew - WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i - gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH - W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY - G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x - oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub - yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD - 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+ - Vx676FQrM4EzjSSqgA== - - - - - - MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw - EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD - VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy - MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ - MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN - BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1 - 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm - 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x - 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY - +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID - AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1 - PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ - 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy - 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU - wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7 - 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK - kOg11TpPdNDkhb1J4ZCh2gupDg== - - - - - My secret data - - - - - - QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY= - - - - - diff --git a/src/ckm/XML_3_wrong.xml b/src/ckm/XML_3_wrong.xml deleted file mode 100644 index 6a1d78a9..00000000 --- a/src/ckm/XML_3_wrong.xml +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 - +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui - tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB - x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 - QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8 - 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4 - m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA - +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp - f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4 - +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ - 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+ - 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ== - -----END PUBLIC KEY----- - - - - - MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 - jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA - 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 - QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S - GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp - xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ - TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf - VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji - wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi - BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1 - 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23 - 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8 - pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT - 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK - 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee - RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O - bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE - jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH - 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H - 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO - GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO - UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD - /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB - AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As - ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9 - TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ - ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e - v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu - xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp - 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8 - eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk - 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a - xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL - sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew - WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i - gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH - W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY - G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x - oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub - yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD - 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+ - Vx676FQrM4EzjSSqgA== - - - - - - MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw - EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD - VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy - MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ - MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN - BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1 - 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm - 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x - 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY - +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID - AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1 - PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ - 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy - 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU - wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7 - 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK - kOg11TpPdNDkhb1J4ZCh2gupDg== - - - - - My secret data - - - - - - QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY= - - - - - diff --git a/src/ckm/access_provider2.cpp b/src/ckm/access_provider2.cpp deleted file mode 100644 index 58a98ebb..00000000 --- a/src/ckm/access_provider2.cpp +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file access_provider.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ -#include -#include -#include - -#include -#include -#include - -namespace { - -std::string toSmackLabel(const std::string &ownerId) { - if (ownerId.empty()) - return ownerId; - - if (ownerId[0] == '/') { - return ownerId.substr(1, std::string::npos); - } - - return SMACK_USER_APP_PREFIX + ownerId; -} - -} // anonymous namespace - -AccessProvider::AccessProvider(const std::string &ownerId) - : m_mySubject(toSmackLabel(ownerId)) - , m_inSwitchContext(false) -{ - RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!"); - allowJournaldLogs(); -} - -AccessProvider::AccessProvider(const std::string &ownerId, int uid, int gid) - : m_mySubject(toSmackLabel(ownerId)) - , m_inSwitchContext(false) -{ - RUNNER_ASSERT_MSG(m_mySubject.size() > 0, "No smack label provided to AccessProvider!"); - allowJournaldLogs(); - applyAndSwithToUser(uid, gid); -} - -void AccessProvider::allowAPI(const std::string &api, const std::string &rule) { - m_smackAccess.add(m_mySubject, api, rule); -} - -void AccessProvider::apply() { - // This should be done by security-manager - m_smackAccess.add("System", m_mySubject, "w"); - m_smackAccess.add(m_mySubject, "System", "w"); - m_smackAccess.apply(); -} - -void AccessProvider::applyAndSwithToUser(int uid, int gid) -{ - RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context"); - - // get calling label - char* my_label = NULL; - RUNNER_ASSERT(smack_new_label_from_self(&my_label) > 0); - if(my_label) - { - m_origLabel = std::string(my_label); - free(my_label); - } - RUNNER_ASSERT(m_origLabel.size() > 0); - - RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()), - "Error in smack_revoke_subject(" << m_mySubject << ")"); - apply(); - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()), - "Error in smack_set_label_for_self."); - - m_origUid = getuid(); - m_origGid = getgid(); - RUNNER_ASSERT_MSG(0 == setegid(gid), - "Error in setgid."); - RUNNER_ASSERT_MSG(0 == seteuid(uid), - "Error in setuid."); - m_inSwitchContext = true; -} - -void AccessProvider::allowJournaldLogs() { - allowAPI("System::Run","wx"); // necessary for logging with journald -} - -ScopedAccessProvider::~ScopedAccessProvider() -{ - if(m_inSwitchContext == true) - { - RUNNER_ASSERT_MSG(0 == setegid(m_origGid), "Error in setgid."); - RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid."); - RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()), - "Error in smack_revoke_subject(" << m_mySubject << ")"); - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_origLabel.c_str()), - "Error in smack_set_label_for_self."); - m_inSwitchContext = false; - } -} diff --git a/src/ckm/access_provider2.h b/src/ckm/access_provider2.h deleted file mode 100644 index 30631be6..00000000 --- a/src/ckm/access_provider2.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file access_provider2.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ -#ifndef _ACCESS_FOR_DUMMIES_H_ -#define _ACCESS_FOR_DUMMIES_H_ - -#include - -#include - -class AccessProvider { -public: - explicit AccessProvider(const std::string &ownerId); - AccessProvider(const std::string &ownerId, int uid, int gid); - virtual ~AccessProvider() {} - - AccessProvider(const AccessProvider &second) = delete; - AccessProvider& operator=(const AccessProvider &second) = delete; - - void allowAPI(const std::string &api, const std::string &rules); - void apply(); - void applyAndSwithToUser(int uid, int gid); - -private: - void allowJournaldLogs(); - - SmackAccess m_smackAccess; -protected: - std::string m_mySubject; - uid_t m_origUid; - gid_t m_origGid; - std::string m_origLabel; - bool m_inSwitchContext; -}; - -class ScopedAccessProvider : public AccessProvider { -public: - explicit ScopedAccessProvider(const std::string &mySubject) - : AccessProvider(mySubject) {} - ScopedAccessProvider(const std::string &mySubject, int uid, int gid) - : AccessProvider(mySubject, uid, gid) {} - virtual ~ScopedAccessProvider(); -}; - -#endif // _ACCESS_FOR_DUMMIES_H_ diff --git a/src/ckm/algo-params.cpp b/src/ckm/algo-params.cpp deleted file mode 100644 index 77919e0c..00000000 --- a/src/ckm/algo-params.cpp +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file algo-params.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#include -#include - -#include - -#include -#include -#include -#include - -namespace { - -struct CryptoAlgorithmWrapper : public CKM::CryptoAlgorithm -{ - bool empty() const { return m_params.empty(); } - size_t count() const { return m_params.size(); } -}; - -ckmc_param_list_h* EMPTY_PLIST = NULL; -ckmc_param_list_h EMPTY_LIST = NULL; - -const size_t DEFAULT_IV_LEN = 16; -const size_t DEFAULT_IV_LEN_BITS = 8*DEFAULT_IV_LEN; - -RawBufferPtr IV(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free); - -void assert_list_empty(ckmc_param_list_h list) -{ - const CryptoAlgorithmWrapper* caw = reinterpret_cast(list); - RUNNER_ASSERT_MSG(caw->empty(), "Parameter list is not empty"); -} - -void check_int_param(ckmc_param_list_h list, - ckmc_param_name_e name, - uint64_t expected) -{ - RUNNER_ASSERT_MSG(list, "List is NULL"); - uint64_t got; - int ret = ckmc_param_list_get_integer(list, name, &got); - RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "No such integer param: " << name); - RUNNER_ASSERT_MSG(expected == got, - "Param " << name << " expected value: " << expected << " got: " << got); -} - -void check_buffer_param(ckmc_param_list_h list, - ckmc_param_name_e name, - const ckmc_raw_buffer_s& expected) -{ - RUNNER_ASSERT_MSG(list, "List is NULL"); - ckmc_raw_buffer_s* got = NULL; - int ret = ckmc_param_list_get_buffer(list, name, &got); - RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "No such buffer param: " << name); - assert_buffers_equal(expected, *got); -} - -void assert_param_count(ckmc_param_list_h list, size_t expected) -{ - RUNNER_ASSERT_MSG(list, "List is NULL"); - const CryptoAlgorithmWrapper* caw = reinterpret_cast(list); - size_t count = caw->count(); - RUNNER_ASSERT_MSG(count == expected, "Expected param count: " << expected << " got: " << count); -} - -} // anonymous namespace - -RUNNER_TEST_GROUP_INIT(CKM_ALGO_PARAMS); - -RUNNER_TEST(TAP_0010_new_invalid_param) -{ - assert_invalid_param(ckmc_param_list_new, EMPTY_PLIST); -} - -RUNNER_TEST(TAP_0020_free_invalid_param) -{ - ckmc_param_list_free(EMPTY_LIST); // should not throw/segfault -} - -RUNNER_TEST(TAP_0030_new_free) -{ - ParamListPtr list = createParamListPtr(); - assert_list_empty(list.get()); -} - -RUNNER_TEST(TAP_0040_add_integer_invalid_param) -{ - assert_invalid_param(ckmc_param_list_set_integer, - EMPTY_LIST, - CKMC_PARAM_ALGO_TYPE, - CKMC_ALGO_AES_CTR); - - ParamListPtr list = createParamListPtr(); - assert_invalid_param(ckmc_param_list_set_integer, - list.get(), - static_cast(-1), - CKMC_ALGO_AES_CTR); - assert_list_empty(list.get()); -} - -RUNNER_TEST(TAP_0050_add_buffer_invalid_param) -{ - assert_invalid_param(ckmc_param_list_set_buffer, - EMPTY_LIST, - CKMC_PARAM_ED_IV, - IV.get()); - - ParamListPtr list = createParamListPtr(); - assert_invalid_param(ckmc_param_list_set_buffer, - list.get(), - CKMC_PARAM_ED_IV, - nullptr); - assert_list_empty(list.get()); - - ckmc_raw_buffer_s buffer; - buffer.data = nullptr; - buffer.size = 0; - assert_invalid_param(ckmc_param_list_set_buffer, - list.get(), - CKMC_PARAM_ED_IV, - &buffer); - assert_list_empty(list.get()); - - assert_invalid_param(ckmc_param_list_set_buffer, - list.get(), - static_cast(-1), - IV.get()); - assert_list_empty(list.get()); -} - -RUNNER_TEST(TAP_0060_add_param) -{ - ParamListPtr list = createParamListPtr(); - assert_positive(ckmc_param_list_set_integer, - list.get(), - CKMC_PARAM_ALGO_TYPE, - CKMC_ALGO_AES_GCM); - check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM); - assert_param_count(list.get(),1); - - RawBufferPtr buffer(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free); - assert_positive(ckmc_param_list_set_buffer, - list.get(), - CKMC_PARAM_ED_IV, - buffer.get()); - check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM); - check_buffer_param(list.get(), CKMC_PARAM_ED_IV, *buffer.get()); - assert_param_count(list.get(),2); -} - -RUNNER_TEST(TAP_0070_generate_invalid_param) -{ - assert_invalid_param(ckmc_generate_new_params, static_cast(-1), EMPTY_PLIST); -} - -RUNNER_TEST(TAP_0080_generate) -{ - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_CTR, &handle); - ParamListPtr list = ParamListPtr(handle, ckmc_param_list_free); - check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR); - check_int_param(list.get(), CKMC_PARAM_ED_CTR_LEN, DEFAULT_IV_LEN_BITS); - - CKM::CryptoAlgorithm* ca = reinterpret_cast(list.get()); - CKM::RawBuffer iv; - bool ret = ca->getParam(CKM::ParamName::ED_IV, iv); - RUNNER_ASSERT_MSG(!ret, "ED_IV param should not be present"); - assert_param_count(list.get(),2); -} diff --git a/src/ckm/async-api.cpp b/src/ckm/async-api.cpp deleted file mode 100644 index 7579eaca..00000000 --- a/src/ckm/async-api.cpp +++ /dev/null @@ -1,1353 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Bumjin Im - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file async-api.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include -#include -#include -#include - -using namespace CKM; -using namespace std; -using namespace TestData; - -namespace { - -const char* TEST_LABEL = "test_label"; -const char* TEST_LABEL_2 = "test_label-2"; - -const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf"; - -const char* TEST_PASS = "test-pass"; - -const CertificateShPtrVector EMPTY_CERT_VECTOR; -const CertificateShPtrVector NULL_PTR_VECTOR = { - CertificateShPtr(), - CertificateShPtr(), - CertificateShPtr() -}; -const AliasVector EMPTY_ALIAS_VECTOR; -const Alias alias_PKCS_exportable = "async-test-PKCS-export"; -const Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export"; - -class MyObserver: public ManagerAsync::Observer -{ -public: - MyObserver() : - m_finished(false), m_error(0) - { - } - - void ReceivedError(int error) - { - m_finished = true; - m_error = error; - m_cv.notify_one(); - } - - void ReceivedSaveKey() { Succeeded(); } - void ReceivedSaveCertificate() { Succeeded(); } - void ReceivedSaveData() { Succeeded(); } - void ReceivedSavePKCS12() { Succeeded(); } - - void ReceivedRemovedAlias() { Succeeded(); } - - void ReceivedKey(Key &&) { Succeeded(); } - void ReceivedCertificate(Certificate &&) { Succeeded(); } - void ReceivedData(RawBuffer &&) { Succeeded(); } - void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); } - - void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); } - void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); } - void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); } - - void ReceivedCreateKeyAES() { Succeeded(); } - void ReceivedCreateKeyPair() { Succeeded(); } - - void ReceivedGetCertificateChain(CertificateShPtrVector && chain) - { m_certChain = move(chain); Succeeded(); } - - void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); } - void ReceivedVerifySignature() { Succeeded(); } - - void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); } - - void ReceivedSetPermission() { Succeeded(); } - - void WaitForResponse() - { - unique_lock < mutex > lock(m_mutex); - - m_cv.wait(lock, [this] {return m_finished;}); - } - - bool m_finished; - int m_error; - AliasVector m_aliases; - CertificateShPtrVector m_certChain; - PKCS12ShPtr m_pkcs; - RawBuffer m_signed; - int m_ocspStatus; - -protected: - void Succeeded() - { - m_finished = true; - m_cv.notify_one(); - } - - mutex m_mutex; - condition_variable m_cv; -}; - -typedef shared_ptr MyObserverPtr; - -enum Type { - RSA, - DSA, - ECDSA, - AES -}; - -struct KeyContainer -{ - // assymetric - KeyContainer(const std::string& prv_pem, const std::string& pub_pem) { - RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end()); - prv = Key::create(buffer_prv); - assert(prv); - - RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end()); - pub = Key::create(buffer_pub); - assert(pub); - } - - // symmetric - KeyContainer(const RawBuffer& key_raw) { - prv = pub = Key::createAES(key_raw); - assert(prv); - assert(pub); - } - - KeyShPtr prv; - KeyShPtr pub; -}; - -typedef map > KeyMap; - - -KeyMap initializeKeys() -{ - KeyMap km; - - km[RSA].emplace_back( - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n" - "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n" - "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n" - "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n" - "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n" - "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n" - "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n" - "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n" - "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n" - "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n" - "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n" - "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n" - "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n" - "-----END RSA PRIVATE KEY-----", - - "-----BEGIN PUBLIC KEY-----\n" - "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n" - "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n" - "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n" - "3Op0tEjy0jpmzeyNiQIDAQAB\n" - "-----END PUBLIC KEY-----" - ); - - km[RSA].emplace_back( - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6\n" - "YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6T\n" - "AQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7m\n" - "Tus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2QNv3kBPuYdQQrXhoxCcIVtSIl8pU\n" - "fI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8SGjA6mSpmrp7lPlKE\n" - "9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWpxOzb\n" - "lliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37J\n" - "IudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4\n" - "V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDes\n" - "NBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ4rsmBqOwuglHFW52dIZEG9u/20ta\n" - "QMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLiBLx0Yr/RXKf6gJUCAwEA\n" - "AQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh18pva5Kzh\n" - "EU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh\n" - "9u236vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXN\n" - "GF5JjNcCOQxO1Em8pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG\n" - "5DPb19r9XjQhUPjbcq3/4qmLwtLT9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+\n" - "fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK6wX2IQ+7vJoWQyg2w6DbpSRq\n" - "cyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxeeRpNqFU9OCw0B\n" - "d3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O\n" - "bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBW\n" - "gUyLSdxR5RoEjBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbP\n" - "ggFZ8JnuwgtNo0soVKsWGATH65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX8\n" - "0jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H1TYDjwA1iBFku/O/xx7Jag7Y0A2l\n" - "1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MOGFTs5r9QyM//sm5D\n" - "2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDOUCx6\n" - "xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0\n" - "/zX4MFMD/Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWd\n" - "kKpm9xcFddATlT0CggEBAOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvE\n" - "qgKHOgZO9ztD6/UgX41uc+3rKfvmY5AsldGZgd0ov/DyeF0N834LeBVayG1fdcEt\n" - "amqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9TwoUWS2xmldc+nehCdHs\n" - "WQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ETjKemdK\n" - "HQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5\n" - "ZB7ev8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FW\n" - "Nqvwp9PQzxwTv8wuxBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o\n" - "1Rad6jtb1SiV9KcPk83wIeoUk/xp0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7L\n" - "qpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8eTEywu5yrMGeAjVpLFfKlmGI\n" - "pYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk2kuGLYXISfUG\n" - "j0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a\n" - "xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8W\n" - "X4+ZEW7S4heLsUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/a\n" - "W22I0REV5UU8bS1F7taV93EwWmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVy\n" - "FjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4igfJpPcUFYOazZ3Y7q53RdCgIPKKy\n" - "iVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GHW93TUDTKWlTXyUFm\n" - "C2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltYG08t\n" - "fEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL6\n" - "06qeBC8xoVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQ\n" - "pyVWfB+F2ppBOYtKvNubyKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+I\n" - "Qj8I06c1T31kzfJ71Vx1DUWZW/65xmFD4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rq\n" - "uPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+Vx676FQrM4EzjSSqgA==\n" - "-----END RSA PRIVATE KEY-----\n", - "-----BEGIN PUBLIC KEY-----\n" - "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3\n" - "+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui\n" - "tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB\n" - "x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2\n" - "QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8\n" - "9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4\n" - "m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA\n" - "+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp\n" - "f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4\n" - "+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ\n" - "4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+\n" - "8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==\n" - "-----END PUBLIC KEY-----"); - km[DSA].emplace_back( - "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n" - "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n" - "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n" - "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n" - "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n" - "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n" - "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n" - "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n" - "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n" - "yAKPlW7WQzgV5jLLNUW7\n" - "-----END DSA PRIVATE KEY-----\n", - "-----BEGIN PUBLIC KEY-----\n" - "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMixBFiCdTiablWszLKSk03N4dNAA7wT\n" - "aEkBw7A08Gt2izxqZqStwmfIFo2HnpmyVy5c0Qom7GIOzLhUz0pRHx8dOpOIXmz7\n" - "g0CvN2t3A1CkpaMCok1+CkJ1otkfD2jznt+VxDh3Jg2cDPX9I0ae/TcObwRhE1EU\n" - "1oU3DvME+PJXAhUA3KPuKMt+sJsNkOLqid3k2nU2zSECgYEAhxLVx5a3DoMAaZjD\n" - "Dbuv/WUu2qOuryPTDRoXovL6ln/L5ZPD0pPXx5Eo+ZWCu5VKfdVVUl43TRdqgq98\n" - "9IeRNEgTmuujZkQieGneDRVqTsRclZ7sooFFepIw0WSd2Mq/WfI0p5ZISr1eqXpI\n" - "+fwnxN+ZvJSk9IiCVlG8nYMfAckDgYQAAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkB\n" - "eukXzeZGqNWEjgzLAjMZEVYMDLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23\n" - "ToR8fQuiBu+KvtAP/QuCOJ/LS0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6\n" - "J2+fygnWcOOSo6s=\n" - "-----END PUBLIC KEY-----\n" - ); - km[ECDSA].emplace_back( - "-----BEGIN EC PRIVATE KEY-----\n" - "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n" - "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n" - "sQ==\n" - "-----END EC PRIVATE KEY-----", - - "-----BEGIN PUBLIC KEY-----\n" - "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n" - "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n" - "-----END PUBLIC KEY-----" - ); - - CKM::RawBuffer AES_key = createRandomBuffer(256/8); - km[AES].emplace_back(AES_key); - - return km; -} - -KeyMap keys = initializeKeys(); -typedef vector CertVector; - -const RawBuffer raw_buffer(const char* buffer) -{ - return RawBuffer(buffer, buffer + strlen(buffer)); -} - -const RawBuffer test_buffer = raw_buffer("test_string"); - -template -void test_negative(F&& func, int expected, Args... args) -{ - MyObserverPtr obs = make_shared(); - ManagerAsync mgr; - - (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...); - obs->WaitForResponse(); - - RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!"); - RUNNER_ASSERT_MSG( - obs->m_error == expected, - "Expected " << expected << "/" << ErrorToString(expected) << - " got: " << obs->m_error << "/" << ErrorToString(obs->m_error)); -} - -template -void test_invalid_param(F&& func, Args... args) -{ - test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...); -} - -template -MyObserverPtr test_positive(F&& func, Args... args) -{ - MyObserverPtr obs = make_shared(); - ManagerAsync mgr; - - (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...); - obs->WaitForResponse(); - - RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!"); - RUNNER_ASSERT_MSG(obs->m_error == 0, - "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error)); - return obs; -} - -template -void test_check_aliases(F&& func, const AliasVector& expected, Args... args) -{ - auto obs = test_positive(move(func), args...); - RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected"); -} - -template -void test_check_cert_chain(F&& func, size_t expected, Args... args) -{ - auto obs = test_positive(move(func), args...); - RUNNER_ASSERT_MSG( - obs->m_certChain.size() == expected, - "Expected chain length: " << expected << " got: " << obs->m_certChain.size()); -} - -typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&, - const CertificateShPtr&, - const CertificateShPtrVector&, - const CertificateShPtrVector&, - bool); - -typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&, - const CertificateShPtr&, - const AliasVector&, - const AliasVector&, - bool); - -class UserEnv : public RemoveDataEnv -{ -public: - void init(const std::string & str) { - RemoveDataEnv::init(str); - unlock_user_data(APP_UID, TEST_PASS); - m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID)); - } - void finish() { - m_ap.reset(); - // lock is performed by remove_user_data() in RemoveDataEnv - RemoveDataEnv::finish(); - } - std::unique_ptr m_ap; -}; - -CKM::PKCS12ShPtr loadPkcs() -{ - std::ifstream is("/usr/share/ckm-test/pkcs.p12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); - RUNNER_ASSERT_MSG( - NULL != pkcs.get(), - "Error in PKCS12::create()"); - - auto cert = pkcs->getCertificate(); - RUNNER_ASSERT_MSG( - NULL != cert.get(), - "Error in PKCS12::getCertificate()"); - - auto key = pkcs->getKey(); - RUNNER_ASSERT_MSG( - NULL != key.get(), - "Error in PKCS12::getKey()"); - - auto caVector = pkcs->getCaCertificateShPtrVector(); - RUNNER_ASSERT_MSG( - 2 == caVector.size(), - "Wrong size of vector"); - - return pkcs; -} - -} // namespace anonymous - -RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API); - -// saveKey -RUNNER_TEST(TA0010_save_key_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy()); - test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy()); - test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy()); -} - -RUNNER_TEST(TA0020_save_key_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy()); - test_negative(&ManagerAsync::saveKey, - CKM_API_ERROR_DB_ALIAS_EXISTS, - "alias", - keys[RSA][0].prv, - Policy()); -} - -RUNNER_TEST(TA0050_save_key_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy()); - test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy()); - test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy()); -} - - -// saveCertificate -RUNNER_TEST(TA0110_save_cert_invalid_param, UserEnv) -{ - CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM); - test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy()); - test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy()); - test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy()); -} - -RUNNER_TEST(TA0120_save_cert_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy()); - test_negative(&ManagerAsync::saveCertificate, - CKM_API_ERROR_DB_ALIAS_EXISTS, - "alias", - getTestCertificate(MBANK), - Policy()); -} - -RUNNER_TEST(TA0150_save_cert_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy()); -} - - -// saveData -RUNNER_TEST(TA0210_save_data_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy()); - test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy()); - test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy()); -} - -RUNNER_TEST(TA0220_save_data_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy()); - test_negative(&ManagerAsync::saveData, - CKM_API_ERROR_DB_ALIAS_EXISTS, - "alias", - test_buffer, - Policy()); -} - -RUNNER_TEST(TA0250_save_data_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy()); -} - - -// removeKey -RUNNER_TEST(TA0310_remove_alias_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::removeAlias, "alias"); - test_invalid_param(&ManagerAsync::removeAlias, ""); -} - -RUNNER_TEST(TA0330_remove_alias_unknown_alias, UserEnv) -{ - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias"); -} - -RUNNER_TEST(TA0350_remove_key_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy()); - test_positive(&ManagerAsync::removeAlias, "alias_RSA"); - test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy()); - test_positive(&ManagerAsync::removeAlias, "alias_DSA"); - test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy()); - test_positive(&ManagerAsync::removeAlias, "alias_AES"); - -} - - -RUNNER_TEST(TA0450_remove_cert_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy()); - test_positive(&ManagerAsync::removeAlias, "alias"); -} - - -RUNNER_TEST(TA0550_remove_data_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy()); - test_positive(&ManagerAsync::removeAlias, "alias"); -} - - -// getKey -RUNNER_TEST(TA0610_get_key_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::getKey, "alias", ""); - test_invalid_param(&ManagerAsync::getKey, "", ""); -} - -RUNNER_TEST(TA0630_get_key_unknown_alias, UserEnv) -{ - test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", ""); -} - -RUNNER_TEST(TA0640_get_key_wrong_password, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password")); - test_negative(&ManagerAsync::getKey, - CKM_API_ERROR_AUTHENTICATION_FAILED, - "alias_RSA", - "wrong-password"); - test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password")); - test_negative(&ManagerAsync::getKey, - CKM_API_ERROR_AUTHENTICATION_FAILED, - "alias_DSA", - "wrong-password"); - test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password")); - test_negative(&ManagerAsync::getKey, - CKM_API_ERROR_AUTHENTICATION_FAILED, - "alias_AES", - "wrong-password"); -} - -RUNNER_TEST(TA0650_get_key_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password")); - test_positive(&ManagerAsync::getKey, "alias_RSA", "password"); - test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password")); - test_positive(&ManagerAsync::getKey, "alias_DSA", "password"); - test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password")); - test_positive(&ManagerAsync::getKey, "alias_AES", "password"); -} - - -// getCertificate -RUNNER_TEST(TA0710_get_cert_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::getCertificate, "alias", ""); - test_invalid_param(&ManagerAsync::getCertificate, "", ""); -} - -RUNNER_TEST(TA0730_get_cert_unknown_alias, UserEnv) -{ - test_negative(&ManagerAsync::getCertificate, - CKM_API_ERROR_DB_ALIAS_UNKNOWN, - "non-existing-alias", - ""); -} - -RUNNER_TEST(TA0740_get_cert_wrong_password, UserEnv) -{ - test_positive(&ManagerAsync::saveCertificate, - "alias", - getTestCertificate(MBANK), - Policy("password")); - test_negative(&ManagerAsync::getCertificate, - CKM_API_ERROR_AUTHENTICATION_FAILED, - "alias", - "wrong-password"); -} - -RUNNER_TEST(TA0750_get_cert_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveCertificate, "alias", getTestCertificate(MBANK), Policy("password")); - test_positive(&ManagerAsync::getCertificate, "alias", "password"); -} - - -// getData -RUNNER_TEST(TA0810_get_data_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::getData, "alias", ""); - test_invalid_param(&ManagerAsync::getData, "", ""); -} - -RUNNER_TEST(TA0830_get_data_unknown_alias, UserEnv) -{ - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", ""); -} - -RUNNER_TEST(TA0840_get_data_wrong_password, UserEnv) -{ - test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy("password")); - test_negative(&ManagerAsync::getData, - CKM_API_ERROR_AUTHENTICATION_FAILED, - "alias", - "wrong-password"); -} - -RUNNER_TEST(TA0850_get_data_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveData, "alias", test_buffer, Policy("password")); - test_positive(&ManagerAsync::getData, "alias", "password"); -} - - -// getKeyAliasVector -RUNNER_TEST(TA0910_get_key_alias_vector_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::getKeyAliasVector); -} - -RUNNER_TEST(TA0950_get_key_alias_vector_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA") }); - - test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"), - aliasWithLabel(TEST_LABEL, "alias_DSA") }); - - test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy()); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"), - aliasWithLabel(TEST_LABEL, "alias_DSA"), - aliasWithLabel(TEST_LABEL, "alias_AES") }); - - // remove DSA key - test_positive(&ManagerAsync::removeAlias, "alias_DSA"); - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"), - aliasWithLabel(TEST_LABEL, "alias_AES")}); -} - - -// getCertificateAliasVector -RUNNER_TEST(TA1010_get_cert_alias_vector_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::getCertificateAliasVector); -} - -RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(MBANK), Policy()); - test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") }); - - test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(SYMANTEC), Policy()); - test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"), - aliasWithLabel(TEST_LABEL, "alias2") }); - - test_positive(&ManagerAsync::removeAlias, "alias1"); - test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") }); -} - - -// getDataAliasVector -RUNNER_TEST(TA1110_get_data_alias_vector_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::getDataAliasVector); -} - -RUNNER_TEST(TA1150_get_data_alias_vector_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::saveData, "alias1", test_buffer, Policy()); - test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") }); - - test_positive(&ManagerAsync::saveData, "alias2", test_buffer, Policy()); - test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"), - aliasWithLabel(TEST_LABEL, "alias2") }); - - test_positive(&ManagerAsync::removeAlias, "alias1"); - test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") }); -} - - -// createKeyPairRSA -RUNNER_TEST(TA1210_create_key_pair_RSA_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::createKeyPairRSA, - 1024, - "alias_prv", - "alias_pub", - Policy(), - Policy()); -} - -RUNNER_TEST(TA1220_create_key_pair_RSA_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy()); - test_negative(&ManagerAsync::createKeyPairRSA, - CKM_API_ERROR_DB_ALIAS_EXISTS, - 1024, - "alias_prv", - "alias_pub", - Policy(), - Policy()); -} - -RUNNER_TEST(TA1250_create_key_pair_RSA_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::createKeyPairRSA, - 1024, - "alias_prv", - "alias_pub", - Policy(), - Policy()); - - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"), - aliasWithLabel(TEST_LABEL, "alias_pub") }); -} - -// createKeyPairDSA -RUNNER_TEST(TA1270_create_key_pair_DSA_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::createKeyPairDSA, - 1024, - "alias_prv", - "alias_pub", - Policy(), - Policy()); -} - -RUNNER_TEST(TA1280_create_key_pair_DSA_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[DSA][0].prv, Policy()); - test_negative(&ManagerAsync::createKeyPairDSA, - CKM_API_ERROR_DB_ALIAS_EXISTS, - 1024, - "alias_prv", - "alias_pub", - Policy(), - Policy()); -} - -RUNNER_TEST(TA1290_create_key_pair_DSA_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::createKeyPairDSA, - 1024, - "alias_prv", - "alias_pub", - Policy(), - Policy()); - - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"), - aliasWithLabel(TEST_LABEL, "alias_pub") }); -} - -// createKeyPairECDSA -RUNNER_TEST(TA1310_create_key_pair_ECDSA_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::createKeyPairECDSA, - ElipticCurve::prime192v1, - "alias_prv", - "alias_pub", - Policy(), - Policy()); -} - -RUNNER_TEST(TA1320_create_key_pair_ECDSA_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[ECDSA][0].prv, Policy()); - test_negative(&ManagerAsync::createKeyPairECDSA, - CKM_API_ERROR_DB_ALIAS_EXISTS, - ElipticCurve::prime192v1, - "alias_prv", - "alias_pub", - Policy(), - Policy()); -} - -RUNNER_TEST(TA1350_create_key_pair_ECDSA_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::createKeyPairECDSA, - ElipticCurve::prime192v1, - "alias_prv", - "alias_pub", - Policy(), - Policy()); - - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"), - aliasWithLabel(TEST_LABEL, "alias_pub") }); -} - -// createKeyAES -RUNNER_TEST(TA1360_create_key_AES_invalid_param, UserEnv) -{ - test_invalid_param(&ManagerAsync::createKeyAES, - 147, - "alias_AES", - Policy()); -} - -RUNNER_TEST(TA1370_create_key_AES_already_exists, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy()); - test_negative(&ManagerAsync::createKeyAES, - CKM_API_ERROR_DB_ALIAS_EXISTS, - 256, - "alias_AES", - Policy()); -} - -RUNNER_TEST(TA1380_create_key_AES_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test require password support."); - test_positive(&ManagerAsync::createKeyAES, - 256, - "alias_AES", - Policy()); - - test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_AES")}); -} - -// getCertificateChain -RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv) -{ - CertificateShPtr cert = getTestCertificate(MBANK); - CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) }; - test_no_observer(&ManagerAsync::getCertificateChain, - cert, - certv, - EMPTY_CERT_VECTOR, - true); - test_invalid_param(&ManagerAsync::getCertificateChain, - CertificateShPtr(), - certv, - EMPTY_CERT_VECTOR, - true); - - Alias alias = "alias"; - AliasVector aliasv = { alias }; - test_no_observer(&ManagerAsync::getCertificateChain, - cert, - aliasv, - EMPTY_ALIAS_VECTOR, - true); - test_invalid_param(&ManagerAsync::getCertificateChain, - CertificateShPtr(), - aliasv, - EMPTY_ALIAS_VECTOR, - true); -} - -RUNNER_TEST(TA1420_get_certificate_chain_negative, UserEnv) -{ - CertificateShPtr cert = getTestCertificate(MBANK); - CertificateShPtrVector certv = { getTestCertificate(MBANK) }; - test_negative(&ManagerAsync::getCertificateChain, - CKM_API_ERROR_VERIFICATION_FAILED, - cert, - EMPTY_CERT_VECTOR, - EMPTY_CERT_VECTOR, - true); - test_negative(&ManagerAsync::getCertificateChain, - CKM_API_ERROR_VERIFICATION_FAILED, - cert, - certv, - EMPTY_CERT_VECTOR, - true); - AliasVector aliasv = { "alias" }; - test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy()); - test_negative(&ManagerAsync::getCertificateChain, - CKM_API_ERROR_VERIFICATION_FAILED, - cert, - EMPTY_ALIAS_VECTOR, - EMPTY_ALIAS_VECTOR, - true); - test_negative(&ManagerAsync::getCertificateChain, - CKM_API_ERROR_VERIFICATION_FAILED, - cert, - aliasv, - EMPTY_ALIAS_VECTOR, - true); -} - -RUNNER_TEST(TA1450_get_certificate_chain_positive, UserEnv) -{ - CertificateShPtr cert = getTestCertificate(MBANK); - CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) }; - test_check_cert_chain(&ManagerAsync::getCertificateChain, - 3, - cert, - certv, - EMPTY_CERT_VECTOR, - true); - - AliasVector aliasv = { "alias" }; - test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy()); - test_check_cert_chain(&ManagerAsync::getCertificateChain, - 3, - cert, - aliasv, - EMPTY_ALIAS_VECTOR, - true); -} - - -// createSignature -RUNNER_TEST(TA1510_create_signature_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::createSignature, - "alias", - "", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - test_invalid_param(&ManagerAsync::createSignature, - "", - "", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - test_invalid_param(&ManagerAsync::createSignature, - "alias", - "", - RawBuffer(), - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1520_create_signature_invalid_password, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password")); - test_negative(&ManagerAsync::createSignature, - CKM_API_ERROR_INPUT_PARAM, - "alias", - "wrong-password", - RawBuffer(), - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1550_create_signature_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password")); - test_positive(&ManagerAsync::createSignature, - "alias", - "password", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - - -// verifySignature -RUNNER_TEST(TA1610_verify_signature_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::verifySignature, - "", - "", - RawBuffer(), - RawBuffer(), - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - test_invalid_param(&ManagerAsync::verifySignature, - "", - "", - test_buffer, - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1620_verify_signature_invalid_password, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("pass1")); - test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("pass2")); - auto obs = test_positive(&ManagerAsync::createSignature, - "alias_prv", - "pass1", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_negative(&ManagerAsync::verifySignature, - CKM_API_ERROR_AUTHENTICATION_FAILED, - "alias_pub", - "wrong-password", - test_buffer, - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1630_verify_signature_invalid_message, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("")); - test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("")); - - auto obs = test_positive(&ManagerAsync::createSignature, - "alias_prv", - "", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_negative(&ManagerAsync::verifySignature, - CKM_API_ERROR_VERIFICATION_FAILED, - "alias_pub", - "", - raw_buffer("invalid-unsigned-mesage"), - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1640_verify_signature_invalid_signature, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("")); - - test_negative(&ManagerAsync::verifySignature, - CKM_API_ERROR_VERIFICATION_FAILED, - "alias_pub", - "", - test_buffer, - raw_buffer("invalid-signature"), - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1650_verify_signature_wrong_key, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("")); - test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("")); - test_positive(&ManagerAsync::saveKey, "alias_pub2", keys[RSA][1].pub, Policy("")); - test_positive(&ManagerAsync::saveKey, "alias_pub3", keys[DSA][0].prv, Policy("")); - auto obs = test_positive(&ManagerAsync::createSignature, - "alias_prv", - "", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_positive(&ManagerAsync::verifySignature, - "alias_prv", - "", - test_buffer, - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_positive(&ManagerAsync::verifySignature, - "alias_pub", - "", - test_buffer, - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_negative(&ManagerAsync::verifySignature, - CKM_API_ERROR_VERIFICATION_FAILED, - "alias_pub2", - "", - test_buffer, - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_negative(&ManagerAsync::verifySignature, - CKM_API_ERROR_VERIFICATION_FAILED, - "alias_pub3", - "", - test_buffer, - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - -RUNNER_TEST(TA1660_verify_signature_positive, UserEnv) -{ - test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy("pass1")); - test_positive(&ManagerAsync::saveKey, "alias_pub", keys[RSA][0].pub, Policy("pass2")); - auto obs = test_positive(&ManagerAsync::createSignature, - "alias_prv", - "pass1", - test_buffer, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); - - test_positive(&ManagerAsync::verifySignature, - "alias_pub", - "pass2", - test_buffer, - obs->m_signed, - HashAlgorithm::SHA1, - RSAPaddingAlgorithm::PKCS1); -} - - -// ocspCheck -RUNNER_TEST(TA1710_ocsp_check_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR); - test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR); - test_invalid_param(&ManagerAsync::ocspCheck, NULL_PTR_VECTOR); -} - -RUNNER_TEST(TA1720_ocsp_check_negative, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test requires additional network features to work."); - CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) }; - - auto obs = test_positive(&ManagerAsync::ocspCheck, certv); - RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD, - "Verification should fail. Got: " << obs->m_ocspStatus); -} - -RUNNER_TEST(TA1750_ocsp_check_positive, UserEnv) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test requires additional network features to work."); - CertificateShPtr cert = getTestCertificate(MBANK); - CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) }; - auto obs = test_positive(&ManagerAsync::getCertificateChain, - cert, - certv, - EMPTY_CERT_VECTOR, - true); - - auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain); - RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD, - "Verification failed. Error: " << obs->m_ocspStatus); -} - -// setPermission -RUNNER_TEST(TA1810_allow_access_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE); - test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE); - test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE); -} - -RUNNER_TEST(TA1820_allow_access, RemoveDataEnv) -{ - ScopedDBUnlock dbu(APP_UID, TEST_PASS); - - // prepare: add data - std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1"); - std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2"); - std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3"); - { - ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID); - save_data(alias1.c_str(), TEST_DATA); - save_data(alias2.c_str(), TEST_DATA); - save_data(alias3.c_str(), TEST_DATA); - - test_positive(&ManagerAsync::setPermission, - alias2, - TEST_LABEL_2, - CKM::Permission::READ); - test_positive(&ManagerAsync::setPermission, - alias3, - TEST_LABEL_2, - CKM::Permission::READ | CKM::Permission::REMOVE); - } - - { - ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID); - - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, ""); - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1); - - // test from allowed label, but without properly addressing alias (coming from default label) - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", ""); - - // now test with appropriate addressing - test_positive(&ManagerAsync::getData, alias2, ""); - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2); - - test_positive(&ManagerAsync::getData, alias3, ""); - test_positive(&ManagerAsync::removeAlias, alias3); - } -} - -// denyAccess -RUNNER_TEST(TA1910_deny_access_invalid_param, UserEnv) -{ - test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE); - test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE); - test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE); -} - -RUNNER_TEST(TA1920_deny_access, RemoveDataEnv) -{ - ScopedDBUnlock dbu(APP_UID, TEST_PASS); - - // prepare: add data - std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1"); - { - ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID); - save_data(alias1.c_str(), TEST_DATA); - - test_positive(&ManagerAsync::setPermission, - alias1, - TEST_LABEL_2, - CKM::Permission::READ | CKM::Permission::REMOVE); - test_positive(&ManagerAsync::setPermission, - alias1, - TEST_LABEL_2, - CKM::Permission::NONE); - } - - { - ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID); - - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, ""); - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1); - } -} - -RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, RemoveDataEnv<0>) -{ - auto pkcs = loadPkcs(); - - // save to the CKM - CKM::Policy exportable; - CKM::Policy notExportable(CKM::Password(), false); - - test_positive(&ManagerAsync::savePKCS12, - sharedDatabase(alias_PKCS_exportable), - pkcs, - exportable, - exportable); - test_negative(&ManagerAsync::savePKCS12, - CKM_API_ERROR_DB_ALIAS_EXISTS, - sharedDatabase(alias_PKCS_exportable), - pkcs, - exportable, - exportable); - - test_positive(&ManagerAsync::savePKCS12, - sharedDatabase(alias_PKCS_not_exportable), - pkcs, - notExportable, - notExportable); - test_negative(&ManagerAsync::savePKCS12, - CKM_API_ERROR_DB_ALIAS_EXISTS, - sharedDatabase(alias_PKCS_not_exportable), - pkcs, - notExportable, - notExportable); -} - -RUNNER_TEST(TA2010_PKCS_get, RemoveDataEnv<0>) -{ - auto pkcs = loadPkcs(); - - // save to the CKM - CKM::Policy exportable; - CKM::Policy notExportable(CKM::Password(), false); - - test_positive(&ManagerAsync::savePKCS12, - sharedDatabase(alias_PKCS_exportable), - pkcs, - exportable, - exportable); - test_positive(&ManagerAsync::savePKCS12, - sharedDatabase(alias_PKCS_not_exportable), - pkcs, - notExportable, - notExportable); - - // fail - no entry - test_negative(&ManagerAsync::getPKCS12, - CKM_API_ERROR_DB_ALIAS_UNKNOWN, - sharedDatabase("i-do-not-exist").c_str(), - CKM::Password(), - CKM::Password()); - - - // fail - not exportable - test_negative(&ManagerAsync::getPKCS12, - CKM_API_ERROR_NOT_EXPORTABLE, - sharedDatabase(alias_PKCS_not_exportable), - CKM::Password(), - CKM::Password()); - - // success - exportable - auto obs = test_positive(&ManagerAsync::getPKCS12, - sharedDatabase(alias_PKCS_exportable), - CKM::Password(), - CKM::Password()); - - auto cert = obs->m_pkcs->getCertificate(); - RUNNER_ASSERT_MSG( - NULL != cert.get(), - "Error in PKCS12::getCertificate()"); - - auto key = obs->m_pkcs->getKey(); - RUNNER_ASSERT_MSG( - NULL != key.get(), - "Error in PKCS12::getKey()"); - - auto caVector = obs->m_pkcs->getCaCertificateShPtrVector(); - RUNNER_ASSERT_MSG( - 2 == caVector.size(), - "Wrong size of vector"); -} diff --git a/src/ckm/c-compilation.c b/src/ckm/c-compilation.c deleted file mode 100644 index 31718684..00000000 --- a/src/ckm/c-compilation.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file c-compilation.c - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#include -#include - -static unsigned char iv[] = { "rewrewrewgegsrtbhns" }; - -void algo_param() { - ckmc_param_list_h list = NULL; - ckmc_raw_buffer_s* buffer = NULL; - - if(CKMC_ERROR_NONE != ckmc_param_list_new(&list)) - goto finish; - if(CKMC_ERROR_NONE != ckmc_buffer_new(iv, sizeof(iv), &buffer)) - goto finish; - if(CKMC_ERROR_NONE != ckmc_param_list_set_integer(list, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM)) - goto finish; - if(CKMC_ERROR_NONE != ckmc_param_list_set_buffer(list, CKMC_PARAM_ED_IV, buffer)) - goto finish; - -finish: - ckmc_buffer_free(buffer); - ckmc_param_list_free(list); -} - - -int main() -{ - algo_param(); - // TODO test other API - return 0; -} diff --git a/src/ckm/capi-access_control.cpp b/src/ckm/capi-access_control.cpp deleted file mode 100644 index 3a7a5746..00000000 --- a/src/ckm/capi-access_control.cpp +++ /dev/null @@ -1,922 +0,0 @@ -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include - -namespace { -const int USER_ROOT = 0; -const int APP_1 = 6000; -const int GROUP_1 = 6000; -const int APP_2 = 6200; -const int GROUP_2 = 6200; -const char * const APP_PASS_1 = "app-pass-1"; -const char * const APP_PASS_2 = "app-pass-2"; -const char* APP_LABEL_1 = "APP_LABEL_1"; -const char* APP_LABEL_2 = "APP_LABEL_2"; -const char* APP_LABEL_3 = "APP_LABEL_3"; -const char* APP_LABEL_4 = "APP_LABEL_4"; - - -const char* NO_ALIAS = "definitely-non-existent-alias"; -const char* NO_OWNER = "definitely-non-existent-owner"; - -const char* TEST_ALIAS = "test-alias"; -const char* TEST_ALIAS2 = "test-alias2"; -const char* TEST_ALIAS3 = "test-alias3"; - -const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf"; - -void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights) -{ - int ret = ckmc_allow_access(alias, accessor, accessRights); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); -} - -void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights) -{ - // data removal should revoke this access - int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); -} - -void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask) -{ - // data removal should revoke this access - int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); -} - -void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor) -{ - int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret)); -} - -void check_alias_count(size_t expected) -{ - size_t count = count_aliases(ALIAS_DATA); - RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count); -} - -} // namespace anonymous - -RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API); - - -///////////////////////////////////////////////////////////////////////////// -// Manager -RUNNER_TEST(T3000_init) -{ - reset_user_data(APP_1, APP_PASS_1); - reset_user_data(APP_2, APP_PASS_2); -} - -// invalid arguments check -RUNNER_TEST(T3001_manager_allow_access_invalid) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - RUNNER_ASSERT( - CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ)); - RUNNER_ASSERT( - CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_READ)); -} - -// invalid arguments check -RUNNER_TEST(T3002_manager_deny_access_invalid) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE)); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE)); -} - -// tries to allow access for non existing alias -RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Allowing access for non existing alias returned " << CKMCErrorToString(ret)); -} - -// tries to deny access for non existing alias -RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Denying access for non existing alias returned " << CKMCErrorToString(ret)); -} - -// tries to deny access that does not exist in database -RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - // deny non existing access to existing alias - int ret = ckmc_set_permission(TEST_ALIAS, "label", CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Denying non existing access returned: " << CKMCErrorToString(ret)); -} - -// tries to allow access to application own data -RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - std::string ownerId = getOwnerIdFromSelf(); - int ret = ckmc_set_permission(TEST_ALIAS, ownerId.c_str(), CKMC_PERMISSION_READ); - RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Trying to allow myself returned: " << CKMCErrorToString(ret)); -} - -// verifies that alias can not contain forbidden characters -RUNNER_CHILD_TEST(T3007_manager_check_alias_valid) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - std::string test_alias_playground = std::string("AAA BBB CCC"); - check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); - - // control: expect success - check_read(TEST_ALIAS, 0, TEST_DATA); - check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA); -} - -// verifies that label can not contain forbidden characters -RUNNER_CHILD_TEST(T3008_manager_check_label_valid) -{ - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - // basic test - std::string APP_LABEL_1_playground = std::string("AAA BBB CCC"); - check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); - - // insert part of the separator in the middle - APP_LABEL_1_playground = std::string(APP_LABEL_1); - APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator); - check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); - - // prepend separator - APP_LABEL_1_playground = std::string(APP_LABEL_1); - APP_LABEL_1_playground.insert(0, ckmc_label_name_separator); - check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); - - // append separator - APP_LABEL_1_playground = std::string(APP_LABEL_1); - APP_LABEL_1_playground.append(ckmc_label_name_separator); - check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); - - // control: expect success - check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA); -} - - -// tries to access other application data without permission -RUNNER_TEST(T3020_manager_access_not_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - check_read_not_visible(TEST_ALIAS_adr.c_str()); - check_remove_not_visible(TEST_ALIAS_adr.c_str()); - } -} - -// tries to access other application data with permission -RUNNER_TEST(T3021_manager_access_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to read other application data with permission for read/remove -RUNNER_TEST(T3022_manager_access_allowed_with_remove) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to remove other application data with permission for reading only -RUNNER_TEST(T3023_manager_access_allowed_remove_denied) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - check_remove_denied(TEST_ALIAS_adr.c_str()); - check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); - } -} - -// tries to remove other application data with permission -RUNNER_TEST(T3025_manager_remove_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); - } -} - -// tries to access other application data after allow function was called twice with different -// rights -RUNNER_TEST(T3026_manager_double_allow) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - // access should be overwritten - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - check_remove_denied(TEST_ALIAS_adr.c_str()); - check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); - } -} - -// tries to access application data with permission and after permission has been revoked -RUNNER_TEST(T3027_manager_allow_deny) -{ - // prepare: add data - GarbageCollector gc; - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_denied(TEST_ALIAS_adr.c_str()); - check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); - } - - // remove permission - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - deny_access(TEST_ALIAS, APP_LABEL_2); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_not_visible(TEST_ALIAS_adr.c_str()); - check_read_not_visible(TEST_ALIAS_adr.c_str()); - } -} - -RUNNER_TEST(T3028_manager_access_by_label) -{ - // prepare: add data - GarbageCollector gc; - const char *additional_data = "label-2-data"; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - } - - // add data as app 2 - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - save_data(TEST_ALIAS, additional_data); - - allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ); - - // test if accessing valid alias (of label2 domain) - check_read_allowed(TEST_ALIAS, additional_data); - } - - // test accessibility to app 2 from app 1 - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - - // test if can access label2 alias from label1 domain - should succeed - check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data); - } -} - -// tries to modify another label's permission -RUNNER_TEST(T3029_manager_access_modification_by_foreign_label) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED); - deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED); - } -} - -// checks if only aliases readable by given app are returned -RUNNER_TEST(T3030_manager_get_all_aliases) -{ - // prepare: add data - GarbageCollector gc; - size_t count; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - gc.save(TEST_ALIAS2, TEST_DATA); - - count = count_aliases(ALIAS_DATA); - allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - // check that app can access other aliases when it has permission - check_alias_count(count - 1); - - ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA); - - // check that app can access its own aliases - check_alias_count(count - 1 + 1); - } - - // remove permission - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - deny_access(TEST_ALIAS, APP_LABEL_2); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - // check that app can't access other aliases for which permission has been revoked - check_alias_count(count - 2); - } -} - -// tries to access other application data with permission -RUNNER_TEST(T3031_manager_deprecated_access_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to read other application data with permission for read/remove -RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to remove other application data with permission for reading only -RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - check_remove_denied(TEST_ALIAS_adr.c_str()); - check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); - } -} - -// tries to remove other application data with permission -RUNNER_TEST(T3034_manager_deprecated_remove_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); - } - - // test accessibility from another label - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); - } -} - -///////////////////////////////////////////////////////////////////////////// -// Control - -RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API); - -RUNNER_TEST(T3100_init) -{ - reset_user_data(APP_1, APP_PASS_1); - reset_user_data(APP_2, APP_PASS_2); -} - -// invalid argument check -RUNNER_TEST(T3101_control_allow_access_invalid) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - int ret; - ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); - ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); - - // double owner - std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS); - ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); -} - -// invalid argument check -RUNNER_TEST(T3102_control_deny_access_invalid) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE)); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE)); - - // double owner - std::string aliasLabel = aliasWithLabel(getOwnerIdFromSelf().c_str(), TEST_ALIAS); - RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE)); -} - -// tries to allow access for non existing alias -RUNNER_TEST(T3103_control_allow_access_non_existing) -{ - int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Allowing access for non existing alias returned " << CKMCErrorToString(ret)); -} - -// tries to deny access for non existing alias -RUNNER_TEST(T3104_control_deny_access_non_existing) -{ - int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Denying access for non existing alias returned " << CKMCErrorToString(ret)); -} - -// tries to deny non existing access -RUNNER_TEST(T3105_control_deny_access_non_existing_access) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Denying non existing access returned: " << CKMCErrorToString(ret)); -} - -// tries to allow application to access its own data -RUNNER_TEST(T3106_control_allow_access_to_myself) -{ - // prepare: add data - GarbageCollector gc; - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - // test - int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ); - RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Trying to allow myself returned: " << CKMCErrorToString(ret)); -} - -// tries to use admin API as a user -RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) -{ - RUNNER_IGNORED_MSG("Disabled until labeled sockets not available"); - - // prepare: add data - GarbageCollector gc; - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - // test - int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ); - RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, - "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); -} - -// tries to use admin API as a user -RUNNER_CHILD_TEST(T3111_control_deny_access_as_user) -{ - RUNNER_IGNORED_MSG("Disabled until labeled sockets not available"); - - // prepare: add data - GarbageCollector gc; - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - - // test - int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, - "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); -} - -// tries to read other application data with permission -RUNNER_TEST(T3121_control_access_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to read other application data with permission to read/remove -RUNNER_TEST(T3122_control_access_allowed_with_remove) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to remove other application data with permission to read -RUNNER_TEST(T3122_control_access_allowed_remove_denied) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); - } -} - -// tries to remove other application data with permission -RUNNER_TEST(T3125_control_remove_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); - } -} - -// tries to access other application data after allow function has been called twice with different -// rights -RUNNER_TEST(T3126_control_double_allow) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - // access should be overwritten - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - check_remove_denied(TEST_ALIAS_adr.c_str()); - check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); - } -} - -// tries to access other application data with permission and after permission has been revoked -RUNNER_TEST(T3127_control_allow_deny) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_denied(TEST_ALIAS_adr.c_str()); - check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); - } - - deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_not_visible(TEST_ALIAS_adr.c_str()); - check_read_not_visible(TEST_ALIAS_adr.c_str()); - } -} - -// checks if only aliases readable by given app are returned -RUNNER_TEST(T3130_control_get_all_aliases) -{ - // prepare: add data - GarbageCollector gc; - size_t count; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - gc.save(TEST_ALIAS2, TEST_DATA); - - count = count_aliases(ALIAS_DATA); - } - - allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - // check that app can access other aliases when it has permission - check_alias_count(count - 1); - - ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA); - - // check that app can access its own aliases - check_alias_count(count - 1 + 1); - } - - deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - // check that app can't access other aliases for which permission has been revoked - check_alias_count(count - 2); - } -} - -// tries to add access to data in a database of invalid user -RUNNER_TEST(T3140_control_allow_invalid_user) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret)); -} - -// tries to revoke access to data in a database of invalid user -RUNNER_TEST(T3141_control_deny_invalid_user) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret)); -} - -// tries to read other application data with permission -RUNNER_TEST(T3142_control_deprecated_access_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to read other application data with permission to read/remove -RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); - } -} - -// tries to remove other application data with permission to read -RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); - } -} - -// tries to remove other application data with permission -RUNNER_TEST(T3145_control_deprecated_remove_allowed) -{ - // prepare: add data - GarbageCollector gc; - { - ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - gc.save(TEST_ALIAS, TEST_DATA); - } - - allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); - { - ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - - check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); - } -} diff --git a/src/ckm/capi-certificate-chains.cpp b/src/ckm/capi-certificate-chains.cpp deleted file mode 100644 index e619b5ec..00000000 --- a/src/ckm/capi-certificate-chains.cpp +++ /dev/null @@ -1,487 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file capi-certificate-chains.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#include - -#include -#include - -#include - -#include -#include -#include - -#include -#include -#include -#include - -namespace { - -typedef std::unique_ptr CertPtr; -typedef std::unique_ptr CertListPtr; -typedef std::unique_ptr AliasListPtr; - -ckmc_cert_s* create_cert(TestData::certificateID idx) { - - std::string cert_raw = TestData::getTestCertificateBase64(idx); - - ckmc_cert_s* cert = NULL; - assert_positive(ckmc_cert_new, - reinterpret_cast(const_cast(cert_raw.c_str())), - cert_raw.size(), - CKMC_FORM_PEM, - &cert); - - RUNNER_ASSERT_MSG(cert != NULL, "Cert is NULL"); - return cert; -} - -void save_cert(const ckmc_cert_s* cert, const char* alias) { - ckmc_policy_s policy; - policy.password = NULL; - policy.extractable = 1; - - assert_positive(ckmc_save_cert, alias, *cert, policy); -} - -// list takes ownership of provided certificates -CertListPtr create_cert_list(ckmc_cert_s* cert, ...) { - CertListPtr certList(NULL, ckmc_cert_list_all_free); - - va_list ap; - - va_start(ap, cert); - ckmc_cert_list_s* last = NULL; - for (ckmc_cert_s* c = cert; c!=NULL; c = va_arg(ap, ckmc_cert_s*)) { - if (!certList) { - ckmc_cert_list_s* tmp = NULL; - assert_positive(ckmc_cert_list_new, c, &tmp); - certList = CertListPtr(tmp, ckmc_cert_list_all_free); - RUNNER_ASSERT_MSG(!!certList, "Cert list is NULL"); - last = certList.get(); - } else { - assert_positive(ckmc_cert_list_add, last, c, &last); - RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL"); - } - } - va_end(ap); - - return certList; -} - -const ckmc_cert_s* NULL_CERT = NULL; -ckmc_cert_list_s** NULL_CHAIN = NULL; - -/* - * Helper class for certificate verification - */ -class ChainVerifierBase { -public: - ChainVerifierBase(); - virtual ~ChainVerifierBase(); - - void addTrusted(TestData::certificateID idx); - void addUntrusted(TestData::certificateID idx); - void enableSystem(bool enable); - - virtual void verifyPositive(TestData::certificateID idx, size_t expected) = 0; - virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED) = 0; - -protected: - void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert); - void addAlias(ckmc_alias_list_s*& list, const char* alias); - - ckmc_cert_list_s* m_trustedCerts; - ckmc_alias_list_s* m_trustedAliases; - - ckmc_cert_list_s* m_untrustedCerts; - ckmc_alias_list_s* m_untrustedAliases; - - bool m_system; -}; - - -ChainVerifierBase::ChainVerifierBase() : - m_trustedCerts(NULL), - m_trustedAliases(NULL), - m_untrustedCerts(NULL), - m_untrustedAliases(NULL), - m_system(true) -{ -} - -ChainVerifierBase::~ChainVerifierBase() -{ - ckmc_cert_list_all_free(m_trustedCerts); - ckmc_cert_list_all_free(m_untrustedCerts); - ckmc_alias_list_all_free(m_trustedAliases); - ckmc_alias_list_all_free(m_untrustedAliases); -} - -void ChainVerifierBase::addTrusted(TestData::certificateID idx) -{ - size_t size = list_size(m_trustedCerts); - ckmc_cert_s* cert = create_cert(idx); - addCert(m_trustedCerts, cert); - - std::stringstream ss; - ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size; - save_cert(cert, ss.str().c_str()); - addAlias(m_trustedAliases, ss.str().c_str()); -} - -void ChainVerifierBase::addUntrusted(TestData::certificateID idx) -{ - size_t size = list_size(m_untrustedCerts); - ckmc_cert_s* cert = create_cert(idx); - addCert(m_untrustedCerts, cert); - - std::stringstream ss; - ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size; - save_cert(cert, ss.str().c_str()); - addAlias(m_untrustedAliases, ss.str().c_str()); -} - -void ChainVerifierBase::enableSystem(bool enable) -{ - m_system = enable; -} - -void ChainVerifierBase::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert) -{ - if (!list) { - ckmc_cert_list_s* tmp = NULL; - assert_positive(ckmc_cert_list_new, cert, &tmp); - RUNNER_ASSERT_MSG(!!tmp, "Cert list is NULL"); - list = tmp; - } else { - ckmc_cert_list_s* last = list; - while(last->next) - last = last->next; - assert_positive(ckmc_cert_list_add, last, cert, &last); - RUNNER_ASSERT_MSG(last != NULL, "Last cert on the list is NULL"); - } -} - -void ChainVerifierBase::addAlias(ckmc_alias_list_s*& list, const char* alias) -{ - if (!list) { - ckmc_alias_list_s* tmp = NULL; - assert_positive(ckmc_alias_list_new, strdup(alias), &tmp); - RUNNER_ASSERT_MSG(!!tmp, "Alias list is NULL"); - list = tmp; - } else { - ckmc_alias_list_s* last = list; - while(last->next) - last = last->next; - assert_positive(ckmc_alias_list_add, last, strdup(alias), &last); - RUNNER_ASSERT_MSG(last != NULL, "Last alias on the list is NULL"); - } -} - -class ChainVerifierOld : public ChainVerifierBase { -public: - virtual void verifyPositive(TestData::certificateID idx, size_t expected); - virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED); -}; - -class ChainVerifier : public ChainVerifierBase { -public: - virtual void verifyPositive(TestData::certificateID idx, size_t expected); - virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED); -}; - -void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected) -{ - ckmc_cert_s* cert = create_cert(idx); - - ckmc_cert_list_s* chain = NULL; - - assert_positive(ckmc_get_cert_chain, - cert, - m_untrustedCerts, - &chain); - - size_t size = list_size(chain); - ckmc_cert_list_all_free(chain); - chain = NULL; - RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size); - - assert_positive(ckmc_get_cert_chain_with_alias, - cert, - m_untrustedAliases, - &chain); - - size = list_size(chain); - ckmc_cert_list_all_free(chain); - chain = NULL; - RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size); - - ckmc_cert_free(cert); -} - -void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected) -{ - ckmc_cert_s* cert = create_cert(idx); - - ckmc_cert_list_s* chain = NULL; - - assert_positive(ckmc_get_cert_chain_with_trustedcert, - cert, - m_untrustedCerts, - m_trustedCerts, - m_system, - &chain); - - size_t size = list_size(chain); - ckmc_cert_list_all_free(chain); - chain = NULL; - RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size); - - ckmc_cert_free(cert); -} - -void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error) -{ - ckmc_cert_s* cert = create_cert(idx); - - ckmc_cert_list_s* chain = NULL; - - assert_result(error, - ckmc_get_cert_chain, - cert, - m_untrustedCerts, - &chain); - RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty"); - - assert_result(error, - ckmc_get_cert_chain_with_alias, - cert, - m_untrustedAliases, - &chain); - - RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty"); - - ckmc_cert_free(cert); -} - -void ChainVerifier::verifyNegative(TestData::certificateID idx, int error) -{ - ckmc_cert_s* cert = create_cert(idx); - - ckmc_cert_list_s* chain = NULL; - - assert_result(error, - ckmc_get_cert_chain_with_trustedcert, - cert, - m_untrustedCerts, - m_trustedCerts, - m_system, - &chain); - RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty"); - - ckmc_cert_free(cert); -} -} // namespace anonymous - -RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS); - -RUNNER_TEST(TCCH_0000_init) -{ - remove_user_data(0); -} - -// old API -RUNNER_TEST(TCCH_0010_get_chain_old_api) -{ - RUNNER_IGNORED_MSG("Temporary turned off. Require network feature."); - remove_user_data(0); - - ChainVerifierOld cv; - cv.verifyNegative(TestData::GOOGLE_COM); - - cv.addUntrusted(TestData::GIAG2); - cv.verifyPositive(TestData::GOOGLE_COM, 3); // including system cert - cv.verifyNegative(TestData::TEST_LEAF); -} - -// old API -RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only) -{ - remove_user_data(0); - - ChainVerifierOld cv; - cv.verifyPositive(TestData::GIAG2, 2); // including system cert -} - -// check invalid arguments -RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param) -{ - remove_user_data(0); - - ckmc_cert_s* ca2 = create_cert(TestData::GIAG2); - ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST); - ckmc_cert_list_s* chain = NULL; - - // cert - CertListPtr untrusted_c = create_cert_list(ca1, NULL); - ca1 = NULL; - - assert_invalid_param(ckmc_get_cert_chain_with_trustedcert, - NULL_CERT, - untrusted_c.get(), - untrusted_c.get(), - true, - &chain); - - assert_invalid_param(ckmc_get_cert_chain_with_trustedcert, - ca2, - untrusted_c.get(), - untrusted_c.get(), - true, - NULL_CHAIN); - - ckmc_cert_free(ca2); -} - -/* - * This test verifies that chain of trust won't be successfully built unless system or trusted - * certificates are used even if real trusted root ca certs are used as untrusted. - */ -RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative) -{ - remove_user_data(0); - - ChainVerifier cv; - cv.enableSystem(false); - cv.verifyNegative(TestData::EQUIFAX); - - cv.addUntrusted(TestData::GIAG2); - cv.verifyNegative(TestData::GOOGLE_COM); -} - -/* - * This test verifies that it's possible to build a chain of trust with single trusted certificate - * and no system certificates. - */ -RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only) -{ - remove_user_data(0); - - ChainVerifier cv; - cv.enableSystem(false); - cv.addTrusted(TestData::TEST_ROOT_CA); - cv.verifyPositive(TestData::TEST_IM_CA, 2); - cv.verifyNegative(TestData::TEST_LEAF); -} - -/* - * This test verifies that it's possible to build a chain of trust with system certificates only - */ -RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only) -{ - remove_user_data(0); - - ChainVerifier cv; - cv.verifyPositive(TestData::GIAG2, 2); // including system cert - cv.verifyNegative(TestData::GOOGLE_COM); -} - -/* - * Verifies that chain of trust can be built without untrusted certificates. - */ -RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted) -{ - remove_user_data(0); - - ChainVerifier cv; - cv.addTrusted(TestData::TEST_ROOT_CA); - cv.verifyPositive(TestData::TEST_IM_CA, 2);// signed by trusted cert (TEST_ROOT_CA) - cv.verifyPositive(TestData::GIAG2, 2); // signed by system cert (GEOTRUST) - cv.verifyNegative(TestData::GOOGLE_COM); -} - -RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted) -{ - RUNNER_IGNORED_MSG("Temporary turned off. Require network feature."); - remove_user_data(0); - - ChainVerifier cv; - cv.addUntrusted(TestData::GIAG2); - cv.verifyPositive(TestData::GOOGLE_COM,3); // including system cert - cv.verifyNegative(TestData::TEST_LEAF); -} - -/* - * Check if its possible to build a chain of trust without system certs. - */ -RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system) -{ - remove_user_data(0); - - ChainVerifier cv; - cv.enableSystem(false); - cv.addTrusted(TestData::TEST_ROOT_CA); - cv.addUntrusted(TestData::TEST_IM_CA); - cv.verifyPositive(TestData::TEST_LEAF, 3); - cv.verifyNegative(TestData::GOOGLE_COM); -} - -/* - * Check if its possible to build a chain of trust with intermediate ca cert in trusted list. - */ -RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted) -{ - remove_user_data(0); - - ChainVerifier cv; - cv.enableSystem(false); - cv.addTrusted(TestData::TEST_ROOT_CA); - cv.addTrusted(TestData::TEST_IM_CA); - cv.verifyPositive(TestData::TEST_LEAF, 3); - cv.verifyNegative(TestData::GOOGLE_COM); -} - -RUNNER_TEST(TCCH_0200_get_certificate_chain_all) -{ - RUNNER_IGNORED_MSG("Temporary turned off. Require network feature."); - remove_user_data(0); - - ChainVerifier cv; - cv.enableSystem(true); - cv.addTrusted(TestData::TEST_ROOT_CA); - cv.addUntrusted(TestData::GEOTRUST); - cv.addUntrusted(TestData::GIAG2); - /* - * In combat conditions this may as well be 3. Because of 2 existing GeoTrust certificates with - * same Subject and Public key one being root ca and the other not there are 2 possible chains - * of trust for this certificate. - */ - cv.verifyPositive(TestData::GOOGLE_COM,4); - cv.verifyNegative(TestData::TEST_LEAF); -} - -RUNNER_TEST(TCCH_9999_deinit) -{ - remove_user_data(0); -} diff --git a/src/ckm/capi-t3096.p12 b/src/ckm/capi-t3096.p12 deleted file mode 100644 index f9133a1c..00000000 Binary files a/src/ckm/capi-t3096.p12 and /dev/null differ diff --git a/src/ckm/capi-testcases.cpp b/src/ckm/capi-testcases.cpp deleted file mode 100644 index e6acc88b..00000000 --- a/src/ckm/capi-testcases.cpp +++ /dev/null @@ -1,2421 +0,0 @@ -#include -#include - -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include - -#include -#include -#include -#include -#include -#include - -namespace { -const int USER_APP = 5000; -const int GROUP_APP = 5000; -const char* USER_PASS = "user-pass"; -const char* TEST_LABEL = "test_label"; -const char *const TEST_OBJECT1 = "OBJECT1"; -const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1); -const char* TEST_SYSTEM_ALIAS = "system-alias-1"; -const char* TEST_DATA = "ABCD"; -} // namespace anonymous - - -RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API); - -RUNNER_TEST(T3010_Control_C_API_service_unlock_DB) -{ - int temp; - - RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")), - CKMCReadableError(temp)); - - remove_user_data(5000); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3011_Control_C_API) -{ - int temp; - - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3012_Control_C_API) -{ - int temp; - - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3013_Control_C_API) -{ - int temp; - - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3014_Control_C_API) -{ - int temp; - const uid_t UNIQUE_USER = 6500; - - // clean up environment - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)), - CKMCReadableError(temp)); - // unlock with empty password - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)), - CKMCReadableError(temp)); - // reset password (NULL, "simple-password") - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")), - CKMCReadableError(temp)); - // get rid of NULL DKEK - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")), - CKMCReadableError(temp)); - // lock db - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)), - CKMCReadableError(temp)); - // try to reset password when db locked - RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")), - CKMCReadableError(temp)); - // clean up environment - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3015_Control_C_API) -{ - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3016_Control_C_API) -{ - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3017_Control_C_API_remove_system_DB) -{ - save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA); - - // [test] - expect success - check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA); - - // remove user data - expect to map to the system DB - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)), - CKMCReadableError(temp)); - - // [test] - expect fail - check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); -} - -RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API); - -RUNNER_TEST(T30201_init_C_API) -{ - int temp; - - remove_user_data(0); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T30202_RSA_key_C_API) -{ - int temp; - - ckmc_key_s test_key, *test_key2; - ckmc_policy_s test_policy; - - char* password = NULL; - CKM::Alias alias = sharedDatabase("mykey"); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - char* char_keypem = new char[keyPem.length() + 1]; - - std::strcpy(char_keypem, keyPem.c_str()); - test_key.raw_key = (unsigned char *)char_keypem; - test_key.key_size = keyPem.length(); - test_key.key_type = CKMC_KEY_RSA_PUBLIC; - test_key.password = password; - - test_policy.password = password; - test_policy.extractable = 1; - - test_key2 = &test_key; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T30203_AES_key_C_API) -{ - int temp; - CKM::Alias alias = sharedDatabase("my_AES_key"); - size_t key_length = 192; - - ckmc_key_s *test_key = generate_AES_key(key_length, NULL); - ckmc_key_s *test_key2; - ckmc_policy_s test_policy; - test_policy.password = NULL; - test_policy.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), NULL, &test_key2)), - CKMCReadableError(temp)); - - compare_AES_keys(test_key, test_key2); - ckmc_key_free(test_key); - ckmc_key_free(test_key2); -} - -RUNNER_TEST(T30204_certificate_C_API) -{ - int temp; - - std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2); - - char* password = NULL; - ckmc_cert_s *cert2; - ckmc_cert_s cert; - - CKM::Alias alias = sharedDatabase("test-cert-1-RSA"); - - ckmc_policy_s test_policy; - test_policy.password = password; - test_policy.extractable = 1; - - char* char_certPem = new char[certPem.length() + 1]; - std::strcpy(char_certPem, certPem.c_str()); - cert.raw_cert = (unsigned char *)char_certPem; - cert.cert_size = certPem.length(); - cert.data_format = CKMC_FORM_PEM; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), - CKMCReadableError(temp)); - - ckmc_cert_free(cert2); -} - -RUNNER_TEST(T30205_certificate_remove_C_API) -{ - int temp; - - char* password = NULL; - ckmc_cert_s *cert2; - CKM::Alias alias = sharedDatabase("test-cert-1-RSA"); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), - CKMCReadableError(temp)); - ckmc_cert_free(cert2); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T30206_certificate_list_C_API) -{ - int temp; - - std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2); - - char* password = NULL; - ckmc_cert_s cert; - - ckmc_policy_s test_policy; - test_policy.password = password; - test_policy.extractable = 1; - - char* char_certPem = new char[certPem.length() + 1]; - std::strcpy(char_certPem, certPem.c_str()); - cert.raw_cert = (unsigned char *)char_certPem; - cert.cert_size = certPem.length(); - cert.data_format = CKMC_FORM_PEM; - - size_t current_aliases_num = count_aliases(ALIAS_CERT); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_CERT); - RUNNER_ASSERT_MSG( - (current_aliases_num+3) == actual_cnt, - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); -} - - -RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - int temp; - - ckmc_key_s test_key, *test_key2; - ckmc_policy_s test_policy; - - char* password = NULL; - const char *passwordPolicy = "x"; - const char *alias = "mykey"; - char* char_keypem = new char[keyPem.length() + 1]; - - std::strcpy(char_keypem, keyPem.c_str()); - test_key.raw_key = (unsigned char *)char_keypem; - test_key.key_size = keyPem.length(); - test_key.key_type = CKMC_KEY_RSA_PUBLIC; - test_key.password = password; - - test_policy.password = const_cast(passwordPolicy); - test_policy.extractable = 1; - - test_key2 = &test_key; - - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)), - CKMCReadableError(temp)); - - // RUNNER_ASSERT_MSG( - // key.getDER() == key2.getDER(), "Key value has been changed by service"); - - delete [] char_keypem; -} - -RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API) -{ - AccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - const char* password = NULL; - size_t key_length = 192; - CKM::Alias alias = "my_AES_key"; - - ckmc_key_s *test_key = generate_AES_key(key_length, password); - ckmc_key_s *test_key2; - ckmc_policy_s test_policy; - test_policy.password = const_cast(password); - test_policy.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)), - CKMCReadableError(temp)); - - compare_AES_keys(test_key, test_key2); - ckmc_key_free(test_key); - ckmc_key_free(test_key2); -} - -RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API) -{ - AccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - const char* password = "x"; - size_t key_length = 192; - CKM::Alias alias = "my_AES_key-2"; - - ckmc_key_s *test_key = generate_AES_key(key_length, password); - ckmc_policy_s test_policy; - test_policy.password = const_cast(password); - test_policy.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)), - CKMCReadableError(temp)); - ckmc_key_free(test_key); -} - -RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - ckmc_policy_s test_policy; - ckmc_key_s test_key, *test_key2; - char* char_keypem = new char[keyPem.length() + 1]; - char* password = NULL; - - std::strcpy(char_keypem, keyPem.c_str()); - test_key.raw_key = (unsigned char *)char_keypem; - test_key.key_size = keyPem.length(); - test_key.key_type = CKMC_KEY_RSA_PUBLIC; - test_key.password = NULL; - - test_policy.password = password; - test_policy.extractable = 0; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)), - CKMCReadableError(temp)); -} - -RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag) -{ - AccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - const char* password = NULL; - size_t key_length = 256; - CKM::Alias alias = "my_AES_key-3"; - - ckmc_key_s *test_key = generate_AES_key(key_length, password); - ckmc_key_s *test_key2; - ckmc_policy_s test_policy; - test_policy.password = const_cast(password); - test_policy.extractable = 0; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)), - CKMCReadableError(temp)); - ckmc_key_free(test_key); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T30212_certificate_with_DSA_key_C_API) -{ - int temp; - - std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2); - - char* password = NULL; - ckmc_cert_s *cert2 = NULL; - ckmc_cert_s cert; - - ckmc_policy_s test_policy; - test_policy.password = password; - test_policy.extractable = 1; - - char* char_certPem = new char[certPem.length() + 1]; - std::strcpy(char_certPem, certPem.c_str()); - cert.raw_cert = (unsigned char *)char_certPem; - cert.cert_size = certPem.length(); - cert.data_format = CKMC_FORM_PEM; - - CKM::Alias alias = sharedDatabase("test-cert-1-DSA"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), - CKMCReadableError(temp)); - - ckmc_cert_free(cert2); -} - -RUNNER_TEST(T30213_deinit_C_API) -{ - int temp; - - remove_user_data(0); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - - -RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API); - -RUNNER_TEST(T3031_init_C_API) -{ - int temp; - - remove_user_data(0); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3032_save_asymmetric_keys_get_alias_C_API) -{ - int temp; - - char* password = NULL; - ckmc_policy_s test_policy1, test_policy2, test_policy3; - ckmc_key_s test_key; - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - char* char_keypem = new char[keyPem.length() + 1]; - - std::strcpy(char_keypem, keyPem.c_str()); - test_key.raw_key = (unsigned char *)char_keypem; - test_key.key_size = keyPem.length(); - test_key.key_type = CKMC_KEY_RSA_PUBLIC; - test_key.password = password; - - test_policy1.password = password; - test_policy1.extractable = 1; - - test_policy2.password = password; - test_policy2.extractable = 0; - - test_policy3.password = password; - test_policy3.extractable = 0; - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - (current_aliases_num+3) == actual_cnt, - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); -} - - -RUNNER_TEST(T3033_remove_asymmetric_key_C_API) -{ - int temp; - - char* password = NULL; - - ckmc_key_s *test_key2; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3034_save_symmetric_keys_get_alias_C_API) -{ - int temp; - size_t key_length = 128; - ckmc_key_s *test_key = generate_AES_key(key_length, NULL); - ckmc_policy_s test_policy1, test_policy2, test_policy3; - test_policy1.password = NULL; - test_policy1.extractable = 1; - - test_policy2.password = NULL; - test_policy2.extractable = 1; - - test_policy3.password = NULL; - test_policy3.extractable = 1; - - int current_aliases_num = count_aliases(ALIAS_KEY); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)), - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp); - - ckmc_key_free(test_key); -} - - -RUNNER_TEST(T3035_remove_symmetric_key_C_API) -{ - int temp; - - ckmc_key_s *test_key2; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)), - CKMCReadableError(temp)); - validate_AES_key(test_key2); - ckmc_key_free(test_key2); - - // actual test - remove middle item - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)), - CKMCReadableError(temp)); - validate_AES_key(test_key2); - ckmc_key_free(test_key2); - -} - -RUNNER_TEST(T3036_deinit_C_API) -{ - int temp; - - remove_user_data(0); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API); - -RUNNER_TEST(T3041_init_C_API) -{ - remove_user_data(0); - reset_user_data(USER_APP, "simple-password"); -} - -RUNNER_TEST(T3042_save_get_bin_data_C_API) -{ - int temp; - - ckmc_raw_buffer_s testData1, testData2, testData3; - char* password = NULL; - - std::string binData1 = "My bin data1"; - std::string binData2 = "My bin data2"; - std::string binData3 = "My bin data3"; - char* char_binData1 = new char[binData1.length() + 1]; - char* char_binData2 = new char[binData2.length() + 1]; - char* char_binData3 = new char[binData3.length() + 1]; - std::strcpy(char_binData1, binData1.c_str()); - std::strcpy(char_binData2, binData2.c_str()); - std::strcpy(char_binData3, binData3.c_str()); - testData1.data = (unsigned char *) char_binData1; - testData2.data = (unsigned char *) char_binData2; - testData3.data = (unsigned char *) char_binData3; - testData1.size = binData1.length()+1; - testData2.size = binData2.length()+1; - testData3.size = binData3.length()+1; - - ckmc_policy_s test_policy1, test_policy2, test_policy3; - - test_policy1.password = password; - test_policy1.extractable = 1; - test_policy2.password = password; - test_policy2.extractable = 1; - test_policy3.password = password; - test_policy3.extractable = 0; - - size_t current_aliases_num = count_aliases(ALIAS_DATA); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_DATA); - RUNNER_ASSERT_MSG( - (current_aliases_num+3) == actual_cnt, - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); - - ckmc_raw_buffer_s *testData4; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)), - CKMCReadableError(temp)); - - int compareResult; - compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data)); - RUNNER_ASSERT_MSG( compareResult == 0, - "Data corrupted"); -} - -RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - ckmc_raw_buffer_s testData1; - char* password = NULL; - std::string binData1 = "My bin data"; - char* char_binData1 = new char[binData1.length() + 1]; - std::strcpy(char_binData1, binData1.c_str()); - testData1.data = (unsigned char *) char_binData1; - testData1.size = binData1.length()+1; - - ckmc_policy_s test_policy1, test_policy2; - - test_policy1.password = password; - test_policy1.extractable = 1; - - test_policy2.password = password; - test_policy2.extractable = 1; - - std::string binData = "My bin data"; - - size_t current_aliases_num = count_aliases(ALIAS_DATA); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_DATA); - RUNNER_ASSERT_MSG( - (current_aliases_num+3) == actual_cnt, - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); -} - -RUNNER_TEST(T3044_remove_bin_data_C_API) -{ - int temp; - - size_t current_aliases_num = count_aliases(ALIAS_DATA, 2); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_DATA); - RUNNER_ASSERT_MSG( - (current_aliases_num-2) == actual_cnt, - "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt); - - char* password = NULL; - - ckmc_raw_buffer_s *testData1, testData2; - - std::string testStr = "My bin data2"; - char* char_testData2 = new char[testStr.length() + 1]; - std::strcpy(char_testData2, testStr.c_str()); - testData2.data = (unsigned char *) char_testData2; - testData2.size = testStr.length()+1; - - CKM::RawBuffer buffer; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)), - CKMCReadableError(temp)); - - int compareResult; - compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data)); - RUNNER_ASSERT_MSG( compareResult == 0, - "Data corrupted"); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3045_save_big_data_C_API) -{ - GarbageCollector gc; - const size_t BIG_SIZE = 5000000; // can't go much further because of stack size limit - ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP); - - char big_data[BIG_SIZE]; - std::ifstream is("/dev/urandom", std::ifstream::binary); - if(is) - is.read(big_data, BIG_SIZE); - - RUNNER_ASSERT_MSG(is, - "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom"); - - gc.save(TEST_ALIAS1.c_str(), big_data, BIG_SIZE, CKMC_ERROR_NONE); - - check_read(TEST_OBJECT1, TEST_LABEL, big_data, BIG_SIZE, CKMC_ERROR_NONE); -} - -RUNNER_TEST(T3050_deinit_C_API) -{ - int temp; - - remove_user_data(0); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI); - -RUNNER_TEST(T3051_CAPI_init) -{ - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), - CKMCReadableError(temp)); -} - -RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key) -{ - int temp; - - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - size_t size = 1024; - const char *private_key_alias = "RSA-test-1-priv"; - const char *public_key_alias = "RSA-test-1-pub"; - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - - policy_private_key.password = NULL; - policy_private_key.extractable = 1; - - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - (current_aliases_num+2) == actual_cnt, - "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt); - - ckmc_key_s *privateKey; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - privateKey->key_type == CKMC_KEY_RSA_PRIVATE, - "Key Type Error: expected =" << static_cast(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast(privateKey->key_type)); - RUNNER_ASSERT_MSG( - privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL, - "Private key is broken."); - - ckmc_key_s *publicKey; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - publicKey->key_type == CKMC_KEY_RSA_PUBLIC, - "Key Type Error: expected =" << static_cast(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast(publicKey->key_type)); - RUNNER_ASSERT_MSG( - publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL, - "Public key is broken."); - - // on next attempt to generate keys with the same alias, expect fail (alias exists) - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), - CKMCReadableError(temp)); -} - -RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key) -{ - int temp; - - AccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - size_t size = 1024; - const char *private_key_alias = "DSA-test-2-priv"; - const char *public_key_alias = "DSA-test-2-pub"; - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - - policy_private_key.password = NULL; - policy_private_key.extractable = 1; - - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), - CKMCReadableError(temp)); - - size_t actual_cnt = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - (current_aliases_num+2) == actual_cnt, - "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt); - - ckmc_key_s *privateKey = 0; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL, - "Private key is broken."); - RUNNER_ASSERT_MSG( - privateKey->key_type == CKMC_KEY_DSA_PRIVATE, - "Key Type Error: expected =" << static_cast(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast(privateKey->key_type)); - ckmc_key_free(privateKey); - - ckmc_key_s *pubKey = 0; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL, - "Public key is broken."); - RUNNER_ASSERT_MSG( - pubKey->key_type == CKMC_KEY_DSA_PUBLIC, - "Key Type Error: expected =" << static_cast(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast(pubKey->key_type)); - ckmc_key_free(pubKey); - - // on next attempt to generate keys with the same alias, expect fail (alias exists) - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), - CKMCReadableError(temp)); -} - - -RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key) -{ - int temp; - size_t size = 128; - CKM::Alias key_alias = sharedDatabase("AES-gen-test-1"); - ckmc_policy_s policy_key; - - policy_key.password = NULL; - policy_key.extractable = 1; - - int current_aliases_num = count_aliases(ALIAS_KEY); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_aes(size, key_alias.c_str(), policy_key)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - (current_aliases_num+1) == (temp = count_aliases(ALIAS_KEY)), - "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp); - - ckmc_key_s *get_AES_key = 0; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(key_alias.c_str(), policy_key.password, &get_AES_key)), - CKMCReadableError(temp)); - validate_AES_key(get_AES_key); - ckmc_key_free(get_AES_key); -} - - -RUNNER_TEST(T3055_CAPI_deinit) -{ - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - - -RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair); - -RUNNER_TEST(T3061_CAPI_init) -{ - remove_user_data(0); - reset_user_data(USER_APP, USER_PASS); -} - -RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA) -{ - int temp; - - size_t size = 1024; - CKM::Alias private_key_alias = sharedDatabase("rsa-test-1"); - CKM::Alias public_key_alias = sharedDatabase("rsa-test-2"); - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - - policy_private_key.password = const_cast("privatepassword"); - policy_private_key.extractable = 0; - - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), - CKMCReadableError(temp)); - - // on next attempt to generate keys with the same alias, expect fail (alias exists) - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA) -{ - int temp; - - size_t size = 1024; - CKM::Alias private_key_alias = sharedDatabase("dsa-test-1"); - CKM::Alias public_key_alias = sharedDatabase("dsa-test-2"); - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - - policy_private_key.password = const_cast("privatepassword"); - policy_private_key.extractable = 0; - - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA) -{ - int temp; - - ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1; - CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1"); - CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2"); - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - - policy_private_key.password = const_cast("privatepassword"); - policy_private_key.extractable = 0; - - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3065_CAPI_deinit) -{ - remove_user_data(0); -} - -// TODO -//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS); - - - -RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS); - -RUNNER_TEST(T3071_CAPI_init) -{ - remove_user_data(0); -} - -RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check) -{ - RUNNER_IGNORED_MSG("Temporary turned off. Require network feature."); - std::string ee = TestData::getTestCertificateBase64(TestData::MBANK); - std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC); - - ckmc_cert_s c_cert; - c_cert.raw_cert = reinterpret_cast(const_cast(ee.c_str())); - c_cert.cert_size = ee.size(); - c_cert.data_format = CKMC_FORM_PEM; - - ckmc_cert_s c_cert1; - c_cert1.raw_cert = reinterpret_cast(const_cast(im.c_str())); - c_cert1.cert_size = im.size(); - c_cert1.data_format = CKMC_FORM_PEM; - - ckmc_cert_list_s untrustedcerts; - untrustedcerts.cert = &c_cert1; - untrustedcerts.next = NULL; - - ckmc_cert_list_s *cert_chain_list; - - int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp)); - - RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain."); - - ckmc_ocsp_status_e ocsp_status; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast(ocsp_status)); -} - -RUNNER_TEST(T3075_CAPI_deinit) -{ - remove_user_data(0); -} - - -RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE); - -RUNNER_TEST(T3081_CAPI__init) -{ - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), - CKMCReadableError(temp)); - - remove_user_data(0); -} - -RUNNER_TEST(T3082_CAPI__rsa_key_create_verify) -{ - int temp; - - std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" - "Proc-Type: 4,ENCRYPTED\n" - "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n" - "\n" - "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n" - "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n" - "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n" - "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n" - "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n" - "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n" - "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n" - "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n" - "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n" - "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n" - "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n" - "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n" - "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n" - "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n" - "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n" - "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n" - "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n" - "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n" - "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n" - "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n" - "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n" - "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n" - "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n" - "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n" - "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----\n"; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - CKM::Alias pub_alias = sharedDatabase("pub1"); - CKM::Alias pri_alias = sharedDatabase("prv1"); - const char *key_passwd = "1234"; - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - - ckmc_key_s pubkey; - pubkey.raw_key = const_cast(reinterpret_cast(pub.c_str())); - pubkey.key_size = pub.size(); - pubkey.key_type = CKMC_KEY_NONE; - pubkey.password = NULL; - - ckmc_policy_s pubpolicy; - pubpolicy.password = pub_passwd; - pubpolicy.extractable = 0; - - ckmc_policy_s pripolicy; - pripolicy.password = pri_passwd; - pripolicy.extractable = 1; - - ckmc_key_s prikey; - prikey.raw_key = const_cast(reinterpret_cast(prv.c_str())); - prikey.key_size = prv.size(); - prikey.key_type = CKMC_KEY_NONE; - prikey.password = const_cast(key_passwd); - - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative) -{ - int temp; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test"); - CKM::Alias pub_alias = sharedDatabase("pub1"); - CKM::Alias pri_alias = sharedDatabase("prv1"); - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small"); - memcpy((void*)signature->data, "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3084_CAPI__ec_key_create_verify) -{ - int temp; - - std::string prv = "-----BEGIN EC PRIVATE KEY-----\n" - "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n" - "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n" - "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n" - "-----END EC PRIVATE KEY-----\n"; - - std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n" - "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n" - "-----END PUBLIC KEY-----\n"; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - CKM::Alias pri_alias = sharedDatabase("ecprv2"); - CKM::Alias pub_alias = sharedDatabase("ecpub2"); - char *key_passwd = NULL; - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - - ckmc_key_s pubkey; - pubkey.raw_key = const_cast(reinterpret_cast(pub.c_str())); - pubkey.key_size = pub.size(); - pubkey.key_type = CKMC_KEY_NONE; - pubkey.password = NULL; - - ckmc_policy_s pubpolicy; - pubpolicy.password = pub_passwd; - pubpolicy.extractable = 1; - - ckmc_key_s prikey; - prikey.raw_key = const_cast(reinterpret_cast(prv.c_str())); - prikey.key_size = prv.size(); - prikey.key_type = CKMC_KEY_NONE; - prikey.password = key_passwd; - - ckmc_policy_s pripolicy; - pripolicy.password = pri_passwd; - pripolicy.extractable = 0; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small"); - memcpy((void*)signature->data, "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature) -{ - int temp; - - std::string prv = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" - "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" - "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" - "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" - "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" - "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" - "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" - "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" - "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" - "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" - "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" - "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" - "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string pub = - "-----BEGIN CERTIFICATE-----\n" - "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n" - "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n" - "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n" - "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n" - "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n" - "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n" - "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n" - "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n" - "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n" - "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n" - "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n" - "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n" - "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n" - "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n" - "-----END CERTIFICATE-----\n"; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - CKM::Alias pri_alias = sharedDatabase("prv3"); - CKM::Alias pub_alias = sharedDatabase("pub3"); - char *key_passwd = NULL; - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - - ckmc_cert_s cert; - cert.raw_cert = const_cast(reinterpret_cast(pub.c_str())); - cert.cert_size = pub.size(); - cert.data_format = CKMC_FORM_PEM; - - ckmc_policy_s certpolicy; - certpolicy.password = pub_passwd; - certpolicy.extractable = 1; - - ckmc_key_s prikey; - prikey.raw_key = const_cast(reinterpret_cast(prv.c_str())); - prikey.key_size = prv.size(); - prikey.key_type = CKMC_KEY_NONE; - prikey.password = key_passwd; - - ckmc_policy_s pripolicy; - pripolicy.password = pri_passwd; - pripolicy.extractable = 0; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), - CKMCReadableError(temp)); - - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small"); - memcpy((void*)signature->data, "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative) -{ - int temp; - - const std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n" - "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n" - "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n" - "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n" - "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n" - "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n" - "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n" - "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n" - "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n" - "YMYCBhubtrVaLmc=\n" - "-----END PUBLIC KEY-----"; - - const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n" - "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n" - "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n" - "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n" - "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n" - "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n" - "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n" - "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n" - "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n" - "u1roOuaPY+Hl19BlTE2qdw==\n" - "-----END DSA PRIVATE KEY-----"; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - CKM::Alias pub_alias = sharedDatabase("dsa-pub1"); - CKM::Alias pri_alias = sharedDatabase("dsa-prv1"); - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature = NULL; - - ckmc_key_s pubkey; - pubkey.raw_key = const_cast(reinterpret_cast(pub.c_str())); - pubkey.key_size = pub.size(); - pubkey.key_type = CKMC_KEY_NONE; - pubkey.password = NULL; - - ckmc_policy_s pubpolicy; - pubpolicy.password = pub_passwd; - pubpolicy.extractable = 0; - - ckmc_policy_s pripolicy; - pripolicy.password = pri_passwd; - pripolicy.extractable = 1; - - ckmc_key_s prikey; - prikey.raw_key = const_cast(reinterpret_cast(priv.c_str())); - prikey.key_size = priv.size(); - prikey.key_type = CKMC_KEY_NONE; - prikey.password = NULL; - - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - // positive test - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - // negative test - ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - invalid_msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - ckmc_buffer_free(signature); -} - -RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative) -{ - int temp; - - size_t size = 1024; - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - - policy_private_key.password = NULL; - policy_private_key.extractable = 1; - - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - CKM::Alias pub_alias = sharedDatabase("dsa-pub2"); - CKM::Alias pri_alias = sharedDatabase("dsa-prv2"); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)), - "Error=" << temp); - - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - - ckmc_key_s *pubkey = NULL; - ckmc_key_s *prikey = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - // positive test - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - // negative test - ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - invalid_msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - ckmc_key_free(prikey); - ckmc_key_free(pubkey); - ckmc_buffer_free(signature); -} - -RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature) -{ - int temp; - - std::string prv = - "-----BEGIN EC PRIVATE KEY-----\n" - "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n" - "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n" - "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n" - "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n" - "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n" - "ELyhe7yPCAuOoLZlTLgf\n" - "-----END EC PRIVATE KEY-----\n"; - - std::string pub = - "-----BEGIN CERTIFICATE-----\n" - "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n" - "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n" - "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n" - "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n" - "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n" - "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n" - "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n" - "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n" - "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n" - "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n" - "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n" - "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n" - "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n" - "Q1oBry6NEc+lLFmWMDesAA==\n" - "-----END CERTIFICATE-----\n"; - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - CKM::Alias pri_alias = sharedDatabase("prv4"); - CKM::Alias pub_alias = sharedDatabase("pub4"); - char *key_passwd = NULL; - char *pri_passwd = NULL; - char *pub_passwd = NULL; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - - ckmc_cert_s cert; - cert.raw_cert = const_cast(reinterpret_cast(pub.c_str())); - cert.cert_size = pub.size(); - cert.data_format = CKMC_FORM_PEM; - - ckmc_policy_s certpolicy; - certpolicy.password = pub_passwd; - certpolicy.extractable = 1; - - ckmc_key_s prikey; - prikey.raw_key = const_cast(reinterpret_cast(prv.c_str())); - prikey.key_size = prv.size(); - prikey.key_type = CKMC_KEY_NONE; - prikey.password = key_passwd; - - ckmc_policy_s pripolicy; - pripolicy.password = pri_passwd; - pripolicy.extractable = 0; - - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias.c_str(), - pri_passwd, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small"); - memcpy((void*)signature->data, "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias.c_str(), - pub_passwd, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3089_CAPI__deinit) -{ - remove_user_data(0); -} - - -//####################################################################################### - -void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password) -{ - RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" ); - RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" ); - - if(key->password != NULL && password != NULL) { - RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" ); - }else if(key->password == NULL && password == NULL) { - RUNNER_ASSERT_MSG(true, "Password Error" ); - }else { - RUNNER_ASSERT_MSG(false, "Password Error" ); - } - - if(key->raw_key != NULL && raw_key != NULL) { - for(unsigned int i=0; iraw_key)[i] == raw_key[i], "Raw Key Error" ); - } - }else if(key->raw_key == NULL && raw_key == NULL) { - RUNNER_ASSERT_MSG(true, "Raw Key Error" ); - }else { - RUNNER_ASSERT_MSG(false, "Raw Key Error" ); - } -} - -RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES); - -RUNNER_TEST(T3091_CAPI_TYPE_init) -{ - remove_user_data(0); - reset_user_data(USER_APP, USER_PASS); -} - -RUNNER_TEST(T3092_CAPI_TYPE_KEY) -{ - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - unsigned char *raw_key = const_cast(reinterpret_cast(keyPem.c_str())); - unsigned int key_size = keyPem.size(); - ckmc_key_type_e key_type = CKMC_KEY_NONE; - char *password = const_cast< char *>(""); - - ckmc_key_s *key; - ckmc_key_new(raw_key, key_size, key_type, password, &key); - - _assertKey(key, raw_key, key_size, key_type, password); - ckmc_key_free(key); - - char *passwordNull = NULL; - ckmc_key_s *key2; - ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2); - ckmc_key_free(key2); -} - -RUNNER_TEST(T3093_CAPI_TYPE_BUFFER) -{ - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - unsigned char *data = const_cast(reinterpret_cast(keyPem.c_str())); - unsigned int size = keyPem.size(); - - ckmc_raw_buffer_s *buff; - ckmc_buffer_new(data, size, &buff); - - RUNNER_ASSERT_MSG(buff->size == size, "Size Error" ); - - if(buff->data != NULL && data != NULL) { - for(unsigned int i=0; idata)[i] == data[i], "Raw data Error" ); - } - }else if(buff->data == NULL && data == NULL) { - RUNNER_ASSERT_MSG(true, "Raw data Error" ); - }else { - RUNNER_ASSERT_MSG(false, "Raw data Error" ); - } - - ckmc_buffer_free(buff); -} - -RUNNER_TEST(T3094_CAPI_TYPE_CERT) -{ - std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2); - - unsigned char *raw_cert = const_cast(reinterpret_cast(certPem.c_str())); - unsigned int size = certPem.size(); - ckmc_data_format_e form = CKMC_FORM_PEM; - - ckmc_cert_s *ckmCert; - ckmc_cert_new(raw_cert, size, form, &ckmCert); - - RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" ); - - if(ckmCert->raw_cert != NULL && raw_cert != NULL) { - for(unsigned int i=0; iraw_cert)[i] == raw_cert[i], "Raw data Error" ); - } - }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) { - RUNNER_ASSERT_MSG(true, "raw_cert Error" ); - }else { - RUNNER_ASSERT_MSG(false, "raw_cert Error" ); - } - - RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" ); - - ckmc_cert_free(ckmCert); -} - - -RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file) -{ - int ret; - - std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK); - - const char *file_name = "/tmp/ckmc_test_cert.pem"; - remove(file_name); - - FILE* cert_file; - cert_file = fopen(file_name, "w"); - fprintf(cert_file, "%s",certStr.c_str()); - fclose(cert_file); - - ckmc_cert_s *pcert; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)), - CKMCReadableError(ret)); - - RUNNER_ASSERT_MSG( - pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file."); - - CKM::Alias lcert_alias = sharedDatabase("lcert_alias"); - ckmc_policy_s policy; - policy.password = NULL; - policy.extractable = 1; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)), - CKMCReadableError(ret)); - - remove(file_name); -} - -RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) { - const char *p12file = "/usr/share/ckm-test/capi-t3096.p12"; - const char *password = "password"; - - int temp; - - ckmc_key_s *private_key = NULL; - ckmc_cert_s *cert = NULL; - ckmc_cert_list_s *ca_cert_list = NULL; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password, - &private_key, &cert, &ca_cert_list)), - "Error=" << temp); - RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key"); - RUNNER_ASSERT_MSG(cert != NULL, "Null cert"); - RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list"); - - ckmc_policy_s policy; - policy.password = NULL; - policy.extractable = 1; - - - CKM::Alias pkey_alias = sharedDatabase("pkey_alias"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)), - CKMCReadableError(temp)); - - CKM::Alias cert_alias = sharedDatabase("cert_alias"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)), - CKMCReadableError(temp)); - std::string caCertAlias = sharedDatabase("ca_cert_alias_"); - const char *idx = "0"; - int cnt = 0; - ckmc_cert_list_s *tmpList = ca_cert_list; - while(tmpList != NULL) { - caCertAlias.append(idx); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)), - CKMCReadableError(temp)); - tmpList = tmpList->next; - cnt ++; - } - - RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count"); - - ckmc_key_free(private_key); - ckmc_cert_free(cert); - ckmc_cert_list_all_free(ca_cert_list); -} - -RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) { - const char *p12file = "/usr/share/ckm-test/capi-t3096.p12"; - const char *password = "password"; - - int temp; - - ckmc_pkcs12_s *ppkcs12 = NULL; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key"); - RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert"); - RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list"); - - ckmc_policy_s policy; - policy.password = NULL; - policy.extractable = 1; - - - CKM::Alias pkey_alias = sharedDatabase("pkey_alias2"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)), - CKMCReadableError(temp)); - - CKM::Alias cert_alias = sharedDatabase("cert_alias2"); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)), - CKMCReadableError(temp)); - std::string caCertAlias = sharedDatabase("ca_cert_alias_2_"); - const char *idx = "0"; - int cnt = 0; - ckmc_cert_list_s *tmpList = ppkcs12->ca_chain; - while(tmpList != NULL) { - caCertAlias.append(idx); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)), - CKMCReadableError(temp)); - tmpList = tmpList->next; - cnt ++; - } - - RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count"); - - ckmc_pkcs12_free(ppkcs12); -} - -RUNNER_TEST(T3098_CAPI_TYPE_deinit) -{ - int temp; - remove_user_data(0); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12); - -namespace -{ -CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export"); -CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export"); -} - -RUNNER_TEST(T3101_CAPI_PKCS12_init) -{ - remove_user_data(0); -} - -RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password) -{ - const char *wrong_passwd = "wrong"; - ckmc_pkcs12_s *ppkcs12 = NULL; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) -{ - ckmc_pkcs12_s *ppkcs12 = NULL; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12"); - RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12"); - RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12"); - - // save to the CKM - ckmc_policy_s exportable; - exportable.password = NULL; - exportable.extractable = 1; - ckmc_policy_s notExportable; - notExportable.password = NULL; - notExportable.extractable = 0; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)), - CKMCReadableError(temp)); - - // try to lookup key - ckmc_key_s *key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)), - CKMCReadableError(temp)); - ckmc_key_free(key_lookup); - key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)), - CKMCReadableError(temp)); - ckmc_key_free(key_lookup); - - // try to lookup certificate - ckmc_cert_s *cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)), - CKMCReadableError(temp)); - ckmc_cert_free(cert_lookup); - cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)), - CKMCReadableError(temp)); - ckmc_cert_free(cert_lookup); -} - -RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS) -{ - int temp; - ckmc_pkcs12_s *pkcs = NULL; - - // fail - no entry - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)), - CKMCReadableError(temp)); - ckmc_pkcs12_free(pkcs); - pkcs = NULL; - - // fail - not exportable - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)), - CKMCReadableError(temp)); - ckmc_pkcs12_free(pkcs); - pkcs = NULL; - - // success - exportable - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12"); - RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12"); - RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12"); - size_t cntr = 0; - ckmc_cert_list_s *iter = pkcs->ca_chain; - do { - cntr ++; - iter = iter->next; - } while(iter); - RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12"); - - ckmc_pkcs12_free(pkcs); -} - -RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature) -{ - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - int temp; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature = NULL; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - alias_PKCS_exportable.c_str(), - NULL, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - alias_PKCS_exportable.c_str(), - NULL, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); -} - -RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs) -{ - int tmp; - - // remove the whole PKCS12 bundles - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_exportable.c_str())), - CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())), - CKMCReadableError(tmp)); - - // expect lookup fails due to unknown alias - // try to lookup key - ckmc_key_s *key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)), - CKMCReadableError(tmp)); - ckmc_key_free(key_lookup); - key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)), - CKMCReadableError(tmp)); - ckmc_key_free(key_lookup); - - // try to lookup certificate - ckmc_cert_s *cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)), - CKMCReadableError(tmp)); - ckmc_cert_free(cert_lookup); - cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)), - CKMCReadableError(tmp)); - ckmc_cert_free(cert_lookup); -} - -RUNNER_TEST(T3109_CAPI_PKCS12_deinit) -{ - remove_user_data(0); -} - - -RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE); - -RUNNER_TEST(T3201_CAPI_unlock_database) -{ - reset_user_data(USER_APP, USER_PASS); -} - -RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database) -{ - ScopedDBUnlock unlock(USER_APP, USER_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - CKM::Alias alias = "mykey"; - char *password = NULL; - ckmc_key_s *test_key = NULL; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)), - "Error=" << temp); - - RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed"); -} - -RUNNER_CHILD_TEST(T3203_CAPI_lock_database) -{ - RUNNER_IGNORED_MSG("Temporary turned off. The default password for database must be turn off for this test."); - ScopedDBUnlock unlock(USER_APP, USER_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); -} - -RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database) -{ - RUNNER_IGNORED_MSG("Temporary turned off. The default password for database must be turn off for this test."); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - CKM::Alias alias = "mykey"; - char *password = NULL; - ckmc_key_s *test_key = NULL; - -#ifndef PASSWORD_PROTECTION_DISABLE - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed"); -#else - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)), - CKMCReadableError(temp)); -#endif -} - -RUNNER_TEST(T3204_deinit) -{ - remove_user_data(USER_APP); -} - diff --git a/src/ckm/cc-mode.cpp b/src/ckm/cc-mode.cpp deleted file mode 100644 index 08395d9b..00000000 --- a/src/ckm/cc-mode.cpp +++ /dev/null @@ -1,402 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file cc-mode.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#include -#include -#include -#include -#include - -#include - -#include - -#include -#include -#include -#include -#include - -using namespace CKM; -using namespace std; - -#ifndef VCONFKEY_SECURITY_MDPP_STATE -#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state" -#endif - -namespace { - -const useconds_t SLEEP = 100*1000; - -const size_t MAX_RETRIES = 50; - -const char* const ENABLED = "Enabled"; -const char* const ENFORCING = "Enforcing"; -const char* const DISABLED = "Disabled"; -const char* const READY = "Ready"; -const char* const UNSET = "Unset"; // Meaningless value for unset. - -const char* const USER_LABEL = "User"; -const char* const CKM_LOCK = "/var/run/key-manager.pid"; - -// Wrapper for mdpp state that restores the original value upon destruction -class MdppState -{ -public: - MdppState(); - ~MdppState(); - - // pass NULL to unset - void set(const char* const value); - -private: - char* m_original; -}; - -MdppState::MdppState() -{ - ScopedLabel sl(USER_LABEL); - m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE); -} - -MdppState::~MdppState() -{ - ScopedLabel sl(USER_LABEL); - if (!m_original) - vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET); - else { - vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original); - } -} - -void MdppState::set(const char* const value) -{ - ScopedLabel sl(USER_LABEL); - if (value) - { - int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value); - RUNNER_ASSERT_MSG(0 == ret, - "vconf_set() failed, ec: " << ret); - } - else - vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET); -} - - - -Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002"); -Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002"); -Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002"); -Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002"); -Alias aes_alias = sharedDatabase("aes-T2002"); -size_t aes_length = 128; - -void save_keys() -{ - int temp; - auto manager = Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairRSA( - 1024, - rsa_pri_alias, - rsa_pub_alias, - Policy(Password(), true), - Policy(Password(), true))), - "Error=" << ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA( - ElipticCurve::prime192v1, - ecdsa_pri_alias, - ecdsa_pub_alias, - Policy(Password(), true), - Policy(Password(), true))), - "Error=" << ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyAES( - aes_length, - aes_alias, - Policy(Password(), true))), - "Error=" << ErrorToString(temp)); -} - -void read_key(ManagerShPtr& manager, const Alias& alias, int expected) { - KeyShPtr key; - int temp; - RUNNER_ASSERT_MSG( - expected == (temp = manager->getKey(alias, Password(), key)), - "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" << - ErrorToString(temp)); -} - -void read_keys(int expected) -{ -// if mdpp is disabled at compilation time we expect that read_key always succeeds -#ifndef DSECURITY_MDFPP_STATE_ENABLE - expected = CKM_API_SUCCESS; -#endif - auto manager = Manager::create(); - - read_key(manager, rsa_pri_alias, expected); - read_key(manager, ecdsa_pri_alias, expected); - read_key(manager, aes_alias, expected); -} - -void update_cc_mode() -{ - auto control = Control::create(); - int ret; - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()), - "Error=" << ErrorToString(ret)); -} - -void restart_ckm(const char* const mdpp_setting) -{ - stop_service(MANAGER); - MdppState mdpp; - mdpp.set(mdpp_setting); - start_service(MANAGER); -} -} // namespace anonymous - -RUNNER_TEST_GROUP_INIT(CKM_CC_MODE); - -RUNNER_TEST(TCC_0000_init) -{ - remove_user_data(0); -} - -// updatedCCMode should succeed regardless of mdpp setting -RUNNER_TEST(TCC_0010_updateCCMode) -{ - MdppState mdpp; - - mdpp.set(NULL); - update_cc_mode(); - - mdpp.set(ENABLED); - update_cc_mode(); - - mdpp.set(ENFORCING); - update_cc_mode(); - - mdpp.set(DISABLED); - update_cc_mode(); - - mdpp.set(READY); - update_cc_mode(); - - mdpp.set("whatever"); - update_cc_mode(); -} - -// tests without listener (ckm only) -RUNNER_TEST(TCC_0020_noListener) -{ - stop_service(LISTENER); - MdppState mdpp; - - remove_user_data(0); - save_keys(); - - mdpp.set(NULL); - update_cc_mode(); - read_keys(CKM_API_SUCCESS); - - mdpp.set(DISABLED); - update_cc_mode(); - // MJK, it's counter-intuitive: Disabled does not mean - // that CC mode is disabled, but that device - // self-test failed "device DISABLED" - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set("whatever"); - update_cc_mode(); - read_keys(CKM_API_SUCCESS); - - mdpp.set(ENABLED); - update_cc_mode(); - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set(ENFORCING); - update_cc_mode(); - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set(READY); - update_cc_mode(); - read_keys(CKM_API_SUCCESS); - - mdpp.set("whatever"); - update_cc_mode(); - read_keys(CKM_API_SUCCESS); - - mdpp.set(DISABLED); - update_cc_mode(); - read_keys(CKM_API_ERROR_BAD_REQUEST); -} - -// when listener is started with mdpp key unset it should not update mdpp status in ckm -RUNNER_TEST(TCC_0030_noCallbackRegistered) -{ - // restart listener without vconf callback - stop_service(LISTENER); - remove_user_data(0); - MdppState mdpp; - mdpp.set(NULL); - update_cc_mode(); - start_service(LISTENER); - - // save and read - save_keys(); - read_keys(CKM_API_SUCCESS); - - mdpp.set(ENABLED); - usleep(SLEEP); // give some time for notification to reach ckm - - read_keys(CKM_API_SUCCESS); -} - -// when listener is started with mdpp key set it should update mdpp status in ckm -RUNNER_TEST(TCC_0040_callbackRegistered) -{ - // restart listener with vconf callback - stop_service(LISTENER); - MdppState mdpp; - mdpp.set(DISABLED); - update_cc_mode(); - start_service(LISTENER); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set("whatever"); - usleep(SLEEP); // give some time for notification to reach ckm - read_keys(CKM_API_SUCCESS); - - mdpp.set(ENABLED); - usleep(SLEEP); // give some time for notification to reach ckm - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set(DISABLED); - usleep(SLEEP); // give some time for notification to reach ckm - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set(READY); - usleep(SLEEP); // give some time for notification to reach ckm - read_keys(CKM_API_SUCCESS); - - mdpp.set(ENFORCING); - usleep(SLEEP); // give some time for notification to reach ckm - read_keys(CKM_API_ERROR_BAD_REQUEST); - - mdpp.set(NULL); - usleep(SLEEP); // give some time for notification to reach ckm - read_keys(CKM_API_SUCCESS); -} - -// run ckm manually and see if it properly loads mdpp setting -RUNNER_TEST(TCC_0050_manualCkmDisabled) -{ - restart_ckm(DISABLED); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_ERROR_BAD_REQUEST); -} - -// run ckm manually and see if it properly loads mdpp setting -RUNNER_TEST(TCC_0060_manualCkmEnabled) -{ - restart_ckm(ENABLED); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_ERROR_BAD_REQUEST); -} - -// run ckm manually and see if it properly loads mdpp setting -RUNNER_TEST(TCC_0070_manualCkmEnforcing) -{ - restart_ckm(ENFORCING); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_ERROR_BAD_REQUEST); -} - -// run ckm manually and see if it properly loads mdpp setting -RUNNER_TEST(TCC_0075_manualCkmReady) -{ - restart_ckm(READY); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_SUCCESS); -} - -// run ckm manually and see if it properly loads mdpp setting -RUNNER_TEST(TCC_0080_manualCkmWhatever) -{ - restart_ckm("whatever"); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_SUCCESS); -} - -// run ckm manually and see if it properly loads mdpp setting -RUNNER_TEST(TCC_0090_manualCkmUnset) -{ - restart_ckm(NULL); - - remove_user_data(0); - save_keys(); - read_keys(CKM_API_SUCCESS); -} - -// make sure listener won't activate ckm to update mdpp -RUNNER_TEST(TCC_0100_listenerDoesntStartCkm) -{ - stop_service(MANAGER); - stop_service(LISTENER); - - MdppState mdpp; - mdpp.set(ENABLED); - - start_service(LISTENER); - - usleep(1000*1000); // by that time ckm would be already started - - int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR)); - RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno)); - - int ret = lockf(lock, F_TEST, 0); - close(lock); - RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running."); -} - -RUNNER_TEST(TCC_9999_deinit) -{ - remove_user_data(0); -} diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp deleted file mode 100644 index 27ebce16..00000000 --- a/src/ckm/ckm-common.cpp +++ /dev/null @@ -1,568 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file ckm-common.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -const std::string SMACK_USER_APP_PREFIX = "User::App::"; - -void generate_random(size_t random_bytes, char *output) -{ - RUNNER_ASSERT(random_bytes>0 && output); - - std::ifstream is("/dev/urandom", std::ifstream::binary); - RUNNER_ASSERT_MSG(is, "Failed to read /dev/urandom"); - is.read(output, random_bytes); - if(static_cast(random_bytes) != is.gcount()) { - RUNNER_ASSERT_MSG(false, - "Not enough bytes read from /dev/urandom: " << random_bytes << "!=" << - is.gcount()); - } -} - -const char* SERVICE[] = { - "central-key-manager-listener.service", - "central-key-manager.service" }; - -void start_service(ServiceIdx idx) -{ - ServiceManager sm(SERVICE[idx]); - sm.startService(); -} - -void stop_service(ServiceIdx idx) -{ - ServiceManager sm(SERVICE[idx]); - sm.stopService(); -} - -std::string getLabel() { - int ret; - char* myLabel = NULL; - RUNNER_ASSERT_MSG(0 <= (ret = smack_new_label_from_self(&myLabel)), - "Failed to get smack label for self. Error: " << ret); - RUNNER_ASSERT_MSG(myLabel, "NULL smack label"); - std::string result = myLabel; - free(myLabel); - return result; -} - -std::string getOwnerIdFromSelf() { - const std::string& prefix = SMACK_USER_APP_PREFIX; - std::string smack = getLabel(); - if (0 == smack.compare(0, prefix.size(), prefix)) - return smack.substr(prefix.size(), std::string::npos); - return "/" + smack; -} - -std::string aliasWithLabel(const char *label, const char *alias) -{ - if(label) - { - std::stringstream ss; - ss << label << std::string(ckmc_label_name_separator) << alias; - return ss.str(); - } - return std::string(alias); -} - -// changes process label -void change_label(const char* label) -{ - int ret = smack_set_label_for_self(label); - RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<(const_cast(data)); - buffer.size = len; - ckmc_policy_s policy; - policy.password = NULL; - policy.extractable = true; - - int ret = ckmc_save_data(alias, buffer, policy); - RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. " - << CKMCErrorToString(ret) << " while expected: " - << CKMCErrorToString(expected_err)); - -} - -ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias) -{ - save_data(alias, data, expected_err); -} - -ScopedSaveData::~ScopedSaveData() -{ - /* - * Let it throw. If we can't remove data then remaining tests results will be - * unreliable anyway. - */ - check_remove_allowed(m_alias.c_str()); -} - -void GarbageCollector::add(const char* alias) -{ - save_item item; - item.item_alias = std::string(alias); - item.owner_label = getOwnerIdFromSelf(); - item.owner_uid = geteuid(); - item.owner_gid = getegid(); - m_garbage.push_back(item); -} - -void GarbageCollector::save(const char* alias, const char *data, int expected_err) -{ - save(alias, data, strlen(data), expected_err); -} - -void GarbageCollector::save(const char* alias, const char *data, size_t len, int expected_err) -{ - save_data(alias, data, len, expected_err); - - if(CKMC_ERROR_NONE == expected_err) - add(alias); -} - -GarbageCollector::~GarbageCollector() -{ - for(auto & item : m_garbage) - { - try { - ScopedAccessProvider ap(item.owner_label, item.owner_uid, item.owner_gid); - check_remove_allowed(item.item_alias.c_str()); - } catch (...) { - // prevent exceptions in destructor - } - } -} - -ScopedDBUnlock::ScopedDBUnlock(uid_t user_id, const char* passwd) : m_uid(user_id) -{ - int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(user_id, passwd)), CKMCErrorToString(temp)); -} -ScopedDBUnlock::~ScopedDBUnlock() -{ - int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(m_uid)), CKMCErrorToString(temp)); -} - -void check_remove_allowed(const char* alias) -{ - int ret = ckmc_remove_alias(alias); - // remove, but ignore non existing - RUNNER_ASSERT_MSG((CKMC_ERROR_NONE == ret) || (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret), - "Removing data failed: " << CKMCErrorToString(ret)); -} - -void check_remove_denied(const char* alias) -{ - int ret = ckmc_remove_alias(alias); - RUNNER_ASSERT_MSG( - CKMC_ERROR_PERMISSION_DENIED == ret, - "App with different label shouldn't have rights to remove this data. " - << CKMCReadableError(ret)); -} - -void check_remove_not_visible(const char* alias) -{ - int ret = ckmc_remove_alias(alias); - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "App with different label shouldn't have rights to see this data. " - << CKMCReadableError(ret)); -} - -void check_read(const char* alias, - const char *label, - const char *test_data, - size_t len, - int expected_code) -{ - ckmc_raw_buffer_s* buffer = NULL; - int ret = ckmc_get_data(aliasWithLabel(label, alias).c_str(), NULL, &buffer); - RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. " - "Expected " << CKMCErrorToString(expected_code) << ", " - "while result " << CKMCErrorToString(ret)); - - if(expected_code == CKMC_ERROR_NONE) - { - // compare data with expected - RUNNER_ASSERT_MSG( - buffer->size == len, - "Extracted data length do not match expected data length (encrypted?):" << - buffer->size << "!=" << len); - - RUNNER_ASSERT_MSG( - memcmp(const_cast(reinterpret_cast(buffer->data)), - test_data, buffer->size) == 0, - "Extracted data do not match expected data (encrypted?)."); - - ckmc_buffer_free(buffer); - } -} - -void check_read(const char* alias, const char *label, const char *test_data, int expected_code) -{ - check_read(alias, label, test_data, strlen(test_data), expected_code); -} - -void check_read_allowed(const char* alias, const char *data) -{ - // try to read previously saved data - label taken implicitly - check_read(alias, NULL, data); -} - -void check_read_not_visible(const char* alias) -{ - // try to read previously saved data - label taken implicitly - { - ckmc_raw_buffer_s* buffer = NULL; - int ret = ckmc_get_data(alias, NULL, &buffer); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "App with different label shouldn't have rights to see this data. " << CKMCErrorToString(ret)); - ckmc_buffer_free(buffer); - } -} - -void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type) -{ - ckmc_key_s *test_key = NULL; - int temp = ckmc_get_key(alias, 0, &test_key); - RUNNER_ASSERT_MSG( - expected_error == temp, - "received: " << CKMCReadableError(temp) << " while expected: " << CKMCReadableError(expected_error)); - if(expected_type != CKMC_KEY_NONE) - { - RUNNER_ASSERT_MSG( - test_key->key_type == expected_type, - "received type: " << test_key->key_type << " while expected type: " << expected_type); - } - ckmc_key_free(test_key); -} -void check_key_allowed(const char *alias, ckmc_key_type_e expected_type) -{ - check_key(alias, CKMC_ERROR_NONE, expected_type); -} -void check_key_not_visible(const char *alias) -{ - check_key(alias, CKMC_ERROR_DB_ALIAS_UNKNOWN); -} -void check_cert_allowed(const char *alias) -{ - ckmc_cert_s *test_cert = NULL; - int temp = ckmc_get_cert(alias, 0, &test_cert); - ckmc_cert_free(test_cert); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp)); - -} -void check_cert_not_visible(const char *alias) -{ - ckmc_cert_s *test_cert = NULL; - int temp = ckmc_get_cert(alias, 0, &test_cert); - ckmc_cert_free(test_cert); - RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == temp, - "App with different label shouldn't have rights to see this cert. " << CKMCErrorToString(temp)); -} - -void allow_access(const char* alias, const char* accessor, int permissionMask) -{ - // data removal should revoke this access - int ret = ckmc_set_permission(alias, accessor, permissionMask); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " - << CKMCErrorToString(ret)); -} - -void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode) -{ - // data removal should revoke this access - int ret = ckmc_set_permission(alias, accessor, permissionMask); - RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned " - << CKMCErrorToString(ret) << ", while expected: " - << CKMCErrorToString(expectedCode)); -} - -void deny_access(const char* alias, const char* accessor) -{ - int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. Error: " - << CKMCErrorToString(ret)); -} - -void deny_access_negative(const char* alias, const char* accessor, int expectedCode) -{ - int ret = ckmc_set_permission(alias, accessor, CKMC_PERMISSION_NONE); - RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. " - << CKMCErrorToString(ret) << ", while expected: " - << CKMCErrorToString(expectedCode)); -} - -void unlock_user_data(uid_t user_id, const char *passwd) -{ - int ret; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)), - "Error=" << CKM::ErrorToString(ret)); -} - -void remove_user_data(uid_t user_id) -{ - auto control = CKM::Control::create(); - control->lockUserKey(user_id); - control->removeUserData(user_id); -} - -void reset_user_data(uid_t user_id, const char *passwd) -{ - remove_user_data(user_id); - unlock_user_data(user_id, passwd); -} - -ckmc_raw_buffer_s prepare_message_buffer(const char * input) -{ - ckmc_raw_buffer_s retval; - retval.data = const_cast(reinterpret_cast(input)); - retval.size = strlen(input); - return retval; -} - -void check_alias_list(const CKM::AliasVector& expected) -{ - ckmc_alias_list_s *aliasList = NULL; - int ret = ckmc_get_data_alias_list(&aliasList); - RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << ret << " / " << CKMCErrorToString(ret)); - - CKM::AliasVector actual; - ckmc_alias_list_s *plist = aliasList; - while(plist) - { - actual.push_back(plist->alias); - plist = plist->next; - } - ckmc_alias_list_all_free(aliasList); - - RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list."); -} - -size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count) -{ - ckmc_alias_list_s *aliasList = NULL; - int ec; - switch(type) - { - case ALIAS_KEY: - ec = ckmc_get_key_alias_list(&aliasList); - break; - - case ALIAS_CERT: - ec = ckmc_get_cert_alias_list(&aliasList); - break; - - case ALIAS_DATA: - ec = ckmc_get_data_alias_list(&aliasList); - break; - default: - RUNNER_ASSERT_MSG(false, "Unsupported value ALIAS_KEY == " << (int)type); - } - - if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN) - return 0; - - RUNNER_ASSERT_MSG(ec == CKMC_ERROR_NONE, - "Error: alias list failed, ec: " << CKMCErrorToString(ec)); - - ckmc_alias_list_s *plist = aliasList; - size_t return_count = 0; - while(plist) - { - plist = plist->next; - return_count ++; - } - ckmc_alias_list_all_free(aliasList); - - RUNNER_ASSERT_MSG( - return_count >= minimum_initial_element_count, - "Error: alias list failed, current element count: " << return_count << - " while expected minimal count of " << minimum_initial_element_count << - " elements"); - - return return_count; -} - -std::string sharedDatabase(const CKM::Alias & alias) -{ - return aliasWithLabel(ckmc_owner_id_system, alias.c_str()); -} - -ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes) -{ - ckmc_raw_buffer_s* buffer = NULL; - char* data = static_cast(malloc(random_bytes*sizeof(char))); - RUNNER_ASSERT(data); - generate_random(random_bytes, data); - int ret = ckmc_buffer_new(reinterpret_cast(data), random_bytes, &buffer); - RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Buffer creation failed: " << CKMCErrorToString(ret)); - return buffer; -} - -CKM::RawBuffer createRandomBuffer(size_t random_bytes) -{ - char buffer[random_bytes]; - generate_random(random_bytes, buffer); - return CKM::RawBuffer(buffer, buffer + random_bytes); -} - -ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd) -{ - ckmc_key_s *retval = reinterpret_cast(malloc(sizeof(ckmc_key_s))); - RUNNER_ASSERT(retval != NULL); - - RUNNER_ASSERT(lengthBits%8 == 0); - char *char_key_AES = reinterpret_cast(malloc(lengthBits/8)); - RUNNER_ASSERT(char_key_AES != NULL); - generate_random(lengthBits/8, char_key_AES); - - retval->raw_key = reinterpret_cast(char_key_AES); - retval->key_size = lengthBits/8; - retval->key_type = CKMC_KEY_AES; - retval->password = passwd?strdup(passwd):NULL; - - return retval; -} - -void validate_AES_key(ckmc_key_s *analyzed) -{ - RUNNER_ASSERT_MSG(analyzed, "provided key is NULL"); - RUNNER_ASSERT_MSG(analyzed->raw_key != NULL, "provided key is empty"); - RUNNER_ASSERT_MSG(analyzed->key_size==(128/8) || - analyzed->key_size==(192/8) || - analyzed->key_size==(256/8), "provided key length is invalid"); - RUNNER_ASSERT_MSG(analyzed->key_type = CKMC_KEY_AES, "expected AES key, while got: " << analyzed->key_type); -} - -void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second) -{ - validate_AES_key(first); - validate_AES_key(second); - RUNNER_ASSERT_MSG( - (first->key_size==second->key_size) && - (memcmp(first->raw_key, second->raw_key, first->key_size)==0), - "data has been modified in key manager"); - // bypassing password intentionally -} - -ParamListPtr createParamListPtr() -{ - ckmc_param_list_h list = NULL; - assert_positive(ckmc_param_list_new, &list); - return ParamListPtr(list, ckmc_param_list_free); -} - -void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal) -{ - if(equal) { - RUNNER_ASSERT_MSG(b1.size == b2.size, "Buffer size differs: " << b1.size << "!=" << b2.size); - RUNNER_ASSERT_MSG(0 == memcmp(b1.data, b2.data, b1.size), "Buffer contents differ"); - } else { - RUNNER_ASSERT_MSG(b1.size != b2.size || 0 != memcmp(b1.data, b2.data, b1.size), - "Buffers should be different"); - } -} - -RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer) -{ - return RawBufferPtr(buffer, ckmc_buffer_free); -} diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h deleted file mode 100644 index f5f83c54..00000000 --- a/src/ckm/ckm-common.h +++ /dev/null @@ -1,245 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file ckm-common.h - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#pragma once - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -extern const std::string SMACK_USER_APP_PREFIX; - -// support for error printing -const char * CKMCErrorToString(int error); -std::string CKMCReadableError(int error); - -// RUNNER_ASSERT wrappers -template -void assert_result(int expected, F&& func, Args... args) -{ - int ret = func(args...); - RUNNER_ASSERT_MSG(ret == expected, - "Expected: " << CKMCErrorToString(expected) << "(" << expected << ")" - " got: " << CKMCErrorToString(ret) << "(" << ret << ")"); -} - -template -void assert_positive(F&& func, Args... args) -{ - assert_result(CKMC_ERROR_NONE, std::move(func), args...); -} - -template -void assert_invalid_param(F&& func, Args... args) -{ - assert_result(CKMC_ERROR_INVALID_PARAMETER, std::move(func), args...); -} - - -// list operations -template -size_t list_size(const T* list) -{ - size_t size = 0; - while(list) { - list = list->next; - size++; - } - return size; -} - - -// service lifecycle management -enum ServiceIdx { - LISTENER, - MANAGER -}; -void start_service(ServiceIdx idx); -void stop_service(ServiceIdx idx); - -// scoped free -typedef std::unique_ptr CharPtr; - -// returns process owner id -std::string getOwnerIdFromSelf(); - -std::string aliasWithLabel(const char *label, const char *alias); - -// changes process label -void change_label(const char* label); - -// changes process label upon construction and restores it upon destruction -class ScopedLabel -{ -public: - ScopedLabel(const char* label); - ~ScopedLabel(); - -private: - std::string m_original_label; -}; - -void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE); -void save_data(const char* alias, const char *data, size_t len, int expected_err); -class ScopedSaveData -{ -public: - ScopedSaveData(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE); - virtual ~ScopedSaveData(); - -private: - std::string m_alias; -}; - -class GarbageCollector -{ -public: - void save(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE); - void save(const char* alias, const char *data, size_t len, int expected_err); - void add(const char* alias); - virtual ~GarbageCollector(); - -private: - struct save_item { - std::string item_alias; - std::string owner_label; - uid_t owner_uid; - gid_t owner_gid; - }; - std::vector m_garbage; -}; - -class ScopedDBUnlock -{ -public: - ScopedDBUnlock(uid_t user_id, const char* passwd); - virtual ~ScopedDBUnlock(); - -private: - uid_t m_uid; -}; - -void check_remove_allowed(const char* alias); -void check_remove_denied(const char* alias); -void check_remove_not_visible(const char* alias); -void check_read(const char* alias, - const char *label, - const char *test_data, - size_t len, - int expected_code = CKMC_ERROR_NONE); -void check_read(const char* alias, - const char *label, - const char *test_data, - int expected_code = CKMC_ERROR_NONE); -void check_read_allowed(const char* alias, const char *data); -void check_read_not_visible(const char* alias); -void check_key(const char *alias, - int expected_error = CKMC_ERROR_NONE, - ckmc_key_type_e expected_type = CKMC_KEY_NONE); -void check_key_allowed(const char *alias, ckmc_key_type_e expected_type = CKMC_KEY_NONE); -void check_key_not_visible(const char *alias); -void check_cert_allowed(const char *alias); -void check_cert_not_visible(const char *alias); -void allow_access(const char* alias, const char* accessor, int permissionMask); -void allow_access_negative(const char* alias, const char* accessor, int permissionMask, int expectedCode); -void deny_access(const char* alias, const char* accessor); -void deny_access_negative(const char* alias, const char* accessor, int expectedCode); - -void unlock_user_data(uid_t user_id, const char *passwd); -void remove_user_data(uid_t user_id); -void reset_user_data(uid_t user_id, const char *passwd); - -ckmc_raw_buffer_s prepare_message_buffer(const char * input); -void check_alias_list(const CKM::AliasVector& expected); - -typedef enum { - ALIAS_KEY, - ALIAS_CERT, - ALIAS_DATA -} alias_type_; -size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0); -std::string sharedDatabase(const CKM::Alias & alias); -CKM::RawBuffer createRandomBuffer(size_t random_bytes); -ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes); - -ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd); -void validate_AES_key(ckmc_key_s *analyzed); -void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second); // true if equal - -// Test env class for database cleanup. Pass database uids to cleanup before and after test -template -class RemoveDataEnv; - -template <> -class RemoveDataEnv<> -{ -public: - void init(const std::string&) - {} - void finish() - {} -}; - -template -class RemoveDataEnv : public RemoveDataEnv -{ -public: - void init(const std::string & str) { - remove_user_data(UID); - RemoveDataEnv::init(str); - } - void finish() { - RemoveDataEnv::finish(); - remove_user_data(UID); - } -}; - -typedef std::shared_ptr RawBufferPtr; -typedef std::shared_ptr ParamListPtr; - -ParamListPtr createParamListPtr(); - -void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal=true); - -RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer); - - -template -void test_no_observer(F&& func, Args... args) -{ - CKM::ManagerAsync::ObserverPtr obs; - CKM::ManagerAsync mgr; - - try { - (mgr.*func)(obs, args...); - RUNNER_ASSERT_MSG(false, "function() should have thrown an exception"); - } catch (const std::invalid_argument& e) { - RUNNER_ASSERT(true); - } catch (...) { - RUNNER_ASSERT_MSG(false, "Unexpected exception"); - } -} diff --git a/src/ckm/clean-env.cpp b/src/ckm/clean-env.cpp deleted file mode 100644 index 88352bd2..00000000 --- a/src/ckm/clean-env.cpp +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_clean_env.cpp - * @author Zbigniew Jasinski (z.jasinski@samsung.com) - * @version 1.0 - * @brief Functions to prepare clean env for tests. - * - */ - -#include -#include - -#include - -#include -#include - -int restart_security_server() { - ServiceManager sm("security-server.service"); - sm.restartService(); - - return 0; -} - -static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/, - int tflag, struct FTW *ftwbuf) -{ - if (tflag == FTW_F) - unlink(fpath); - else if (tflag == FTW_DP && ftwbuf->level != 0) - rmdir(fpath); - - return 0; -} - -/** - * This function should be called at the begining of every SS test, so all the tests - * are independent of each other. - */ -int reset_security_server() -{ - const char* path = "/opt/data/security-server/"; - const int max_descriptors = 10; //max number of open file descriptors by nftw function - - // Clear /opt/data/security-server/ directory - if (access(path, F_OK) == 0) { - if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) { - return 1; - } - sync(); - } - - restart_security_server(); - auto control = CKM::Control::create(); - - if (!!control) { - control->lockUserKey(5000); - control->removeUserData(5000); - control->unlockUserKey(5000, ""); - } - - return 0; -} - diff --git a/src/ckm/clean-env.h b/src/ckm/clean-env.h deleted file mode 100644 index f6f6c9e1..00000000 --- a/src/ckm/clean-env.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_clean_env.cpp - * @author Zbigniew Jasinski (z.jasinski@samsung.com) - * @version 1.0 - * @brief Functions to prepare clean env for tests. - * - */ -#pragma once - -#include -#include - -#include - -int restart_security_server(); -int reset_security_server(); - diff --git a/src/ckm/device_key.xml b/src/ckm/device_key.xml deleted file mode 100644 index 30c162ae..00000000 --- a/src/ckm/device_key.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - - - MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll - 1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr - S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g - OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R - DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl - yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr - MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK - koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay - IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO - HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM - mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv - l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD - u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K - 4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m - Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP - IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ - hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM - 38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91 - 2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir - XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1 - ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI - n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/ - upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG - RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI - tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT - - - diff --git a/src/ckm/encryption-decryption-env.cpp b/src/ckm/encryption-decryption-env.cpp deleted file mode 100644 index 03dc266e..00000000 --- a/src/ckm/encryption-decryption-env.cpp +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file encryption-decryption-env.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#include - -using namespace CKM; - -EncryptionError SyncApi::encrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& decrypted, - ckmc_raw_buffer_s **ppencrypted) -{ - return ckmcError2Result(ckmc_encrypt_data(params, key_alias, password, decrypted, ppencrypted)); -} - -EncryptionError SyncApi::decrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& encrypted, - ckmc_raw_buffer_s **ppdecrypted) -{ - return ckmcError2Result(ckmc_decrypt_data(params, key_alias, password, encrypted, ppdecrypted)); -} - -EncryptionError SyncApi::ckmcError2Result(int error) { - switch (error) { - case CKMC_ERROR_NONE: return EncryptionError::SUCCESS; - case CKMC_ERROR_INVALID_PARAMETER: return EncryptionError::INVALID_PARAM; - case CKMC_ERROR_SERVER_ERROR: return EncryptionError::SERVER_ERROR; - case CKMC_ERROR_DB_ALIAS_UNKNOWN: return EncryptionError::ALIAS_UNKNOWN; - case CKMC_ERROR_AUTHENTICATION_FAILED: return EncryptionError::AUTH_FAILED; - default: return EncryptionError::OTHER; - } -} - - - -void AsyncApi::Observer::ReceivedError(int error) { - Finished(error); -} -void AsyncApi::Observer::ReceivedEncrypted(RawBuffer && buffer) { - m_buffer = std::move(buffer); - Finished(); -} - -void AsyncApi::Observer::ReceivedDecrypted(RawBuffer && buffer) { - m_buffer = std::move(buffer); - Finished(); -} - -void AsyncApi::Observer::WaitForResponse() { - std::unique_lock lock(m_mutex); - m_cv.wait(lock, [this] {return m_finished;}); -} -void AsyncApi::Observer::Finished(int error) -{ - m_error = error; - m_finished = true; - m_cv.notify_one(); -} - -EncryptionError AsyncApi::crypt(cryptoFn operation, - ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& in, - ckmc_raw_buffer_s **ppout) -{ - // C++ API doesn't have to check that - if(!params || !key_alias || !ppout) - return EncryptionError::INVALID_PARAM; - - CKM::ManagerAsync mgr; - std::shared_ptr obs = std::make_shared(); - - // params - const CryptoAlgorithm* ca = reinterpret_cast(params); - - // password - Password pass; - if (password) - pass = password; - - // buffer - RawBuffer inBuffer(in.data, in.data + in.size); - - // crypto operation - (mgr.*operation)(obs, *ca, key_alias, pass, inBuffer); - obs->WaitForResponse(); - if(obs->m_error != CKM_API_SUCCESS) - return ckmError2Result(obs->m_error); - - int ret = ckmc_buffer_new(obs->m_buffer.data(), obs->m_buffer.size(), ppout); - if (ret != CKMC_ERROR_NONE) - return EncryptionError::OTHER; - - return EncryptionError::SUCCESS; -} - -EncryptionError AsyncApi::encrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& plain, - ckmc_raw_buffer_s **ppencrypted) -{ - return crypt(&CKM::ManagerAsync::encrypt, params, key_alias, password, plain, ppencrypted); -} - -EncryptionError AsyncApi::decrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& encrypted, - ckmc_raw_buffer_s **ppdecrypted) -{ - return crypt(&CKM::ManagerAsync::decrypt, params, key_alias, password, encrypted, ppdecrypted); -} - -EncryptionError AsyncApi::ckmError2Result(int error) -{ - switch (error) { - case CKM_API_SUCCESS: return EncryptionError::SUCCESS; - case CKM_API_ERROR_INPUT_PARAM: return EncryptionError::INVALID_PARAM; - case CKM_API_ERROR_SERVER_ERROR: return EncryptionError::SERVER_ERROR; - case CKM_API_ERROR_DB_ALIAS_UNKNOWN: return EncryptionError::ALIAS_UNKNOWN; - case CKM_API_ERROR_AUTHENTICATION_FAILED: return EncryptionError::AUTH_FAILED; - default: return EncryptionError::OTHER; - } -} diff --git a/src/ckm/encryption-decryption-env.h b/src/ckm/encryption-decryption-env.h deleted file mode 100644 index 1af99e55..00000000 --- a/src/ckm/encryption-decryption-env.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file encryption-decryption-env.h - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - -#pragma once - -#include -#include -#include - -#include -#include -#include - -enum EncryptionError{ - SUCCESS, - INVALID_PARAM, - SERVER_ERROR, - ALIAS_UNKNOWN, - AUTH_FAILED, - OTHER, -}; - -struct EncryptionApi -{ - virtual EncryptionError encrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& decrypted, - ckmc_raw_buffer_s **ppencrypted) = 0; - - virtual EncryptionError decrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& encrypted, - ckmc_raw_buffer_s **ppdecrypted) = 0; -}; - -class SyncApi : public EncryptionApi -{ -public: - virtual EncryptionError encrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& decrypted, - ckmc_raw_buffer_s **ppencrypted); - - virtual EncryptionError decrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& encrypted, - ckmc_raw_buffer_s **ppdecrypted); -private: - static EncryptionError ckmcError2Result(int error); -}; - -struct AsyncApi : public EncryptionApi -{ -private: - struct Observer : public CKM::ManagerAsync::Observer { - Observer() : m_finished(false), m_error(CKM_API_SUCCESS) {} - - void ReceivedError(int error); - void ReceivedEncrypted(CKM::RawBuffer && buffer); - void ReceivedDecrypted(CKM::RawBuffer && buffer); - void WaitForResponse(); - void Finished(int error = CKMC_ERROR_NONE); - - std::mutex m_mutex; - std::condition_variable m_cv; - bool m_finished; - int m_error; - CKM::RawBuffer m_buffer; - }; - -public: - EncryptionError encrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& decrypted, - ckmc_raw_buffer_s **ppencrypted); - - EncryptionError decrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& encrypted, - ckmc_raw_buffer_s **ppdecrypted); -private: - typedef void (CKM::ManagerAsync::*cryptoFn)(const CKM::ManagerAsync::ObserverPtr&, - const CKM::CryptoAlgorithm&, - const CKM::Alias&, - const CKM::Password&, - const CKM::RawBuffer&); - - EncryptionError crypt(cryptoFn operation, - ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s& in, - ckmc_raw_buffer_s **ppout); - - static EncryptionError ckmError2Result(int error); -}; - - - diff --git a/src/ckm/encryption-decryption.cpp b/src/ckm/encryption-decryption.cpp deleted file mode 100644 index cc057b97..00000000 --- a/src/ckm/encryption-decryption.cpp +++ /dev/null @@ -1,1498 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file encryption-decryption.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - */ - - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -using namespace CKM; - -namespace { - -const char* PASSWORD = "test-password"; -const uid_t UID = 5555; -const gid_t GID = 5555; -const size_t CTR_DEFAULT_LEN = 16*8; -const size_t DEFAULT_IV_LEN = 16; -const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024 - -// Environment -SyncApi g_syncApi; -AsyncApi g_asyncApi; - -EncryptionApi* g_api = &g_syncApi; - -EncryptionError apiEncrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s decrypted, - ckmc_raw_buffer_s **ppencrypted) { - RUNNER_ASSERT_MSG(g_api, "No encryption API is connected"); - return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted); -} - -EncryptionError apiDecrypt(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s encrypted, - ckmc_raw_buffer_s **ppdecrypted) { - RUNNER_ASSERT_MSG(g_api, "No encryption API is connected"); - return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted); -} - -template -void assert_crypto_result(EncryptionError expected, F&& func, Args... args) -{ - EncryptionError ret = func(args...); - RUNNER_ASSERT_MSG(ret == expected, - "Expected: " << static_cast(expected) << - " got: " << static_cast(ret)); -} - -template -void assert_crypto_positive(F&& func, Args... args) -{ - assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...); -} - -template -void assert_crypto_invalid_param(F&& func, Args... args) -{ - assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...); -} - -struct TagTest { - int tagLen; - EncryptionError expected; -}; - -struct KeyAliasPair -{ - Alias prv; - Alias pub; -}; - -class EncEnv : public RemoveDataEnv { -public: - EncEnv() : m_dbu(NULL), m_sap(NULL) {} - ~EncEnv() { delete m_sap; delete m_dbu; } - - void init(const std::string& str) { - RemoveDataEnv::init(str); - m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database - m_sap = new ScopedAccessProvider("my-label"); // setup label - - // setup smack rules and switch user - m_sap->allowAPI("key-manager::api-storage", "rw"); - m_sap->allowAPI("key-manager::api-encryption", "rw"); - m_sap->applyAndSwithToUser(UID, GID); - } - - void finish() { - delete m_sap; - m_sap = NULL; - delete m_dbu; - m_dbu = NULL; - RemoveDataEnv::finish(); - g_api = NULL; - } - - ScopedDBUnlock* m_dbu; - ScopedAccessProvider* m_sap; -}; - -struct SyncEnv : public EncEnv { - void init(const std::string& str) { - EncEnv::init(str); - g_api = &g_syncApi; - } - - static std::string suffix() { return "_sync"; } -}; - -struct AsyncEnv : public EncEnv { - void init(const std::string& str) { - EncEnv::init(str); - g_api = &g_asyncApi; - } - - static std::string suffix() { return "_async"; } -}; - -struct AlgoBase { - ckmc_algo_type_e m_type; - size_t m_keyLen; - - AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {} - - virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0; -}; - -typedef std::shared_ptr AlgoBasePtr; - -template -AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) { - return AlgoBasePtr(new T(type, keyLen)); -} - -struct AlgoAes : public AlgoBase { - AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {} - KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr); -}; - -KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix) -{ - KeyAliasPair aliases; - std::ostringstream oss; - std::string ownerId = getOwnerIdFromSelf(); - CharPtr passPtr(nullptr, free); - if (pass) - passPtr.reset(strdup(pass)); - - oss << "aes_" << static_cast(m_type) << "_" << m_keyLen << "_key_alias"; - if (suffix) - oss << suffix; - aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str()); - aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str()); - - ckmc_policy_s policy; - policy.extractable = false; - policy.password = passPtr.get(); - - assert_positive(ckmc_create_key_aes, m_keyLen, aliases.prv.c_str(), policy); - return aliases; -} - -struct AlgoRsa : public AlgoBase { - AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {} - KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr); -}; - -KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix) -{ - std::ostringstream oss_prv, oss_pub; - oss_prv << "rsa_oaep_prv_alias_" << m_keyLen; - oss_pub << "rsa_oaep_pub_alias_" << m_keyLen; - if (suffix) { - oss_prv << suffix; - oss_pub << suffix; - } - KeyAliasPair aliases = { - aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()), - aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str()) - }; - CharPtr passPtr(nullptr, free); - if (pass) - passPtr.reset(strdup(pass)); - - ckmc_policy_s policyPrv; - policyPrv.password = passPtr.get(); - policyPrv.extractable = 0; - - ckmc_policy_s policyPub; - policyPub.password = passPtr.get(); - policyPub.extractable = 0; - - assert_positive(ckmc_create_key_pair_rsa, - m_keyLen, - aliases.prv.c_str(), - aliases.pub.c_str(), - policyPrv, - policyPub); - return aliases; -} - -enum Algorithm { - AES_CBC_128, - AES_CBC_192, - AES_CBC_256, - AES_GCM_128, - AES_GCM_192, - AES_GCM_256, - AES_CTR_128, - AES_CTR_192, - AES_CTR_256, - AES_CFB_128, - AES_CFB_192, - AES_CFB_256, - RSA_OAEP_1024, - RSA_OAEP_2048, - RSA_OAEP_4096, -}; - -std::map g_algorithms = { - { AES_CBC_128, createAlgo(CKMC_ALGO_AES_CBC, 128) }, - { AES_CBC_192, createAlgo(CKMC_ALGO_AES_CBC, 192) }, - { AES_CBC_256, createAlgo(CKMC_ALGO_AES_CBC, 256) }, - { AES_GCM_128, createAlgo(CKMC_ALGO_AES_GCM, 128) }, - { AES_GCM_192, createAlgo(CKMC_ALGO_AES_GCM, 192) }, - { AES_GCM_256, createAlgo(CKMC_ALGO_AES_GCM, 256) }, - { AES_CTR_128, createAlgo(CKMC_ALGO_AES_CTR, 128) }, - { AES_CTR_192, createAlgo(CKMC_ALGO_AES_CTR, 192) }, - { AES_CTR_256, createAlgo(CKMC_ALGO_AES_CTR, 256) }, - { AES_CFB_128, createAlgo(CKMC_ALGO_AES_CFB, 128) }, - { AES_CFB_192, createAlgo(CKMC_ALGO_AES_CFB, 192) }, - { AES_CFB_256, createAlgo(CKMC_ALGO_AES_CFB, 256) }, - { RSA_OAEP_1024, createAlgo(CKMC_ALGO_RSA_OAEP, 1024) }, - { RSA_OAEP_2048, createAlgo(CKMC_ALGO_RSA_OAEP, 2048) }, - { RSA_OAEP_4096, createAlgo(CKMC_ALGO_RSA_OAEP, 4096) }, -}; - -void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer) -{ - int ret = ckmc_param_list_set_buffer(params.get(), name, buffer); - RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, - "Failed to set param " << name << " error: " << CKMCErrorToString(ret)); -} - -void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer) -{ - int ret = ckmc_param_list_set_integer(params.get(), name, integer); - RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, - "Failed to set param " << name << " error: " << CKMCErrorToString(ret)); -} - -struct EncryptionResult -{ - RawBufferPtr encrypted; - ParamListPtr params; - Alias prvKey; - Alias pubKey; -}; - -EncryptionResult encrypt(const AlgoBasePtr& algo, - const RawBufferPtr& plain, - const char* pass = nullptr) -{ - EncryptionResult ret; - ckmc_raw_buffer_s* encrypted = nullptr; - KeyAliasPair aliases = algo->keyGen(pass); - - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ret.params = ParamListPtr(handle, ckmc_param_list_free); - setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - assert_crypto_positive(apiEncrypt, - ret.params.get(), - aliases.pub.c_str(), - pass, - *plain.get(), - &encrypted); - - ret.encrypted = create_raw_buffer(encrypted); - ret.prvKey = aliases.prv; - ret.pubKey = aliases.pub; - return ret; -} - -void testAllAlgorithms( - const std::function& test) -{ - for(const auto& it : g_algorithms) - test(it.second); -} - -void testNoIvEnc(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encrypted = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // param list with algo type only - ParamListPtr params = createParamListPtr(); - setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type); - assert_crypto_invalid_param(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encrypted); -} - -void testNoIvDec(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt; - auto ret = encrypt(algo, plain); - - // param list with algo type only - ParamListPtr params = createParamListPtr(); - setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type); - assert_crypto_invalid_param(apiDecrypt, - params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); -} - -void testInvalidIvEnc(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encryptedTmp = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - - // invalid encryption - auto test = [&](){ - assert_crypto_invalid_param(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encryptedTmp); - ckmc_buffer_free(encryptedTmp); - encryptedTmp = nullptr; - }; - // invalid iv size - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1)); - test(); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1)); - test(); -}; - -void testInvalidIvDec(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // valid encryption - auto ret = encrypt(algo, plain); - - // decryption - auto test2 = [&](){ - assert_crypto_invalid_param(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - ckmc_buffer_free(decrypted); - decrypted = nullptr; - }; - - // invalid iv size - setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1)); - test2(); - setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1)); - test2(); -}; - -void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encrypted = nullptr; - ckmc_raw_buffer_s* decrypted = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - // set AAD - setParam(params, name, createRandomBufferCAPI(64)); - - // encrypt - assert_crypto_positive(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encrypted); - RawBufferPtr tmpEnc = create_raw_buffer(encrypted); - - // decrypt - assert_crypto_positive(apiDecrypt, - params.get(), - aliases.prv.c_str(), - nullptr, - *tmpEnc.get(), - &decrypted); - RawBufferPtr tmpDec = create_raw_buffer(decrypted); - - // check - assert_buffers_equal(*plain.get(), *tmpDec.get()); - tmpDec.reset(); - decrypted = nullptr; - - // set wrong AAD - setParam(params, name, createRandomBufferCAPI(32)); - - // decrypt - assert_crypto_result(EncryptionError::SERVER_ERROR, - apiDecrypt, - params.get(), - aliases.prv.c_str(), - nullptr, - *tmpEnc.get(), - &decrypted); -} - -void testGcmIvSize(size_t size, - const KeyAliasPair& aliases, - EncryptionError error = EncryptionError::SUCCESS) -{ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - RawBufferPtr encrypted; - RawBufferPtr decrypted; - ckmc_raw_buffer_s* encryptedTmp = nullptr; - ckmc_raw_buffer_s* decryptedTmp = nullptr; - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size)); - - // encryption - assert_crypto_result(error, - apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encryptedTmp); - - if(error != EncryptionError::SUCCESS) - return; - encrypted = create_raw_buffer(encryptedTmp); - - // decryption - assert_crypto_positive(apiDecrypt, - params.get(), - aliases.prv.c_str(), - nullptr, - *encrypted.get(), - &decryptedTmp); - decrypted = create_raw_buffer(decryptedTmp); - - assert_buffers_equal(*plain.get(), *decrypted.get()); -} - -void testIntegrity(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - // break the encrypted data - ret.encrypted->data[BUF_LEN/2]++; - - // no data integrity check - assert_crypto_positive(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - - RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted, false); -} - -void testCtrEncryptionInvalidLength(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encryptedTmp = nullptr; - - // add AES CTR key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - // encryption - auto test = [&](){ - assert_crypto_invalid_param(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encryptedTmp); - ckmc_buffer_free(encryptedTmp); - encryptedTmp = nullptr; - }; - // invalid counter size - setParam(params, CKMC_PARAM_ED_CTR_LEN, -1); - test(); - setParam(params, CKMC_PARAM_ED_CTR_LEN, 0); - test(); - setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1); - test(); -} - -void testCtrEncryptionValidLength(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encryptedTmp = nullptr; - - // add AES CTR key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - // encryption - auto test = [&](){ - assert_crypto_positive(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encryptedTmp); - ckmc_buffer_free(encryptedTmp); - encryptedTmp = nullptr; - }; - // valid counter sizez - setParam(params, CKMC_PARAM_ED_CTR_LEN, 1); - test(); - setParam(params, CKMC_PARAM_ED_CTR_LEN, 4); - test(); - setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1); - test(); - setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN); - test(); -} - -void testCtrDecryptionInvalidLength(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // add AES CTR key & encrypt - auto ret = encrypt(algo, plain); - - // decryption - auto test = [&](){ - assert_crypto_invalid_param(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - ckmc_buffer_free(decrypted); - decrypted = nullptr; - }; - // invalid counter size - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1); - test(); - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0); - test(); - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1); - test(); -} - -void testCtrDecryptionValidLength(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // add AES CTR key & encrypt - auto ret = encrypt(algo, plain); - - // decryption - auto test = [&](){ - assert_crypto_positive(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - ckmc_buffer_free(decrypted); - RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted); - }; - // invalid counter size - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1); - test(); - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4); - test(); - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1); - test(); - setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN); - test(); -} - -void testGcmEncryptionTagLen(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encryptedTmp = nullptr; - - // add AES GCM key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - std::vector testData = { - // illegal tag lengths - { -1, EncryptionError::INVALID_PARAM }, - { 0, EncryptionError::INVALID_PARAM }, - { 16, EncryptionError::INVALID_PARAM }, - { 48, EncryptionError::INVALID_PARAM }, - { 72, EncryptionError::INVALID_PARAM }, - { 100, EncryptionError::INVALID_PARAM }, - { 108, EncryptionError::INVALID_PARAM }, - { 116, EncryptionError::INVALID_PARAM }, - { 124, EncryptionError::INVALID_PARAM }, - { 256, EncryptionError::INVALID_PARAM }, - // legal tag lengths - { 32, EncryptionError::SUCCESS }, - { 64, EncryptionError::SUCCESS }, - { 96, EncryptionError::SUCCESS }, - { 104, EncryptionError::SUCCESS }, - { 112, EncryptionError::SUCCESS }, - { 120, EncryptionError::SUCCESS }, - { 128, EncryptionError::SUCCESS }, - }; - - // encryption - for(const auto& it : testData) - { - setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen); - assert_crypto_result(it.expected, - apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encryptedTmp); - ckmc_buffer_free(encryptedTmp); - encryptedTmp = nullptr; - } -} - -void testGcmDecryptionTagLen(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // add AES GCM key & encrypt - auto ret = encrypt(algo, plain); - - std::vector testData = { - // illegal tag lengths - { -1, EncryptionError::INVALID_PARAM }, - { 0, EncryptionError::INVALID_PARAM }, - { 16, EncryptionError::INVALID_PARAM }, - { 48, EncryptionError::INVALID_PARAM }, - { 72, EncryptionError::INVALID_PARAM }, - { 100, EncryptionError::INVALID_PARAM }, - { 108, EncryptionError::INVALID_PARAM }, - { 116, EncryptionError::INVALID_PARAM }, - { 124, EncryptionError::INVALID_PARAM }, - { 256, EncryptionError::INVALID_PARAM }, - // legal tag lengths (EVP_CipherFinal fails but we can't get the error code) - { 32, EncryptionError::SERVER_ERROR }, - { 64, EncryptionError::SERVER_ERROR }, - { 96, EncryptionError::SERVER_ERROR }, - { 104, EncryptionError::SERVER_ERROR }, - { 112, EncryptionError::SERVER_ERROR }, - { 120, EncryptionError::SERVER_ERROR }, - // legal tag length that was actually used for encryption (default) - { 128, EncryptionError::SUCCESS }, - }; - - // decryption - for(const auto& it : testData) - { - setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen); - assert_crypto_result(it.expected, - apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - ckmc_buffer_free(decrypted); - decrypted = nullptr; - } -} - -void testGcmWrongTag(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt with AES GCM - auto ret = encrypt(algo, plain); - - // modify tag (last 16B of encrypted message) - ret.encrypted->data[ret.encrypted->size-1]++; - - // EVP_CipherFinal fails but we can't get error code - assert_crypto_result(EncryptionError::SERVER_ERROR, - apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); -} - -void testGcmDifferentIvSizes(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // add AES GCM key - KeyAliasPair aliases = algo->keyGen(); - - testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest - testGcmIvSize(12, aliases); - testGcmIvSize(17, aliases); - testGcmIvSize(128, aliases); -} - -void testEncryptDecryptBigData(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - assert_positive(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - RawBufferPtr tmp = create_raw_buffer(decrypted); - - assert_buffers_equal(*plain.get(), *decrypted); -} - -void testEncryptDecryptDifferentKeys(Algorithm type, bool success) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - // add different key - KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong"); - - - if (success) { - // some algorithms don't verify key validity - assert_crypto_positive(apiDecrypt, - ret.params.get(), - differentKeys.prv.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - RawBufferPtr tmp = create_raw_buffer(decrypted); - - assert_buffers_equal(*plain.get(), *decrypted, false); - } else { - // different key should not be accepted - assert_crypto_result(EncryptionError::SERVER_ERROR, - apiDecrypt, - ret.params.get(), - differentKeys.prv.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - } - - // Cleanup before testing next algorithm. Ignore results because not all keys are present - ckmc_remove_alias(ret.prvKey.c_str()); - ckmc_remove_alias(ret.pubKey.c_str()); - ckmc_remove_alias(differentKeys.prv.c_str()); - ckmc_remove_alias(differentKeys.pub.c_str()); -} - -void testRsaLongestData(Algorithm type, size_t dataSize) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - assert_crypto_positive(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - RawBufferPtr tmp = create_raw_buffer(decrypted); - - assert_buffers_equal(*plain.get(), *decrypted); -} - -void testRsaDataTooLong(Algorithm type, size_t dataSize) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize)); - - // encrypt - EncryptionResult ret; - ckmc_raw_buffer_s* encrypted = nullptr; - KeyAliasPair aliases = algo->keyGen(); - - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ret.params = ParamListPtr(handle, ckmc_param_list_free); - assert_crypto_result(EncryptionError::SERVER_ERROR, - apiEncrypt, - ret.params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encrypted); -} - -} // namespace anonymous - - -RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION); - -///////////////////////////////////////// -// Generic encryption decryption tests -///////////////////////////////////////// - -RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encrypted = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // null param list - assert_crypto_invalid_param(apiEncrypt, - nullptr, - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encrypted); - - // empty param list - ParamListPtr params = createParamListPtr(); - assert_crypto_invalid_param(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - &encrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* encrypted = nullptr; - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - assert_crypto_result(EncryptionError::ALIAS_UNKNOWN, - apiEncrypt, - params.get(), - "non-existing-key-alias", - nullptr, - *plain.get(), - &encrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - ckmc_raw_buffer_s plain = { nullptr, 0 }; - ckmc_raw_buffer_s* encrypted = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - assert_crypto_invalid_param(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - plain, - &encrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s** encrypted = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - assert_crypto_invalid_param(apiEncrypt, - params.get(), - aliases.pub.c_str(), - nullptr, - *plain.get(), - encrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt; - auto ret = encrypt(algo, plain); - - // null param list - assert_crypto_invalid_param(apiDecrypt, - nullptr, - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - - // empty param list - ParamListPtr params = createParamListPtr(); - assert_crypto_invalid_param(apiDecrypt, - params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - // remove key - assert_positive(ckmc_remove_alias, ret.prvKey.c_str()); - - // try to decrypt - assert_crypto_result(EncryptionError::ALIAS_UNKNOWN, - apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - ckmc_raw_buffer_s encrypted = { nullptr, 0 }; - ckmc_raw_buffer_s* decrypted = nullptr; - - // add key - KeyAliasPair aliases = algo->keyGen(); - - // setup params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - assert_crypto_invalid_param(apiDecrypt, - params.get(), - aliases.prv.c_str(), - nullptr, - encrypted, - &decrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s** decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - assert_crypto_invalid_param(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - decrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv) -{ - testEncryptDecryptDifferentKeys(AES_CBC_128, false); - testEncryptDecryptDifferentKeys(AES_CBC_192, false); - testEncryptDecryptDifferentKeys(AES_CBC_256, false); - testEncryptDecryptDifferentKeys(AES_GCM_128, false); - testEncryptDecryptDifferentKeys(AES_GCM_192, false); - testEncryptDecryptDifferentKeys(AES_GCM_256, false); - testEncryptDecryptDifferentKeys(AES_CTR_128, true); - testEncryptDecryptDifferentKeys(AES_CTR_192, true); - testEncryptDecryptDifferentKeys(AES_CTR_256, true); - testEncryptDecryptDifferentKeys(AES_CFB_128, true); - testEncryptDecryptDifferentKeys(AES_CFB_192, true); - testEncryptDecryptDifferentKeys(AES_CFB_256, true); - testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false); - testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false); - testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false); -} - -RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain); - - assert_crypto_positive(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - nullptr, - *ret.encrypted.get(), - &decrypted); - RawBufferPtr tmp = create_raw_buffer(decrypted); - - assert_buffers_equal(*plain.get(), *decrypted); - }); -} - -RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - ckmc_raw_buffer_s* decrypted = nullptr; - - // encrypt - auto ret = encrypt(algo, plain, PASSWORD); - - // wrong password - assert_crypto_result(EncryptionError::AUTH_FAILED, - apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - "wrong-password", - *ret.encrypted.get(), - &decrypted); - - // correct password - assert_crypto_positive(apiDecrypt, - ret.params.get(), - ret.prvKey.c_str(), - PASSWORD, - *ret.encrypted.get(), - &decrypted); - RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion - - assert_buffers_equal(*plain.get(), *decrypted); - }); -} - -// long test split into smaller ones -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CBC_128); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CBC_192); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CBC_256); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_GCM_128); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_GCM_192); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CTR_128); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CTR_192); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CTR_256); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CFB_128); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CFB_192); -} - -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv) -{ - testEncryptDecryptBigData(AES_CFB_256); -} - -///////////////////////////////////////// -// Algorithm specific tests -///////////////////////////////////////// - -RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv) -{ - testNoIvEnc(AES_CTR_128); - testNoIvEnc(AES_CTR_192); - testNoIvEnc(AES_CTR_256); - testNoIvEnc(AES_CBC_128); - testNoIvEnc(AES_CBC_192); - testNoIvEnc(AES_CBC_256); - testNoIvEnc(AES_CFB_128); - testNoIvEnc(AES_CFB_192); - testNoIvEnc(AES_CFB_256); - testNoIvEnc(AES_GCM_128); - testNoIvEnc(AES_GCM_192); - testNoIvEnc(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv) -{ - testInvalidIvEnc(AES_CTR_128); - testInvalidIvEnc(AES_CTR_192); - testInvalidIvEnc(AES_CTR_256); - testInvalidIvEnc(AES_CBC_128); - testInvalidIvEnc(AES_CBC_192); - testInvalidIvEnc(AES_CBC_256); - testInvalidIvEnc(AES_CFB_128); - testInvalidIvEnc(AES_CFB_192); - testInvalidIvEnc(AES_CFB_256); -} - -RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv) -{ - testNoIvDec(AES_CTR_128); - testNoIvDec(AES_CTR_192); - testNoIvDec(AES_CTR_256); - testNoIvDec(AES_CBC_128); - testNoIvDec(AES_CBC_192); - testNoIvDec(AES_CBC_256); - testNoIvDec(AES_CFB_128); - testNoIvDec(AES_CFB_192); - testNoIvDec(AES_CFB_256); - testNoIvDec(AES_GCM_128); - testNoIvDec(AES_GCM_192); - testNoIvDec(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv) -{ - testInvalidIvDec(AES_CTR_128); - testInvalidIvDec(AES_CTR_192); - testInvalidIvDec(AES_CTR_256); - testInvalidIvDec(AES_CBC_128); - testInvalidIvDec(AES_CBC_192); - testInvalidIvDec(AES_CBC_256); - testInvalidIvDec(AES_CFB_128); - testInvalidIvDec(AES_CFB_192); - testInvalidIvDec(AES_CFB_256); -} - -RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv) -{ - testIntegrity(AES_CTR_128); - testIntegrity(AES_CTR_192); - testIntegrity(AES_CTR_256); - testIntegrity(AES_CBC_128); - testIntegrity(AES_CBC_192); - testIntegrity(AES_CBC_256); - testIntegrity(AES_CFB_128); - testIntegrity(AES_CFB_192); - testIntegrity(AES_CFB_256); -} - -RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv) -{ - testCtrEncryptionInvalidLength(AES_CTR_128); - testCtrEncryptionInvalidLength(AES_CTR_192); - testCtrEncryptionInvalidLength(AES_CTR_256); -} - -RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv) -{ - RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length"); - testCtrEncryptionValidLength(AES_CTR_128); - testCtrEncryptionValidLength(AES_CTR_192); - testCtrEncryptionValidLength(AES_CTR_256); -} - -RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv) -{ - testCtrDecryptionInvalidLength(AES_CTR_128); - testCtrDecryptionInvalidLength(AES_CTR_192); - testCtrDecryptionInvalidLength(AES_CTR_256); -} - -RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv) -{ - RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length"); - testCtrDecryptionValidLength(AES_CTR_128); - testCtrDecryptionValidLength(AES_CTR_192); - testCtrDecryptionValidLength(AES_CTR_256); -} - -RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv) -{ - testGcmEncryptionTagLen(AES_GCM_128); - testGcmEncryptionTagLen(AES_GCM_192); - testGcmEncryptionTagLen(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv) -{ - testGcmDecryptionTagLen(AES_GCM_128); - testGcmDecryptionTagLen(AES_GCM_192); - testGcmDecryptionTagLen(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv) -{ - testGcmWrongTag(AES_GCM_128); - testGcmWrongTag(AES_GCM_192); - testGcmWrongTag(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv) -{ - testGcmDifferentIvSizes(AES_GCM_128); - testGcmDifferentIvSizes(AES_GCM_192); - testGcmDifferentIvSizes(AES_GCM_256); -} - -RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv) -{ - encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD); - encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD); - encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD); -} - -RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv) -{ - RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl"); - encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL); - encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL); - encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL); -} - -RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv) -{ - testRsaLongestData(RSA_OAEP_1024, 86); - testRsaLongestData(RSA_OAEP_2048, 214); - testRsaLongestData(RSA_OAEP_4096, 470); -} - -RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv) -{ - testRsaDataTooLong(RSA_OAEP_1024, 87); - testRsaDataTooLong(RSA_OAEP_2048, 215); - testRsaDataTooLong(RSA_OAEP_4096, 471); -} - -///////////////////////////////////////// -// Asynchronous only tests -///////////////////////////////////////// -RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBuffer plain = createRandomBuffer(BUF_LEN); - - // keys - KeyAliasPair aliases = algo->keyGen(nullptr); - - // params - ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); - ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - - // encrypt - test_no_observer(&ManagerAsync::encrypt, - *reinterpret_cast(params.get()), - aliases.pub, - Password(), - plain); - }); -} - -RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv) -{ - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - - // encrypt - auto ret = encrypt(algo, plain); - RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size); - - // decrypt - test_no_observer(&ManagerAsync::decrypt, - *reinterpret_cast(ret.params.get()), - ret.prvKey, - Password(), - encrypted); - }); -} diff --git a/src/ckm/initial-values.cpp b/src/ckm/initial-values.cpp deleted file mode 100644 index 9f0b6005..00000000 --- a/src/ckm/initial-values.cpp +++ /dev/null @@ -1,407 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * @file system-db.cpp - * @author Maciej Karpiuk (m.karpiuk2@samsung.com) - * @version 1.0 - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace -{ -const uid_t USER_APP = 5070; -const uid_t GROUP_APP = 5070; -const char* APP_PASS = "user-pass"; -const char* TEST_WEB_APP_1 = "web_app1"; -const char* TEST_WEB_APP_2 = "web_app2"; - -const char *XML_DEVICE_KEY = "device_key.xml"; - -const char *XML_1_okay = "XML_1_okay.xml"; -std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1"); -std::string XML_1_EXPECTED_KEY_1_PASSWD = "123"; -std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2"); -// uncomment when AES is supported (+ usage in the tests) -std::string XML_1_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test-aes1"); -std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1"); -std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1"); -const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data"; -// encrypted -std::string XML_1_EXPECTED_KEY_3_RSA_PRV = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv"); -std::string XML_1_EXPECTED_KEY_3_RSA_PUB = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub"); -std::string XML_1_EXPECTED_ASCII_DATA = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption"); -std::string XML_1_EXPECTED_BIG_DATA = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption"); - -const char *XML_2_okay = "XML_2_okay.xml"; -std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1"); -std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2"); -// uncomment when AES is supported -std::string XML_2_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test2-aes1"); -std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1"); -std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1"); -const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data"; - -const char *XML_3_wrong = "XML_3_wrong.xml"; -std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1"); -std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2"); -// uncomment when AES is supported -std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1"); -std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1"); - - -std::string format_src_path(const char *file) -{ - return std::string("/usr/share/ckm-test/") + std::string(file); -} - -std::string format_dest_key_path(const char *file) -{ - return std::string("/opt/data/ckm/") + std::string(file); -} - -std::string format_dest_path(const char *file) -{ - return std::string("/opt/data/ckm/initial_values/") + std::string(file); -} - -void copy_file(const std::string &from, const std::string &to) -{ - std::ifstream infile(from, std::ios_base::binary); - RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist."); - std::ofstream outfile(to, std::ios_base::binary); - RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager."); - outfile << infile.rdbuf(); -} - -void restart_key_manager() -{ - stop_service(MANAGER); - start_service(MANAGER); -} - -void test_exists(const std::string& name, bool expected) { - bool file_exists = (access( name.c_str(), F_OK ) != -1); - RUNNER_ASSERT_MSG(file_exists == expected, - "File " << name << " status: " << file_exists << - " while expected: " << expected); -} - -} - - -RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES); - -RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>) -{ - RUNNER_IGNORED_MSG("Temporary turned off. This test requires password protected db."); - // [prepare] - // remove database 0 - // copy to the initial-values folder - // [test0] - // check XML file exists - // restart the key-manager - // check XML file exists - should fail - // [test1] - // check items existence as system service - // [test2] - // check items existence as web_app1 - // [test3] - // check items existence as web_app2 - - - // [prepare] - copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay)); - copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY)); - - // [test0] - test_exists(format_dest_path(XML_1_okay), true); - restart_key_manager(); - test_exists(format_dest_path(XML_1_okay), false); - - // [test1] - check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); - check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); - check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str()); - check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA); - - // [test2] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_WEB_APP_1); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str()); - check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); - check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str()); - check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA); - } - - // [test3] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_WEB_APP_2); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str()); - check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); - check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); - check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str()); - check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA); - } -} - -RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>) -{ - // [prepare] - // remove database 0 - // copy two files to the initial-values folder - // [test0] - // check XML files exist - // restart the key-manager - // check XML files exist - should fail - // [test1] - // check items existence as system service - - // [prepare] - copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY)); - copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay)); - copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay)); - - // [test0] - test_exists(format_dest_path(XML_1_okay), true); - test_exists(format_dest_path(XML_1_okay), true); - restart_key_manager(); - test_exists(format_dest_path(XML_2_okay), false); - test_exists(format_dest_path(XML_2_okay), false); - - // [test1] - check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); - check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); - check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); - check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); - check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str()); - check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str()); - check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA); - check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA); -} - -RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>) -{ - // [prepare] - // remove database 0 - // copy failing XML file to the initial-values folder - // [test0] - // check XML files exist - // restart the key-manager - // check XML files exist - should fail - // [test1] - // check items existence as system service - nothing should be available - - // [prepare] - copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong)); - - // [test0] - test_exists(format_dest_path(XML_3_wrong), true); - restart_key_manager(); - test_exists(format_dest_path(XML_3_wrong), false); - - // [test1] - check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str()); - check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str()); - check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str()); - check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str()); -} - -RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>) -{ - // [prepare] - // remove database 0 - // copy to the initial-values folder - // restart the key-manager - // [test] - // check if key can create & verify signature - - // [prepare] - copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY)); - copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay)); - restart_key_manager(); - - // [test] - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola.."); - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature = NULL; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - XML_1_EXPECTED_KEY_2_RSA.c_str(), - NULL, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - // invalid password - RUNNER_ASSERT_MSG( - CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature( - XML_1_EXPECTED_KEY_1_RSA.c_str(), - NULL, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - // correct password - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - XML_1_EXPECTED_KEY_1_RSA.c_str(), - XML_1_EXPECTED_KEY_1_PASSWD.c_str(), - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - ckmc_buffer_free(signature); -} - -RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>) -{ - // [prepare] - // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out - // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key - // remove database 0 - // copy to the initial-values folder - // restart the key-manager - // [test0] - // check if encrypted private key is present - // check if public key is present - // [test1] - // extract the private, encrypted key - // extract the public key - // create signature using the public key - // verify signature using the decrypted private key - - // [prepare] - copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY)); - copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay)); - restart_key_manager(); - - // [test0] - check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE); - check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC); - - - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola.."); - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature = NULL; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), - NULL, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - // invalid password - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), - NULL, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - - ckmc_buffer_free(signature); -} - -RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>) -{ - // [prepare] - // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out - // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key - // remove database 0 - // copy to the initial-values folder - // restart the key-manager - // [test0] - // extract data - // check if data matches the expected size and content - - // [prepare] - copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY)); - copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay)); - restart_key_manager(); - - // [test0] - ckmc_raw_buffer_s *testData1; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)), - CKMCReadableError(temp)); - size_t expected_len = 15; - RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size"); - RUNNER_ASSERT_MSG(memcmp(reinterpret_cast(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents"); - ckmc_buffer_free(testData1); -} - -RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>) -{ - // [prepare] - // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out - // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key - // remove database 0 - // copy to the initial-values folder - // restart the key-manager - // [test0] - // extract data - // check if data matches the expected size - - // [prepare] - copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY)); - copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay)); - restart_key_manager(); - - // [test0] - ckmc_raw_buffer_s *testData1; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size"); - ckmc_buffer_free(testData1); -} diff --git a/src/ckm/keys/EIV/ascii_data b/src/ckm/keys/EIV/ascii_data deleted file mode 100644 index 5061b47b..00000000 --- a/src/ckm/keys/EIV/ascii_data +++ /dev/null @@ -1 +0,0 @@ -My secret data diff --git a/src/ckm/keys/EIV/ascii_data.encrypted b/src/ckm/keys/EIV/ascii_data.encrypted deleted file mode 100644 index 448b06dc..00000000 --- a/src/ckm/keys/EIV/ascii_data.encrypted +++ /dev/null @@ -1 +0,0 @@ -ÎàCŽŸ)´[a­N½Q®\~ \ No newline at end of file diff --git a/src/ckm/keys/EIV/cert.der b/src/ckm/keys/EIV/cert.der deleted file mode 100644 index 8ac37af9..00000000 Binary files a/src/ckm/keys/EIV/cert.der and /dev/null differ diff --git a/src/ckm/keys/EIV/cert.der.encrypted b/src/ckm/keys/EIV/cert.der.encrypted deleted file mode 100644 index ebf3c364..00000000 Binary files a/src/ckm/keys/EIV/cert.der.encrypted and /dev/null differ diff --git a/src/ckm/keys/EIV/code.png b/src/ckm/keys/EIV/code.png deleted file mode 100644 index b062885a..00000000 Binary files a/src/ckm/keys/EIV/code.png and /dev/null differ diff --git a/src/ckm/keys/EIV/code.png.encrypted b/src/ckm/keys/EIV/code.png.encrypted deleted file mode 100644 index f28f0b15..00000000 Binary files a/src/ckm/keys/EIV/code.png.encrypted and /dev/null differ diff --git a/src/ckm/keys/EIV/device.priv b/src/ckm/keys/EIV/device.priv deleted file mode 100644 index 904e4707..00000000 --- a/src/ckm/keys/EIV/device.priv +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll -1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr -S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g -OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R -DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl -yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr -MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK -koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay -IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO -HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM -mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv -l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD -u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K -4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m -Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP -IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ -hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM -38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91 -2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir -XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1 -ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI -n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/ -upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG -RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI -tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT ------END RSA PRIVATE KEY----- diff --git a/src/ckm/keys/EIV/device.pub b/src/ckm/keys/EIV/device.pub deleted file mode 100644 index 4a26780f..00000000 --- a/src/ckm/keys/EIV/device.pub +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Vx4MBKFGalaRh+BzSYn -W8am8ajbnyD6AaweHcH+oAAQX7Ll1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy -+/X/pMBa4MHrjzH01gzzV0jyqEOrS6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLg -jBkbrmKEMHMk6jT5NUtKhpBXo0/gOgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG -1tFxGbeQkmBBxXVIr7u/z9WDG32RDiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspF -y7ek0x0Lll3t1P7FMgF1V21PFhclyX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlc -SQIDAQAB ------END PUBLIC KEY----- diff --git a/src/ckm/keys/EIV/encryption_AES_IV b/src/ckm/keys/EIV/encryption_AES_IV deleted file mode 100644 index f242b606..00000000 --- a/src/ckm/keys/EIV/encryption_AES_IV +++ /dev/null @@ -1 +0,0 @@ -_ThisIsIVForAES_ \ No newline at end of file diff --git a/src/ckm/keys/EIV/encryption_AES_IV_cert b/src/ckm/keys/EIV/encryption_AES_IV_cert deleted file mode 100644 index 2af2a62e..00000000 --- a/src/ckm/keys/EIV/encryption_AES_IV_cert +++ /dev/null @@ -1 +0,0 @@ -IVdiffersFrItems \ No newline at end of file diff --git a/src/ckm/keys/EIV/encryption_AES_IV_data_ASCII b/src/ckm/keys/EIV/encryption_AES_IV_data_ASCII deleted file mode 100644 index d9e5d75d..00000000 --- a/src/ckm/keys/EIV/encryption_AES_IV_data_ASCII +++ /dev/null @@ -1 +0,0 @@ -__another_IV_2__ \ No newline at end of file diff --git a/src/ckm/keys/EIV/encryption_AES_IV_data_PNG b/src/ckm/keys/EIV/encryption_AES_IV_data_PNG deleted file mode 100644 index 289160fc..00000000 --- a/src/ckm/keys/EIV/encryption_AES_IV_data_PNG +++ /dev/null @@ -1 +0,0 @@ -PNGIVPNGIVPNGIVP \ No newline at end of file diff --git a/src/ckm/keys/EIV/encryption_AES_key b/src/ckm/keys/EIV/encryption_AES_key deleted file mode 100644 index 5348cbcd..00000000 --- a/src/ckm/keys/EIV/encryption_AES_key +++ /dev/null @@ -1 +0,0 @@ -ABCDEFGHIJKLMNOPRSTUVWXYZ0123456 \ No newline at end of file diff --git a/src/ckm/keys/EIV/encryption_AES_key.encrypted b/src/ckm/keys/EIV/encryption_AES_key.encrypted deleted file mode 100644 index 0f5c30bd..00000000 Binary files a/src/ckm/keys/EIV/encryption_AES_key.encrypted and /dev/null differ diff --git a/src/ckm/keys/EIV/instructions.txt b/src/ckm/keys/EIV/instructions.txt deleted file mode 100644 index ef5ac1c8..00000000 --- a/src/ckm/keys/EIV/instructions.txt +++ /dev/null @@ -1,4 +0,0 @@ -* RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted -* encode base64: openssl enc -base64 -in encryption_AES_key.encrypted -* encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in test.der.priv -out test.der.priv.enc -* decrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -d -in test.der.priv.enc -out test.der.priv diff --git a/src/ckm/keys/EIV/test.der.priv b/src/ckm/keys/EIV/test.der.priv deleted file mode 100644 index cb2cc90c..00000000 Binary files a/src/ckm/keys/EIV/test.der.priv and /dev/null differ diff --git a/src/ckm/keys/EIV/test.der.priv.enc b/src/ckm/keys/EIV/test.der.priv.enc deleted file mode 100644 index 2b9df8f0..00000000 Binary files a/src/ckm/keys/EIV/test.der.priv.enc and /dev/null differ diff --git a/src/ckm/keys/EIV/test.der.priv.enc.base64 b/src/ckm/keys/EIV/test.der.priv.enc.base64 deleted file mode 100644 index 4c76582d..00000000 --- a/src/ckm/keys/EIV/test.der.priv.enc.base64 +++ /dev/null @@ -1,13 +0,0 @@ -BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da -6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF -0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ -tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do -+iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY -xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v -FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8 -vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r -54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy -Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz -wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo -j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s -bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14 diff --git a/src/ckm/keys/EIV/test.der.pub b/src/ckm/keys/EIV/test.der.pub deleted file mode 100644 index 41964191..00000000 Binary files a/src/ckm/keys/EIV/test.der.pub and /dev/null differ diff --git a/src/ckm/keys/EIV/test.priv b/src/ckm/keys/EIV/test.priv deleted file mode 100644 index d778ab48..00000000 --- a/src/ckm/keys/EIV/test.priv +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4 -x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x -fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB -AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx -KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr -sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN -p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4 -Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj -ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl -oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/ -UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw -iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2 -N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8= ------END RSA PRIVATE KEY----- diff --git a/src/ckm/keys/EIV/test.pub b/src/ckm/keys/EIV/test.pub deleted file mode 100644 index 7bc39bea..00000000 --- a/src/ckm/keys/EIV/test.pub +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt -JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B -CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+ -3Op0tEjy0jpmzeyNiQIDAQAB ------END PUBLIC KEY----- diff --git a/src/ckm/keys/im_ca.crt b/src/ckm/keys/im_ca.crt deleted file mode 100644 index ec794bfa..00000000 --- a/src/ckm/keys/im_ca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx -EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl -c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx -MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI -DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w -HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j -L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7 -nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc -UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT -thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6 -XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E -FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/ -HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97 -Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v -vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc -4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB -pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8 -SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm -F2obL5qJSTN/RQ== ------END CERTIFICATE----- diff --git a/src/ckm/keys/im_ca.csr b/src/ckm/keys/im_ca.csr deleted file mode 100644 index b064cabe..00000000 --- a/src/ckm/keys/im_ca.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICqTCCAZECAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHzAdBgNVBAMMFlRlc3Qg -SU0gQ0EgY2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDOYEXvyoKWCgp+csCdwxdnBnXhNb7mRqCzX5AJh6DdzuMv35G8PEhpfa0p/Wy6 -QlzBB9ipSVCTC37nwsw5vY5G2SmPw6vpYJYJnQHOd5Py6DufElPib35uiEwXQmgq -OMHYfgo0wdqYsjBTFEq3qfJ+TzWRWEk6La/PPF35QI+Lo9xQBsk0fjx42A4iDnmf -IWi9XNiPwYij/0a8cmPzc89r8qUln5nWpkBJln9ViiumVVO2Gwdcp96OEXLlgn23 -uf+/IBCzIGxqBmy9fX3GcfjV9thccp/xRtcbbes1pmVyGzpclUtB3M6mPdZOP+UK -hxUeotpkhIuE1DdojuRQFR2LAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAOERz -vFL+n7sPG3KdkWJFdIYKZvPHCOaJ6mdrNatAF1rHeRayeSgM6PYwQF4DwwKcPLyo -IUi2B2sxabvKCCBZ9EjIrhG2fC2ocv7VawuQecB9QET6X4sbUcchcBCkGwL7evrZ -LzWSs9lBr8wwkPdHwvujup5VTZ7+VYs1lVt38CrFERrAlY03v5VDwN1B1JUCqcDf -wh69OJNPDgx7Y09GJLoRBfdXSpSVGznDmSB+VRCGb/JsiWAB+qtse1cN4Iwihx8I -+hhfRFLsxBKo/iYncuovPY0riRYBJsop6g/hLqn6kXIhzNnaApKhpwxpmN1cO5N6 -hnsAlvR2v9u2bFMILQ== ------END CERTIFICATE REQUEST----- diff --git a/src/ckm/keys/im_ca.key b/src/ckm/keys/im_ca.key deleted file mode 100644 index 07a19275..00000000 --- a/src/ckm/keys/im_ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7jL9+R -vDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7nxJT -4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6PcUAbJ -NH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVTthsH -XKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6XJVL -QdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABAoIBAQCLidy/vZV+DVv7 -E2vZP8fbCSs7EzP4T1jo73xcdS/3yaMjA29ubvQnH6qt8YRKjARbIAsGq2OniOZN -nhCoGdrRXJQVeKAMNBo+dcJ6769BVnS5oZLGT8yUv+Ny9punsKig0NflxA0hoZm7 -EsVSWb50WOpHVAJvK+Trok2H8nccWn6q3od9xSoDszexhGFgo1Q9qFVP/YUfT1Qg -8ZwRu04JTZEHa9DXIRir10rkvhHTHJ0nb+9FeWd6CsCkOtdWRig3a+Vq+4MK/Yt3 -dstf0D1MQXG2WPaHxPB/DpJBOoU7jj4FxrIaJGPM7qVFnpHwRh0iCKtkGQfarKR6 -JjshtU7BAoGBAPywan5o9ZOD+NnfazglPlFrkBansXG329GP/2ag8+PWOadgin+0 -oyMqB81lBr6yI4ZmM+DgvXkb4yjHb9hGNoWjgttbtjU9eVaXzOg5laOd8nZIhmki -aH/1yPa0sqmlsAlipUq3nqHKOSeG6pE2dg/R5Yu4TYFj6WV57AbLhxPXAoGBANEU -guet7XZMAiAJKmEy3pRs22Qs0YcEywX44h09ShPz2OoNYpuSWzS2RgxRbSgs0f25 -ks94lYMNOnm6RMWawRgMPv0Z2Pbwpki6CR72ratvZKqYOoZkCg+UM9pMpvmOd4W3 -ZybxLa/4tJMdpVU4unhJ4v1ZIt2lThnC8d369k1tAoGAVF6rEA4HgPudiVF5wUNe -LV1WvNm8+5VCBhSoWCIBjN8oXOR1GfK8Ta9o74F94QolpmhVhg5D9T4EeMcuZu36 -omBX/tn+WoRuESWaOyeO+RRxsmDA0DW24pK0SPtIdDBoOJoBSpNImgilULdRdq7S -eLHCjQY6iqtLcKBm2FX4gf0CgYAW9qfCBmpUWdjJ5/fNoSatKp+WCw4gRDiAOWus -RnUCZ//lBP9VkueNjI94/uB8Tx/pPB6Rxu607BkGEZ1IDs0ydPXeGp6n0JqS1kv2 -KKW+dIeb7QhQhmBMgbyIN28HbcxW1WPw9QBNmYVLuy/Tgl2IpKTXqpiXu3YugijK -dqviqQKBgF+L6GJPZkVIA1YSy6E3ph2F6K1kxSamTuSA+48352PJ0QFapes8blVg -vtnlku41CO383G3qk0zZIpgalE2SeF1p5UO/pT6M9mAmJJMY0iF8jTQkvJa9WUwD -zxWFEfIgTFlU9PtOnPQZlZELS0nwlRXsGYsWJiwEcMbBrXCQNXXV ------END RSA PRIVATE KEY----- diff --git a/src/ckm/keys/root_ca.crt b/src/ckm/keys/root_ca.crt deleted file mode 100644 index c349ba3b..00000000 --- a/src/ckm/keys/root_ca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD -VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw -HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz -dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC -9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da -eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W -rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo -5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs -BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw -TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk -zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC -AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX -ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus -9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS -Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV -qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK -kOg11TpPdNDkhb1J4ZCh2gupDg== ------END CERTIFICATE----- diff --git a/src/ckm/keys/root_ca.key b/src/ckm/keys/root_ca.key deleted file mode 100644 index ecdaffe8..00000000 --- a/src/ckm/keys/root_ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr12w+a9jd0 -s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+ -g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzP -GFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrG -iiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAO -cnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABAoIBAQDNI3YvrrRdfHfJ -ZG9jp6q/dp/h2nGpeJBZ3XmtMbMpO/7tZwTKhkVXeIaRVJXxhBrCQQ6+KnaQBA9n -2nbCnmXwqhBKaZy1whBYewbW2er/VPGijB5pG3zwUWPEBcqxPtSluM54ZcDUfKqg -2kgWorCSnyLRwxzKz4G74qRG+XWsFncEaGSk7upv49LPrNMBrSQaiEy/HsNvR4gd -viQ7E1RY3Tj9T0DFruv4RU9gIvXagCs+lole1fZDGupD3QBschJWGoNyyes4yjMS -fWbGWquWMXfsrSi7CuwIrFoOVIErAjlU1m1CJqB+mZMubTOdmOnJMjNQOqXgvhN7 -0z/aKh6xAoGBAPyKYeVZUVC+wbIl3t0QEDtXaPaOnN6IJfMkHGQ+kCw2GjiUl628 -hqdR3eKZgu0nC9o9erlvOm3ItfKWMHrTtwE66ON1uFmGY1IzEEbgmHmiVtFdgk/C -QVxIVz7ht66raqZ3ES0FMaFJvvQw3fT3pa7hCr0XA5xyfOBd99ylRhnlAoGBANMc -peBk2HO29JPw+vcUeLJv4g4/EoE1gEWzUy8BKnqqP4vvh7hCMUuo+1U7IOy2MKXd -TuXJ5tcuGSIfi02ID2darSlE2jZcYwahn4RTvYttfKksBw2ulf52g62Ig8vG4nkf -sAOs9EOdRCyCVDomXxt4Oi+NFd0Wks5Rec9T3PwlAoGAexLpwL81rNc6SJrCMRP6 -BSGFStuXwa+yZvtLRuNimdlIEBkCjq4ZJYP1UdCkiPUFhrd9js+RNx2g5nehasqx -Hk1aYDfnvuGKl+3A2fns9SJTkzcyIbK27cVnl4KjZOGvWS8f1MP6OvNYt2L1WMQ0 -H7UW6a5EmUMGbsX83LBDKK0CgYBXKgXm/1xLcqfLCX1lVMN80SshvLL0PFXI8YCP -8MhMO0zfhzefQV0/Ivcaur4eXh757MUtpU41XCguaZ3Hljzd7JeAaZg7R6vvSf4l -0bl5/uuwoagL4yC1HtPBa5MXKPfLEOVIrzlvTVifk/QYyk0Md3h2t6bmUPKuUv+b -NcIRLQKBgQCQ56ygXw/DgrTk+QC+prA11UVUy5EYWSifhQZGRRZ/IOxjzVZ9NQf6 -lKxLg9QHQ3/FOk01pk3m2K8wz+bucCxJgXf38wIpJp9t9DWgnjrJqB2xw4tMzFvL -AnBVXNYND8vdi51tIaziFuOgW81SroZFoX5XBv8wPv/HZT2KqxAMmg== ------END RSA PRIVATE KEY----- diff --git a/src/ckm/keys/test.crt b/src/ckm/keys/test.crt deleted file mode 100644 index 1a462055..00000000 --- a/src/ckm/keys/test.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV -BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx -HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0 -WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T -dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV -VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl -z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq -QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc -bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E -4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk -4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp -UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj -CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/ -i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9 -HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF -Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz -6ON7PVe0ABN/AlwVQiFE ------END CERTIFICATE----- diff --git a/src/ckm/keys/test.csr b/src/ckm/keys/test.csr deleted file mode 100644 index fda49a6f..00000000 --- a/src/ckm/keys/test.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICqDCCAZACAQAwYzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -DTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3RpbmcxHjAcBgNVBAMMFVRlc3Qg -bGVhZiBjZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AM03QyGtrQ5kcRZyIIhvpgc/BqElTg7NCJjUBm6o/qS4QThUR/H7GoeCZc+WBfSs -ITFS5J5xxhSxPzW+wHN+ZBM4TEDKU0caIVvN6McN3mfMzfxQaCqoOKh0akEfJEtd -GF04KwUdHsf1afjlChMOoe8i9q+E6b65/f6h8LMbS8almwyFX9TvW9S33G5ZWDHZ -leROtsjebXMKwz/ILx4xZ1Xi86xvME6XPRUfdP9CZH6eYwCXAKzgS609BOFUarPu -B7sE/IwMBQJjZ3OyGF+ako7UlpJph3u9yv5cwfjoiNCRHP93llE1qsE0pOLTQokB -gSid/S1z0wQSXc5sVR+wlA0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAI0DmU -6E9XSs42wVqzKghvjuGwXH+SHIxSTQVaoXzMbFnsCPrt9F9FGTKjRq2IRBHb2yq/ -S+kW3ptSteKrqLzABxaQ8aCt//Xm/hYnpeJZV4WuDr2TWpEfT0U955iGRAOqpOzi -E19J9h7F/+cX1FzVdP86mHhwQERTPWGg8jiwEPuApe3APmNBYlu7K4zMa2IB/LKh -cItzpqi8sJ0wmGQrdRVHgNyBc7TC2IkyCVl5eJiD+gmQEOuy6agAVggWM9yQQlNg -5WkqBDegPG/pLOxFvDtaV2SlxSuFAXKDoyRPeRC21w6pYEtc7aXzpgBWgcv2R0pT -NrWNXibZ7aLImIhW ------END CERTIFICATE REQUEST----- diff --git a/src/ckm/keys/test.key b/src/ckm/keys/test.key deleted file mode 100644 index ae4475ce..00000000 --- a/src/ckm/keys/test.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH -8fsah4Jlz5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBo -Kqg4qHRqQR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf -1O9b1LfcbllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcA -rOBLrT0E4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eW -UTWqwTSk4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABAoIBAQCTBhmhglVu70Ua -KK/oL91KabwtLZXsArc7DwSAubCegKexXKii1B0goqqge8JOlhe9x76lSav5XTeF -IOGunQnDv1zaOlpJoY3uwOoZ2nTR9yhIsa6/iP/2qFkLyOzu1YbEGp6vrjpEVi4T -NLzwBFa+BlWoUFhK3eP8TzcsiszSRr8/vbvlRFzDyq4+YqLsAHpGsvaIZHScU3iG -AjtCCCpV9HNW3TAAhGq9j/x3YPqt6edrsK1taR+dbLIeGoMnmMReaxgaKd7wWZCr -dbvngGtpgyEXjONkXVpAcZrD2AaWoGWHjoik+14T4K2QU4OW8jQ2h2uljQa2JXDu -+LMaTKCBAoGBAP6MPqMfcMmf4bYAhrgeZMwSq1F7ubBPu/YyOYiCF6J259jcdxjY -HfdwtDeoNGKCwE8S8BMXMs33tlL8/AcVdYwbIMVmk6ZXmyFDAyUGB/fGq+QkFCwJ -yVHb75uuiPpn8euIwg+Y9NBDQYt59oJI9TyCjNPy6Xd612u6AXBcFU1hAoGBAM5i -+HM6lSuqNdp77awbDIzuuu/zTRzgF4bbodjGSxwn1cx7xb2iCPWiykiD5EU3XWWv -68i15yud6ooIFjxGYP6oYjFIpfjRU7n+/UJpbnkTjMUbUqc4IpiP+ruU9hoMZZ3S -ey+bLSYQfy6Jf8YnCLkroKtGsgFF30gi0EL6qjotAoGAFTPzZ70PtQvHTlS+5AlM -Fh+b+56VuhT6MCjA2BkWBOdoqoy6suwVmu3dZSFys532jN+j9cMh7TwsCL+f8qsb -7n63/RltRRbZCi09ztCwyzfWS5uhvoVWKqZqUAp6yHjuEtOCbrAr/EkN5aNUIEgZ -fV/WgTUjs1sdJJEK26Qf9iECgYB2HmabbDfbmbrgpHTOP1zbe/Y5RkIn+Ij+gc0L -R9HM92+BbIUrlwURsG2dOv72Lk2h2SFU6ea4K9UD0sUHEjCJDs3D7xQuZ39HwAwq -ajTzzqCOXqjbU2FZd23E1ehT2CyAOuqNwH4CfwaLF96tBcIUWEfIPtm5qMe1fVc8 -PkIWsQKBgQCiwgARCIHhzXUoAY8U0k4Ng8cTj2ykISTf9HKXyKoInhBbuHRDvYsU -oCPi8eYvz4Vwmwcf938CdtLAd5XHCMmTQ+96Xjt/QgJrkA3n04hWsgTMQM2E9QMv -cxv8UfypFUzhMkUfj4b3EsaTHOxJVS3Ml5m8+YJdncKoZnz8lBKALA== ------END RSA PRIVATE KEY----- diff --git a/src/ckm/main.cpp b/src/ckm/main.cpp deleted file mode 100644 index a0517d93..00000000 --- a/src/ckm/main.cpp +++ /dev/null @@ -1,3395 +0,0 @@ -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -namespace { -const int USER_APP = 5000; -const int GROUP_APP = 5000; - -const int USER_APP_2 = 5020; -const int USER_APP_3 = 5030; - -const char * const APP_PASS = "user-pass"; -const int USER_TEST = 5001; -const char* TEST_LABEL = "test_label"; - -const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; -const CKM::AliasVector EMPTY_ALIAS_VECTOR; -} // namespace anonymous - -/* - * How to numerate tests: - * TABCD_NAME - * T - test case (always T) - * AB - number of test group (always two digits) - * C - test number in group (all tests with same TABC must be run in the same time). - * D - subtest. - */ - -RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT); -RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) { - stop_service(MANAGER); - start_service(MANAGER); - - std::ifstream is("/usr/share/ckm-test/pkcs.p12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); - RUNNER_ASSERT_MSG( - NULL != pkcs.get(), - "Error in PKCS12::create()"); - - // all further tests will start with newly started service, - // OpenSSL on the service side will have to be properly initialized too - stop_service(MANAGER); - start_service(MANAGER); -} - -RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL); - -RUNNER_TEST(T0011_Control) -{ - int temp; - auto control = CKM::Control::create(); - - control->removeUserData(0); - control->removeUserData(USER_APP_2); - control->removeUserData(USER_APP); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T0012_Control) -{ - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T0013_Control) -{ - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T0014_Control) -{ - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T0015_Control) -{ - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T0016_Control_negative_wrong_password) -{ - RUNNER_IGNORED_MSG("Temporary turn off. This test requires password support."); - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)), - "Error=" << CKM::ErrorToString(temp)); -#ifndef PASSWORD_PROTECTION_DISABLE - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")), - "Error=" << CKM::ErrorToString(temp)); -#endif - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS); - -RUNNER_TEST(T1010_init) -{ - unlock_user_data(USER_APP, "user-pass"); -} - -RUNNER_TEST(T1011_key) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::KeyShPtr key2; - CKM::Alias alias = sharedDatabase("mykey"); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - key->getDER() == key2->getDER(), - "Key value has been changed by service"); -} - -RUNNER_TEST(T1012_certificate) -{ - int temp; - auto manager = CKM::Manager::create(); - - auto cert = TestData::getTestCertificate(TestData::GIAG2); - CKM::CertificateShPtr cert2; - CKM::Alias alias = sharedDatabase("myCert"); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - cert->getDER() == cert2->getDER(), - "Data has been modified in key manager"); -} - -RUNNER_CHILD_TEST(T1013_user_app_save_key) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - int temp; - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::KeyShPtr key2; - CKM::Alias alias = "mykey"; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - key->getDER() == key2->getDER(), "Key value has been changed by service"); -} - -RUNNER_TEST(T1014_save_with_label) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::KeyShPtr key_name, key_full_addr; - CKM::Alias alias = "mykey-2"; - std::string top_label = getOwnerIdFromSelf(); - std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str()); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - // lookup by name - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - key->getDER() == key_name->getDER(), - "Key value has been changed by service"); - - // lookup by full address - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - key->getDER() == key_full_addr->getDER(), - "Key value has been changed by service"); -} - -RUNNER_TEST(T1015_deinit) -{ - remove_user_data(0); - remove_user_data(USER_APP); -} - -RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS); - -RUNNER_TEST(T1020_init) -{ - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1021_save_keys_get_alias) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::AliasVector labelAliasVector; - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - labelAliasVector.size() == (current_aliases_num+3), - "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); -} - -RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::AliasVector labelAliasVector; - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - labelAliasVector.size() == (current_aliases_num+3), - "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); -} - -RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag) -{ - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::AliasVector aliasVector; - CKM::Policy notExportable(CKM::Password(), false); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1029_deinit) -{ - remove_user_data(0); - remove_user_data(USER_APP); -} - -RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST); -RUNNER_TEST(T1030_init) -{ - remove_user_data(0); - reset_user_data(USER_APP, APP_PASS); -} - -RUNNER_TEST(T1031_save_get_bin_data) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string binData1 = "My bin data1"; - std::string binData2 = "My bin data2"; - std::string binData3 = "My bin data3"; - - CKM::RawBuffer buffer1(binData1.begin(), binData1.end()); - CKM::RawBuffer buffer2(binData2.begin(), binData2.end()); - CKM::RawBuffer buffer3(binData3.begin(), binData3.end()); - - CKM::AliasVector labelAliasVector; - - size_t current_aliases_num = count_aliases(ALIAS_DATA); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - labelAliasVector.size() == (current_aliases_num+3), - "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); - - CKM::RawBuffer buffer; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - buffer == buffer2, - "Data corrupted"); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)), - "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T1032_app_user_save_bin_data) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string binData = "My bin data"; - - CKM::RawBuffer buffer(binData.begin(), binData.end()); - - CKM::AliasVector labelAliasVector; - - size_t current_aliases_num = count_aliases(ALIAS_DATA); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - labelAliasVector.size() == (current_aliases_num+3), - "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); -} - -RUNNER_TEST(T1033_remove_bin_data) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string binData2 = "My bin data2"; - CKM::RawBuffer buffer2(binData2.begin(), binData2.end()); - - CKM::AliasVector labelAliasVector; - - size_t current_aliases_num = count_aliases(ALIAS_DATA); - std::string invalid_address = sharedDatabase("i-do-not-exist"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - labelAliasVector.size() == (current_aliases_num-2), - "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2)); - - CKM::RawBuffer buffer; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - buffer == buffer2, - "Data corrupted"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1034_app_remove_bin_data) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string binData2 = "My bin data"; - CKM::RawBuffer buffer2(binData2.begin(), binData2.end()); - - CKM::AliasVector labelAliasVector; - - size_t current_aliases_num = count_aliases(ALIAS_DATA); - std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - labelAliasVector.size() == (current_aliases_num-2), - "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2)); - - CKM::RawBuffer buffer; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - buffer == buffer2, - "Data corrupted"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1035_getData_wrong_password) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string binData1 = "My bin data4"; - - CKM::RawBuffer buffer1(binData1.begin(), binData1.end()); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))), - "Error=" << CKM::ErrorToString(temp)); - - CKM::RawBuffer buffer; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - buffer == buffer1, - "Data corrupted"); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1036_deinit) -{ - remove_user_data(0); - remove_user_data(USER_APP); -} - -RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR); - -RUNNER_TEST(T1040_init) -{ - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T1041_create_RSA_key) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::AliasVector av; - - ScopedAccessProvider ap("mylabel-rsa"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - (current_aliases_num+2) == static_cast(temp = av.size()), - "Vector size: " << temp << ". Expected: " << (current_aliases_num+2)); -} - -RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::AliasVector av; - - ScopedAccessProvider ap("mylabel-rsa"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T1043_create_DSA_key) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::AliasVector av; - - ScopedAccessProvider ap("mylabel-dsa"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - size_t current_aliases_num = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - (current_aliases_num+2) == static_cast(temp = av.size()), - "Vector size: " << temp << ". Expected: " << (current_aliases_num+2)); -} - -RUNNER_CHILD_TEST(T1044_create_AES_key) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::AliasVector av; - - AccessProvider ap("mylabel-aes"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int current_aliases_num = count_aliases(ALIAS_KEY); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - (current_aliases_num+1) == (temp = av.size()), - "Vector size: " << temp << ". Expected: " << (current_aliases_num+1)); -} - -RUNNER_TEST(T1049_deinit) -{ - remove_user_data(USER_APP); -} - - -RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair); - -RUNNER_TEST(T1110_init) -{ - unlock_user_data(USER_APP, "user-pass"); -} - -RUNNER_TEST(T1111_CreateKeyPairRSA) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::Alias a1 = sharedDatabase("rsa-test-1"); - CKM::Alias a2 = sharedDatabase("rsa-test-2"); - CKM::Policy p1; - CKM::Policy p2; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1112_CreateKeyPairDSA) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::Alias a1 = sharedDatabase("dsa-test-1"); - CKM::Alias a2 = sharedDatabase("dsa-test-2"); - CKM::Policy p1; - CKM::Policy p2; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1113_CreateKeyPairECDSA) -{ - int temp; - auto manager = CKM::Manager::create(); - CKM::Alias a1 = sharedDatabase("ecdsa-test-1"); - CKM::Alias a2 = sharedDatabase("ecdsa-test-2"); - CKM::Policy p1; - CKM::Policy p2; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1114_deinit) -{ - remove_user_data(0); -} - -RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS); - -RUNNER_TEST(T12100_init) -{ - reset_user_data(USER_APP, APP_PASS); -} - -RUNNER_TEST(T12101_key_exist) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int ret; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer); - CKM::Alias alias = "rsa-alias-duplication"; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -/* - * These test cases tests API when empty parameters are passed to functions - */ - -RUNNER_TEST(T12102_saveKey_empty_alias) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLc\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer); - CKM::Alias alias; //alias is not initialized - - int ret; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12103_saveKey_foreign_label) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer); - CKM::Alias alias = "iamsomebodyelse alias"; - - int ret; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12104_saveKey_empty_key) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - CKM::KeyShPtr key; //key is not initialized - CKM::Alias alias = "empty-key"; - - int ret; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12105_saveCertificate_empty_alias) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - auto cert = TestData::getTestCertificate(TestData::GIAG2); - CKM::Alias alias; //alias is not initialized - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12106_saveCertificate_foreign_label) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - auto cert = TestData::getTestCertificate(TestData::GIAG2); - CKM::Alias alias = "iamsomebodyelse alias"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12107_saveCertificate_empty_cert) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - CKM::CertificateShPtr cert; //cert is not initialized - CKM::Alias alias = "empty-cert"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12108_saveData_empty_alias) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string testData = "test data test data test data"; - CKM::RawBuffer buffer(testData.begin(), testData.end()); - CKM::Alias alias; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12109_saveData_foreign_label) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string testData = "test data test data test data"; - CKM::RawBuffer buffer(testData.begin(), testData.end()); - CKM::Alias alias = "iamsomebodyelse alias"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12110_saveData_empty_data) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - CKM::RawBuffer buffer; - CKM::Alias alias = "empty-data"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -/* - * These test cases tests API when trying to get data from not existing alias - */ - -RUNNER_TEST(T12111_getKey_alias_not_exist) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - CKM::KeyShPtr key; - CKM::Alias alias = "this-alias-not-exist"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12112_getCertificate_alias_not_exist) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - CKM::CertificateShPtr certificate; - CKM::Alias alias = "this-alias-not-exist"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12113_getData_alias_not_exist) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - CKM::RawBuffer buffer; - CKM::Alias alias("some alias"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)), - "Error=" << CKM::ErrorToString(temp)); -} - -/* - * These test cases tests API when damaged keys are used - */ -RUNNER_TEST(T12114_RSA_key_damaged) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int ret; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - // "BROKENBROKENBROKENBROKENBROKENTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - // "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer); - CKM::Alias alias = "damaged-rsa"; - - RUNNER_ASSERT_MSG( - NULL == key.get(), "Key is broken. It should be empty"); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12115_RSA_key_too_short) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int ret; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - //"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer); - CKM::Alias alias = "short-rsa"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12116_DSA_key_too_short) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int ret; - auto manager = CKM::Manager::create(); - - const std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n" - "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n" - //"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n" - "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n" - //"AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n" - "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n" - "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n" - "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n" - "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n" - "YMYCBhubtrVaLmc=\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer); - CKM::Alias alias = "short-dsa"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12117_AES_key_too_short) -{ - int ret; - auto manager = CKM::Manager::create(); - - size_t key_size = (128-1); - CKM::RawBuffer key_AES = createRandomBuffer(key_size/8); - - auto key = CKM::Key::create(key_AES); - CKM::Alias alias = "short-AES"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -/* - * These test cases tests CKM service if malicious data is provided over the socket. - */ - -RUNNER_TEST(T12118_RSA_key_damaged_serviceTest) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int ret; - auto manager = CKM::Manager::create(); - - // fake the client - let the service detect the problem - class WrongKeyImpl : public CKM::Key - { - public: - WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) { - } - - virtual bool empty() const { - return false; - } - - virtual CKM::KeyType getType() const { - return CKM::KeyType::KEY_RSA_PUBLIC; - } - virtual int getSize() const { - return 1024; - } - virtual CKM::ElipticCurve getCurve() const { - return CKM::ElipticCurve::prime192v1; - } - virtual CKM::RawBuffer getDER() const { - return m_dummy; - } - virtual ~WrongKeyImpl() {} - private: - CKM::RawBuffer & m_dummy; - }; - std::string dummyData = "my_cat_Berta\n"; - CKM::RawBuffer buffer(dummyData.begin(), dummyData.end()); - auto key = std::make_shared(buffer); - CKM::Alias alias = "damaged-rsa"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest) -{ - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap("mylabel"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - // fake the client - let the service detect the problem - class WrongCertImpl : public CKM::Certificate - { - public: - WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) { - m_x509 = X509_new(); - } - - bool empty() const { - return false; - } - - virtual X509 *getX509() const { - return m_x509; - } - - virtual CKM::RawBuffer getDER() const { - return m_dummy; - } - - virtual ~WrongCertImpl() { - X509_free(m_x509); - } - private: - X509* m_x509; - CKM::RawBuffer & m_dummy; - }; - std::string dummyData = "my_cat_Stefan\n"; - CKM::RawBuffer buffer(dummyData.begin(), dummyData.end()); - auto cert = std::make_shared(buffer); - CKM::Alias alias = "damaged-cert"; - - int temp; - auto manager = CKM::Manager::create(); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T12120_deinit) -{ - remove_user_data(USER_APP); -} - -RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS); - -RUNNER_TEST(T1311_init) -{ - remove_user_data(0); - RUNNER_ASSERT_MSG(time(0) > 1405343457, - "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!"); - - ScopedLabel sl("System"); - struct hostent* he = gethostbyname("google.com"); - - RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network " - "is not woking on the device. OCSP tests requires network access!"); -} - -RUNNER_TEST(T13121_get_chain_no_cert) -{ - CKM::CertificateShPtrVector certChain; - CKM::CertificateShPtr cert; - - auto manager = CKM::Manager::create(); - - int ret = manager->getCertificateChain(cert, - EMPTY_CERT_VECTOR, - EMPTY_CERT_VECTOR, - true, - certChain); - RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret, - "Function should fail for empty certificate"); -} - -RUNNER_TEST(T13122_get_chain_empty_cert) -{ - CKM::CertificateShPtrVector certChain; - CKM::CertificateShPtr cert = CKM::Certificate::create(CKM::RawBuffer(), - CKM::DataFormat::FORM_PEM); - - auto manager = CKM::Manager::create(); - - int ret = manager->getCertificateChain(cert, - EMPTY_CERT_VECTOR, - EMPTY_CERT_VECTOR, - true, - certChain); - RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret, - "Function should fail for empty certificate"); -} - -RUNNER_TEST(T13129_get_chain) -{ - auto cert = TestData::getTestCertificate(TestData::MBANK); - auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC); - - CKM::CertificateShPtrVector certVector = {cert1}; - CKM::CertificateShPtrVector certChain; - - int tmp; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty"); - - tmp = manager->getCertificateChain(cert, - EMPTY_CERT_VECTOR, - EMPTY_CERT_VECTOR, - true, - certChain); - RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 0 == certChain.size(), - "Wrong size of certificate chain."); - - tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 3 == certChain.size(), - "Wrong size of certificate chain."); -} - -RUNNER_TEST(T1313_get_chain_with_alias) -{ - auto cert = TestData::getTestCertificate(TestData::MBANK); - auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC); - - CKM::CertificateShPtrVector certChain; - CKM::AliasVector aliasVector; - CKM::Alias alias = sharedDatabase("imcert"); - - int tmp; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty"); - - tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); - RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 0 == certChain.size(), - "Wrong size of certificate chain."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())), - "Error=" << CKM::ErrorToString(tmp)); - - aliasVector.push_back(alias); - - tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 3 == certChain.size(), - "Wrong size of certificate chain."); -} - -RUNNER_TEST(T13141_ocsp_check_valid_chain) -{ - RUNNER_IGNORED_MSG("Fixed in next version of ckm!"); - - auto cert = TestData::getTestCertificate(TestData::MBANK); - auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC); - CKM::CertificateShPtrVector certVector = {cert1}; - CKM::CertificateShPtrVector certChain; - - int tmp; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty"); - - tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain); - RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 0 == certChain.size(), - "Wrong size of certificate chain."); - - tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 3 == certChain.size(), - "Wrong size of certificate chain."); - - int status; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)), - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed"); -} - -RUNNER_TEST(T13142_ocsp_check_empty) -{ - RUNNER_IGNORED_MSG("Temporary turned off."); - CKM::CertificateShPtrVector certVector; - - auto manager = CKM::Manager::create(); - - int tmp; - int status; - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)), - "ocspCheck should fail for empty certificate vector"); -} - -RUNNER_TEST(T13143_ocsp_check_empty_ptrs) -{ - CKM::CertificateShPtrVector certVector = { - CKM::CertificateShPtr(), - CKM::CertificateShPtr(), - CKM::CertificateShPtr()}; - - auto manager = CKM::Manager::create(); - - int tmp; - int status; - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)), - "ocspCheck should fail for empty certificate vector"); -} - -RUNNER_TEST(T13144_ocsp_check_root) -{ - RUNNER_IGNORED_MSG("Temporary turned off."); - auto root = TestData::getTestCertificate(TestData::EQUIFAX); - CKM::CertificateShPtrVector certVector = {root}; - - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty"); - - int tmp; - int status; - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)), - "Ocsp should fail for single certificate"); -} - -RUNNER_TEST(T13145_ocsp_check_no_ocsp) -{ - RUNNER_IGNORED_MSG("Temporary turned off."); - auto root = TestData::getTestCertificate(TestData::EQUIFAX); - auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST); - auto ca1 = TestData::getTestCertificate(TestData::GIAG2); - - CKM::CertificateShPtrVector certVector = {ca1, ca2, root}; - - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty"); - - int tmp; - int status; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)), - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed"); -} - -RUNNER_TEST(T1315_deinit) -{ - remove_user_data(0); -} - -RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE); - -RUNNER_TEST(T1411_init) -{ - remove_user_data(0); -} - -RUNNER_TEST(T1412_RSA_key_create_verify) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" - "Proc-Type: 4,ENCRYPTED\n" - "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n" - "\n" - "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n" - "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n" - "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n" - "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n" - "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n" - "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n" - "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n" - "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n" - "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n" - "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n" - "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n" - "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n" - "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n" - "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n" - "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n" - "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n" - "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n" - "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n" - "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n" - "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n" - "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n" - "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n" - "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n" - "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n" - "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----\n"; - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("pub1"); - CKM::Alias aliasPrv = sharedDatabase("prv1"); - CKM::Password password = "1234"; - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end())); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password); - - RUNNER_ASSERT_MSG(NULL != keyPub.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1413_DSA_key_create_verify) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n" - "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n" - "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n" - "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n" - "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n" - "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n" - "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n" - "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n" - "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n" - "u1roOuaPY+Hl19BlTE2qdw==\n" - "-----END DSA PRIVATE KEY-----"; - - std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n" - "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n" - "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n" - "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n" - "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n" - "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n" - "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n" - "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n" - "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n" - "YMYCBhubtrVaLmc=\n" - "-----END PUBLIC KEY-----"; - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("pub2"); - CKM::Alias aliasPrv = sharedDatabase("prv2"); - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end())); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); - - RUNNER_ASSERT_MSG(NULL != keyPub.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - - -RUNNER_TEST(T1414_ECDSA_key_create_verify) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = "-----BEGIN EC PRIVATE KEY-----\n" - "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n" - "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n" - "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n" - "-----END EC PRIVATE KEY-----\n"; - - std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n" - "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n" - "-----END PUBLIC KEY-----\n"; - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("ecpub2"); - CKM::Alias aliasPrv = sharedDatabase("ecprv2"); - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end())); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end())); - - RUNNER_ASSERT_MSG(NULL != keyPub.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1415_RSA_key_create_verify_negative) -{ - int temp; - auto manager = CKM::Manager::create(); - std::string message = "message asdfaslkdfjlksadjf test"; - - CKM::Alias aliasPub = sharedDatabase("pub1"); - CKM::Alias aliasPrv = sharedDatabase("prv1"); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1416_DSA_key_create_verify_negative) -{ - int temp; - auto manager = CKM::Manager::create(); - std::string message = "message asdfaslkdfjlksadjf test"; - - CKM::Alias aliasPub = sharedDatabase("pub2"); - CKM::Alias aliasPrv = sharedDatabase("prv2"); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1417_RSA_cert_create_verify_signature) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" - "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" - "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" - "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" - "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" - "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" - "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" - "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" - "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" - "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" - "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" - "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" - "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string pub = - "-----BEGIN CERTIFICATE-----\n" - "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n" - "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n" - "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n" - "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n" - "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n" - "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n" - "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n" - "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n" - "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n" - "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n" - "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n" - "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n" - "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n" - "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n" - "-----END CERTIFICATE-----\n"; - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("pub1-cert"); - CKM::Alias aliasPrv = sharedDatabase("prv1-cert"); - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end())); - - RUNNER_ASSERT_MSG(NULL != cert.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1418_DSA_cert_create_verify_signature) -{ - int temp; - auto manager = CKM::Manager::create(); - - const std::string pub = "-----BEGIN CERTIFICATE-----\n" - "MIIDUzCCAxECCQCer/fKcXtJgTALBglghkgBZQMEAwIwgYsxCzAJBgNVBAYTAlBM\n" - "MQ8wDQYDVQQIDAZQb2xhbmQxDzANBgNVBAcMBldhcnNhdzEQMA4GA1UECgwHU2Ft\n" - "c3VuZzEMMAoGA1UECwwDS1NGMRMwEQYDVQQDDAptLmthcnBpdWsyMSUwIwYJKoZI\n" - "hvcNAQkBFhZtLmthcnBpdWsyQHNhbXN1bmcuY29tMCAXDTE0MDkyNjEzNTQwN1oY\n" - "DzIxNDAwOTA1MTM1NDA3WjCBizELMAkGA1UEBhMCUEwxDzANBgNVBAgMBlBvbGFu\n" - "ZDEPMA0GA1UEBwwGV2Fyc2F3MRAwDgYDVQQKDAdTYW1zdW5nMQwwCgYDVQQLDANL\n" - "U0YxEzARBgNVBAMMCm0ua2FycGl1azIxJTAjBgkqhkiG9w0BCQEWFm0ua2FycGl1\n" - "azJAc2Ftc3VuZy5jb20wggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA9Bhh7ZA4onkY\n" - "uDNQbYR4EwkJ6RpD505hB0GF6yppUNp2LanvNcQXcyXY88MB6OdP7Rikbu1H2zP4\n" - "gONCtdxKW58Za7h9bFzYjxcObZsS52F9DP7sv3C4sX4xNWApfhUgbfzKaRCJOkOs\n" - "06tV7teu3G/v26PdI8dlykIuQXQZmH8CFQCHsIV0njb2yC3ggfKz+exH+g5jAQKB\n" - "gBVLYfVCMjUz5XJH+xYU3A8W8rpSLqZKIK2d9mbXqhpz8QK1bvNQUlSRZo+o1ZYV\n" - "mJn3Mx2YuiifHZNKdBNweCqe5a+HV2RSl1Yv/TV9famZKlogGslsmPHUOJMlSIdh\n" - "MfMwVny4/rNtjEtEFE1WnaTr1W6MKH1EBbizVo8fmWFrA4GFAAKBgQCaPjrlkAyX\n" - "kBitWo+w0xZN4OSk13SsCzZ/PG+5zOgMRaFm2XbiC04YsGCi4NFOd9kaiP7w1CsP\n" - "iqG6Vwv0T/VcoxBl/hp6jEqTDSrM6z0ungjDO9wGOdI+jZS0UjVahgC4ZLDHhrOa\n" - "CjfxcHruO3e416b/Rm2CjhOzjKdoSFUWVzALBglghkgBZQMEAwIDLwAwLAIUHa+A\n" - "5xo8O/tPuH9gXkr1mee6kRYCFGNycJ1xkc3nIJaEQOtGfDe7S71A\n" - "-----END CERTIFICATE-----\n"; - - const std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIBuwIBAAKBgQD0GGHtkDiieRi4M1BthHgTCQnpGkPnTmEHQYXrKmlQ2nYtqe81\n" - "xBdzJdjzwwHo50/tGKRu7UfbM/iA40K13EpbnxlruH1sXNiPFw5tmxLnYX0M/uy/\n" - "cLixfjE1YCl+FSBt/MppEIk6Q6zTq1Xu167cb+/bo90jx2XKQi5BdBmYfwIVAIew\n" - "hXSeNvbILeCB8rP57Ef6DmMBAoGAFUth9UIyNTPlckf7FhTcDxbyulIupkogrZ32\n" - "ZteqGnPxArVu81BSVJFmj6jVlhWYmfczHZi6KJ8dk0p0E3B4Kp7lr4dXZFKXVi/9\n" - "NX19qZkqWiAayWyY8dQ4kyVIh2Ex8zBWfLj+s22MS0QUTVadpOvVbowofUQFuLNW\n" - "jx+ZYWsCgYEAmj465ZAMl5AYrVqPsNMWTeDkpNd0rAs2fzxvuczoDEWhZtl24gtO\n" - "GLBgouDRTnfZGoj+8NQrD4qhulcL9E/1XKMQZf4aeoxKkw0qzOs9Lp4IwzvcBjnS\n" - "Po2UtFI1WoYAuGSwx4azmgo38XB67jt3uNem/0Ztgo4Ts4ynaEhVFlcCFGMH+Z9l\n" - "vonbjii3BYe4AIdkzOvp\n" - "-----END DSA PRIVATE KEY-----\n"; - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("pub2-cert"); - CKM::Alias aliasPrv = sharedDatabase("prv2-cert"); - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end())); - - RUNNER_ASSERT_MSG(NULL != cert.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = - "-----BEGIN EC PRIVATE KEY-----\n" - "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n" - "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n" - "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n" - "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n" - "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n" - "ELyhe7yPCAuOoLZlTLgf\n" - "-----END EC PRIVATE KEY-----\n"; - - std::string pub = - "-----BEGIN CERTIFICATE-----\n" - "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n" - "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n" - "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n" - "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n" - "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n" - "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n" - "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n" - "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n" - "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n" - "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n" - "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n" - "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n" - "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n" - "Q1oBry6NEc+lLFmWMDesAA==\n" - "-----END CERTIFICATE-----\n"; - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("pub3"); - CKM::Alias aliasPrv = sharedDatabase("prv3"); - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end())); - - RUNNER_ASSERT_MSG(NULL != cert.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1420_deinit) -{ - remove_user_data(0); -} - -RUNNER_TEST_GROUP_INIT(T1418_signature_tests); - -RUNNER_TEST(T14180_init) -{ - int temp; - remove_user_data(0); - - auto manager = CKM::Manager::create(); - - // Prepare RSA Key Pair - std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" - "Proc-Type: 4,ENCRYPTED\n" - "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n" - "\n" - "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n" - "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n" - "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n" - "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n" - "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n" - "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n" - "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n" - "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n" - "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n" - "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n" - "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n" - "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n" - "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n" - "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n" - "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n" - "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n" - "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n" - "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n" - "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n" - "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n" - "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n" - "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n" - "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n" - "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n" - "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string pub = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----\n"; - - CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); - CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); - CKM::Password password = "1234"; - - auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end())); - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password); - - RUNNER_ASSERT_MSG(NULL != keyPub.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - // Prepare ECDSA Key Pair - std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n" - "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n" - "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n" - "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n" - "-----END EC PRIVATE KEY-----\n"; - - std::string ecpub = "-----BEGIN PUBLIC KEY-----\n" - "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n" - "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n" - "-----END PUBLIC KEY-----\n"; - - CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1"); - CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1"); - - auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end())); - auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end())); - - RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(), - "Key is empty. Failed to import public key."); - RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - - -RUNNER_TEST(T14181_RSA_create_signatue_nohash) -{ - int temp; - auto manager = CKM::Manager::create(); - std::string message = "message asdfaslkdfjlksadjf test"; - - CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); - CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad) -{ - int temp; - auto manager = CKM::Manager::create(); - std::string message = "message asdfaslkdfjlksadjf test"; - - CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); - CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg) -{ - int temp; - auto manager = CKM::Manager::create(); - std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - - CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); - CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); -} - - -RUNNER_TEST(T14184_ECDSA_create_signatue_nohash) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string message = "message test"; - - CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1"); - CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1"); - CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small"); - - memcpy((void*)signature.data(), "BROKEN", 6); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - aliasPub, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg) -{ - int temp; - auto manager = CKM::Manager::create(); - - int msgSize = 1024*1024; - char big_msg[msgSize]; - for(int i =0; icreateSignature( - aliasPrv, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); -} - - -RUNNER_TEST(T14189_deinit) -{ - remove_user_data(0); -} - - -RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS); - -RUNNER_TEST(T1510_init_unlock_key) -{ - reset_user_data(USER_TEST, APP_PASS); -} - -RUNNER_TEST(T1511_insert_data) -{ - auto certee = TestData::getTestCertificate(TestData::MBANK); - auto certim = TestData::getTestCertificate(TestData::SYMANTEC); - CKM::Alias certeeAlias("CertEE"); - CKM::Alias certimAlias("CertIM"); - { - ScopedDBUnlock unlock(USER_TEST, APP_PASS); - ScopedAccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST, GROUP_APP); - - auto manager = CKM::Manager::create(); - RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy())); - RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy())); - } - - // restart CKM - stop_service(MANAGER); - start_service(MANAGER); - - // actual test - { - ScopedDBUnlock unlock(USER_TEST, APP_PASS); - ScopedAccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST, GROUP_APP); - - auto manager = CKM::Manager::create(); - int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy()); - int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy()); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == status1, - "Certificate should be in database already. Error=" << CKM::ErrorToString(status1)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == status2, - "Certificate should be in database already. Error=" << CKM::ErrorToString(status2)); - } -} - -RUNNER_TEST(T1519_deinit) -{ - remove_user_data(USER_TEST); -} - -RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS); - -RUNNER_TEST(T1701_init_unlock_key) -{ - unlock_user_data(USER_TEST+1, "t170-special-password"); - - ScopedAccessProvider ap("t170-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP); -} - -RUNNER_CHILD_TEST(T1702_insert_data) -{ - int temp; - ScopedAccessProvider ap("t170-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP); - - auto certee = TestData::getTestCertificate(TestData::MBANK); - - auto manager = CKM::Manager::create(); - size_t current_aliases_num = count_aliases(ALIAS_CERT); - int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy()); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == status1, - "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1)); - - CKM::AliasVector av; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - (current_aliases_num+1) == static_cast(temp = av.size()), - "Vector size: " << temp << ". Expected: " << (current_aliases_num+1)); -} - -RUNNER_TEST(T1703_removeApplicationData) -{ - int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_CHILD_TEST(T1704_data_test) -{ - int temp; - ScopedAccessProvider ap("t170-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - 0 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 0"); -} - -RUNNER_TEST(T1705_deinit) -{ - remove_user_data(USER_TEST+1); -} - -RUNNER_TEST(T17101_init) -{ - int tmp; - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")), - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_CHILD_TEST(T17102_prep_data_01) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; - - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T17103_prep_data_02) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label2"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; - - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T17104_prep_data_03) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; - - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T17105_prep_data_04) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label2"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4"; - - CKM::RawBuffer buffer(data.begin(), data.end()); - CKM::Policy exportable(CKM::Password(), true); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T17106_remove_application) -{ - int tmp; - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_CHILD_TEST(T17107_check_data_01) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - 0 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 0"); -} - -RUNNER_CHILD_TEST(T17108_check_data_02) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label2"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - 1 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 1"); -} - -RUNNER_TEST(T17109_unlock_user2) -{ - int tmp; - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_CHILD_TEST(T17110_check_data_03) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - 0 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 0"); -} - -RUNNER_CHILD_TEST(T17111_check_data_04) -{ - int temp; - ScopedAccessProvider ap("t1706-special-label2"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP); - - CKM::AliasVector av; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - 1 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 1"); -} - -RUNNER_TEST(T17112_deinit) -{ - remove_user_data(USER_TEST+2); - remove_user_data(USER_TEST+3); -} - -RUNNER_TEST_GROUP_INIT(T180_PKCS12); - -namespace -{ -CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision"); -CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export"); -CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export"); -CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy"); -CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong"); -} - -RUNNER_TEST(T1800_init) -{ - remove_user_data(0); -} - -RUNNER_TEST(T1801_parse_PKCS12) { - std::ifstream is("/usr/share/ckm-test/test1801.pkcs12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, "secret"); - RUNNER_ASSERT_MSG( - NULL != pkcs.get(), - "Error in PKCS12::create()"); - - auto cert = pkcs->getCertificate(); - RUNNER_ASSERT_MSG( - NULL != cert.get(), - "Error in PKCS12::getCertificate()"); - - auto key = pkcs->getKey(); - RUNNER_ASSERT_MSG( - NULL != key.get(), - "Error in PKCS12::getKey()"); - - auto caVector = pkcs->getCaCertificateShPtrVector(); - RUNNER_ASSERT_MSG( - 0 == caVector.size(), - "Wrong size of vector"); -} - -RUNNER_TEST(T1802_negative_wrong_password) { - std::ifstream is("/usr/share/ckm-test/test1801.pkcs12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, "error"); - RUNNER_ASSERT_MSG( - NULL == pkcs.get(), - "Expected error in PKCS12::create()"); -} - -RUNNER_TEST(T1803_negative_broken_buffer) { - std::ifstream is("/usr/share/ckm-test/test1801.pkcs12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small."); - buffer[4]=0; - - auto pkcs = CKM::PKCS12::create(buffer, "secret"); - RUNNER_ASSERT_MSG( - NULL == pkcs.get(), - "Expected error in PKCS12::create()"); -} - -RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias) -{ - auto manager = CKM::Manager::create(); - std::ifstream is("/usr/share/ckm-test/pkcs.p12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); - RUNNER_ASSERT_MSG( - NULL != pkcs.get(), - "Error in PKCS12::create()"); - - // save private key - std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" - "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" - "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" - "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" - "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" - "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" - "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" - "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" - "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" - "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" - "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" - "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" - "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string message = "message test"; - - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - int temp; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1805_add_bundle_with_chain_certificates) -{ - auto manager = CKM::Manager::create(); - std::ifstream is("/usr/share/ckm-test/pkcs.p12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); - RUNNER_ASSERT_MSG( - NULL != pkcs.get(), - "Error in PKCS12::create()"); - - auto cert = pkcs->getCertificate(); - RUNNER_ASSERT_MSG( - NULL != cert.get(), - "Error in PKCS12::getCertificate()"); - - auto key = pkcs->getKey(); - RUNNER_ASSERT_MSG( - NULL != key.get(), - "Error in PKCS12::getKey()"); - - auto caVector = pkcs->getCaCertificateShPtrVector(); - RUNNER_ASSERT_MSG( - 2 == caVector.size(), - "Wrong size of vector"); - - // save to the CKM - int tmp; - CKM::Policy exportable; - CKM::Policy notExportable(CKM::Password(), false); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), - "Error=" << CKM::ErrorToString(tmp)); - - // try to lookup key - CKM::KeyShPtr key_lookup; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), - "Error=" << CKM::ErrorToString(tmp)); - - // try to lookup certificate - CKM::CertificateShPtr cert_lookup; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_TEST(T1806_get_PKCS) -{ - int temp; - auto manager = CKM::Manager::create(); - - CKM::PKCS12ShPtr pkcs; - - // fail - no entry - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - // fail - not exportable - RUNNER_ASSERT_MSG( - CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - // success - exportable - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - auto cert = pkcs->getCertificate(); - RUNNER_ASSERT_MSG( - NULL != cert.get(), - "Error in PKCS12::getCertificate()"); - - auto key = pkcs->getKey(); - RUNNER_ASSERT_MSG( - NULL != key.get(), - "Error in PKCS12::getKey()"); - - auto caVector = pkcs->getCaCertificateShPtrVector(); - RUNNER_ASSERT_MSG( - 2 == caVector.size(), - "Wrong size of vector"); -} - -RUNNER_TEST(T1807_create_and_verify_signature) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string message = "message test"; - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - alias_PKCS_exportable, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - alias_PKCS_exportable, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n" - "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n" - "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n" - "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n" - "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n" - "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n" - "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n" - "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n" - "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n" - "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n" - "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n" - "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n" - "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n" - "-----END RSA PRIVATE KEY-----"; - std::string message = "message test"; - - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - alias_PKCS_priv_key_copy, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->verifySignature( - alias_PKCS_exportable, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS) -{ - int temp; - auto manager = CKM::Manager::create(); - - std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" - "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" - "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" - "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" - "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" - "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" - "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" - "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" - "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" - "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" - "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" - "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" - "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" - "-----END RSA PRIVATE KEY-----\n"; - - std::string message = "message test"; - - auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); - RUNNER_ASSERT_MSG(NULL != keyPrv.get(), - "Key is empty. Failed to import private key."); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - - CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; - CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; - CKM::RawBuffer signature; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createSignature( - alias_PKCS_priv_key_wrong, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - hash, - padd, - signature)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( - alias_PKCS_exportable, - CKM::Password(), - CKM::RawBuffer(message.begin(), message.end()), - signature, - hash, - padd)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1810_verify_get_certificate_chain) -{ - // this certificate has been signed using PKCS chain - std::string im = "-----BEGIN CERTIFICATE-----\n" - "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n" - "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n" - "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n" - "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n" - "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n" - "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n" - "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n" - "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n" - "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n" - "Qw==\n" - "-----END CERTIFICATE-----\n"; - - auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM); - CKM::CertificateShPtrVector certChain; - CKM::AliasVector aliasVector; - - int tmp; - auto manager = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); - - tmp = manager->getCertificateChain(cert, - EMPTY_ALIAS_VECTOR, - EMPTY_ALIAS_VECTOR, - true, - certChain); - RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - 0 == certChain.size(), - "Wrong size of certificate chain."); - - aliasVector.push_back(alias_PKCS_exportable); - - tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); - - // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4 - RUNNER_ASSERT_MSG( - 4 == certChain.size(), - "Wrong size of certificate chain: " << certChain.size()); -} - -RUNNER_TEST(T1811_remove_bundle_with_chain_certificates) -{ - auto manager = CKM::Manager::create(); - int tmp; - - - // remove the whole PKCS12 bundles - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)), - "Error=" << CKM::ErrorToString(tmp)); - - // expect lookup fails due to unknown alias - // try to lookup key - CKM::KeyShPtr key_lookup; - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), - "Error=" << CKM::ErrorToString(tmp)); - - // try to lookup certificate - CKM::CertificateShPtr cert_lookup; - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_TEST(T1812_get_pkcs12_password_tests) -{ - CKM::Alias alias = sharedDatabase("t1812alias1"); - - auto manager = CKM::Manager::create(); - std::ifstream is("/usr/share/ckm-test/pkcs.p12"); - std::istreambuf_iterator begin(is), end; - std::vector buff(begin, end); - - CKM::PKCS12ShPtr pkcs12; - CKM::Password pass1 = "easypass1"; - CKM::Password pass2 = "easypass2"; - - CKM::RawBuffer buffer(buff.size()); - memcpy(buffer.data(), buff.data(), buff.size()); - - auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); - RUNNER_ASSERT_MSG( - NULL != pkcs.get(), - "Error in PKCS12::create()"); - - int temp; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)), - "Error=" << CKM::ErrorToString(temp)); - - CKM::CertificateShPtr cert; - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)), - "Error=" << CKM::ErrorToString(temp)); - - CKM::CertificateShPtrVector certChain; - CKM::AliasVector certVect; - certVect.push_back(alias); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST(T1813_deinit) -{ - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS); -namespace { -const char * const T190_PASSWD = "t190-special-password"; -} -RUNNER_TEST(T1901_init_unlock_key) -{ - reset_user_data(USER_APP, T190_PASSWD); -} - -RUNNER_TEST(T1902_get_data) -{ - ScopedDBUnlock unlock(USER_APP, T190_PASSWD); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - auto manager = CKM::Manager::create(); - CKM::KeyShPtr ptr; - - int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr); - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1, - "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1)); -} - -RUNNER_TEST(T1903_lock_database) -{ - int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_TEST(T1904_get_data_from_locked_database) -{ - RUNNER_IGNORED_MSG("Temporary turned off. Require password support."); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - auto manager = CKM::Manager::create(); - CKM::KeyShPtr ptr; - - int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr); - -#ifndef PASSWORD_PROTECTION_DISABLE - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_LOCKED == status1, - "Could not get key from locked database. Error=" << CKM::ErrorToString(status1)); -#else - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1, - "Could not get key with a wrong alias. Error=" << CKM::ErrorToString(status1)); -#endif -} - -RUNNER_TEST(T1905_deinit) -{ - remove_user_data(USER_APP); -} - -int main(int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/ckm/password-integration.cpp b/src/ckm/password-integration.cpp deleted file mode 100644 index 3df917ed..00000000 --- a/src/ckm/password-integration.cpp +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * @file password-integration.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - */ -#include -#include -#include - -#include - -#include -#include -#include -#include - -#include - -#include -#include - -CKM::Alias CKM_ALIAS1 = "ALIAS1"; -CKM::Alias CKM_ALIAS2 = "ALIAS2"; - -CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'}; - -const char * PASSWORD1 = "LongPassword1"; -const char * PASSWORD2 = "LongerPassword2"; - -static const int USER_APP = 5000; - -const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000; - -void dropPrivileges() { - static const std::string LABEL1 = "TestLabel1"; - static const int GROUP_APP = 5000; - - AccessProvider ap(LABEL1); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); -} - -RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION); - -RUNNER_TEST(T4010_INIT) -{ - reset_security_server(); - unsigned int attempt, max_attempt, expire_sec; - - int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ""); -} - -RUNNER_CHILD_TEST(T4011_ADD_DATA) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy()); - RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, ""); -} - -RUNNER_TEST(T4012_CLOSE_CKM_DB) -{ - auto ctl = CKM::Control::create(); - - int ret = ctl->lockUserKey(USER_APP); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_CHILD_TEST(T4013_GET_DATA) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - CKM::RawBuffer buffer; - - // CKM will automaticly unlock with empty password - int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER) -{ - unsigned int attempt, max_attempt, expire_sec; - - usleep(PASSWORD_RETRY_TIMEOUT_US); - - int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ""); -} - -RUNNER_CHILD_TEST(T4015_GET_DATA) -{ - dropPrivileges(); - auto mgr = CKM::Manager::create(); - - CKM::RawBuffer buffer; - int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); - - RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch"); -} - -RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION); - -RUNNER_TEST(T4020_INIT) -{ - reset_security_server(); - - int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ""); -} - -RUNNER_CHILD_TEST(T4021_ADD_DATA) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy()); - RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, ""); -} - -RUNNER_TEST(T4022_CLOSE_CKM_DB) -{ - unsigned int attempt, max, expire; - - auto ctl = CKM::Control::create(); - - int ret = ctl->lockUserKey(USER_APP); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - - // login with current password to get rid of invalid "NULL" DKEK - ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret); - - ret = ctl->lockUserKey(USER_APP); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - CKM::RawBuffer buffer; - int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer); - RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER) -{ - unsigned int attempt, max, expire; - - usleep(PASSWORD_RETRY_TIMEOUT_US); - int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret); -} - -RUNNER_CHILD_TEST(T4025_GET_DATA) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - CKM::RawBuffer buffer; - int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); - - RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data missmatch"); -} - -RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION); - -RUNNER_TEST(T4030_INIT) -{ - reset_security_server(); - - int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ""); -} - -RUNNER_CHILD_TEST(T4031_ADD_DATA) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy()); - RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, ""); -} - -RUNNER_TEST(T4032_CLOSE_CKM_DB) -{ - unsigned int attempt, max, expire; - - auto ctl = CKM::Control::create(); - - int ret = ctl->lockUserKey(USER_APP); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - - // login with current password to get rid of invalid "NULL" DKEK - ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret); - - ret = ctl->lockUserKey(USER_APP); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - CKM::RawBuffer buffer; - int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer); - RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret)); -} - -RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER) -{ - usleep(PASSWORD_RETRY_TIMEOUT_US); - - int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret); -} - -RUNNER_CHILD_TEST(T4035_GET_DATA) -{ - dropPrivileges(); - - auto mgr = CKM::Manager::create(); - - CKM::RawBuffer buffer; - int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret)); - - RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch"); -} - - diff --git a/src/ckm/pkcs.p12 b/src/ckm/pkcs.p12 deleted file mode 100644 index 4548d51f..00000000 Binary files a/src/ckm/pkcs.p12 and /dev/null differ diff --git a/src/ckm/system-db.cpp b/src/ckm/system-db.cpp deleted file mode 100644 index f45d67b9..00000000 --- a/src/ckm/system-db.cpp +++ /dev/null @@ -1,578 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * @file system-db.cpp - * @author Maciej Karpiuk (m.karpiuk2@samsung.com) - * @version 1.0 - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace -{ -const uid_t USER_SERVICE = 0; -const uid_t USER_SERVICE_2 = 1234; -const uid_t GROUP_SERVICE_2 = 1234; -const uid_t USER_SERVICE_MAX = 4999; -const uid_t GROUP_SERVICE_MAX = 4999; -const uid_t USER_SERVICE_FAIL = 5000; -const uid_t GROUP_SERVICE_FAIL = 5000; -const uid_t USER_APP = 5050; -const uid_t GROUP_APP = 5050; -const char* APP_PASS = "user-pass"; - -const char* TEST_ALIAS = "test-alias"; -const char* SYSTEM_LABEL = ckmc_owner_id_system; -const char* INVALID_LABEL = "coco-jumbo"; -std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS); -std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2"); -const char* TEST_LABEL = "test-label"; -const char* TEST_LABEL_2 = "test-label-2"; - -const char* TEST_DATA = - "Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus " - "qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores " - "et quas molestias excepturi sint occaecati cupiditate non provident, " - "similique sunt in culpa qui officia deserunt mollitia animi, id est " - "laborum et dolorum fuga. "; -} - - -RUNNER_TEST_GROUP_INIT(T50_SYSTEM_DB); - -RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB) -{ - RUNNER_IGNORED_MSG("This test is turn off because fix " - "from tizen 2.4 that unlock db with empty password"); - // [prepare] - // start as system service - // add resource to the system DB - // add permission to the resource to a user app - // [test] - // switch to user app, leave DB locked - // try to access system DB item - expect success - - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); - - // [test] - { - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED); - } -} - -RUNNER_TEST(T5020_CLIENT_APP_ADD_TO_PRIVATE_DB) -{ - // [test] - // switch to user app, unlock DB - // when accessing private DB - owner==me - // try to write to private DB - expect success - // try to get item from private DB - expect success - - // [test] - { - remove_user_data(USER_APP); - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA); - } -} - -RUNNER_TEST(T5030_CLIENT_APP_TRY_ADDING_SYSTEM_ITEM) -{ - // [test] - // switch to user app, unlock DB - // try to add item to system DB - expect fail - - // [prepare] - remove_user_data(USER_APP); - - // [test] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED); - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); - } -} - -RUNNER_TEST(T5031_CLIENT_APP_ACCESS_WITH_PERMISSION) -{ - // [prepare] - // start as system service - // add resource to the system DB - // add permission to the resource to a user app - // [test] - // switch to user app, unlock DB - // try to access the system item - expect success - - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); - - // [test] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); - } -} - -RUNNER_TEST(T5032_CLIENT_APP_ACCESS_NO_PERMISSION) -{ - // [prepare] - // start as system service - // add resource to the system DB - // [test] - // switch to user app, unlock DB - // try to access the system item - expect fail - - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - - // [test] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); - } -} - -RUNNER_TEST(T5033_CLIENT_APP_PERMISSION_REMOVAL) -{ - // [prepare] - // start as system service - // add resource to the system DB - // add permission to the resource to a user app - // [test] - // switch to user app, unlock DB - // try to access the system item - expect success - // [prepare2] - // as system service, remove the item (expecting to remove permission) - // add item again, do not add permission - // [test2] - // switch to user app, unlock DB - // try to access the system item - expect fail - - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); - - // [test] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); - } - - // [prepare2] - check_remove_allowed(TEST_SYSTEM_ALIAS.c_str()); - - // [test2] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); - } -} - -RUNNER_TEST(T5034_CLIENT_APP_SET_READ_ACCESS) -{ - // [test] - // switch to user app, unlock DB - // try to write to private DB - expect success - // try to write to system DB - expect fail - - // [test] - { - remove_user_data(USER_APP); - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - ScopedSaveData ssdsystem_user(TEST_ALIAS, TEST_DATA); - ScopedSaveData ssdsystem_system(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA, CKMC_ERROR_PERMISSION_DENIED); - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); - } -} - -RUNNER_TEST(T5035_CLIENT_APP_TRY_REMOVING_SYSTEM_ITEM) -{ - // [prepare] - // start as system service - // add resource to the system DB - // add permission to the resource to a user app - // [test] - // switch to user app, unlock DB - // try to remove item from system DB - expect fail - - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); - - // [test] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - check_remove_denied(TEST_SYSTEM_ALIAS.c_str()); - } -} - -RUNNER_TEST(T5036_CLIENT_LIST_ACCESSIBLE_ITEMS) -{ - // [prepare] - // start as system service - // add data A to the system DB - // add data B to the system DB - // add permission to data A to a user app - // [test] - // system service list items - expect both items to appear - // [test2] - // switch to user app, unlock DB - // add data as user - // user lists items - expect system item A and private item - - // [prepare] - remove_user_data(0); - remove_user_data(USER_APP); - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - gc.save(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA); - allow_access(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_READ); - - // [test] - check_alias_list({TEST_SYSTEM_ALIAS.c_str(), TEST_SYSTEM_ALIAS_2.c_str()}); - - // [test2] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - ScopedSaveData user_data(TEST_ALIAS, TEST_DATA); - - check_alias_list({TEST_SYSTEM_ALIAS.c_str(), - aliasWithLabel(TEST_LABEL, TEST_ALIAS)}); - } -} - -RUNNER_TEST(T5037_CLIENT_APP_TRY_GENERATE_KEY_IN_SYSTEM_DB) -{ - // [test] - // switch to user app, unlock DB - // try to generate a key in system DB - expect fail - - // [test] - { - remove_user_data(USER_APP); - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv"); - std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub"); - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - policy_private_key.password = NULL; - policy_private_key.extractable = 1; - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_PERMISSION_DENIED == - (temp = ckmc_create_key_pair_rsa(1024, - private_key_alias.c_str(), - public_key_alias.c_str(), - policy_private_key, - policy_public_key)), - CKMCReadableError(temp)); - } -} - -RUNNER_TEST(T5038_CLIENT_SERVER_CREATE_VERIFY_SYSTEM_DB) -{ - // [prepare] - // start as system service - // generate RSA key in system DB - // [test] - // try to create and verify signature in system DB - expect success - // [test2] - // switch to user app, unlock DB - // try to create signature in system DB - expect fail - - // [prepare] - remove_user_data(USER_APP); - GarbageCollector gc; - std::string private_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-priv"); - std::string public_key_alias = aliasWithLabel(SYSTEM_LABEL, "sys-db-pub"); - gc.add(private_key_alias.c_str()); - gc.add(public_key_alias.c_str()); - ckmc_policy_s policy_private_key; - ckmc_policy_s policy_public_key; - policy_private_key.password = NULL; - policy_private_key.extractable = 1; - policy_public_key.password = NULL; - policy_public_key.extractable = 1; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == - (temp = ckmc_create_key_pair_rsa(1024, - private_key_alias.c_str(), - public_key_alias.c_str(), - policy_private_key, - policy_public_key)), - CKMCReadableError(temp)); - - // [test] - { - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - private_key_alias.c_str(), - NULL, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - public_key_alias.c_str(), - NULL, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); - } - - // [test2] - { - ScopedDBUnlock unlock(USER_APP, APP_PASS); - ScopedAccessProvider ap(TEST_LABEL); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature; - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_create_signature( - private_key_alias.c_str(), - NULL, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - } -} - -RUNNER_TEST(T5039_SYSTEM_APP_SET_REMOVE_ACCESS) -{ - // [prepare] - // start as system service - // add resource to the system DB - // [test] - // add remove permission to a user app - expect fail - - // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - - // [test] - allow_access_negative(TEST_SYSTEM_ALIAS.c_str(), TEST_LABEL, CKMC_PERMISSION_REMOVE, CKMC_ERROR_INVALID_PARAMETER); -} - -RUNNER_TEST(T5040_SYSTEM_SVC_ACCESS_DB) -{ - // [prepare] - // start as system service - // add resource to the system DB - // [test] - // try to access the item - expect success - - // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - - // [test] - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); -} - -RUNNER_TEST(T5041_SYSTEM_SVC_1234_ACCESS_DB) -{ - // [prepare] - // start as system service - // add resource to the system DB - // [test] - // switch to another system service - // try to access the item - expect success - - // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - - // [test] - { - ScopedAccessProvider ap(TEST_LABEL_2); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); - } -} - -RUNNER_TEST(T5042_SYSTEM_SVC_1234_ADD_ITEM_TO_DB) -{ - // [prepare] - // start as system service 1234 - // add resource to the system DB - // [test] - // switch to another system service - // try to access the item - expect success - - // [prepare] - { - ScopedAccessProvider ap(TEST_LABEL_2); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_SERVICE_2, GROUP_SERVICE_2); - - // [test] - ScopedSaveData ssd(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); - } -} - -RUNNER_TEST(T5043_SYSTEM_SVC_4999_ACCESS_DB) -{ - // [prepare] - // start as system service - // add resource to the system DB - // [test] - // switch to system service having uid maximum for system svcs - // try to access the item - expect success - - // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - - // [test] - { - ScopedAccessProvider ap(TEST_LABEL_2); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_SERVICE_MAX, GROUP_SERVICE_MAX); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); - } -} - -RUNNER_TEST(T5044_SYSTEM_SVC_5000_ACCESS_DB) -{ - RUNNER_IGNORED_MSG("This test is turn off because fix " - "from tizen 2.4 that unlock db with empty password"); - // [prepare] - // start as system service - // add resource to the system DB - // [test] - // switch to another, faulty system service with user-land uid==5000 - // try to access the item - expect fail (no system service) - - // [prepare] - GarbageCollector gc; - gc.save(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA); - - // [test] - { - ScopedAccessProvider ap(TEST_LABEL_2); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_SERVICE_FAIL, GROUP_SERVICE_FAIL); - - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA, CKMC_ERROR_DB_LOCKED); - } -} - -RUNNER_TEST(T5045_SYSTEM_DB_ADD_WITH_INVALID_LABEL) -{ - // [prepare] - // start as system service - // [test] - // try to add item to system DB using wrong label - expect fail - // try to add item using explicit system label - expect success - - // [prepare] - remove_user_data(USER_APP); - - // [test] - save_data(aliasWithLabel(INVALID_LABEL, TEST_ALIAS).c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); - check_read(TEST_ALIAS, INVALID_LABEL, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); - - save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA); - check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA); -} diff --git a/src/ckm/test-certs.cpp b/src/ckm/test-certs.cpp deleted file mode 100644 index a61de761..00000000 --- a/src/ckm/test-certs.cpp +++ /dev/null @@ -1,350 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file test-certs.cpp - * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com) - * @version 1.0 - */ - -#include -#include -#include -#include - -using namespace std; - -namespace { -typedef map> CertMap; - -CKM::CertificateShPtr createCert(const string& cert) { - CKM::RawBuffer buffer_cert(cert.begin(), cert.end()); - CKM::CertificateShPtr cptr = CKM::Certificate::create(buffer_cert, CKM::DataFormat::FORM_PEM); - return cptr; -} - -CertMap initializeTestCerts() -{ - CertMap cm; - - // TEST_ROOT_CA, expires 2035 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n" - "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n" - "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n" - "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n" - "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n" - "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n" - "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n" - "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n" - "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n" - "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n" - "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n" - "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n" - "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n" - "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n" - "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n" - "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n" - "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n" - "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n" - "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n" - "kOg11TpPdNDkhb1J4ZCh2gupDg==\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::TEST_ROOT_CA] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIDljCCAn6gAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwZjELMAkGA1UEBhMCQVUx\n" - "EzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rl\n" - "c3RpbmcxITAfBgNVBAMMGFRlc3Qgcm9vdCBjYSBjZXJ0aWZpY2F0ZTAeFw0xNTAx\n" - "MTYxNjQ1MzRaFw0zNTAxMTExNjQ1MzRaMGQxCzAJBgNVBAYTAkFVMRMwEQYDVQQI\n" - "DApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMR8w\n" - "HQYDVQQDDBZUZXN0IElNIENBIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEF\n" - "AAOCAQ8AMIIBCgKCAQEAzmBF78qClgoKfnLAncMXZwZ14TW+5kags1+QCYeg3c7j\n" - "L9+RvDxIaX2tKf1sukJcwQfYqUlQkwt+58LMOb2ORtkpj8Or6WCWCZ0BzneT8ug7\n" - "nxJT4m9+bohMF0JoKjjB2H4KNMHamLIwUxRKt6nyfk81kVhJOi2vzzxd+UCPi6Pc\n" - "UAbJNH48eNgOIg55nyFovVzYj8GIo/9GvHJj83PPa/KlJZ+Z1qZASZZ/VYorplVT\n" - "thsHXKfejhFy5YJ9t7n/vyAQsyBsagZsvX19xnH41fbYXHKf8UbXG23rNaZlchs6\n" - "XJVLQdzOpj3WTj/lCocVHqLaZISLhNQ3aI7kUBUdiwIDAQABo1AwTjAdBgNVHQ4E\n" - "FgQUoCYNaCBP4jl/3SYQuK8Ka+6i3QEwHwYDVR0jBBgwFoAUt6pkzFt1PZlfYRL/\n" - "HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjRzWiD97\n" - "Htv4Kxpm3P+C+xP9AEteCJfO+7p8MWgtWEJOknJyt55zeKS2JwZIq57KcbqD8U7v\n" - "vAUx1ymtUhlFPFd7J1mJ3pou+3aFYmGShYhGHpbrmUwjp7HVP588jrW1NoZVHdMc\n" - "4OgJWFrViXeu9+maIcekjMB/+9Y0dUgQuK5ZuT5H/Jwet7Th/o9uufTUZjBzRvrB\n" - "pbXgQpqgME2av4Q/6LuldPCTHLtWXgFUU2R+yCGmuGilvhFJnKoQryAbYnIQNWE8\n" - "SLoHQ9s1i7Zyb7HU6UAaqMOz15LBkyAqtNyJcO2p7Q/p5YK0xfD4xisI5qXucqVm\n" - "F2obL5qJSTN/RQ==\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::TEST_IM_CA] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // TEST_LEAF, signed by TEST_IM_CA, expires 2035 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIDOzCCAiMCAQEwDQYJKoZIhvcNAQEFBQAwZDELMAkGA1UEBhMCQVUxEzARBgNV\n" - "BAgMClNvbWUtU3RhdGUxDTALBgNVBAoMBEFDTUUxEDAOBgNVBAsMB1Rlc3Rpbmcx\n" - "HzAdBgNVBAMMFlRlc3QgSU0gQ0EgY2VydGlmaWNhdGUwHhcNMTUwMTE2MTY0ODE0\n" - "WhcNMzUwMTExMTY0ODE0WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1T\n" - "dGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVzdGluZzEeMBwGA1UEAwwV\n" - "VGVzdCBsZWFmIGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" - "CgKCAQEAzTdDIa2tDmRxFnIgiG+mBz8GoSVODs0ImNQGbqj+pLhBOFRH8fsah4Jl\n" - "z5YF9KwhMVLknnHGFLE/Nb7Ac35kEzhMQMpTRxohW83oxw3eZ8zN/FBoKqg4qHRq\n" - "QR8kS10YXTgrBR0ex/Vp+OUKEw6h7yL2r4Tpvrn9/qHwsxtLxqWbDIVf1O9b1Lfc\n" - "bllYMdmV5E62yN5tcwrDP8gvHjFnVeLzrG8wTpc9FR90/0Jkfp5jAJcArOBLrT0E\n" - "4VRqs+4HuwT8jAwFAmNnc7IYX5qSjtSWkmmHe73K/lzB+OiI0JEc/3eWUTWqwTSk\n" - "4tNCiQGBKJ39LXPTBBJdzmxVH7CUDQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAp\n" - "UdDOGu3hNiG+Vn10aQ6B1ZmOj3t+45gUV3sC+y8hB8EK1g4P5Ke9bVDts0T5eOnj\n" - "CSc+6VoND5O4adI0IFFRFljHNVnvjeosHfUZNnowsmA2ptQBtC1g5ZKRvKXlkC5/\n" - "i5BGgRqPFA7y9WB9Y05MrJHf3E+Oz/RBsLeeNiNN+rF5X1vYExvGHpo0M0zS0ze9\n" - "HtC0aOy8ocsTrQkf3ceHTAXx2i8ftoSSD4klojtWFpWMrNQa52F7wB9nU6FfKRuF\n" - "Zj/T1JkYXKkEwZU6nAR2jdZp3EP9xj3o15V/tyFcXHx6l8NTxn4cJb+Xe4VquQJz\n" - "6ON7PVe0ABN/AlwVQiFE\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::TEST_LEAF] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // GIAG2, signed by GEOTRUST, expires 31 Dec 2016 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n" - "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n" - "YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG\n" - "EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy\n" - "bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" - "AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP\n" - "VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv\n" - "h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE\n" - "ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ\n" - "EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC\n" - "DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7\n" - "qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD\n" - "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig\n" - "JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF\n" - "BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ\n" - "MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE\n" - "+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6\n" - "8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS\n" - "etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i\n" - "vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP\n" - "WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8\n" - "VOBHBw==\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::GIAG2] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // MBANK, signed by SYMANTEC, expires 04 Feb 2016 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\n" - "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n" - "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\n" - "IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\n" - "MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\n" - "ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\n" - "MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\n" - "DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\n" - "bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\n" - "bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\n" - "JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\n" - "Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\n" - "aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\n" - "Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\n" - "dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\n" - "Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\n" - "HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\n" - "BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\n" - "dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\n" - "c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\n" - "BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\n" - "BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\n" - "KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\n" - "eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\n" - "AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\n" - "ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\n" - "9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\n" - "rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\n" - "LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\n" - "U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\n" - "vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\n" - "SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\n" - "aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\n" - "WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::MBANK] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\n" - "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" - "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" - "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" - "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" - "aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\n" - "CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n" - "BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\n" - "YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" - "AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\n" - "FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\n" - "BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\n" - "pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\n" - "IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\n" - "zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\n" - "MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\n" - "BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\n" - "L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\n" - "eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\n" - "LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\n" - "GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\n" - "Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\n" - "hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\n" - "nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\n" - "qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\n" - "eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\n" - "LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\n" - "2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::SYMANTEC] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // GEOTRUST, signed by EQUIFAX, expires 21 Aug 2018 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n" - "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n" - "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n" - "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n" - "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" - "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n" - "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n" - "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n" - "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n" - "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n" - "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n" - "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n" - "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n" - "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n" - "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n" - "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n" - "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n" - "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n" - "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::GEOTRUST] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // EQUIFAX, (root CA), expires 22 Aug 2018 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV\n" - "UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy\n" - "dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1\n" - "MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx\n" - "dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B\n" - "AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f\n" - "BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A\n" - "cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC\n" - "AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ\n" - "MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm\n" - "aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw\n" - "ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj\n" - "IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF\n" - "MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA\n" - "A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y\n" - "7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh\n" - "1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016 - { - std::string raw_base64 = std::string( - "-----BEGIN CERTIFICATE-----\n" - "MIIGzzCCBbegAwIBAgIIG6xwxBtjtJEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE\n" - "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n" - "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMDE1MTY0MjQzWhcNMTYwMTEzMDAwMDAw\n" - "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n" - "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n" - "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjZonqWEMpOM+v3cr\n" - "rD/xj0L1lxUK2EaCmk3xckbEMFEMW992hnCa1CRjcOC3jb2bkmjHfVzfgt/mbCcX\n" - "H2YYi6OCBGcwggRjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n" - "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n" - "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n" - "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n" - "ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds\n" - "ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv\n" - "b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q\n" - "Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n\n" - "bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou\n" - "Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv\n" - "b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv\n" - "LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq\n" - "Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq\n" - "LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1\n" - "YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYILYW5k\n" - "cm9pZC5jb22CBGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv\n" - "b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUu\n" - "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n" - "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n" - "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n" - "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTkzYJaSmLNPMENVN00b75rL11D/zAMBgNV\n" - "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1Ud\n" - "IAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYf\n" - "aHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOC\n" - "AQEAHj3svrvviu8X79HzVy6hPIoPUtjkYbgheBSZeWTAC0GgxdZ3cQTrZShZNXmL\n" - "A9Pwfvs2Kv+iAWfDFuyG6WGD4YN2m2MItQRlBdGGib5aMl8N4vq/KQ1HU2Sw2KQA\n" - "gBfgt3THooNzXdJ363K7NShV1SMbZYpYMJ3p+hgZe1ezymIM/yny/j/nhoHMqFUG\n" - "KRNjp7n74bmj0HG9Upci8QL8oxCynKwCPs72Dw8WIFv+WjXoTkEgnfHfUklWBZ8n\n" - "SpLyfbO8eRQkgXPZxau0BMof5tyetyzBe2QQ/OcvAkDUVhwZi2wIBf9rbhWnl2LE\n" - "urbTa3K72M5I58jgb740XezcOQ==\n" - "-----END CERTIFICATE-----\n"); - cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64)); - } - - return cm; -} - -CertMap TEST_CERTS = initializeTestCerts(); -} - - -std::string TestData::getTestCertificateBase64(TestData::certificateID id) -{ - RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!"); - RUNNER_ASSERT_MSG(TEST_CERTS[id].first.size()>0, "Certificate is empty (should never ever happen)!"); - - return TEST_CERTS[id].first; -} - -CKM::CertificateShPtr TestData::getTestCertificate(certificateID id) -{ - RUNNER_ASSERT_MSG(TEST_CERTS.find(id) != TEST_CERTS.end(), "Unknown certificate index!"); - RUNNER_ASSERT_MSG(TEST_CERTS[id].second, "Certificate is empty (should never ever happen)!"); - - return TEST_CERTS[id].second; -} diff --git a/src/ckm/test-certs.h b/src/ckm/test-certs.h deleted file mode 100644 index 6f55c341..00000000 --- a/src/ckm/test-certs.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file test-certs.h - * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com) - * @version 1.0 - */ - -#pragma once - -#include -#include - -namespace TestData -{ - -enum certificateID { - // test certificates - TEST_ROOT_CA = 0, // TEST_ROOT_CA, expires 2035 - TEST_IM_CA, // TEST_IM_CA, signed by TEST_ROOT_CA, expires 2035 - TEST_LEAF, // TEST_LEAF, signed by TEST_IM_CA, expires 2035 - - // third party - GIAG2, // GIAG2, signed by GEOTRUST, expires 31 Dec 2016 - MBANK, // MBANK, signed by SYMANTEC, expires 04 Feb 2016 - SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023 - GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018 - EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018 - GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 13 Jan 2016 - - // footer - last element in the set - NO_CERT -}; - -std::string getTestCertificateBase64(certificateID id); -CKM::CertificateShPtr getTestCertificate(certificateID id); -} diff --git a/src/ckm/test1801.pkcs12 b/src/ckm/test1801.pkcs12 deleted file mode 100644 index 4be54ef6..00000000 Binary files a/src/ckm/test1801.pkcs12 and /dev/null differ diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt deleted file mode 100644 index 994fee1d..00000000 --- a/src/common/CMakeLists.txt +++ /dev/null @@ -1,48 +0,0 @@ -INCLUDE(FindPkgConfig) -SET(COMMON_TARGET_TEST "tests-common") - -#dependencies -PKG_CHECK_MODULES(COMMON_TARGET_DEP - libsmack - dbus-1 - sqlite3 - libgum - glib-2.0 - REQUIRED - ) - -#files to compile -SET(COMMON_TARGET_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/src/common/tests_common.cpp - ${PROJECT_SOURCE_DIR}/src/common/access_provider.cpp - ${PROJECT_SOURCE_DIR}/src/common/smack_access.cpp - ${PROJECT_SOURCE_DIR}/src/common/dbus_connection.cpp - ${PROJECT_SOURCE_DIR}/src/common/dbus_message_in.cpp - ${PROJECT_SOURCE_DIR}/src/common/dbus_message_out.cpp - ${PROJECT_SOURCE_DIR}/src/common/service_manager.cpp - ${PROJECT_SOURCE_DIR}/src/common/memory.cpp - ${PROJECT_SOURCE_DIR}/src/common/db_sqlite.cpp - ${PROJECT_SOURCE_DIR}/src/common/fs_label_manager.cpp - ${PROJECT_SOURCE_DIR}/src/common/passwd_access.cpp - ${PROJECT_SOURCE_DIR}/src/common/uds.cpp - ${PROJECT_SOURCE_DIR}/src/common/synchronization_pipe.cpp - ${PROJECT_SOURCE_DIR}/src/common/timeout.cpp - ${PROJECT_SOURCE_DIR}/src/common/temp_test_user.cpp - ) - -#system and local includes -INCLUDE_DIRECTORIES(SYSTEM ${COMMON_TARGET_DEP_INCLUDE_DIRS}) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/framework/include - ${PROJECT_SOURCE_DIR}/src/common - ) - - -#output OBJECT format -ADD_LIBRARY(${COMMON_TARGET_TEST} ${COMMON_TARGET_TEST_SOURCES}) - -TARGET_LINK_LIBRARIES(${COMMON_TARGET_TEST} ${COMMON_TARGET_DEP_LIBRARIES} - dpl-test-framework) - -INSTALL (FILES ${PROJECT_SOURCE_DIR}/src/common/security-tests.conf DESTINATION /etc/dbus-1/system.d) diff --git a/src/common/access_provider.cpp b/src/common/access_provider.cpp deleted file mode 100644 index e9f91dcc..00000000 --- a/src/common/access_provider.cpp +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file access_provider.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ -#include -#include -#include - -#include - -#include - -#include - -namespace SecurityServer { - -AccessProvider::AccessProvider(const std::string &mySubject) - : m_mySubject(mySubject) -{} - -void AccessProvider::allowSS() { - m_smackAccess.add(m_mySubject, "System::Run", "x"); -} - -void AccessProvider::addObjectRule(const std::string &object, const std::string &rule) { - m_smackAccess.add(m_mySubject, object, rule); -} - -void AccessProvider::apply() { - m_smackAccess.apply(); -} - -void AccessProvider::applyAndSwithToUser(int uid, int gid) { - RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()), - "Error in smack_revoke_subject(" << m_mySubject << ")"); - apply(); - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()), - "Error in smack_set_label_for_self."); - RUNNER_ASSERT_MSG(0 == setgid(gid), - "Error in setgid."); - RUNNER_ASSERT_MSG(0 == setuid(uid), - "Error in setuid."); -} - -} // namespace SecurityServer - diff --git a/src/common/access_provider.h b/src/common/access_provider.h deleted file mode 100644 index 452d4180..00000000 --- a/src/common/access_provider.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file access_provider.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ -#ifndef _ACCESS_FOR_DUMMIES_H_ -#define _ACCESS_FOR_DUMMIES_H_ - -#include - -#include - -namespace SecurityServer { - -class AccessProvider { -public: - AccessProvider(const std::string &mySubject); - - AccessProvider(const AccessProvider &second) = delete; - AccessProvider& operator=(const AccessProvider &second) = delete; - - void addObjectRule(const std::string &object, const std::string &rule); - void allowSS(); - void apply(); - void applyAndSwithToUser(int uid, int gid); - - virtual ~AccessProvider(){} -private: - std::string m_mySubject; - SmackAccess m_smackAccess; -}; - -} // namespace SecurityServer - -#endif // _ACCESS_FOR_DUMMIES_H_ - diff --git a/src/common/db_sqlite.cpp b/src/common/db_sqlite.cpp deleted file mode 100644 index 73c842bf..00000000 --- a/src/common/db_sqlite.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file libprivilege-control_test_db_sqlite.cpp - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control tests API for sqlite3 database access - */ - -#include -#include "db_sqlite.h" - -Sqlite3DBase::Sqlite3DBase(const std::string& db_path, int flags) - : m_db_handle(nullptr), m_db_path(db_path), m_flags(flags) -{ -} - -Sqlite3DBase::~Sqlite3DBase() -{ - sqlite3_close(m_db_handle); -} - -#define VFS_NOT_USED nullptr - -void Sqlite3DBase::open(void) -{ - if (m_db_handle) //database already opened - return; - - int ret = sqlite3_open_v2(m_db_path.c_str(), &m_db_handle, m_flags, VFS_NOT_USED); - RUNNER_ASSERT_MSG(m_db_handle, "Error opening the database: Unable to allocate memory."); - RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error opening the database: " << - sqlite3_errmsg(m_db_handle)); -} - -void Sqlite3DBase::close(void) -{ - int ret = sqlite3_close(m_db_handle); - RUNNER_ASSERT_MSG(ret == SQLITE_OK, "Error closing the database: " << - sqlite3_errmsg(m_db_handle)); - - m_db_handle = nullptr; -} - -bool Sqlite3DBase::is_open(void) const -{ - return !!m_db_handle; -} - -void Sqlite3DBase::execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result) -{ - char* tmp = nullptr; - std::string errmsg; - - int ret = sqlite3_exec(m_db_handle, sql_query.c_str(), callback, &result, &tmp); - if (tmp) { - errmsg.assign(tmp); - } - sqlite3_free(tmp); - - RUNNER_ASSERT_MSG(ret == SQLITE_OK || ret == SQLITE_ABORT, "Error executing statement <" << - sql_query << "> : " << errmsg); -} - -int Sqlite3DBase::callback(void* p_result, int cols, char** data, char** header) -{ - int i; - Sqlite3DBaseSelectResult* result = static_cast(p_result); - - // if this is first record get column names - if (result->rows.empty()) { - for (i = 0; i < cols; ++i) { - result->header.push_back(header[i] ? header[i] : ""); - } - } - result->rows.push_back(Sqlite3Row()); - for (i = 0; i < cols; ++i) { - result->rows.back().push_back(data[i] ? data[i] : ""); - } - return SQLITE_OK; -} diff --git a/src/common/db_sqlite.h b/src/common/db_sqlite.h deleted file mode 100644 index 42092cf1..00000000 --- a/src/common/db_sqlite.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file libprivilege-control_test_db_sqlite.h - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control tests API for sqlite3 database access - */ - -#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_ -#define LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_ - -#include -#include -#include - -/** - * @def DB_SQLITE_READONLY_FLAG - * @brief Sqlite3 flag set for opening database in RO mode - */ -#define DB_SQLITE_READONLY_FLAG SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE \ - | SQLITE_OPEN_READONLY - -/** - * @typedef Sqlite3HeaderName - * @brief Holds single column name of sqlite select query response. - */ -typedef std::string Sqlite3HeaderName; - -/** - * @typedef Sqlite3HeaderNameVector - * @brief Holds column names vector of sqlite select query response. - */ -typedef std::vector Sqlite3HeaderNameVector; - -/** - * @typedef Sqlite3RowCell - * @brief Holds single cell of row of sqlite select query response. - */ -typedef std::string Sqlite3RowCell; - -/** - * @typedef Sqlite3Row - * @brief Holds single row of sqlite select query response. - */ -typedef std::vector Sqlite3Row; - -/** - * @typedef Sqlite3RowVector - * @brief Holds multiple rows of sqlite select query response. - */ -typedef std::vector Sqlite3RowVector; - -/** - * @class Sqlite3DBaseSelectResult - * @brief Sqlite3 select query response. - * - * Fields are public as there is no complicated logic to operate on them - */ -struct Sqlite3DBaseSelectResult -{ -/** - * @var header - * @brief Sqlite select query column names - */ - Sqlite3HeaderNameVector header; - -/** - * @var rows - * @brief Sqlite select query rows vector - */ - Sqlite3RowVector rows; -}; - - -/** - * @class Sqlite3DBase - * @brief Simple interface for executing select statements on sqlite3 database - * - * Fields are public as there is no complicated logic to operate on them - */ -class Sqlite3DBase -{ -public: -/** - * @brief A constructor - * - * @param db_path path to database file - * @param flags sqlite3 flags defining database opening mode - * (default value DB_SQLITE_READONLY_FLAG) - */ - Sqlite3DBase(const std::string& db_path, int flags = DB_SQLITE_READONLY_FLAG); - -/** - * @brief A destructor - */ - ~Sqlite3DBase(); - -/** - * @brief Open database. - * - * If database is already opened do nothing. - * - * @throw DPL::Test::TestFailed when opening database fails - */ - void open(void); - -/** - * @brief Close database. - * - * @throw DPL::Test::TestFailed when closing database fails - */ - void close(void); - -/** - * @brief Get database connection status. - * - * @return true if database is open - * false if database is closed - */ - bool is_open(void) const; - -/** - * @brief Execute SQL query on database - * - * @param sql_query SQL query - * @param result returned result - * - * @throw DPL::Test::TestFailed when execution of query fails - */ - void execute(const std::string& sql_query, Sqlite3DBaseSelectResult& result); - -private: -/** - * @var db_handle - * @brief Handle to sqlite3 database - * - * nullptr when database not opened. - */ - sqlite3* m_db_handle; - -/** - * @var db_path - * @brief Path to database file - */ - std::string m_db_path; - -/** - * @var flags - * @brief Sqlite3 flags defining database opening mode - */ - int m_flags; - -/** - * @brief Callback used to aquire results from SQL query - * - * It is run by sqlite for every row in query result. - * - * @param p_result pointer to private data (Sqlite3DBaseSelectResult) - * @param cols number of columns in SQL result - * @param data array of strings containing single row - * @param header array of strings containing column names - * @return SQLITE_OK as we always know what to do with data - */ - static int callback(void* p_result, int cols, char** data, char** header); -}; - -#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_SQLITE_H_ */ diff --git a/src/common/dbus_connection.cpp b/src/common/dbus_connection.cpp deleted file mode 100644 index 424bd0eb..00000000 --- a/src/common/dbus_connection.cpp +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file dbus_connection.cpp - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief DBus connection wrapper class source file - */ - -#include - -#include - -namespace DBus -{ - -Connection::Connection(DBusBusType busType, bool busPrivate) - : m_busPrivate(busPrivate) -{ - DBusError error; - dbus_error_init(&error); - ErrorPtr errorPtr(&error); - - if (busPrivate) - m_connection = dbus_bus_get_private(busType, &error); - else - m_connection = dbus_bus_get(busType, &error); - RUNNER_ASSERT_MSG(m_connection != nullptr, - "Failed to open connection on " - << (busPrivate ? "private" : "public") << " bus." - << " Error: " << error.message); - dbus_connection_set_exit_on_disconnect(m_connection, FALSE); -} - -Connection::~Connection() -{ - if (m_busPrivate) - dbus_connection_close(m_connection); - dbus_connection_unref(m_connection); -} - -void Connection::addMatch(const std::string &rule) -{ - DBusError error; - dbus_error_init(&error); - ErrorPtr errorPtr(&error); - - dbus_bus_add_match(m_connection, rule.c_str(), &error); - RUNNER_ASSERT_MSG(dbus_error_is_set(&error) != TRUE, "Failed to add match." - << " Rule: " << rule << ";" - << " Error: " << error.message); -} - -void Connection::addFilter(DBusHandleMessageFunction handleMessageFunction, - void *userData, - DBusFreeFunction freeDataFunction) -{ - if (freeDataFunction == nullptr) - freeDataFunction = [](void*)->void {}; - - dbus_bool_t ret = dbus_connection_add_filter(m_connection, - handleMessageFunction, - userData, - freeDataFunction); - RUNNER_ASSERT_MSG(ret == TRUE, "Failed to add filter. Not enough memory"); -} - -void Connection::readWriteDispatch() -{ - dbus_bool_t ret = dbus_connection_read_write_dispatch(m_connection, -1); - RUNNER_ASSERT_MSG(ret == TRUE, "Failed to read write dispatch. Disconnect message has been processed"); -} - -void Connection::flush() -{ - dbus_connection_flush(m_connection); -} - -void Connection::requestName(const std::string &name) -{ - DBusError error; - dbus_error_init(&error); - ErrorPtr errorPtr(&error); - - int ret = dbus_bus_request_name(m_connection, - name.c_str(), - DBUS_NAME_FLAG_REPLACE_EXISTING | DBUS_NAME_FLAG_DO_NOT_QUEUE, - &error); - switch (ret) - { - case DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER: - case DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER: - return; - case DBUS_REQUEST_NAME_REPLY_EXISTS: - RUNNER_FAIL_MSG("Failed to request name." - << " Name: " << name << ";" - << " Owner did not specified DBUS_NAME_FLAG_ALLOW_REPLACEMENT flag"); - case -1: - RUNNER_FAIL_MSG("Failed to request name." - << " Name: " << name << ";" - << " Error: " << error.message); - default: // DBUS_REQUEST_NAME_REPLY_IN_QUEUE - RUNNER_FAIL_MSG("Should not happen"); - } -} - -MessageIn Connection::sendWithReplyAndBlock(const MessageOut &messageOut) -{ - DBusError error; - dbus_error_init(&error); - ErrorPtr errorPtr(&error); - - DBusMessage *messageRecv = dbus_connection_send_with_reply_and_block(m_connection, - messageOut.getMessage(), - -1, - &error); - RUNNER_ASSERT_MSG(messageRecv != nullptr, "Failed to send with reply and block. " - << "Error: " << error.message); - return MessageIn(messageRecv); -} - -} // namespace DBus diff --git a/src/common/dbus_connection.h b/src/common/dbus_connection.h deleted file mode 100644 index f2db5ace..00000000 --- a/src/common/dbus_connection.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file dbus_connection.h - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief DBus connection wrapper class header - */ - -#ifndef COMMON_DBUS_CONNECTION_H -#define COMMON_DBUS_CONNECTION_H - -#include - -#include -#include -#include - -#include - -namespace DBus -{ - -DEFINE_SMARTPTR(dbus_error_free, DBusError, ErrorPtr); - -class Connection -{ -public: - Connection(DBusBusType busType, bool privateGet); - Connection(const Connection &other) = delete; - ~Connection(); - - Connection& operator=(const Connection &other) = delete; - - void addMatch(const std::string &rule); - void addFilter(DBusHandleMessageFunction handleMessageFunction, - void *userData, - DBusFreeFunction freeDataFunction = nullptr); - void readWriteDispatch(); - void flush(); - void requestName(const std::string &name); - MessageIn sendWithReplyAndBlock(const MessageOut &messageOut); - -private: - DBusConnection *m_connection; - bool m_busPrivate; -}; - -} // namespace DBus - -#endif // COMMON_DBUS_CONNECTION_H diff --git a/src/common/dbus_message_in.cpp b/src/common/dbus_message_in.cpp deleted file mode 100644 index c04533bb..00000000 --- a/src/common/dbus_message_in.cpp +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file dbus_message_in.cpp - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief DBus incoming message wrapper class source file - */ - -#include - -#include - -namespace DBus -{ - -MessageIn::MessageIn(DBusMessage *message, bool ref) - : m_message(message) -{ - RUNNER_ASSERT(m_message != nullptr); - if (ref) - dbus_message_ref(m_message); -} - -MessageIn::MessageIn(MessageIn &&other) - : m_message(other.m_message) -{ - other.m_message = nullptr; -} - -MessageIn::~MessageIn() -{ - if (m_message != nullptr) - dbus_message_unref(m_message); -} - -int MessageIn::getType() -{ - return dbus_message_get_type(m_message); -} - -bool MessageIn::isMethodCall(const std::string &interface, const std::string &method) -{ - dbus_bool_t ret = dbus_message_is_method_call(m_message, - interface.c_str(), - method.c_str()); - return ret == TRUE; -} - -bool MessageIn::isSignal(const std::string &interface, const std::string &signalName) -{ - dbus_bool_t ret = dbus_message_is_signal(m_message, - interface.c_str(), - signalName.c_str()); - return ret == TRUE; -} - -bool MessageIn::isError(const std::string &errorName) -{ - dbus_bool_t ret = dbus_message_is_error(m_message, - errorName.c_str()); - return ret == TRUE; -} - -MessageIn::Iterator MessageIn::iterInit() -{ - return Iterator(this->m_message); -} - -MessageIn::Iterator::Iterator(DBusMessage* message) -{ - dbus_message_iter_init(message, &m_iterator); -} - -MessageIn::Iterator::Iterator(DBusMessageIter *iteratorOver) -{ - dbus_message_iter_recurse(iteratorOver, &m_iterator); -} - -bool MessageIn::Iterator::next() -{ - return dbus_message_iter_next(&m_iterator) != FALSE; -} - -void MessageIn::Iterator::expectNext() -{ - RUNNER_ASSERT_MSG(next(), "No next argument in message"); -} - -int MessageIn::Iterator::getArgType() -{ - return dbus_message_iter_get_arg_type(&m_iterator); -} - -void MessageIn::Iterator::expectArgType(int argType) -{ - int argTypeActual = getArgType(); - RUNNER_ASSERT_MSG(argTypeActual == argType, "Wrong argument type in message" - << " Actual: " << argTypeActual - << " Expected: " << argType); -} - -void MessageIn::Iterator::expectArgTypeValid() -{ - RUNNER_ASSERT_MSG(getArgType() != DBUS_TYPE_INVALID, "Invalid argument type in message"); -} - -char MessageIn::Iterator::getArgChar() -{ - return getArg(); -} - -bool MessageIn::Iterator::getArgBool() -{ - dbus_bool_t value; - dbus_message_iter_get_basic(&m_iterator, &value); - return value != FALSE; -} - -int16_t MessageIn::Iterator::getArgInt16() -{ - return getArg(); -} - -uint16_t MessageIn::Iterator::getArgUint16() -{ - return getArg(); -} - -int32_t MessageIn::Iterator::getArgInt32() -{ - return getArg(); -} - -uint32_t MessageIn::Iterator::getArgUint32() -{ - return getArg(); -} - -int64_t MessageIn::Iterator::getArgInt64() -{ - return getArg(); -} - -uint64_t MessageIn::Iterator::getArgUint64() -{ - return getArg(); -} - -double MessageIn::Iterator::getArgDouble() -{ - return getArg(); -} - -std::string MessageIn::Iterator::getArgString() -{ - char *value; - dbus_message_iter_get_basic(&m_iterator, &value); - return std::string(value); -} - -MessageIn::Iterator MessageIn::Iterator::recurse() -{ - return Iterator(&(this->m_iterator)); -} - -} // namespace DBus diff --git a/src/common/dbus_message_in.h b/src/common/dbus_message_in.h deleted file mode 100644 index e0a0dc78..00000000 --- a/src/common/dbus_message_in.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file dbus_message_in.h - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief DBus incoming message wrapper class header - */ - -#ifndef COMMON_DBUS_MESSAGE_IN_H -#define COMMON_DBUS_MESSAGE_IN_H - -#include - -#include -#include - -namespace DBus -{ - -class MessageIn -{ -public: - MessageIn(DBusMessage *message, bool ref = false); - MessageIn(const MessageIn &other) = delete; - MessageIn(MessageIn &&other); - ~MessageIn(); - - MessageIn& operator=(const MessageIn &other) = delete; - - int getType(); - bool isMethodCall(const std::string &interface, const std::string &method); - bool isSignal(const std::string &interface, const std::string &signalName); - bool isError(const std::string &errorName); - - class Iterator - { - public: - friend class MessageIn; - - bool next(); - void expectNext(); - int getArgType(); - void expectArgType(int argType); - void expectArgTypeValid(); - char getArgChar(); - bool getArgBool(); - int16_t getArgInt16(); - uint16_t getArgUint16(); - int32_t getArgInt32(); - uint32_t getArgUint32(); - int64_t getArgInt64(); - uint64_t getArgUint64(); - double getArgDouble(); - std::string getArgString(); - Iterator recurse(); - - private: - template - T getArg() { - T value; - dbus_message_iter_get_basic(&m_iterator, &value); - return value; - } - - // sub constructor - Iterator(DBusMessageIter *iteratorOver); - // message constructor - Iterator(DBusMessage *message); - DBusMessageIter m_iterator; - }; - - Iterator iterInit(); - -private: - DBusMessage *m_message; -}; - -} // namespace DBus - -#endif // COMMON_DBUS_MESSAGE_IN_H diff --git a/src/common/dbus_message_out.cpp b/src/common/dbus_message_out.cpp deleted file mode 100644 index 2de0659b..00000000 --- a/src/common/dbus_message_out.cpp +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file dbus_message_out.cpp - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief DBus outgoing message wrapper class source file - */ - -#include - -#include - -namespace DBus -{ - -MessageOut::MessageOut(const std::string &destination, - const std::string &path, - const std::string &interface, - const std::string &method) -{ - m_message = dbus_message_new_method_call(destination.c_str(), - path.c_str(), - interface.c_str(), - method.c_str()); - RUNNER_ASSERT_MSG(nullptr != m_message, - "Failed to create new method call. Not enough memory"); -} - -MessageOut::MessageOut(MessageOut &&other) - : m_message(other.m_message) -{ - other.m_message = nullptr; -} - -MessageOut::~MessageOut() -{ - if (m_message != nullptr) - dbus_message_unref(m_message); -} - -DBusMessage* MessageOut::getMessage() const -{ - return m_message; -} - -void MessageOut::append(bool b) -{ - DBusMessageIter iter; - dbus_message_iter_init_append(m_message, &iter); - - dbus_bool_t bArg = b ? TRUE : FALSE; - dbus_bool_t ret = dbus_message_iter_append_basic(&iter, - DBUS_TYPE_BOOLEAN, - &bArg); - RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic boolean. Not enough memory"); -} - -void MessageOut::append(const char *cstr) -{ - DBusMessageIter iter; - dbus_message_iter_init_append(m_message, &iter); - - dbus_bool_t ret = dbus_message_iter_append_basic(&iter, - DBUS_TYPE_STRING, - &cstr); - RUNNER_ASSERT_MSG(ret != FALSE, "Failed to append basic string. Not enough memory"); -} - -void MessageOut::append(const std::string &str) -{ - append(str.c_str()); -} - -void MessageOut::append(const std::vector &strs) -{ - DBusMessageIter iter; - dbus_message_iter_init_append(m_message, &iter); - - DBusMessageIter subIter; - dbus_bool_t ret = dbus_message_iter_open_container(&iter, - DBUS_TYPE_ARRAY, - DBUS_TYPE_STRING_AS_STRING, - &subIter); - RUNNER_ASSERT_MSG(ret != FALSE, "Failed to open container. Not enough memory"); - for (const auto &str : strs) { - const char *cstr = str.c_str(); - ret = dbus_message_iter_append_basic(&subIter, DBUS_TYPE_STRING, &cstr); - if (ret == FALSE) { - dbus_message_iter_abandon_container(&iter, &subIter); - RUNNER_FAIL_MSG("Failed to append basic string. Not enough memory"); - } - } - ret = dbus_message_iter_close_container(&iter, &subIter); - RUNNER_ASSERT_MSG(ret != FALSE, "Failed to close container. Not enough memory"); -} - -} // namespace DBus diff --git a/src/common/dbus_message_out.h b/src/common/dbus_message_out.h deleted file mode 100644 index 8b34d06e..00000000 --- a/src/common/dbus_message_out.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file dbus_message_out.h - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief DBus outgoing message wrapper class header - */ - -#ifndef COMMON_DBUS_MESSAGE_OUT_H -#define COMMON_DBUS_MESSAGE_OUT_H - -#include - -#include -#include - -namespace DBus -{ - -class MessageOut -{ -public: - MessageOut(const std::string &destination, - const std::string &path, - const std::string &interface, - const std::string &method); - MessageOut(const MessageOut &other) = delete; - MessageOut(MessageOut &&other); - ~MessageOut(); - - MessageOut& operator=(const MessageOut &other) = delete; - - DBusMessage* getMessage() const; - - void append(bool b); - void append(const char *cstr); - void append(const std::string &str); - void append(const std::vector &strs); - -private: - DBusMessage *m_message; -}; - -} // namespace DBus - -#endif // COMMON_DBUS_MESSAGE_OUT_H diff --git a/src/common/fs_label_manager.cpp b/src/common/fs_label_manager.cpp deleted file mode 100644 index 484ec768..00000000 --- a/src/common/fs_label_manager.cpp +++ /dev/null @@ -1,246 +0,0 @@ -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - - -namespace -{ -static const char* get_xattr_name(enum smack_label_type type) -{ - switch (type) { - case SMACK_LABEL_ACCESS: - return XATTR_NAME_SMACK; - case SMACK_LABEL_EXEC: - return XATTR_NAME_SMACKEXEC; - case SMACK_LABEL_MMAP: - return XATTR_NAME_SMACKMMAP; - case SMACK_LABEL_TRANSMUTE: - return XATTR_NAME_SMACKTRANSMUTE; - case SMACK_LABEL_IPIN: - return XATTR_NAME_SMACKIPIN; - case SMACK_LABEL_IPOUT: - return XATTR_NAME_SMACKIPOUT; - default: - /* Should not reach this point */ - return nullptr; - } -} -} - -FsLabelManager::FsLabelManager(const std::string &path, const std::string &label) - : m_path(path) - , m_label(label) -{ - umount(m_path.c_str()); - rmdir(m_path.c_str()); - - std::string data = std::string("mode=0777,uid=0,smackfsdef=") + label; - - int ret = mkdir(path.c_str(), S_IRWXU | S_IRWXG | S_IRWXO); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to make directory"); - - ret = mount("none", path.c_str(), "tmpfs", 0, data.c_str()); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to mount filesystem"); - - if (m_path[m_path.length()-1] != '/') - m_path += '/'; -} - -FsLabelManager::~FsLabelManager() -{ - umount(m_path.c_str()); - rmdir(m_path.c_str()); -} - -void FsLabelManager::createFile(const std::string &relativePath) -{ - std::string path = m_path + relativePath; - - mode_t systemMask = umask(0000); - int fd = open(path.c_str(), O_RDWR | O_CREAT | O_TRUNC, S_IRWXU | S_IRWXG | S_IRWXO); - umask(systemMask); - RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests"); - - close(fd); - - int ret = chown(path.c_str(), APP_UID, APP_GID); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner"); -} - -void FsLabelManager::createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath) -{ - std::string linkPath = m_path + relativeLinkPath; - std::string realPath = m_path + relativeRealPath; - - int ret = unlink(linkPath.c_str()); - RUNNER_ASSERT_ERRNO_MSG(ret == 0 || errno == ENOENT, "Unable to unlink file"); - - ret = symlink(realPath.c_str(), linkPath.c_str()); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to create symlink"); - - ret = lchown(linkPath.c_str(), APP_UID, APP_GID); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner"); -} - -void FsLabelManager::testSmackSetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType) -{ - std::string path = m_path + relativePath; - - int ret = smack_setlabel(path.c_str(), label, labelType); - RUNNER_ASSERT_MSG(ret == 0, "Error in normal setting label " << label); - - checkLabel(path, label, labelType); -} - -void FsLabelManager::testSmackLSetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType) -{ - std::string path = m_path + relativePath; - - int ret = smack_lsetlabel(path.c_str(), label, labelType); - RUNNER_ASSERT_MSG(ret == 0, "Error in link setting label " << label); - - checkLinkLabel(path, label, labelType); -} - -void FsLabelManager::testSmackFSetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType) -{ - std::string path = m_path + relativePath; - - int fd = open(path.c_str(), O_WRONLY); - RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file"); - - int ret = smack_fsetlabel(fd, label, labelType); - close(fd); - RUNNER_ASSERT_MSG(ret == 0, "Error in fd setting " << label); - - checkLabel(path, label, labelType); -} - -void FsLabelManager::testSmackGetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType) -{ - std::string path = m_path + relativePath; - - char *tmpLabel; - int ret = smack_getlabel(path.c_str(), &tmpLabel, labelType); - RUNNER_ASSERT_MSG(ret == 0, "Error in normal getting label"); - SmackLabelPtr labelPtr(tmpLabel); - - if (label == nullptr && !m_label.compare(tmpLabel)) - return; - RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. " - << tmpLabel << " != " << m_label); - - ret = strcmp(tmpLabel, label); - RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label); - - checkLabel(path, tmpLabel, labelType); -} - -void FsLabelManager::testSmackLGetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType) -{ - std::string path = m_path + relativePath; - - char *tmpLabel; - int ret = smack_lgetlabel(path.c_str(), &tmpLabel, labelType); - RUNNER_ASSERT_MSG(ret == 0, "Error in link getting label"); - SmackLabelPtr labelPtr(tmpLabel); - - if (label == nullptr && !m_label.compare(tmpLabel)) - return; - RUNNER_ASSERT_MSG(label != nullptr, "Path should be related with file system default label. " - << tmpLabel << " != " << m_label); - - ret = strcmp(tmpLabel, label); - RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label); - - checkLinkLabel(path, tmpLabel, labelType); -} - -void FsLabelManager::testSmackFGetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType) -{ - std::string path = m_path + relativePath; - int fd = open(path.c_str(), O_WRONLY); - RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to open file"); - - char *tmpLabel; - int ret = smack_fgetlabel(fd, &tmpLabel, labelType); - close(fd); - RUNNER_ASSERT_MSG(ret == 0, "Error in fd getting label"); - SmackLabelPtr labelPtr(tmpLabel); - - if (label == nullptr && !m_label.compare(tmpLabel)) - return; - RUNNER_ASSERT_MSG(label != nullptr, "Fd should be related with file system default label. " - << tmpLabel << " != " << m_label); - - ret = strcmp(tmpLabel, label); - RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << label); - - checkLabel(path, tmpLabel, labelType); -} - -void FsLabelManager::testSmackClearLabels(const std::string &relativePath) -{ - testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS); - testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_ACCESS); - testSmackSetLabel(relativePath, nullptr, SMACK_LABEL_EXEC); - testSmackGetLabel(relativePath, nullptr, SMACK_LABEL_EXEC); -} - -void FsLabelManager::checkLabel(const std::string &path, - const char *label, - enum smack_label_type labelType) -{ - char buf[SMACK_LABEL_LEN+2] = { 0, }; - int ret = getxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1); - RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr"); - - const char *tmpLabel; - if (label == nullptr) - tmpLabel = m_label.c_str(); - else - tmpLabel = label; - - ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1); - RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf); -} - -void FsLabelManager::checkLinkLabel(const std::string &path, - const char *label, - enum smack_label_type labelType) -{ - char buf[SMACK_LABEL_LEN+2] = { 0, }; - int ret = lgetxattr(path.c_str(), get_xattr_name(labelType), buf, SMACK_LABEL_LEN+1); - RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Error in getting xattr"); - - const char *tmpLabel; - if (label == nullptr) - tmpLabel = m_label.c_str(); - else - tmpLabel = label; - - ret = strncmp(tmpLabel, buf, SMACK_LABEL_LEN+1); - RUNNER_ASSERT_MSG(ret == 0, "Wrong label. " << tmpLabel << " != " << buf); -} diff --git a/src/common/fs_label_manager.h b/src/common/fs_label_manager.h deleted file mode 100644 index f45611f4..00000000 --- a/src/common/fs_label_manager.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file fs_label_manager.h - * @author Marcin Niesluchowski (m.niesluchow@samsung.com) - * @version 1.0 - * @brief Class for environment operations on file system. - */ -#ifndef _FS_LABEL_MANAGER_H_ -#define _FS_LABEL_MANAGER_H_ - -#include -#include - -class FsLabelManager -{ -public: - FsLabelManager() = delete; - FsLabelManager(const std::string &path, const std::string &label); - FsLabelManager(const FsLabelManager &second) = delete; - FsLabelManager& operator=(FsLabelManager &second) = delete; - - virtual ~FsLabelManager(); - - void createFile(const std::string &relativePath); - void createLink(const std::string &relativeLinkPath, const std::string &relativeRealPath); - - void testSmackSetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType); - void testSmackLSetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType); - void testSmackFSetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType); - - void testSmackGetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType); - void testSmackLGetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType); - void testSmackFGetLabel(const std::string &relativePath, - const char *label, - enum smack_label_type labelType); - - void testSmackClearLabels(const std::string &relativePath); - -private: - void checkLabel(const std::string &path, - const char *label, - enum smack_label_type labelType); - void checkLinkLabel(const std::string &path, - const char *label, - enum smack_label_type labelType); - - std::string m_path; - std::string m_label; -}; - -#endif // _FS_LABEL_MANAGER_H_ diff --git a/src/common/memory.cpp b/src/common/memory.cpp deleted file mode 100644 index 662bd3fc..00000000 --- a/src/common/memory.cpp +++ /dev/null @@ -1,6 +0,0 @@ -#include -#include - -void closePtr(int *p) { - close(*p); -} diff --git a/src/common/memory.h b/src/common/memory.h deleted file mode 100644 index 4ed24075..00000000 --- a/src/common/memory.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef MEMORY_H -#define MEMORY_H - -#include -#include -#include -#include - -#define DEFINE_SMARTPTR(func, type, name) \ - struct deleter_##func { \ - void operator()(type* p) {\ - func(p); \ - } \ - }; \ - \ - typedef std::unique_ptr name; - -// Custom freeing functions - -void closePtr(int *fd); - -// Defining specializations of unique_ptr - -DEFINE_SMARTPTR(free, char, CStringPtr); -DEFINE_SMARTPTR(closePtr, int, FdUniquePtr); -DEFINE_SMARTPTR(smack_accesses_free, smack_accesses, SmackAccessesPtr); -DEFINE_SMARTPTR(closedir, DIR, DirPtr); -DEFINE_SMARTPTR(globfree, glob_t, GlobPtr); - -// Custom typedefs - -typedef FdUniquePtr SockUniquePtr; -typedef CStringPtr SmackLabelPtr; -typedef CStringPtr CookieUniquePtr; - -#endif // MEMORY_H diff --git a/src/common/passwd_access.cpp b/src/common/passwd_access.cpp deleted file mode 100644 index 6f555494..00000000 --- a/src/common/passwd_access.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file passwd_access.cpp - * @author Aleksander Zdyb - * @version 1.0 - * @brief Provides access to UID and GID - */ - -#include -#include -#include - -#include - -#include "passwd_access.h" - -namespace PasswdAccess { - uid_t uid(const std::string &username) { - struct passwd *passwd = nullptr; - do { - errno = 0; - passwd = getpwnam(username.c_str()); - } while (passwd == nullptr && errno == EINTR); - RUNNER_ASSERT_ERRNO_MSG(passwd != nullptr, "Error in getpwnam(). Username: " << username); - return passwd->pw_uid; - } - - gid_t gid(const std::string &groupname) { - struct group *group = nullptr; - do { - errno = 0; - group = getgrnam(groupname.c_str()); - } while (group == nullptr && errno == EINTR); - RUNNER_ASSERT_ERRNO_MSG(group != nullptr, "Error in getgrnam(). Groupname: " << groupname); - return group->gr_gid; - } -} // namespace PasswdAccess diff --git a/src/common/passwd_access.h b/src/common/passwd_access.h deleted file mode 100644 index 36388286..00000000 --- a/src/common/passwd_access.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file passwd_access.h - * @author Aleksander Zdyb - * @version 1.0 - * @brief Provides access to UID and GID - */ - -#ifndef TESTS_COMMON_PASSWD_ACCESS_H_ -#define TESTS_COMMON_PASSWD_ACCESS_H_ - -#include -#include - -namespace PasswdAccess { - uid_t uid(const std::string &username); - gid_t gid(const std::string &groupname); -} // namespace PasswdAccess - -#endif // TESTS_COMMON_PASSWD_ACCESS_H_ diff --git a/src/common/security-tests.conf b/src/common/security-tests.conf deleted file mode 100644 index 0ae67221..00000000 --- a/src/common/security-tests.conf +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - diff --git a/src/common/service_manager.cpp b/src/common/service_manager.cpp deleted file mode 100644 index c571d5f3..00000000 --- a/src/common/service_manager.cpp +++ /dev/null @@ -1,338 +0,0 @@ -/* - * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file service_manager.cpp - * @author Zbigniew Jasinski - * @author Lukasz Wojciechowski - * @author Marcin Niesluchowski - * @version 1.1 - * @brief Definition of service control class using dbus interface to communicate with systemd - */ - -#include - -#include - -#include -#include -#include -#include - -namespace { - -const std::string DBUS_CLIENT_NAME("tests.dbus.client"); -const std::string DBUS_PROPERTIES_INTERFACE("org.freedesktop.DBus.Properties"); -const std::string SYSTEMD_DESTINATION("org.freedesktop.systemd1"); -const std::string SYSTEMD_PATH("/org/freedesktop/systemd1"); -const std::string SYSTEMD_MANAGER_INTERFACE("org.freedesktop.systemd1.Manager"); -const std::string SYSTEMD_SERVICE_INTERFACE("org.freedesktop.systemd1.Service"); - -const std::string MATCH_JOB_REMOVED("JobRemoved"); -const std::string MATCH_JOB_NEW("JobNew"); -const std::string MATCH_RELOADING("Reloading"); - -} - -ServiceManager::ServiceManager(const std::string &serviceName, - const std::vector& socketsNames) - : m_connection(DBUS_BUS_SYSTEM, true) - , m_serviceName(serviceName) - , m_socketsNames(socketsNames) -{ - addBusMatch(MATCH_JOB_REMOVED); - addBusMatch(MATCH_JOB_NEW); - addBusMatch(MATCH_RELOADING); - m_connection.flush(); - m_connection.addFilter(messageHandler, - static_cast(this)); - subscribeSignals(); - m_connection.requestName(DBUS_CLIENT_NAME); - getUnitPath(); -} - -void ServiceManager::addBusMatch(const std::string &member) -{ - std::ostringstream rule; - rule << "type='signal'," - << "sender='" << SYSTEMD_DESTINATION << "'," - << "interface='" << SYSTEMD_MANAGER_INTERFACE << "'," - << "member='" << member << "'," - << "path='" << SYSTEMD_PATH << "'"; - - m_connection.addMatch(rule.str()); -} - -void ServiceManager::subscribeSignals() -{ - DBus::MessageOut messageOut = newMethodCall("Subscribe"); - m_connection.sendWithReplyAndBlock(messageOut); -} - -void ServiceManager::reloadDbusManager() -{ - DBus::MessageOut messageOut = newMethodCall("Reload"); - m_connection.sendWithReplyAndBlock(messageOut); - m_runningJobs.insert(MATCH_RELOADING); -} - -void ServiceManager::getUnitPath() -{ - DBus::MessageOut messageOut = newMethodCall("GetUnit"); - messageOut.append(m_serviceName); - DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut); - m_unitPath = handleObjectPathMsgReply(messageIn); -} - -DBus::MessageOut ServiceManager::newMethodCall(const std::string &method) -{ - return DBus::MessageOut(SYSTEMD_DESTINATION.c_str(), - SYSTEMD_PATH.c_str(), - SYSTEMD_MANAGER_INTERFACE.c_str(), - method.c_str()); -} - -std::string ServiceManager::handleObjectPathMsgReply(DBus::MessageIn &messageIn) -{ - DBus::MessageIn::Iterator iterator = messageIn.iterInit(); - iterator.expectArgType(DBUS_TYPE_OBJECT_PATH); - return iterator.getArgString(); -} - -uint32_t ServiceManager::handleVariantUIntMsgReply(DBus::MessageIn &messageIn) -{ - DBus::MessageIn::Iterator iterator = messageIn.iterInit(); - iterator.expectArgType(DBUS_TYPE_VARIANT); - DBus::MessageIn::Iterator iteratorSub = iterator.recurse(); - iteratorSub.expectArgType(DBUS_TYPE_UINT32); - return iteratorSub.getArgUint32(); -} - -uint64_t ServiceManager::handleVariantUInt64MsgReply(DBus::MessageIn &messageIn) -{ - DBus::MessageIn::Iterator iterator = messageIn.iterInit(); - iterator.expectArgType(DBUS_TYPE_VARIANT); - DBus::MessageIn::Iterator iteratorSub = iterator.recurse(); - iteratorSub.expectArgType(DBUS_TYPE_UINT64); - return iteratorSub.getArgUint64(); -} - -void ServiceManager::sendToService(const std::string &method, const std::string &unit) -{ - DBus::MessageOut messageOut = newMethodCall(method); - messageOut.append(unit); - messageOut.append("fail"); - DBus::MessageIn messageIn = m_connection.sendWithReplyAndBlock(messageOut); - m_runningJobs.insert(handleObjectPathMsgReply(messageIn)); -} - -void ServiceManager::sendMaskToService() -{ - const std::vector mask(1, m_serviceName); - DBus::MessageOut messageOut = newMethodCall("MaskUnitFiles"); - messageOut.append(mask); - messageOut.append(true); - messageOut.append(true); - m_connection.sendWithReplyAndBlock(messageOut); -} - -void ServiceManager::sendUnmaskToService() -{ - const std::vector mask(1, m_serviceName); - DBus::MessageOut messageOut = newMethodCall("UnmaskUnitFiles"); - messageOut.append(mask); - messageOut.append(true); - m_connection.sendWithReplyAndBlock(messageOut); -} - -DBus::MessageIn ServiceManager::sendPropertyGetMsg(const std::string &interface, - const std::string &property) -{ - DBus::MessageOut messageOut(SYSTEMD_DESTINATION, - m_unitPath, - DBUS_PROPERTIES_INTERFACE, - "Get"); - messageOut.append(interface); - messageOut.append(property); - return m_connection.sendWithReplyAndBlock(messageOut); -} - -uint32_t ServiceManager::getUIntProperty(const std::string &interface, - const std::string &property) -{ - DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property); - return handleVariantUIntMsgReply(messageIn); -} - -uint64_t ServiceManager::getUInt64Property(const std::string &interface, - const std::string &property) -{ - DBus::MessageIn messageIn = sendPropertyGetMsg(interface, property); - return handleVariantUInt64MsgReply(messageIn); -} - -void ServiceManager::sendResetFailedToService() -{ - DBus::MessageOut messageOut = newMethodCall("ResetFailedUnit"); - messageOut.append(m_serviceName); - m_connection.sendWithReplyAndBlock(messageOut); -} - -DBusHandlerResult ServiceManager::messageHandler(DBusConnection *conn, DBusMessage *msg, void *t) -{ - (void) conn; - ServiceManager* self = static_cast(t); - - DBus::MessageIn messageIn(msg, true); - if (messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_REMOVED)) - self->signalJobRemovedHandler(messageIn); - else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_JOB_NEW)) - self->signalJobNewHandler(messageIn); - else if(messageIn.isSignal(SYSTEMD_MANAGER_INTERFACE, MATCH_RELOADING)) - self->signalReloadingHandler(messageIn); - - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -} - -void ServiceManager::signalJobRemovedHandler(DBus::MessageIn &messageIn) -{ - DBus::MessageIn::Iterator iterator = messageIn.iterInit(); - - iterator.expectArgType(DBUS_TYPE_UINT32); - uint32_t id = iterator.getArgUint32(); - iterator.expectNext(); - - iterator.expectArgType(DBUS_TYPE_OBJECT_PATH); - std::string path = iterator.getArgString(); - iterator.expectNext(); - - iterator.expectArgType(DBUS_TYPE_STRING); - std::string unit = iterator.getArgString(); - iterator.expectNext(); - - iterator.expectArgType(DBUS_TYPE_STRING); - std::string result = iterator.getArgString(); - - if (unit == m_serviceName - || std::count(m_socketsNames.begin(), m_socketsNames.end(), unit) > 0) { - RUNNER_ASSERT_MSG(result == "done" || result == "canceled", - "RemoveJob signal delivered bad news. Job wasn't completed successfully: " - << "expected job results = {done, canceled}, " - << "received job result = " << result << ", " - << "for job with id = " << id << ", " - << "and path = " << path); - m_runningJobs.erase(path); - } -} - -void ServiceManager::signalJobNewHandler(DBus::MessageIn &messageIn) -{ - DBus::MessageIn::Iterator iterator = messageIn.iterInit(); - - iterator.expectArgTypeValid(); - iterator.expectNext(); - - iterator.expectArgType(DBUS_TYPE_OBJECT_PATH); - std::string path = iterator.getArgString(); - iterator.expectNext(); - - iterator.expectArgType(DBUS_TYPE_STRING); - std::string unit = iterator.getArgString(); - - if(m_serviceName == unit) - m_runningJobs.insert(path); -} - -void ServiceManager::signalReloadingHandler(DBus::MessageIn &messageIn) -{ - DBus::MessageIn::Iterator iterator = messageIn.iterInit(); - - iterator.expectArgType(DBUS_TYPE_BOOLEAN); - bool active = iterator.getArgBool(); - - if (active) - m_runningJobs.insert(MATCH_RELOADING); - else - m_runningJobs.erase(MATCH_RELOADING); -} - -void ServiceManager::waitForRunningJobsFinish() -{ - while (!m_runningJobs.empty()) - m_connection.readWriteDispatch(); -} - -void ServiceManager::executeMethod(const std::string &method, const std::string &unit) -{ - sendToService(method, unit); - waitForRunningJobsFinish(); - sendResetFailedToService(); -} - -void ServiceManager::startService(bool withSockets) -{ - executeMethod("StartUnit", m_serviceName); - if (withSockets) - for (const auto &socket : m_socketsNames) - executeMethod("StartUnit", socket); -} - -void ServiceManager::stopService(bool withSockets) -{ - if (withSockets) - for (const auto &socket : m_socketsNames) - executeMethod("StopUnit", socket); - executeMethod("StopUnit", m_serviceName); -} - -void ServiceManager::restartService(bool withSockets) -{ - if (withSockets) - for (const auto &socket : m_socketsNames) - executeMethod("StopUnit", socket); - - executeMethod("RestartUnit", m_serviceName); - - if (withSockets) - for (const auto &socket : m_socketsNames) - executeMethod("StartUnit", socket); -} - -pid_t ServiceManager::getServicePid() -{ - return static_cast(getUIntProperty(SYSTEMD_SERVICE_INTERFACE, "MainPID")); -} - -timeval ServiceManager::getServiceStartTimestamp() { - uint64_t timestamp = getUInt64Property(SYSTEMD_SERVICE_INTERFACE, - "ExecMainStartTimestamp"); - return {static_cast(timestamp / 1000000), static_cast(timestamp % 1000000)}; -} - -void ServiceManager::maskService() -{ - sendMaskToService(); - reloadDbusManager(); - waitForRunningJobsFinish(); - sendResetFailedToService(); -} - -void ServiceManager::unmaskService() -{ - sendUnmaskToService(); - reloadDbusManager(); - waitForRunningJobsFinish(); - sendResetFailedToService(); -} diff --git a/src/common/service_manager.h b/src/common/service_manager.h deleted file mode 100644 index 7dbdecf3..00000000 --- a/src/common/service_manager.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2013-2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file service_manager.h - * @author Zbigniew Jasinski - * @author Lukasz Wojciechowski - * @author Marcin Niesluchowski - * @version 1.1 - * @brief Declaration of service control class using dbus interface to communicate with systemd - */ - -#ifndef COMMON_SERVICE_MANAGER_H -#define COMMON_SERVICE_MANAGER_H - -#include - -#include -#include -#include - -#include -#include -#include - -class ServiceManager { -public: - ServiceManager() = delete; - ServiceManager(const std::string &serviceName, - const std::vector& socketsNames = {}); - ~ServiceManager() = default; - - void startService(bool withSockets = false); - void stopService(bool withSockets = false); - void restartService(bool withSockets = false); - pid_t getServicePid(); - timeval getServiceStartTimestamp(); - void maskService(); - void unmaskService(); - -private: - void addBusMatch(const std::string &member); - void subscribeSignals(); - void reloadDbusManager(); - void getUnitPath(); - DBus::MessageOut newMethodCall(const std::string &method); - std::string handleObjectPathMsgReply(DBus::MessageIn &messageIn); - uint32_t handleVariantUIntMsgReply(DBus::MessageIn &messageIn); - uint64_t handleVariantUInt64MsgReply(DBus::MessageIn &messageIn); - - void sendToService(const std::string &method, const std::string &unit); - void sendMaskToService(); - void sendUnmaskToService(); - DBus::MessageIn sendPropertyGetMsg(const std::string &interface, const std::string &property); - uint32_t getUIntProperty(const std::string &interface, const std::string &property); - uint64_t getUInt64Property(const std::string &interface, const std::string &property); - void sendResetFailedToService(); - - static DBusHandlerResult messageHandler(DBusConnection *conn, DBusMessage *msg, void *t); - void signalJobRemovedHandler(DBus::MessageIn &messageIn); - void signalJobNewHandler(DBus::MessageIn &messageIn); - void signalReloadingHandler(DBus::MessageIn &messageIn); - void waitForRunningJobsFinish(); - - void executeMethod(const std::string &method, const std::string &unit); - - DBus::Connection m_connection; - - const std::string m_serviceName; - const std::vector m_socketsNames; - std::string m_unitPath; - - std::set m_runningJobs; -}; - -#endif // COMMON_SERVICE_MANAGER_H diff --git a/src/common/smack_access.cpp b/src/common/smack_access.cpp deleted file mode 100644 index 354b9971..00000000 --- a/src/common/smack_access.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file smack_access.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ - -#include - -#include - -#include - -SmackAccess::SmackAccess() - : m_handle(nullptr) -{ - RUNNER_ASSERT_MSG(0 == smack_accesses_new(&m_handle), - "Error in smack_accesses_new"); -} - -void SmackAccess::add( - const std::string &subject, - const std::string &object, - const std::string &rights) -{ - RUNNER_ASSERT_MSG(0 == smack_accesses_add(m_handle, - subject.c_str(), - object.c_str(), - rights.c_str()), - "Error in smack_accesses_add."); -} - -void SmackAccess::apply() { - RUNNER_ASSERT_MSG(0 == smack_accesses_apply(m_handle), - "Error in smack_accessses_apply."); -} - -SmackAccess::~SmackAccess() { - if (m_handle) - smack_accesses_free(m_handle); -} - diff --git a/src/common/smack_access.h b/src/common/smack_access.h deleted file mode 100644 index f20842be..00000000 --- a/src/common/smack_access.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file smack_access.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ -#ifndef _SMACK_ACCESS_H_ -#define _SMACK_ACCESS_H_ - -#include - -struct smack_accesses; - -class SmackAccess { -public: - SmackAccess(); - SmackAccess(const SmackAccess &second) = delete; - SmackAccess& operator=(SmackAccess &second) = delete; - - void add(const std::string &subject, - const std::string &object, - const std::string &rights); - void apply(); - virtual ~SmackAccess(); -private: - struct smack_accesses *m_handle; -}; - -#endif // _SMACK_ACCESS_H_ - diff --git a/src/common/synchronization_pipe.cpp b/src/common/synchronization_pipe.cpp deleted file mode 100644 index dcf9d30c..00000000 --- a/src/common/synchronization_pipe.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file synchronization_pipe.cpp - * @author Aleksander Zdyb - * @version 1.0 - * @brief A crippled abstraction of widely praised, but often misused communication mechanism - */ - -#include -#include - -#include - -#include "synchronization_pipe.h" - -static void closeFd(int *fd) { - if (*fd > -1) { - close(*fd); - *fd = -1; - } -} - -SynchronizationPipe::SynchronizationPipe() { - auto ret = pipe(m_pipeCP); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "pipe failed"); - - ret = pipe(m_pipePC); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "pipe failed"); -} - -SynchronizationPipe::~SynchronizationPipe() { - closeFd(m_pipeCP + 0); - closeFd(m_pipeCP + 1); - closeFd(m_pipePC + 0); - closeFd(m_pipePC + 1); -} - -void SynchronizationPipe::claimParentEp() { - if (m_epClaimed) - return; - - m_readEp = m_pipeCP[0]; - closeFd(m_pipeCP + 1); - - m_writeEp = m_pipePC[1]; - closeFd(m_pipePC + 0); - - m_epClaimed = true; -} - -void SynchronizationPipe::claimChildEp() { - if (m_epClaimed) - return; - - m_readEp = m_pipePC[0]; - closeFd(m_pipePC + 1); - - m_writeEp = m_pipeCP[1]; - closeFd(m_pipeCP + 0); - - m_epClaimed = true; -} - -void SynchronizationPipe::post() { - RUNNER_ASSERT_MSG(m_epClaimed == true, "Endpoint not claimed"); - auto ret = TEMP_FAILURE_RETRY(write(m_writeEp, "#", 1)); - RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Write failed ret = " << ret); -} - -void SynchronizationPipe::wait() { - RUNNER_ASSERT_MSG(m_epClaimed == true, "Endpoint not claimed"); - - char buf; - auto ret = TEMP_FAILURE_RETRY(read(m_readEp, &buf, 1)); - RUNNER_ASSERT_ERRNO_MSG(ret > 0, "Read failed ret = " << ret); -} diff --git a/src/common/synchronization_pipe.h b/src/common/synchronization_pipe.h deleted file mode 100644 index e072ca28..00000000 --- a/src/common/synchronization_pipe.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file synchronization_pipe.h - * @author Aleksander Zdyb - * @version 1.0 - * @brief A crippled abstraction of widely praised, but often misused communication mechanism - */ - -#ifndef TESTS_COMMON_SYNCHRONIZATION_PIPE_H_ -#define TESTS_COMMON_SYNCHRONIZATION_PIPE_H_ - -class SynchronizationPipe { -public: - SynchronizationPipe(); - ~SynchronizationPipe(); - - void claimParentEp(); - void claimChildEp(); - - void post(); - void wait(); - -private: - int m_pipeCP[2]; // Child -> Parent - int m_pipePC[2]; // Parent -> Child - int m_readEp = -1; - int m_writeEp = -1; - bool m_epClaimed = false; -}; - -#endif // TESTS_COMMON_SYNCHRONIZATION_PIPE_H_ diff --git a/src/common/temp_test_user.cpp b/src/common/temp_test_user.cpp deleted file mode 100644 index f6aa6c1d..00000000 --- a/src/common/temp_test_user.cpp +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file temp_test_user.cpp - * @author Jan Cybulski (j.cybulski@partner.samsung.com) - * @version 1.0 - * @brief File with class for users management - */ - - -#include -#include -#include - -void TemporaryTestUser::create(void) -{ - if (m_guser) { - remove(); - }; - - m_guser = gum_user_create_sync (m_offline); - RUNNER_ASSERT_MSG(m_guser != nullptr, "Failed to create gumd user object"); - g_object_set(G_OBJECT(m_guser), "usertype", m_userType, NULL); - g_object_set(G_OBJECT(m_guser), "username", m_userName.c_str(), NULL); - gboolean added = gum_user_add_sync(m_guser); - RUNNER_ASSERT_MSG(added, "Failed to add user"); - g_object_get(G_OBJECT(m_guser), "uid", &m_uid, NULL); - RUNNER_ASSERT_MSG(m_uid != 0, "Something strange happened during user creation. uid == 0."); - g_object_get(G_OBJECT(m_guser), "gid", &m_gid, NULL); - RUNNER_ASSERT_MSG(m_gid != 0, "Something strange happened during user creation. gid == 0."); -} - -void TemporaryTestUser::remove(void) -{ - if(m_guser){ - gum_user_delete_sync(m_guser, TRUE); - g_object_unref(m_guser); - m_guser = nullptr; - } -} - -TemporaryTestUser::~TemporaryTestUser() -{ - this->remove(); -} diff --git a/src/common/temp_test_user.h b/src/common/temp_test_user.h deleted file mode 100644 index 120b21b8..00000000 --- a/src/common/temp_test_user.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -#ifndef TEMP_TEST_USER_H -#define TEMP_TEST_USER_H - -#include -#include -#include -#include - -class TemporaryTestUser { -public: - TemporaryTestUser() = delete; - TemporaryTestUser(std::string userName, GumUserType userType, bool offline) : - m_uid(0), - m_gid(0), - m_userName(userName), - m_userType(userType), - m_guser(nullptr), - m_offline(offline) - {}; - ~TemporaryTestUser(); - void remove(void); - uid_t getUid() const {return m_uid;} - uid_t getGid() const {return m_gid;} - void create(void); - void getUidString(std::string& uidstr) const {uidstr = std::to_string(static_cast(m_uid));} - const std::string& getUserName() const {return m_userName;} - GumUserType getUserType() const {return m_userType;} -private: - uid_t m_uid; - uid_t m_gid; - std::string m_userName; - GumUserType m_userType; - GumUser *m_guser; - bool m_offline; -}; - -#endif diff --git a/src/common/tests_common.cpp b/src/common/tests_common.cpp deleted file mode 100644 index 2332abb8..00000000 --- a/src/common/tests_common.cpp +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file tests_common.cpp - * @author Lukasz Kostyra (l.kostyra@partner.samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ - -#include "tests_common.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -int DB::Transaction::db_result = PC_OPERATION_SUCCESS; - -const char *WGT_APP_ID = "QwCqJ0ttyS"; - -bool smack_check(void) -{ -#ifndef WRT_SMACK_ENABLED - return false; -#else - static int smack_present = -1; - if (-1 == smack_present) - smack_present = smack_smackfs_path() == nullptr ? 0 : 1; - return smack_present == 1; -#endif -} - -/** - * Dropping root privileges - * returns 0 on success, 1 on error - */ -int drop_root_privileges(uid_t appUid, gid_t appGid) -{ - if (getuid() == 0) { - /* process is running as root, drop privileges */ - if (setgid(appGid) != 0) - return 1; - if (setuid(appUid) != 0) - return 1; - } - uid_t uid = getuid(); - if (uid == appUid) - return 0; - - return 1; -} - -void setLabelForSelf(const int line, const char *label) -{ - int ret = smack_set_label_for_self(label); - RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self(): " << ret << ", line: " << line); -} - -/* - * Add a new group to the current process groups. - */ -void add_process_group(const char* group_name) -{ - // get group ID by group name - group *gr = getgrnam(group_name); - RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group"); - const gid_t new_group_id = gr->gr_gid; - - // get number of groups that the current process belongs to - int ngroups = getgroups(0, nullptr); - - //allocate groups table + space for new group entry - std::vector groups(ngroups + 1); - getgroups(ngroups, groups.data()); - - // check if the process already belongs to the group - if (std::find(groups.begin(), groups.end(), new_group_id) != groups.end()) return; - - // add new group & apply change - groups[ngroups] = new_group_id; - int ret = setgroups(groups.size(), groups.data()); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed"); -} - -/* - * Remove specific group from the current process groups. - */ -void remove_process_group(const char* group_name) -{ - // get group ID by group name - group *gr = getgrnam(group_name); - RUNNER_ASSERT_ERRNO_MSG(gr != nullptr, "getgrnam failed on '" << group_name << "' group"); - const gid_t new_group_id = gr->gr_gid; - - int ngroups = getgroups(0, nullptr); - std::vector groups(ngroups); - getgroups(ngroups, groups.data()); - - // remove group from the list - groups.erase(std::remove(groups.begin(), groups.end(), new_group_id), groups.end()); - - if (groups.size() != (size_t)ngroups) { - // apply change - int ret = setgroups(groups.size(), groups.data()); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "setgroups() failed"); - } -} - -std::string formatCstr(const char *cstr) -{ - if (!cstr) - return std::string("nullptr"); - return std::string("\"") + cstr + "\""; -} - -int files_compare(int fd1, int fd2) -{ - //for getting files sizes - struct stat fs1, fs2; - - //handlers for mmap() - void *h1 = MAP_FAILED; - void *h2 = MAP_FAILED; - - //getting files information - RUNNER_ASSERT_ERRNO_MSG(fstat(fd1, &fs1) == 0, "fstat failed"); - RUNNER_ASSERT_ERRNO_MSG(fstat(fd2, &fs2) == 0, "fstat failed"); - - if (fs1.st_size < fs2.st_size) { - return -1; - } - - if (fs1.st_size > fs2.st_size) { - return 1; - } - - //since Linux 2.6.12, mmap returns EINVAL if length is 0 - //if both lengths are 0, files are actually the same - if (0 == fs1.st_size && 0 == fs2.st_size) { - return 0; - } - - //mapping files to process memory - RUNNER_ASSERT_ERRNO_MSG((h1 = mmap(0, fs1.st_size, PROT_READ, MAP_SHARED, fd1, 0 )) != MAP_FAILED, - "mmap failed for fd=" << fd1); - - if ((h2 = mmap(0, fs2.st_size, PROT_READ, MAP_SHARED, fd2, 0 )) == MAP_FAILED) { - munmap(h1, fs1.st_size); - RUNNER_ASSERT_MSG(h2 != MAP_FAILED, "mmap failed for fd=" << fd2 - << ". " << strerror(errno)); - } - - int result = memcmp(h1, h2, fs1.st_size); - munmap(h1, fs1.st_size); - munmap(h2, fs2.st_size); - - return result; -} - -void mkdirSafe(const std::string &path, mode_t mode) -{ - RUNNER_ASSERT_ERRNO_MSG(0 == mkdir(path.c_str(), mode) || errno == EEXIST, - "mkdir for <" << path << "> with mode <" << mode << "> failed"); -} - -void mktreeSafe(const std::string &path, mode_t mode) -{ - // Create subsequent parent directories - // Assume that path is absolute - i.e. starts with '/' - for (size_t pos = 0; (pos = path.find("/", pos + 1)) != std::string::npos; ) - mkdirSafe(path.substr(0, pos).c_str(), mode); - - mkdirSafe(path, mode); -} - -void creatSafe(const std::string &path, mode_t mode) -{ - RUNNER_ASSERT_ERRNO_MSG(-1 != creat(path.c_str(), mode), - "creat for <" << path << "> with mode <" << mode << "> failed"); -} - -void symlinkSafe(const std::string &targetPath, const std::string &linkPath) -{ - RUNNER_ASSERT_ERRNO_MSG(0 == symlink(targetPath.c_str(), linkPath.c_str()), - "symlink for <" << linkPath << "> to <" << targetPath << "> failed"); -} - -void removeDir(const std::string &path) -{ - DIR *d = opendir(path.c_str()); - - if (nullptr == d) { - RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "opendir of <" << path << "> failed"); - return; - } - - struct dirent *dirEntry; - while (nullptr != (dirEntry = readdir(d))) { - std::string entryName(dirEntry->d_name); - if (entryName == "." || entryName == "..") - continue; - - std::string entryPath(path + "/" + entryName); - struct stat st; - - RUNNER_ASSERT_ERRNO_MSG(0 == lstat(entryPath.c_str(), &st), - "stat for <" << entryPath << "> failed"); - if (S_ISDIR(st.st_mode)) - removeDir(entryPath); - else - RUNNER_ASSERT_ERRNO_MSG(0 == unlink(entryPath.c_str()), - "unlink for <" << entryPath << "> failed"); - } - - closedir(d); - - RUNNER_ASSERT_ERRNO_MSG(0 == rmdir(path.c_str()), "rmdir for <" << path << "> failed"); -} diff --git a/src/common/tests_common.h b/src/common/tests_common.h deleted file mode 100644 index ffcef42c..00000000 --- a/src/common/tests_common.h +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file tests_common.h - * @author Lukasz Kostyra (l.kostyra@partner.samsung.com) - * @version 1.0 - * @brief Common functions and macros used in security-tests package. - */ - -#ifndef _TESTS_COMMON_H_ -#define _TESTS_COMMON_H_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -const uid_t APP_UID = 5000; -const gid_t APP_GID = 5000; -const uid_t APP_UID_2 = 5200; -const gid_t APP_GID_2 = 5200; -const uid_t DB_ALARM_UID = 6001; -const gid_t DB_ALARM_GID = 6001; -const std::string TMP_DIR("/tmp"); - -bool smack_check(void); -int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID); -void setLabelForSelf(const int line, const char *label); -void add_process_group(const char* group_name); -void remove_process_group(const char* group_name); -std::string formatCstr(const char *cstr); -int files_compare(int fd1, int fd2); -void mkdirSafe(const std::string &path, mode_t mode); -void mktreeSafe(const std::string &path, mode_t mode); -void creatSafe(const std::string &path, mode_t mode); -void symlinkSafe(const std::string &targetPath, const std::string &linkPath); -void removeDir(const std::string &path); - - -#define RUNNER_TEST_SMACK(Proc, ...) \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - static int Static##Proc##Init() \ - { \ - if (smack_check()) \ - DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \ - new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \ - return 0; \ - } \ - const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED) - -#define RUNNER_TEST_NOSMACK(Proc, ...) \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - static int Static##Proc##Init() \ - { \ - if (!smack_check()) \ - DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \ - new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \ - return 0; \ - } \ - const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED) - -#define RUNNER_CHILD_TEST_SMACK(Proc, ...) \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - static int Static##Proc##Init() \ - { \ - if (smack_check()) \ - DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \ - new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \ - return 0; \ - } \ - const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \ - DPL::Test::RunChildProc(std::bind(Proc##Child, optionalArgsTuple)); \ - } \ - void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED) - -#define RUNNER_CHILD_TEST_NOSMACK(Proc, ...) \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - static int Static##Proc##Init() \ - { \ - if (!smack_check()) \ - DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \ - new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \ - return 0; \ - } \ - const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \ - DPL::Test::RunChildProc(std::bind(Proc##Child, optionalArgsTuple)); \ - } \ - void Proc##Child(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED) - -#define RUNNER_MULTIPROCESS_TEST_SMACK(Proc, ...) \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - static int Static##Proc##Init() \ - { \ - if (smack_check()) \ - DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \ - new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \ - return 0; \ - } \ - const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \ - DPL::Test::RunMultiProc(std::bind(Proc##Multi, optionalArgsTuple)); \ - } \ - void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED) - -#define RUNNER_MULTIPROCESS_TEST_NOSMACK(Proc, ...) \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple); \ - static int Static##Proc##Init() \ - { \ - if (!smack_check()) \ - DPL::Test::TestRunnerSingleton::Instance().RegisterTest( \ - new DPL::Test::TestCaseExtended<__VA_ARGS__>(#Proc, &Proc)); \ - return 0; \ - } \ - const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ - void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple) { \ - DPL::Test::RunMultiProc(std::bind(Proc##Multi, optionalArgsTuple)); \ - } \ - void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED) - -namespace DB { - - class Transaction - { - public: - - static int db_result; - - Transaction() { - db_result = perm_begin(); - RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == db_result, - "perm_begin returned: " << db_result); - } - - ~Transaction() { - db_result = perm_end(); - } - }; -} // namespace DB - -// Database Transaction macros -// PLEASE NOTE Both DB_BEGIN and DB_END need to be called in the same scope. -// They are used to prevent developer from forgetting to close transaction. -// Also note that variables defined between these macros will not be visible -// after DB_END. -#define DB_BEGIN \ - { \ - DB::Transaction db_transaction; - -#define DB_END } \ - RUNNER_ASSERT_MSG(PC_OPERATION_SUCCESS == DB::Transaction::db_result, \ - "perm_end returned: " << DB::Transaction::db_result); - -// Common macros and labels used in tests -extern const char *WGT_APP_ID; - -#endif diff --git a/src/common/timeout.cpp b/src/common/timeout.cpp deleted file mode 100644 index c9e1347b..00000000 --- a/src/common/timeout.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file timeout.cpp - * @author Lukasz Wojciechowski - * @brief Definition of future_status serialization operator - */ - -#include - -namespace Timeout { - -std::ostream& operator<<(std::ostream& os, const std::future_status &status) -{ - switch (status) { - case std::future_status::ready: - os << ""; - break; - case std::future_status::timeout: - os << ""; - break; - case std::future_status::deferred: - os << ""; - break; - } - os << " [" << static_cast(status) << "]"; - return os; -} - -} // namespace Timeout diff --git a/src/common/timeout.h b/src/common/timeout.h deleted file mode 100644 index 01ef8627..00000000 --- a/src/common/timeout.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file timeout.h - * @author Lukasz Wojciechowski - * @brief Definition of time limited execution of synchronous functions - */ - -#ifndef TIMEOUT_H -#define TIMEOUT_H - -#include -#include -#include -#include -#include - -#include - -namespace Timeout { - -template -using Timeout = std::chrono::duration; - -typedef std::function CancelFunction; - -enum ExpectMode { - FINISHED, - TIMEOUT, - IGNORE, -}; - -std::ostream& operator<<(std::ostream& os, const std::future_status &status); - -template - typename std::result_of::type - callAndWait(const Timeout &timeout, - ExpectMode expect, - CancelFunction cancelFunction, - F&& function, - Args&&... args) { - - auto fut = std::async(std::launch::async, function, std::forward(args)...); - std::future_status status = fut.wait_for(timeout); - - if (status == std::future_status::timeout && cancelFunction) - cancelFunction(); - - switch (expect) { - case FINISHED: - RUNNER_ASSERT_MSG(status == std::future_status::ready, - "expected future status is " << std::future_status::ready - << " received future status is " << status); - break; - case TIMEOUT: - RUNNER_ASSERT_MSG(status == std::future_status::timeout, - "expected future status is " << std::future_status::timeout - << " received future status is " << status); - break; - case IGNORE: - break; - } - - return fut.get(); -} - -} // namespace Timeout - -#endif // TIMEOUT_H diff --git a/src/common/uds.cpp b/src/common/uds.cpp deleted file mode 100644 index 7523539e..00000000 --- a/src/common/uds.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file uds.cpp - * @author Aleksander Zdyb - * @version 1.0 - * @brief Helpers for Unix Domain Sockets - */ - -#include -#include -#include -#include - -#include -#include - -#include "uds.h" - -namespace UDSHelpers { - -int createServer(const struct sockaddr_un *sockaddr) { - int sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - - SockUniquePtr sockPtr(&sock); - - int bindResult = bind(sock, (const struct sockaddr*) sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(bindResult == 0, "bind failed"); - - int listenResult = listen(sock, 1); - RUNNER_ASSERT_ERRNO_MSG(listenResult == 0, "listen failed"); - - sockPtr.release(); - return sock; -} - -int createClient(const struct sockaddr_un *sockaddr) { - int sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - - SockUniquePtr sockPtr(&sock); - - int connectResult = TEMP_FAILURE_RETRY( - connect(sock, (const struct sockaddr*) sockaddr, sizeof(struct sockaddr_un))); - RUNNER_ASSERT_ERRNO_MSG(connectResult == 0, "connect failed"); - - sockPtr.release(); - return sock; -} - -int acceptClient(int sock) { - int clientSock = TEMP_FAILURE_RETRY(accept(sock, NULL, NULL)); - RUNNER_ASSERT_ERRNO_MSG(clientSock >= 0, "accept failed"); - return clientSock; -} - -void waitForDisconnect(int sock) { - const nfds_t fdCount = 1; - const int timeout = -1; // no timeout - - struct pollfd pfd { sock, POLLRDHUP, 0 }; - int ret = TEMP_FAILURE_RETRY(poll(&pfd, fdCount, timeout)); - RUNNER_ASSERT_ERRNO_MSG(ret >= 0, "poll failed"); -} - -struct sockaddr_un makeAbstractAddress(const std::string &path) { - struct sockaddr_un sockaddr; - RUNNER_ASSERT_MSG(path.size() <= sizeof(sockaddr.sun_path) - 1, "Socket path too long"); - memset(&sockaddr, 0, sizeof(struct sockaddr_un)); - sockaddr.sun_family = AF_UNIX; - // Leave '\0' as a first character of path - memcpy(sockaddr.sun_path + 1, path.c_str(), path.size()); - return sockaddr; -} - -} // namespace UDSHelpers diff --git a/src/common/uds.h b/src/common/uds.h deleted file mode 100644 index 7af0631b..00000000 --- a/src/common/uds.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file uds.h - * @author Aleksander Zdyb - * @version 1.0 - * @brief Helpers for Unix Domain Sockets - */ - -#ifndef TESTS_COMMON_UDS_H_ -#define TESTS_COMMON_UDS_H_ - -#include -#include - -namespace UDSHelpers { - int createServer(const struct sockaddr_un *sockaddr); - int createClient(const struct sockaddr_un *sockaddr); - int acceptClient(int sock); - void waitForDisconnect(int sock); - struct sockaddr_un makeAbstractAddress(const std::string &path); -}; - -#endif // TESTS_COMMON_UDS_H_ diff --git a/src/cynara-tests/CMakeLists.txt b/src/cynara-tests/CMakeLists.txt deleted file mode 100644 index ae8c617d..00000000 --- a/src/cynara-tests/CMakeLists.txt +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -cmake_minimum_required(VERSION 2.8.3) - -INCLUDE(FindPkgConfig) -SET(CYNARA_TARGET_TEST "cynara-test") - -PKG_CHECK_MODULES(CYNARA_TARGET_DEP - REQUIRED - libprivilege-control - cynara-admin - cynara-agent - cynara-client - cynara-client-async - cynara-creds-socket - cynara-plugin - dbus-1 - ) - -#files to compile -SET(CYNARA_TARGET_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_request.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_agent_response.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_client.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_env.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_helpers.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/cynara-test.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_agent.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_async.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_db.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_helpers.cpp - ) - -#header directories -INCLUDE_DIRECTORIES(SYSTEM - ${CYNARA_TARGET_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/ - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/ - ) - - -#output format -ADD_EXECUTABLE(${CYNARA_TARGET_TEST} ${CYNARA_TARGET_TEST_SOURCES}) - -#linker directories -TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST} - ${CYNARA_TARGET_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -#place for output file -INSTALL(TARGETS ${CYNARA_TARGET_TEST} - DESTINATION /usr/bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/cynara-tests/WRT_test_for_cynara_rules.smack - DESTINATION /usr/share/privilege-control/ -) - -INSTALL(DIRECTORY - ${PROJECT_SOURCE_DIR}/src/cynara-tests/db_patterns - DESTINATION /etc/security-tests/ -) - -ADD_SUBDIRECTORY(plugins) diff --git a/src/cynara-tests/WRT_test_for_cynara_rules.smack b/src/cynara-tests/WRT_test_for_cynara_rules.smack deleted file mode 100644 index 3582e27e..00000000 --- a/src/cynara-tests/WRT_test_for_cynara_rules.smack +++ /dev/null @@ -1,14 +0,0 @@ -~APP~ cynara_test_1 r -~APP~ cynara_test_2 w -~APP~ cynara_test_3 x -~APP~ cynara_test_4 rw -~APP~ cynara_test_5 rx -~APP~ cynara_test_6 wx -~APP~ cynara_test_7 rwx -cynara_subject_1 ~APP~ r -cynara_subject_2 ~APP~ w -cynara_subject_3 ~APP~ x -cynara_subject_4 ~APP~ rw -cynara_subject_5 ~APP~ rx -cynara_subject_6 ~APP~ wx -cynara_subject_7 ~APP~ rwx diff --git a/src/cynara-tests/common/cynara_test_admin.cpp b/src/cynara-tests/common/cynara_test_admin.cpp deleted file mode 100644 index b066e83e..00000000 --- a/src/cynara-tests/common/cynara_test_admin.cpp +++ /dev/null @@ -1,445 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include - - -#include -#include -#include -#include -#include -#include -#include - -namespace CynaraTestAdmin { - -namespace -{ - -std::ostream& operator<<(std::ostream& os, const cynara_admin_policy &policy) -{ - os << "{"; - os << " " << formatCstr(policy.bucket) << ","; - os << " " << formatCstr(policy.client) << ","; - os << " " << formatCstr(policy.user) << ","; - os << " " << formatCstr(policy.privilege) << ","; - os << " " << policy.result << ","; - os << " " << formatCstr(policy.result_extra); - os << " }" << std::endl; - return os; -} - -std::ostream& operator<<(std::ostream& os, const cynara_admin_policy *const *policies) -{ - os << "{" << std::endl; - for (size_t i = 0; policies[i] != nullptr; ++i) - os << *policies[i]; - os << "}"; - return os; -} - -int string_compare(const char *s1, const char *s2) -{ - if (!s2) - { - if (!s1) - return 0; - return 1; - } - if (!s1) - return -1; - return strcmp(s1, s2); -} - -bool policy_less(const cynara_admin_policy &p1, const cynara_admin_policy &p2) -{ - auto sc = string_compare(p1.bucket, p2.bucket); - if (sc != 0) - return (sc < 0); - sc = string_compare(p1.client, p2.client); - if (sc != 0) - return (sc < 0); - sc = string_compare(p1.user, p2.user); - if (sc != 0) - return (sc < 0); - sc = string_compare(p1.privilege, p2.privilege); - if (sc != 0) - return (sc < 0); - sc = string_compare(p1.result_extra, p2.result_extra); - if (sc != 0) - return (sc < 0); - return p1.result < p2.result; -} - -bool policy_equal(const cynara_admin_policy &p1, const cynara_admin_policy &p2) -{ - return (p1.result == p2.result - && string_compare(p1.bucket, p2.bucket) == 0 - && string_compare(p1.client, p2.client) == 0 - && string_compare(p1.user, p2.user) == 0 - && string_compare(p1.privilege, p2.privilege) == 0 - && string_compare(p1.result_extra, p2.result_extra) == 0); -} - -std::ostream& operator<<(std::ostream& os, const CynaraTestPlugins::Descriptions &descriptions) -{ - os << "{" << std::endl; - for (const auto &desc : descriptions) - os << "{ [" << desc.type << "], <" << desc.name << "> }" << std::endl; - os << "}"; - return os; -} - -} // namespace anonymous - -CynaraPoliciesContainer::CynaraPoliciesContainer() -{ -} - -CynaraPoliciesContainer::CynaraPoliciesContainer(struct cynara_admin_policy **policies) -{ - if (!policies) - return; - - for (int i = 0; policies[i]; ++i) { - auto policyPtr = policies[i]; - m_policies.push_back(*policyPtr); - free(policyPtr); - } - free(policies); -} - -CynaraPoliciesContainer::~CynaraPoliciesContainer() -{ - for (struct cynara_admin_policy &policy : m_policies) { - free(policy.bucket); - free(policy.client); - free(policy.user); - free(policy.privilege); - free(policy.result_extra); - } -} - -void CynaraPoliciesContainer::add(const char *bucket, - const char *client, - const char *user, - const char *privilege, - const int result, - const char *resultExtra) -{ - m_policies.push_back({ nullptr, nullptr, nullptr, nullptr, 0, nullptr }); - struct cynara_admin_policy &policy = m_policies.back(); - if (bucket) - policy.bucket = strdup(bucket); - if (client) - policy.client = strdup(client); - if (user) - policy.user = strdup(user); - if (privilege) - policy.privilege = strdup(privilege); - policy.result = result; - if (resultExtra) - policy.result_extra = strdup(resultExtra); -} - -void CynaraPoliciesContainer::add(const char *bucket, - const CheckKey &checkKey, - const int result, - const char *resultExtra) -{ - add(bucket, checkKey.m_client, checkKey.m_user, checkKey.m_privilege, result, resultExtra); -} - -void CynaraPoliciesContainer::sort() -{ - std::sort(m_policies.begin(), m_policies.end(), policy_less); -} - -std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies) -{ - os << "{" << std::endl; - for (const auto & policy : policies.m_policies) - os << policy; - os << "}"; - return os; -} - -Admin::Admin(bool isOnline) - : m_admin(nullptr), m_online(isOnline) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - - int ret = cynara_admin_initialize(&m_admin); - RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, - "cynara_admin_initialize failed. ret: " << ret); - RUNNER_ASSERT_MSG(m_admin != nullptr, "cynara_admin struct was not initialized"); -} - -Admin::~Admin() noexcept(false) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - cynara_admin_finish(m_admin); -} - -void Admin::setPolicies(const CynaraPoliciesContainer &policiesContainer, - int expectedResult) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - const cynara_admin_policy *policies[policiesContainer.m_policies.size()+1]; - - for (size_t i = 0; i < policiesContainer.m_policies.size(); ++i) { - policies[i] = &policiesContainer.m_policies[i]; - } - policies[policiesContainer.m_policies.size()] = nullptr; - - int ret = cynara_admin_set_policies(m_admin, policies); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_admin_set_policies returned wrong value: " - << ret << " != " << expectedResult << ". " - << "policies:\n" << policies); -} - -void Admin::setBucket(const char *bucket, int operation, const char *extra, - int expectedResult) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - int ret = cynara_admin_set_bucket(m_admin, bucket, operation, extra); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_admin_set_bucket returned wrong value: " - << ret << " != " << expectedResult << "." - << " bucket: " << formatCstr(bucket) << "," - << " operation: " << operation << "," - << " extra: " << formatCstr(extra)); -} - -void Admin::adminCheck(const char *startBucket, int recursive, - const char *client, const char *user, const char *privilege, - int expectedCheckResult, const char *expectedCheckResultExtra, - int expectedResult) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - int checkResult; - char *checkResultExtra = nullptr; - - int ret = cynara_admin_check(m_admin, - startBucket, recursive, - client, user, privilege, - &checkResult, &checkResultExtra); - CStringPtr extra(checkResultExtra); - - auto dump = [&]() -> std::string - { - std::stringstream s; - s << " functionReturn: " << ret << "," - << " functionExpectedReturn: " << expectedResult << ","; - - s << " startBucket: " << formatCstr(startBucket) << "," - << " recursive: " << recursive << "," - << " client: " << formatCstr(client) << "," - << " user: " << formatCstr(user) << "," - << " privilege: " << formatCstr(privilege) << ","; - - s << " checkResult: " << checkResult << "," - << " expectedCheckResult: " << expectedCheckResult << "," - << " checkResultExtra: " << formatCstr(checkResultExtra) << "," - << " expectedCheckResultExtra: " << formatCstr(expectedCheckResultExtra); - return s.str(); - }; - - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_admin_check returned wrong value: " - << ret << " != " << expectedResult << "." - << dump()); - - RUNNER_ASSERT_MSG(checkResult == expectedCheckResult, - "cynara_admin_check returned wrong check result: " - << checkResult << " != " << expectedCheckResult << "." - << dump()); - - RUNNER_ASSERT_MSG(formatCstr(checkResultExtra) == formatCstr(expectedCheckResultExtra), - "cynara_admin_check returned wrong check result extra: " - << formatCstr(checkResultExtra) << " != " - << formatCstr(expectedCheckResultExtra) << "." - << dump()); -} - -void Admin::listPolicies(const char *startBucket, - const char *client, const char *user, const char *privilege, - CynaraPoliciesContainer &expectedPolicyList, - int expectedResult) { - - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - struct cynara_admin_policy **policies = nullptr; - - int ret = cynara_admin_list_policies(m_admin, - startBucket, - client, user, privilege, - &policies); - - CynaraPoliciesContainer receivedPolicyList(policies); - receivedPolicyList.sort(); - expectedPolicyList.sort(); - - auto dump = [&]() -> std::string - { - std::stringstream s; - s << " functionReturn: " << ret << "," - << " functionExpectedReturn: " << expectedResult << ","; - - s << " startBucket: " << formatCstr(startBucket) << "," - << " client: " << formatCstr(client) << "," - << " user: " << formatCstr(user) << "," - << " privilege: " << formatCstr(privilege) << ","; - - s << " receivedPolicyList: " << receivedPolicyList << "," - << " expectedPolicyList: " << expectedPolicyList; - return s.str(); - }; - - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_admin_list_policies returned wrong value: " - << ret << " != " << expectedResult << "." - << dump()); - - RUNNER_ASSERT_MSG(receivedPolicyList.m_policies.size() == expectedPolicyList.m_policies.size(), - "size of list returned by cynara_admin_list_policies: " - << receivedPolicyList.m_policies.size() - << " doesn't match expected list size: " - << expectedPolicyList.m_policies.size() << "." - << dump()); - - RUNNER_ASSERT_MSG(std::equal(receivedPolicyList.m_policies.begin(), - receivedPolicyList.m_policies.end(), - expectedPolicyList.m_policies.begin(), - policy_equal), - "list returned by cynara_admin_list_policies doesn't match expected: " - << dump()); -} - -void Admin::erasePolicies(const char *startBucket, int recursive, - const char *client, const char *user, const char *privilege, - int expectedResult) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - int ret = cynara_admin_erase(m_admin, - startBucket, recursive, - client, user, privilege); - - auto dump = [&]() -> std::string - { - std::stringstream s; - s << " functionReturn: " << ret << "," - << " functionExpectedReturn: " << expectedResult << ","; - - s << " startBucket: " << formatCstr(startBucket) << "," - << " recursive: " << recursive << "," - << " client: " << formatCstr(client) << "," - << " user: " << formatCstr(user) << "," - << " privilege: " << formatCstr(privilege); - - return s.str(); - }; - - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_admin_erase returned wrong value: " - << ret << " != " << expectedResult << "." - << dump()); -} - -CynaraTestPlugins::Descriptions parseAndRelease(cynara_admin_policy_descr **descriptions) -{ - CynaraTestPlugins::Descriptions ret; - - if (descriptions) { - for (size_t i = 0; descriptions[i] != nullptr; ++i) { - auto descPtr = descriptions[i]; - ret.push_back({ static_cast(descPtr->result), - std::string(descPtr->name) }); - free(descPtr->name); - free(descPtr); - } - free(descriptions); - } - return ret; -} - -void Admin::listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions, - int expectedResult) -{ - std::unique_ptr(m_online ? nullptr : new CynaraMask()); - - struct cynara_admin_policy_descr **descriptions = nullptr; - - int ret = cynara_admin_list_policies_descriptions(m_admin, &descriptions); - - CynaraTestPlugins::Descriptions receivedDescriptions = parseAndRelease(descriptions); - - auto description_less = [](const Cynara::PolicyDescription &d1, - const Cynara::PolicyDescription &d2) -> bool { - return d1.type != d2.type ? d1.type < d2.type : d1.name < d2.name; - }; - - auto description_equal = [](const Cynara::PolicyDescription &d1, - const Cynara::PolicyDescription &d2) -> bool { - return d1.type == d2.type && d1.name == d2.name; - }; - - std::sort(receivedDescriptions.begin(), receivedDescriptions.end(), description_less); - std::sort(expectedDescriptions.begin(), expectedDescriptions.end(), description_less); - - auto dump = [&]() -> std::string - { - std::stringstream s; - s << " functionReturn: " << ret << "," - << " functionExpectedReturn: " << expectedResult << ","; - - s << " receivedPolicyDescriptionList: " << receivedDescriptions << "," - << " expectedPolicyDescriptionList: " << expectedDescriptions << "."; - return s.str(); - }; - - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_admin_list_policies_descriptions returned wrong value: " - << ret << " != " << expectedResult << "." - << dump()); - - RUNNER_ASSERT_MSG(receivedDescriptions.size() == expectedDescriptions.size(), - "size of list returned by cynara_admin_list_policies_descriptions: " - << receivedDescriptions.size() - << " doesn't match expected list size: " - << expectedDescriptions.size() << "." - << dump()); - - RUNNER_ASSERT_MSG(std::equal(receivedDescriptions.begin(), - receivedDescriptions.end(), - expectedDescriptions.begin(), - description_equal), - "list returned by cynara_admin_list_policies_descriptions " - "doesn't match expected. " << dump()); -} - -} // namespace CynaraTestAdmin diff --git a/src/cynara-tests/common/cynara_test_admin.h b/src/cynara-tests/common/cynara_test_admin.h deleted file mode 100644 index 7920d4db..00000000 --- a/src/cynara-tests/common/cynara_test_admin.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_ADMIN_H -#define CYNARA_TEST_ADMIN_H - -#include -#include - -#include -#include -#include - -namespace CynaraTestAdmin { - -class Admin; - -class CynaraPoliciesContainer -{ -public: - CynaraPoliciesContainer(); - -/** - * \par Description: - * A special constructor stealing all data from all structures cynara_admin_policy - * arranged in a null-terminated list. - * It moves all data from inside structures to own vector, - * but release input list by freeing memory of list elements and list itself. - */ - CynaraPoliciesContainer(struct cynara_admin_policy **policies); - CynaraPoliciesContainer(const CynaraPoliciesContainer&) = delete; - CynaraPoliciesContainer(const CynaraPoliciesContainer&&) = delete; - virtual ~CynaraPoliciesContainer(); - - void add(const char *bucket, - const char *client, - const char *user, - const char *privilege, - const int result, - const char *resultExtra); - void add(const char *bucket, - const CheckKey &checkKey, - const int result, - const char *resultExtra = nullptr); - void sort(); - - friend std::ostream& operator<<(std::ostream& os, const CynaraPoliciesContainer &policies); - -private: - friend class Admin; - - std::vector m_policies; -}; - -class Admin -{ -public: - Admin(bool isOnline = true); - virtual ~Admin() noexcept(false); - - void setPolicies(const CynaraPoliciesContainer &policiesContainer, - int expectedResult = CYNARA_API_SUCCESS); - void setBucket(const char *bucket, int operation, const char *extra, - int expectedResult = CYNARA_API_SUCCESS); - void adminCheck(const char *startBucket, int recursive, - const char *client, const char *user, const char *privilege, - int expectedCheckResult, const char *expectedCheckResultExtra, - int expectedResult = CYNARA_API_SUCCESS); - void listPolicies(const char *startBucket, - const char *client, const char *user, const char *privilege, - CynaraPoliciesContainer &expectedPolicyList, - int expectedResult = CYNARA_API_SUCCESS); - void erasePolicies(const char *startBucket, int recursive, - const char *client, const char *user, const char *privilege, - int expectedResult = CYNARA_API_SUCCESS); - void listPoliciesDescriptions(CynaraTestPlugins::Descriptions &expectedDescriptions, - int expectedResult = CYNARA_API_SUCCESS); -private: - struct cynara_admin *m_admin; - bool m_online; -}; - -} // namespace CynaraTestAdmin - -#endif // CYNARA_TEST_ADMIN_H diff --git a/src/cynara-tests/common/cynara_test_agent.cpp b/src/cynara-tests/common/cynara_test_agent.cpp deleted file mode 100644 index e2f408d0..00000000 --- a/src/cynara-tests/common/cynara_test_agent.cpp +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include -#include -#include - -namespace CynaraTestAgent { - -Agent::Agent() - : m_agent(nullptr) -{ - int ret = cynara_agent_initialize(&m_agent, CynaraTestPlugins::TEST_AGENT_TYPE.c_str()); - RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, - "cynara_agent_initialize failed. ret: " << ret); - RUNNER_ASSERT_MSG(m_agent != nullptr, - "cynara_agent struct was not initialized"); -} - -Agent::~Agent() -{ - cynara_agent_finish(m_agent); -} - -void Agent::getRequest(AgentRequest &request, int expectedResult) -{ - cynara_agent_msg_type type; - cynara_agent_req_id id; - void *data = nullptr; - size_t dataSize; - - int ret = cynara_agent_get_request(m_agent, &type, &id, &data, &dataSize); - if (ret == CYNARA_API_SUCCESS) { - RUNNER_ASSERT_MSG(!data == !dataSize, - "cynara_agent_get_request returned contradictory values: " - << "data = " << data << " ," - << "size = " << dataSize << "."); - request.set(type, id, data, dataSize); - free(data); - } - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_agent_get_request returned wrong value: " - << ret << " != " << expectedResult << "."); -} - -void Agent::putResponse(const AgentResponse &response, int expectedResult) -{ - auto size = response.data().size(); - int ret = cynara_agent_put_response(m_agent, - response.type(), - response.id(), - size ? static_cast(response.data().data()) - : nullptr, - size); - - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_agent_put_response returned wrong value: " - << ret << " != " << expectedResult << "." - << "response = " << response); -} - -} // namespace CynaraTestAgent diff --git a/src/cynara-tests/common/cynara_test_agent.h b/src/cynara-tests/common/cynara_test_agent.h deleted file mode 100644 index f224fa1d..00000000 --- a/src/cynara-tests/common/cynara_test_agent.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_AGENT_H -#define CYNARA_TEST_AGENT_H - -#include - -#include -#include - -namespace CynaraTestAgent { - -class Agent -{ -public: - Agent(); - ~Agent(); - - void getRequest(AgentRequest &request, int expectedResult = CYNARA_API_SUCCESS); - void putResponse(const AgentResponse &response, int expectedResult = CYNARA_API_SUCCESS); - -private: - struct cynara_agent *m_agent; -}; - -} // namespace CynaraTestAgent - -#endif // CYNARA_TEST_AGENT_H diff --git a/src/cynara-tests/common/cynara_test_agent_request.cpp b/src/cynara-tests/common/cynara_test_agent_request.cpp deleted file mode 100644 index 821624e8..00000000 --- a/src/cynara-tests/common/cynara_test_agent_request.cpp +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include - -namespace CynaraTestAgent { - -std::ostream& operator<<(std::ostream& os, const AgentRequest &request) -{ - os << "{"; - os << " valid = " << request.m_valid << ","; - os << " type = " << request.m_type << ","; - os << " id = " << request.m_id << ","; - os << " data = " << request.m_data << ","; - os << " client = " << request.m_client << ","; - os << " user = " << request.m_user << ","; - os << " privilege = " << request.m_privilege; - os << " }"; - return os; -} - -void AgentRequest::set(cynara_agent_msg_type type, cynara_agent_req_id id, - const void *data, size_t dataSize) -{ - m_type = type; - m_id = id; - m_data = Cynara::PluginData(static_cast(data), dataSize); - m_client.clear(); - m_user.clear(); - m_privilege.clear(); - - if (m_type == CYNARA_MSG_TYPE_ACTION) { - CynaraTestPlugins::AgentDataVector parsedData; - - bool unwrapSuccess = CynaraTestPlugins::unwrapAgentData(m_data, parsedData); - RUNNER_ASSERT_MSG(unwrapSuccess, - "Format error. Cannot succesfully unwrap request. " - << *this); - - RUNNER_ASSERT_MSG(parsedData.size() == 3, - "Received unexpected [" << parsedData.size() << "] number of units," - << " while expecting 3." - << " Cannot succesfully unwrap request. " - << *this); - - m_client = parsedData[0]; - m_user = parsedData[1]; - m_privilege = parsedData[2]; - } - m_valid = true; -} - -void AgentRequest::assertAction(std::string client, std::string user, std::string privilege) -{ - RUNNER_ASSERT_MSG(m_valid, - "assertAction failed: request is not valid. " - << *this); - RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_ACTION, - "assertAction failed: request's type is " << m_type - << ", expected type is " << CYNARA_MSG_TYPE_ACTION << ". " - << *this); - RUNNER_ASSERT_MSG(!m_data.empty(), - "assertAction failed: m_data is empty. " - << *this); - RUNNER_ASSERT_MSG(m_client == client, - "assertAction failed: unexpected client value " << m_client - << ", expected value is " << client << ". " - << *this); - RUNNER_ASSERT_MSG(m_user == user, - "assertAction failed: unexpected user value " << m_user - << ", expected value is " << user << ". " - << *this); - RUNNER_ASSERT_MSG(m_privilege == privilege, - "assertAction failed: unexpected privilege value " << m_privilege - << ", expected value is " << privilege << ". " - << *this); -} - -void AgentRequest::assertCancel() -{ - RUNNER_ASSERT_MSG(m_valid, - "assertCancel failed: request is not valid. " - << *this); - RUNNER_ASSERT_MSG(m_type == CYNARA_MSG_TYPE_CANCEL, - "assertCancel failed: request's type is " << m_type - << ", expected type is " << CYNARA_MSG_TYPE_CANCEL << ". " - << *this); - RUNNER_ASSERT_MSG(m_data.empty(), - "assertCancel failed: m_data is not empty. " - << *this); - RUNNER_ASSERT_MSG(m_client.empty(), - "assertCancel failed: m_client is not empty. " - << *this); - RUNNER_ASSERT_MSG(m_user.empty(), - "assertCancel failed: m_user is not empty. " - << *this); - RUNNER_ASSERT_MSG(m_privilege.empty(), - "assertCancel failed: m_privilege is not empty. " - << *this); -} - -} // namespace CynaraTestAgent diff --git a/src/cynara-tests/common/cynara_test_agent_request.h b/src/cynara-tests/common/cynara_test_agent_request.h deleted file mode 100644 index a9b0d4f3..00000000 --- a/src/cynara-tests/common/cynara_test_agent_request.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_AGENT_REQUEST_H -#define CYNARA_TEST_AGENT_REQUEST_H - -#include - -#include -#include -#include -#include - -namespace CynaraTestAgent { - -class AgentRequest -{ -public: - AgentRequest() : m_valid(false), m_type(CYNARA_MSG_TYPE_ACTION), m_id(0) - {} - - void set(cynara_agent_msg_type type, cynara_agent_req_id id, const void *data, size_t dataSize); - - bool valid() const - { - return m_valid; - } - - cynara_agent_msg_type type() const - { - return m_type; - } - - cynara_agent_req_id id() const - { - return m_id; - } - - void assertAction(std::string client, std::string user, std::string privilege); - void assertCancel(); - - friend std::ostream& operator<<(std::ostream& os, const AgentRequest &request); - -private: - bool m_valid; - cynara_agent_msg_type m_type; - cynara_agent_req_id m_id; - Cynara::PluginData m_data; - std::string m_client; - std::string m_user; - std::string m_privilege; -}; - -} // namespace CynaraTestAgent - -#endif // CYNARA_TEST_AGENT_REQUEST_H diff --git a/src/cynara-tests/common/cynara_test_agent_response.cpp b/src/cynara-tests/common/cynara_test_agent_response.cpp deleted file mode 100644 index 70b9ea42..00000000 --- a/src/cynara-tests/common/cynara_test_agent_response.cpp +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include - -namespace CynaraTestAgent { - -std::ostream& operator<<(std::ostream& os, const AgentResponse &response) -{ - os << "{"; - os << " type = " << response.m_type << ","; - os << " id = " << response.m_id << ","; - os << " data = " << response.m_data; - os << " }"; - return os; -} - -AgentResponse AgentResponse::createAllow(cynara_agent_req_id id) -{ - CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_ALLOW}; - return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData)); -} - -AgentResponse AgentResponse::createDeny(cynara_agent_req_id id) -{ - CynaraTestPlugins::AgentDataVector rawData = {CynaraTestPlugins::AGENT_DATA_DENY}; - return AgentResponse(CYNARA_MSG_TYPE_ACTION, id, CynaraTestPlugins::wrapAgentData(rawData)); -} - -AgentResponse AgentResponse::createCancel(cynara_agent_req_id id) -{ - return AgentResponse(CYNARA_MSG_TYPE_CANCEL, id, Cynara::PluginData()); -} - -} // namespace CynaraTestAgent diff --git a/src/cynara-tests/common/cynara_test_agent_response.h b/src/cynara-tests/common/cynara_test_agent_response.h deleted file mode 100644 index 6d3f46b2..00000000 --- a/src/cynara-tests/common/cynara_test_agent_response.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_AGENT_RESPONSE_H -#define CYNARA_TEST_AGENT_RESPONSE_H - -#include - -#include -#include -#include - -namespace CynaraTestAgent { - -class AgentResponse -{ -public: - AgentResponse() = delete; - static AgentResponse createAllow(cynara_agent_req_id id); - static AgentResponse createDeny(cynara_agent_req_id id); - static AgentResponse createCancel(cynara_agent_req_id id); - - cynara_agent_msg_type type() const - { - return m_type; - } - - cynara_agent_req_id id() const - { - return m_id; - } - - Cynara::PluginData data() const - { - return m_data; - } - - friend std::ostream& operator<<(std::ostream& os, const AgentResponse &response); - -private: - AgentResponse(cynara_agent_msg_type type, cynara_agent_req_id id, Cynara::PluginData data) - : m_type(type), m_id(id), m_data(data) - {} - - cynara_agent_msg_type m_type; - cynara_agent_req_id m_id; - Cynara::PluginData m_data; -}; - -} // namespace CynaraTestAgent - -#endif // CYNARA_TEST_AGENT_RESPONSE_H diff --git a/src/cynara-tests/common/cynara_test_client.cpp b/src/cynara-tests/common/cynara_test_client.cpp deleted file mode 100644 index f4051451..00000000 --- a/src/cynara-tests/common/cynara_test_client.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -namespace CynaraTestClient { - -Client::Client() - : m_cynara(nullptr) -{ - int ret = cynara_initialize(&m_cynara, nullptr); - RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, - "cynara_initialize failed. ret: " << ret); - RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara struct was not initialized"); -} - -Client::~Client() -{ - cynara_finish(m_cynara); -} - -void Client::check(const char *client, const char *session, - const char *user, const char *privilege, - int expectedResult) -{ - int ret = cynara_check(m_cynara, client, session, user, privilege); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_check returned wrong value: " - << ret << " != " << expectedResult << "." - << " client: " << formatCstr(client) << "," - << " session: " << formatCstr(session) << "," - << " user: " << formatCstr(user) << "," - << " privilege: " << formatCstr(privilege)); -} - -} //namespace CynaraTestClient diff --git a/src/cynara-tests/common/cynara_test_client.h b/src/cynara-tests/common/cynara_test_client.h deleted file mode 100644 index d5f1eabc..00000000 --- a/src/cynara-tests/common/cynara_test_client.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_CLIENT_H -#define CYNARA_TEST_CLIENT_H - -#include - -namespace CynaraTestClient { - -class Client -{ -public: - Client(); - virtual ~Client(); - - void check(const char *client, const char *session, - const char *user, const char *privilege, - int expectedResult = CYNARA_API_ACCESS_ALLOWED); - -private: - struct cynara *m_cynara; -}; - -} //namespace CynaraTestClient - -#endif // CYNARA_TEST_CLIENT_H diff --git a/src/cynara-tests/common/cynara_test_client_async_client.cpp b/src/cynara-tests/common/cynara_test_client_async_client.cpp deleted file mode 100644 index 6c708132..00000000 --- a/src/cynara-tests/common/cynara_test_client_async_client.cpp +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -#include - -#include -#include - -namespace CynaraTestClientAsync { - -static std::string suffix(const std::string &major, const std::string &minor) -{ - if (minor.empty()) - return major; - return "_" + major + "_" + minor; -} - -CheckData::CheckData(const std::string &major, const std::string &minor) : - m_client("client" + suffix(major, minor)), - m_session("session" + suffix(major, minor)), - m_user("user" + suffix(major, minor)), - m_privilege("privilege" + suffix(major, minor)) -{ -} - -CheckData::CheckData(const std::string &major, int minor) : CheckData(major, std::to_string(minor)) -{ -} - -CheckKey CheckData::toAdminPolicy() -{ - return {m_client.c_str(), m_user.c_str(), m_privilege.c_str()}; -} - -Client::Client(const StatusFunction &userFunction) - : m_cynara(nullptr), m_statusMonitor(userFunction) -{ - int ret; - RUNNER_DEFER_SCOPE(ret = cynara_async_initialize(&m_cynara, nullptr, - StatusMonitor::updateStatus, - static_cast(&m_statusMonitor));); - RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS, - "cynara_async_initialize() failed. ret = " << ret << "."); - RUNNER_ASSERT_MSG(m_cynara != nullptr, "cynara_async struct was not initialized."); - - assertStatus(DISCONNECTED); -} - -Client::~Client() noexcept(false) -{ - bool oops = std::uncaught_exception(); - try { - RUNNER_DEFER_SCOPE(cynara_async_finish(m_cynara);); - assertStatus(DISCONNECTED); - } catch (...) { - if (!oops) - throw; - RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraTestAsync::Client."); - } -} - -void Client::assertStatus(enum SocketStatus expectedStatus) -{ - enum SocketStatus currentStatus = m_statusMonitor.getStatus(); - RUNNER_ASSERT_MSG(currentStatus == expectedStatus, - "SocketStatus mismatch: " - << " currentStatus = " << currentStatus << "," - << " expectedStatus = " << expectedStatus << "."); -} - -void Client::checkCache(const CheckData &checkData, int expectedResult) -{ - int ret; - RUNNER_DEFER_SCOPE(ret = cynara_async_check_cache(m_cynara, checkData.m_client.c_str(), - checkData.m_session.c_str(), - checkData.m_user.c_str(), - checkData.m_privilege.c_str());); - RUNNER_ASSERT_MSG(ret == expectedResult, - "Cache check returned unexpected value: " - << " returned value = " << ret << "," - << " expected value = " << expectedResult << "," - << " client = " << checkData.m_client << "," - << " sesion = " << checkData.m_session << "," - << " user = " << checkData.m_user << "," - << " privilege = " << checkData.m_privilege << "."); -} - -void Client::createRequest(const CheckData &checkData, cynara_check_id &id, - const RequestEntity &callbackData, int expectedResult) -{ - int ret; - RUNNER_DEFER_SCOPE(ret = cynara_async_create_request(m_cynara, checkData.m_client.c_str(), - checkData.m_session.c_str(), - checkData.m_user.c_str(), - checkData.m_privilege.c_str(), &id, - RequestMonitor::updateResponse, - static_cast( - &m_requestMonitor));); - if (ret == CYNARA_API_SUCCESS) - m_requestMonitor.registerRequest(id, callbackData); - - RUNNER_ASSERT_MSG(ret == expectedResult, - "Create request returned unexpected value: " - << " returned value = " << ret << "," - << " expected value = " << expectedResult << "," - << " client = " << checkData.m_client << "," - << " sesion = " << checkData.m_session << "," - << " user = " << checkData.m_user << "," - << " privilege = " << checkData.m_privilege << "."); -} - -void Client::process(int expectedResult, - enum TimeoutExpectation timeoutExpectation, - time_t timeoutSeconds) { - if (m_statusMonitor.getStatus() == DISCONNECTED) - return; - - int fd = m_statusMonitor.getFd(); - fd_set fds; - timeval tv; - FD_ZERO(&fds); - FD_SET(fd, &fds); - tv.tv_sec = timeoutSeconds; - tv.tv_usec = 0; - - int ret; - if (m_statusMonitor.getStatus() == READ) - ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, NULL, NULL, &tv)); - else - ret = TEMP_FAILURE_RETRY(select(fd + 1, &fds, &fds, NULL, &tv)); - - if (ret == 0) { - RUNNER_ASSERT_MSG(timeoutExpectation != EXPECT_NO_TIMEOUT, - "Unexpected select timeout." - << " ret = " << ret); - return; - } - RUNNER_ASSERT_ERRNO_MSG(ret > 0, - "Select returned error:" - << " ret = " << ret); - RUNNER_ASSERT_MSG(timeoutExpectation != EXPECT_TIMEOUT, - "Select returned positive value, when timeout was expected." - << " ret = " << ret); - - RUNNER_DEFER_SCOPE(ret = cynara_async_process(m_cynara);); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_async_process returned unexpected value: " - << " returned value = " << ret << "," - << " expected value = " << expectedResult << "."); -} - -void Client::cancel(cynara_check_id id, int expectedResult) -{ - int ret; - RUNNER_DEFER_SCOPE(ret = cynara_async_cancel_request(m_cynara, id);); - RUNNER_ASSERT_MSG(ret == expectedResult, - "Cancel request returned unexpected value: " - << " returned value = " << ret << "," - << " expected value = " << expectedResult << "," - << " id = " << id << "."); -} - -}// namespace CynaraTestClientAsync diff --git a/src/cynara-tests/common/cynara_test_client_async_client.h b/src/cynara-tests/common/cynara_test_client_async_client.h deleted file mode 100644 index 37abdc5b..00000000 --- a/src/cynara-tests/common/cynara_test_client_async_client.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_CLIENT_ASYNC_CLIENT_H -#define CYNARA_TEST_CLIENT_ASYNC_CLIENT_H - -#include -#include -#include - -#include - -#include -#include - -namespace CynaraTestClientAsync { - -struct CheckData -{ - std::string m_client; - std::string m_session; - std::string m_user; - std::string m_privilege; - - CheckData(const std::string &major, const std::string &minor = ""); - CheckData(const std::string &major, int minor); - - CheckKey toAdminPolicy(); -}; - -class Client -{ -public: - enum TimeoutExpectation { - EXPECT_TIMEOUT, - EXPECT_NO_TIMEOUT, - IGNORE_TIMEOUT, - }; - - Client(const StatusFunction &userFunction = StatusFunction()); - ~Client() noexcept(false); - - void assertStatus(enum SocketStatus expectedStatus); - void checkCache(const CheckData &checkData, int expectedResult); - void createRequest(const CheckData &checkData, cynara_check_id &id, - const RequestEntity &callbackData, int expectedResult = CYNARA_API_SUCCESS); - void process(int expectedResult = CYNARA_API_SUCCESS, - enum TimeoutExpectation timeoutExpectation = EXPECT_NO_TIMEOUT, - time_t timeoutSeconds = 3); - void cancel(cynara_check_id id, int expectedResult = CYNARA_API_SUCCESS); - -private: - struct cynara_async *m_cynara; - - StatusMonitor m_statusMonitor; - RequestMonitor m_requestMonitor; -}; - -}// namespace CynaraTestClientAsync - -#endif // CYNARA_TEST_CLIENT_ASYNC_CLIENT_H diff --git a/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp b/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp deleted file mode 100644 index 33244d00..00000000 --- a/src/cynara-tests/common/cynara_test_client_async_request_monitor.cpp +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -#include - -namespace CynaraTestClientAsync { - -RequestMonitor::~RequestMonitor() noexcept(false) -{ - bool oops = std::uncaught_exception(); - try { - for (auto ent : m_requests) - { - RUNNER_ERROR_MSG("There was no callback for request with:" - << "id = " << ent.first << "," - << "expectedResponse = " << ent.second.m_expectedResponse << "," - << "expectedCause = " << ent.second.m_expectedCause << "."); - } - RUNNER_ASSERT_MSG(m_requests.empty(), - m_requests.size() << "requests does not receive callback."); - } catch (...) { - if (!oops) - throw; - RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing" - " CynaraTestAsync::RequestMonitor."); - } -} - -void RequestMonitor::registerRequest(cynara_check_id id, const RequestEntity &request) -{ - auto p = m_requests.insert({id, request}); - RUNNER_ASSERT_MSG(p.second, - "Request with id = " << p.first->first << " already exists."); -} - -void RequestMonitor::updateResponse(cynara_check_id checkId, cynara_async_call_cause cause, - int response, void *data) -{ - RUNNER_DEFER_TRYCATCH( - RequestMonitor *monitor = static_cast(data); - if (!monitor) { - RUNNER_FAIL_MSG("Bad user data (nullptr) in response callback."); - return; - } - - auto it = monitor->m_requests.find(checkId); - if (it == monitor->m_requests.end()) { - RUNNER_FAIL_MSG("Received unexpected callback for request:" - << "id = " << checkId << "," - << "response = " << response << "," - << "cause = " << cause << "."); - return; - } - - //save request data and remove request from monitored requests - auto expectedResponse = it->second.m_expectedResponse; - auto expectedCause = it->second.m_expectedCause; - auto userFunction = it->second.m_userFunction; - monitor->m_requests.erase(it); - - RUNNER_ASSERT_MSG(cause == expectedCause, - "Unexpected cause in response callback:" - << "id = " << checkId << "," - << "received response = " << response << "," - << "expected response = " << expectedResponse << "," - << "received cause = " << cause << "," - << "expected cause = " << expectedCause << "."); - - if (cause == CYNARA_CALL_CAUSE_ANSWER) - { - RUNNER_ASSERT_MSG(response == expectedResponse, - "Unexpected response in response callback:" - << "id = " << checkId << "," - << "received response = " << response << "," - << "expected response = " << expectedResponse << "," - << "received cause = " << cause << "," - << "expected cause = " << expectedCause << "."); - } - - if (userFunction) - userFunction(); - ); -} - -}// namespace CynaraTestClientAsync diff --git a/src/cynara-tests/common/cynara_test_client_async_request_monitor.h b/src/cynara-tests/common/cynara_test_client_async_request_monitor.h deleted file mode 100644 index 16d49269..00000000 --- a/src/cynara-tests/common/cynara_test_client_async_request_monitor.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H -#define CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H - -#include - -#include -#include - -namespace CynaraTestClientAsync { - -typedef std::function RequestFunction; - -struct RequestEntity -{ - RequestFunction m_userFunction; - int m_expectedResponse; - cynara_async_call_cause m_expectedCause; -}; - -class RequestMonitor -{ -public: - ~RequestMonitor() noexcept(false); - - void registerRequest(cynara_check_id id, const RequestEntity &request); - - static void updateResponse(cynara_check_id checkId, cynara_async_call_cause cause, int response, - void *data); - -private: - std::unordered_map m_requests; -}; - -}// namespace CynaraTestClientAsync - -#endif // CYNARA_TEST_CLIENT_ASYNC_REQUEST_MONITOR_H diff --git a/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp b/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp deleted file mode 100644 index 5246178d..00000000 --- a/src/cynara-tests/common/cynara_test_client_async_status_monitor.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -namespace CynaraTestClientAsync { - -StatusMonitor::StatusMonitor(const StatusFunction &userFunction) - : m_fd(-1), m_status(CYNARA_STATUS_FOR_READ), m_userFunction(userFunction) -{ -} - -void StatusMonitor::updateStatus(int oldFd, int newFd, cynara_async_status status, void *data) -{ - RUNNER_DEFER_TRYCATCH( - StatusMonitor *monitor = static_cast(data); - if (!monitor) { - RUNNER_FAIL_MSG("Bad user data (nullptr) in status callback."); - return; - } - - RUNNER_ASSERT_MSG(monitor->m_fd == oldFd, - "fd value mismatch: " - << " last saved fd = " << monitor->m_fd << "," - << " callback oldFd = " << oldFd << "."); - - monitor->m_fd = newFd; - monitor->m_status = status; - if (monitor->m_userFunction) - monitor->m_userFunction(oldFd, newFd, status); - ); -} - -int StatusMonitor::getFd(void) const -{ - return m_fd; -} - -enum SocketStatus StatusMonitor::getStatus(void) const -{ - if (m_fd == -1) - return DISCONNECTED; - - switch (m_status) { - case CYNARA_STATUS_FOR_READ: - return READ; - case CYNARA_STATUS_FOR_RW: - return READWRITE; - } - RUNNER_FAIL_MSG("Unknown cynara socket status = " << m_status << "," - << " fd = " << m_fd << "."); - return UNKNOWN; -} - -}// namespace CynaraTestClientAsync diff --git a/src/cynara-tests/common/cynara_test_client_async_status_monitor.h b/src/cynara-tests/common/cynara_test_client_async_status_monitor.h deleted file mode 100644 index b09f3d00..00000000 --- a/src/cynara-tests/common/cynara_test_client_async_status_monitor.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H -#define CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H - -#include - -#include - -namespace CynaraTestClientAsync { - -enum SocketStatus -{ - READ, - READWRITE, - DISCONNECTED, - UNKNOWN, -}; - -typedef std::function StatusFunction; - -class StatusMonitor -{ -public: - - StatusMonitor(const StatusFunction &userFunction); - - static void updateStatus(int oldFd, int newFd, cynara_async_status status, void *data); - - int getFd(void) const; - enum SocketStatus getStatus(void) const; - -private: - int m_fd; - cynara_async_status m_status; - StatusFunction m_userFunction; -}; - -}// namespace CynaraTestClientAsync - -#endif // CYNARA_TEST_CLIENT_ASYNC_STATUS_MONITOR_H diff --git a/src/cynara-tests/common/cynara_test_commons.cpp b/src/cynara-tests/common/cynara_test_commons.cpp deleted file mode 100644 index 91a93f4f..00000000 --- a/src/cynara-tests/common/cynara_test_commons.cpp +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -namespace CynaraTestConsts -{ - -const std::string DB_DIR(CYNARA_DB_DIR); -const std::string USER("cynara"); -const std::string LABEL("System"); -const std::string SERVICE("cynara.service"); -const std::string SOCKET_CLIENT("cynara.socket"); -const std::string SOCKET_ADMIN("cynara-admin.socket"); -const std::string SOCKET_AGENT("cynara-agent.socket"); - -const std::string SERVICE_PLUGINS_DIR("/usr/lib/cynara/plugin/service/"); - -} - -void loadServicePlugins(const DirectoryPaths &pluginDirectories) -{ - CynaraMask mask; - - FileOperations::removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR); - for (const auto &dir : pluginDirectories) - FileOperations::copyCynaraFiles(dir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR); -} - -void restartCynaraService() -{ - ServiceManager service(CynaraTestConsts::SERVICE); - service.restartService(); -} - -void restartCynaraServiceAndSockets() -{ - ServiceManager service(CynaraTestConsts::SERVICE, { CynaraTestConsts::SOCKET_CLIENT, - CynaraTestConsts::SOCKET_ADMIN, - CynaraTestConsts::SOCKET_AGENT }); - - service.restartService(true); -} diff --git a/src/cynara-tests/common/cynara_test_commons.h b/src/cynara-tests/common/cynara_test_commons.h deleted file mode 100644 index f51cc5ad..00000000 --- a/src/cynara-tests/common/cynara_test_commons.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file cynara_test_commons.h - * @author Lukasz Wojciechowski - * @version 1.0 - * @brief Definition of environment wrap for test cases - */ - -#ifndef CYNARA_TEST_COMMONS_H_ -#define CYNARA_TEST_COMMONS_H_ - -#include -#include - -#include - -#include - -namespace CynaraTestConsts -{ - -extern const std::string DB_DIR; -extern const std::string USER; -extern const std::string LABEL; -extern const std::string SERVICE; -extern const std::string SERVICE_PLUGINS_DIR; -extern const std::string SOCKET_CLIENT; -extern const std::string SOCKET_ADMIN; -extern const std::string SOCKET_AGENT; - -} - -struct CheckKey -{ - const char *m_client; - const char *m_user; - const char *m_privilege; -}; - -#define RUN_CYNARA_TEST(Proc) \ - RUNNER_TEST(Proc, CynaraTestEnv) \ - { \ - Proc##_func(); \ - } - -typedef std::vector DirectoryPaths; -void loadServicePlugins(const DirectoryPaths &pluginDirectories); - -void restartCynaraService(); -void restartCynaraServiceAndSockets(); - -#endif /* CYNARA_TEST_COMMONS_H_ */ diff --git a/src/cynara-tests/common/cynara_test_cynara_mask.cpp b/src/cynara-tests/common/cynara_test_cynara_mask.cpp deleted file mode 100644 index 70448951..00000000 --- a/src/cynara-tests/common/cynara_test_cynara_mask.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file cynara_test_cynara_mask.cpp - * @author Lukasz Wojciechowski - * @version 1.0 - * @brief Implementation of scoped cynara service masker - */ - -#include - -#include -#include - -#include - -CynaraMask::CynaraMask() : m_serviceManager(CynaraTestConsts::SERVICE) -{ - m_serviceManager.maskService(); - m_serviceManager.stopService(); -} - -CynaraMask::~CynaraMask() noexcept(false) -{ - bool oops = std::uncaught_exception(); - try { - m_serviceManager.unmaskService(); - m_serviceManager.startService(); - } catch (...) { - if (!oops) - throw; - RUNNER_ERROR_MSG("Error: more exceptions thrown while releasing CynaraMask."); - } -} diff --git a/src/cynara-tests/common/cynara_test_cynara_mask.h b/src/cynara-tests/common/cynara_test_cynara_mask.h deleted file mode 100644 index fee1e669..00000000 --- a/src/cynara-tests/common/cynara_test_cynara_mask.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file cynara_test_cynara_mask.h - * @author Lukasz Wojciechowski - * @version 1.0 - * @brief Definition of scoped cynara service masker - */ - -#ifndef CYNARA_TEST_CYNARA_MASK_H_ -#define CYNARA_TEST_CYNARA_MASK_H_ - -#include - -class CynaraMask -{ -public: - CynaraMask(); - ~CynaraMask() noexcept(false); - -private: - ServiceManager m_serviceManager; -}; - -#endif // CYNARA_TEST_CYNARA_MASK_H_ diff --git a/src/cynara-tests/common/cynara_test_env.cpp b/src/cynara-tests/common/cynara_test_env.cpp deleted file mode 100644 index 4af76598..00000000 --- a/src/cynara-tests/common/cynara_test_env.cpp +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include - -#include - -using namespace FileOperations; - -CynaraTestEnv::CynaraTestEnv() - : m_dbPresent(false) -{ -} - -CynaraTestEnv::~CynaraTestEnv() -{ -} - -void CynaraTestEnv::init(const std::string &testName) -{ - m_saveDir = TMP_DIR + "/" + testName; - m_dbSaveDir = m_saveDir + "/db"; - m_pluginsSaveDir = m_saveDir + "/plugins"; - m_defaultDir = "/etc/security-tests/db_patterns/default"; - - CynaraMask mask; - - removeDirFiles(m_dbSaveDir); - removeDirIfExists(m_dbSaveDir); - removeDirFiles(m_pluginsSaveDir); - removeDirIfExists(m_pluginsSaveDir); - removeDirIfExists(m_saveDir); - - makeDir(m_saveDir); - m_dbPresent = dirExists(CynaraTestConsts::DB_DIR); - if (m_dbPresent) { - makeDir(m_dbSaveDir); - copyCynaraFiles(CynaraTestConsts::DB_DIR, m_dbSaveDir); - } - makeDir(m_pluginsSaveDir); - copyCynaraFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR, m_pluginsSaveDir); - unmaskedLoadDefaultDatabase(); -} - -void CynaraTestEnv::finish() -{ - CynaraMask mask; - - removeDirFiles(CynaraTestConsts::DB_DIR); - if (m_dbPresent) - copyCynaraFiles(m_dbSaveDir, CynaraTestConsts::DB_DIR); - else - removeDirIfExists(CynaraTestConsts::DB_DIR); - - removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR); - copyCynaraFiles(m_pluginsSaveDir, CynaraTestConsts::SERVICE_PLUGINS_DIR); - - removeDirFiles(m_dbSaveDir); - removeDirIfExists(m_dbSaveDir); - removeDirFiles(m_pluginsSaveDir); - removeDirIfExists(m_pluginsSaveDir); - removeDirIfExists(m_saveDir); -} - -void CynaraTestEnv::unmaskedLoadDefaultDatabase() -{ - if (m_dbPresent) { - removeDirFiles(CynaraTestConsts::DB_DIR); - copyCynaraFiles(m_defaultDir, CynaraTestConsts::DB_DIR); - } -} - -void CynaraTestEnv::loadDefaultDatabase() -{ - CynaraMask mask; - unmaskedLoadDefaultDatabase(); -} diff --git a/src/cynara-tests/common/cynara_test_env.h b/src/cynara-tests/common/cynara_test_env.h deleted file mode 100644 index 387d6bab..00000000 --- a/src/cynara-tests/common/cynara_test_env.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_ENV_H -#define CYNARA_TEST_ENV_H - -#include - -class CynaraTestEnv -{ -public: - explicit CynaraTestEnv(); - ~CynaraTestEnv(); - void init(const std::string &testName); - void finish(); - void loadDefaultDatabase(); - -private: - void unmaskedLoadDefaultDatabase(); - std::string m_saveDir; - std::string m_dbSaveDir; - std::string m_pluginsSaveDir; - std::string m_defaultDir; - bool m_dbPresent; -}; - -#endif // CYNARA_TEST_ENV_H diff --git a/src/cynara-tests/common/cynara_test_file_operations.cpp b/src/cynara-tests/common/cynara_test_file_operations.cpp deleted file mode 100644 index 1f7a5da9..00000000 --- a/src/cynara-tests/common/cynara_test_file_operations.cpp +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include - -namespace FileOperations -{ - -static int removeFile(const char *fpath, const struct stat * /*sb*/, - int tflag, struct FTW * /*ftwbuf*/) -{ - if (tflag == FTW_F) - RUNNER_ASSERT_ERRNO_MSG(!unlink(fpath), "Unable to unlink " << fpath << " file"); - else - RUNNER_ASSERT_MSG(tflag == FTW_DP, "Visited file should not exist. Path: " << fpath); - return 0; -} - -bool dirExists(const std::string &directory) -{ - struct stat st; - int ret = stat(directory.c_str(), &st); - if (ret == -1 && errno == ENOENT) { - return false; - } else if (ret == -1) { - RUNNER_ASSERT_ERRNO_MSG(false, "Cannot stat " << directory - << " not due to its nonexistence"); - } - RUNNER_ASSERT_MSG(st.st_mode & S_IFDIR, directory << " is not a directory"); - return true; -} - -void copyCynaraFile(const std::string &src, const std::string &dst) -{ - using PwBufPtr = CStringPtr; - int inFd = TEMP_FAILURE_RETRY(open(src.c_str(), O_RDONLY)); - RUNNER_ASSERT_ERRNO_MSG(inFd > 0, "Opening " << src << " file failed"); - FdUniquePtr inFdPtr(&inFd); - - int outFd = TEMP_FAILURE_RETRY(creat(dst.c_str(), 0700)); - RUNNER_ASSERT_ERRNO_MSG(outFd > 0, "Creating " << dst << " file failed"); - FdUniquePtr outFdPtr(&outFd); - - long int len = sysconf(_SC_GETPW_R_SIZE_MAX); - RUNNER_ASSERT_MSG(len != -1, "No suggested buflen"); - size_t buflen = len; - char *buf = static_cast(malloc(buflen)); - - PwBufPtr pwBufPtr(buf); - - struct passwd pwbuf, *pwbufp = nullptr; - int ret = TEMP_FAILURE_RETRY(getpwnam_r(CynaraTestConsts::USER.c_str(), - &pwbuf, buf, buflen, &pwbufp)); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "getpwnam_r failed on " << CynaraTestConsts::USER << " user"); - RUNNER_ASSERT_MSG(pwbufp, "User " << CynaraTestConsts::USER << " does not exist"); - - ret = fchown(outFd, pwbufp->pw_uid, pwbufp->pw_gid); - RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fchown failed"); - - ret = smack_fsetlabel(outFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed"); - - struct stat statSrc; - ret = fstat(inFd, &statSrc); - RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fstat failed"); - - ret = sendfile(outFd, inFd, 0, statSrc.st_size); - RUNNER_ASSERT_ERRNO_MSG(ret != -1, "sendfile failed"); - - ret = fsync(outFd); - RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed"); -} - -void copyCynaraFiles(const std::string &source, const std::string &destination) -{ - DIR *dirPtr = nullptr; - struct dirent *direntPtr; - - RUNNER_ASSERT_ERRNO_MSG(dirPtr = opendir(source.c_str()), - "opening " << source << " dir failed"); - DirPtr dirScopedPtr(dirPtr); - - while((direntPtr = readdir(dirPtr)) != nullptr) { - if (!strcmp(direntPtr->d_name, ".") - || !strcmp(direntPtr->d_name, "..")) - continue; - std::string tempDest = destination + "/" + direntPtr->d_name; - std::string tempSrc = source + "/" + direntPtr->d_name; - copyCynaraFile(tempSrc, tempDest); - } - - syncDir(destination); -} - -void syncElem(const std::string &filename, int flags, mode_t mode) -{ - int fileFd = TEMP_FAILURE_RETRY(open(filename.c_str(), flags, mode)); - RUNNER_ASSERT_ERRNO_MSG(fileFd != -1, "open failed name=" << filename); - FdUniquePtr fdPtr(&fileFd); - - int ret = fsync(fileFd); - RUNNER_ASSERT_ERRNO_MSG(ret != -1, "fsync failed name=" << filename); -} - -void syncDir(const std::string &dirname, mode_t mode) { - syncElem(dirname, O_DIRECTORY, mode); -} - -void makeDir(const std::string &directory) -{ - RUNNER_ASSERT_ERRNO_MSG(!mkdir(directory.c_str(), S_IRWXU | S_IRWXG | S_IRWXO), - "Unable to make " << directory << " test directory"); - - syncDir(directory); -} - -void removeDirFiles(const std::string &dir) -{ - int ret = nftw(dir.c_str(), removeFile, 2, FTW_DEPTH | FTW_PHYS); - if (ret == -1) - RUNNER_ASSERT_ERRNO_MSG(errno == ENOENT, "nftw failed"); - else - syncDir(dir); -} - -void removeDirIfExists(const std::string &dir) -{ - RUNNER_ASSERT_ERRNO_MSG(!rmdir(dir.c_str()) || errno == ENOENT, - "Removing " << dir << " dir failed"); -} - -} // namespace FileOperations diff --git a/src/cynara-tests/common/cynara_test_file_operations.h b/src/cynara-tests/common/cynara_test_file_operations.h deleted file mode 100644 index d3acdb85..00000000 --- a/src/cynara-tests/common/cynara_test_file_operations.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef CYNARA_TEST_FILE_OPERATIONS_H -#define CYNARA_TEST_FILE_OPERATIONS_H - -#include -#include - -namespace FileOperations -{ - -bool dirExists(const std::string &directory); -void copyCynaraFile(const std::string &src, const std::string &dst); -void copyCynaraFiles(const std::string &source, const std::string &destination); -void syncElem(const std::string &filename, int flags = O_RDONLY, mode_t mode = S_IRUSR | S_IWUSR); -void syncDir(const std::string &dirname, mode_t mode = S_IRUSR | S_IWUSR); -void makeDir(const std::string &directory); -void removeDirFiles(const std::string &dir); -void removeDirIfExists(const std::string &dir); - -} // namespace FileOperations - -#endif //CYNARA_TEST_FILE_OPERATIONS_H diff --git a/src/cynara-tests/common/cynara_test_helpers.cpp b/src/cynara-tests/common/cynara_test_helpers.cpp deleted file mode 100644 index 033fbecd..00000000 --- a/src/cynara-tests/common/cynara_test_helpers.cpp +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file cynara_test_helpers.cpp - * @author Aleksander Zdyb - * @version 1.0 - * @brief Helpers for cynara-helpers - */ - -#include - -#include - -#include "cynara_test_helpers.h" - -namespace CynaraHelperCredentials { - -char *socketGetClient(int sock, cynara_client_creds method, int expectedResult) { - char *buff; - auto ret = cynara_creds_socket_get_client(sock, method, &buff); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_creds_socket_get_client failed, ret = " << ret - << "; expected = " << expectedResult); - return buff; -} - -char *socketGetUser(int sock, cynara_user_creds method, int expectedResult) { - char *buff; - auto ret = cynara_creds_socket_get_user(sock, method, &buff); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_creds_socket_get_user failed, ret = " << ret - << "; expected = " << expectedResult); - return buff; -} - -pid_t socketGetPid(int sock, int expectedResult) { - pid_t pid; - auto ret = cynara_creds_socket_get_pid(sock, &pid); - RUNNER_ASSERT_MSG(ret == expectedResult, - "cynara_creds_socket_get_pid failed, ret = " << ret << "; expected = " - << expectedResult); - return pid; -} - -} //namespace CynaraHelperCredentials diff --git a/src/cynara-tests/common/cynara_test_helpers.h b/src/cynara-tests/common/cynara_test_helpers.h deleted file mode 100644 index 1acd6f88..00000000 --- a/src/cynara-tests/common/cynara_test_helpers.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file cynara_test_helpers.h - * @author Aleksander Zdyb - * @version 1.0 - * @brief Helpers for cynara-helpers - */ - -#ifndef CYNARA_TEST_HELPERS_H_ -#define CYNARA_TEST_HELPERS_H_ - -#include - -#include -#include - -namespace CynaraHelperCredentials { - -char *socketGetClient(int sock, cynara_client_creds method, - int expectedResult = CYNARA_API_SUCCESS); - -char *socketGetUser(int sock, cynara_user_creds method, - int expectedResult = CYNARA_API_SUCCESS); - -pid_t socketGetPid(int sock, int expectedResult = CYNARA_API_SUCCESS); - -} // namespace CynaraHelperCredentials - - -#endif // CYNARA_TEST_HELPERS_H_ diff --git a/src/cynara-tests/cynara-test.cpp b/src/cynara-tests/cynara-test.cpp deleted file mode 100644 index 2ff40841..00000000 --- a/src/cynara-tests/cynara-test.cpp +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -int main (int argc, char *argv[]) -{ - int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); - return status; -} diff --git a/src/cynara-tests/db_patterns/default/_ b/src/cynara-tests/db_patterns/default/_ deleted file mode 100644 index e69de29b..00000000 diff --git a/src/cynara-tests/db_patterns/default/buckets b/src/cynara-tests/db_patterns/default/buckets deleted file mode 100644 index 29ab9872..00000000 --- a/src/cynara-tests/db_patterns/default/buckets +++ /dev/null @@ -1 +0,0 @@ -;0x0; diff --git a/src/cynara-tests/db_patterns/default/checksum b/src/cynara-tests/db_patterns/default/checksum deleted file mode 100644 index 9998a605..00000000 --- a/src/cynara-tests/db_patterns/default/checksum +++ /dev/null @@ -1,2 +0,0 @@ -buckets;$1$$6ZlVs5lw2nZgVmiw0BdY21 -_;$1$$qRPK7m23GJusamGpoGLby/ diff --git a/src/cynara-tests/db_patterns/defaultAllowed/_ b/src/cynara-tests/db_patterns/defaultAllowed/_ deleted file mode 100644 index e69de29b..00000000 diff --git a/src/cynara-tests/db_patterns/defaultAllowed/buckets b/src/cynara-tests/db_patterns/defaultAllowed/buckets deleted file mode 100644 index 16148520..00000000 --- a/src/cynara-tests/db_patterns/defaultAllowed/buckets +++ /dev/null @@ -1 +0,0 @@ -;0xFFFF; diff --git a/src/cynara-tests/db_patterns/defaultAllowed/checksum b/src/cynara-tests/db_patterns/defaultAllowed/checksum deleted file mode 100644 index 90c581c8..00000000 --- a/src/cynara-tests/db_patterns/defaultAllowed/checksum +++ /dev/null @@ -1,2 +0,0 @@ -buckets;$1$$UYHKvrIkGoSTO5hIgvCLg0 -_;$1$$qRPK7m23GJusamGpoGLby/ diff --git a/src/cynara-tests/db_patterns/nonEmptyDatabase/_ b/src/cynara-tests/db_patterns/nonEmptyDatabase/_ deleted file mode 100644 index f13b4a64..00000000 --- a/src/cynara-tests/db_patterns/nonEmptyDatabase/_ +++ /dev/null @@ -1 +0,0 @@ -client;user;privilege;0x0; diff --git a/src/cynara-tests/db_patterns/nonEmptyDatabase/buckets b/src/cynara-tests/db_patterns/nonEmptyDatabase/buckets deleted file mode 100644 index 29ab9872..00000000 --- a/src/cynara-tests/db_patterns/nonEmptyDatabase/buckets +++ /dev/null @@ -1 +0,0 @@ -;0x0; diff --git a/src/cynara-tests/db_patterns/nonEmptyDatabase/checksum b/src/cynara-tests/db_patterns/nonEmptyDatabase/checksum deleted file mode 100644 index ebaaf4c2..00000000 --- a/src/cynara-tests/db_patterns/nonEmptyDatabase/checksum +++ /dev/null @@ -1,2 +0,0 @@ -buckets;$1$$6ZlVs5lw2nZgVmiw0BdY21 -_;$1$$nssatAXP6yl4N8gjldhxf0 diff --git a/src/cynara-tests/plugins/BaseCynaraTestPlugin.h b/src/cynara-tests/plugins/BaseCynaraTestPlugin.h deleted file mode 100644 index efb68bf4..00000000 --- a/src/cynara-tests/plugins/BaseCynaraTestPlugin.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file BaseCynaraTestPlugin.h - * @author Lukasz Wojciechowski - * @brief Definition of base class for cynara test plugins - */ - -#ifndef BASE_CYNARA_TEST_PLUGIN_H -#define BASE_CYNARA_TEST_PLUGIN_H - -#include - -#include -#include -#include - -class BaseCynaraTestPlugin : public Cynara::ServicePluginInterface -{ -public: - BaseCynaraTestPlugin(const std::string &name) - { - m_descriptions = CynaraTestPlugins::POLICY_DESCRIPTIONS.at(name); - } - - virtual ~BaseCynaraTestPlugin() {} - - virtual CynaraTestPlugins::Descriptions &getSupportedPolicyDescr() - { - return m_descriptions; - } - - virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client, - const std::string &user, - const std::string &privilege, - Cynara::PolicyResult &result, - Cynara::AgentType &requiredAgent, - Cynara::PluginData &pluginData) - noexcept - { - (void) client; - (void) user; - (void) privilege; - (void) requiredAgent; - (void) pluginData; - - result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY); - return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY; - } - - virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client, - const std::string &user, - const std::string &privilege, - const Cynara::PluginData &agentData, - Cynara::PolicyResult &result) - noexcept - { - (void) client; - (void) user; - (void) privilege; - (void) agentData; - - result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY); - return Cynara::ServicePluginInterface::PluginStatus::ANSWER_READY; - } - - virtual void invalidate() - { - } - -private: - CynaraTestPlugins::Descriptions m_descriptions; -}; - -#endif // BASE_CYNARA_TEST_PLUGIN_H diff --git a/src/cynara-tests/plugins/CMakeLists.txt b/src/cynara-tests/plugins/CMakeLists.txt deleted file mode 100644 index 5dbc42e4..00000000 --- a/src/cynara-tests/plugins/CMakeLists.txt +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -ADD_SUBDIRECTORY(single-policy) -ADD_SUBDIRECTORY(multiple-policy) -ADD_SUBDIRECTORY(test-agent) diff --git a/src/cynara-tests/plugins/multiple-policy/CMakeLists.txt b/src/cynara-tests/plugins/multiple-policy/CMakeLists.txt deleted file mode 100644 index a455a74f..00000000 --- a/src/cynara-tests/plugins/multiple-policy/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Lukasz Wojciechowski -# - -CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3) - -INCLUDE(FindPkgConfig) - -SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY "cynara-test-plugin-multiple-policy") - -PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP - REQUIRED - cynara-plugin - ) - -INCLUDE_DIRECTORIES( - ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEP_INCLUDE_DIRS} - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/ - ) - -SET(CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/multiple-policy/plugin.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp - ) - -ADD_DEFINITIONS("-fvisibility=default") - -ADD_LIBRARY( - ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY} - SHARED - ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_SOURCES} - ) - -TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY} - ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY_DEPS} - ) - -INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_MULTIPLE_POLICY} - DESTINATION /usr/lib/security-tests/cynara-tests/plugins/multiple-policy/) diff --git a/src/cynara-tests/plugins/multiple-policy/plugin.cpp b/src/cynara-tests/plugins/multiple-policy/plugin.cpp deleted file mode 100644 index fc76cd7b..00000000 --- a/src/cynara-tests/plugins/multiple-policy/plugin.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file plugin.cpp - * @author Lukasz Wojciechowski - * @brief Implementation of cynara test plugin handling multiple policy type - */ - -#include - -#include -#include -#include - -class MultiplePolicyPlugin : public BaseCynaraTestPlugin -{ -public: - MultiplePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::MULTIPLE_POLICY) {} - virtual ~MultiplePolicyPlugin() {} -}; - -extern "C" { -Cynara::ExternalPluginInterface *create(void) { - return new MultiplePolicyPlugin(); -} - -void destroy(Cynara::ExternalPluginInterface *ptr) { - delete ptr; -} -} // extern "C" diff --git a/src/cynara-tests/plugins/plugins.cpp b/src/cynara-tests/plugins/plugins.cpp deleted file mode 100644 index 74bf7ae8..00000000 --- a/src/cynara-tests/plugins/plugins.cpp +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file plugins.cpp - * @author Lukasz Wojciechowski - * @brief Definition of types, constants and functions common for both tests and plugins - */ - -#include -#include -#include - -#include - -namespace CynaraTestPlugins { - -Cynara::PluginData wrapAgentData(const AgentDataVector &data) { - std::stringstream wrappedData; - wrappedData << AGENT_DATA_RECORD_SEPARATOR; - for (size_t i = 0; i < data.size(); ++i) { - wrappedData << AGENT_DATA_UNIT_SEPARATOR - << data[i] - << AGENT_DATA_UNIT_SEPARATOR; - } - wrappedData << AGENT_DATA_RECORD_SEPARATOR; - return wrappedData.str(); -} - -static bool unwrapAgentDataFromSeparator(const Cynara::PluginData &wrappedData, - const std::string &separator, - size_t &pos, std::string &unit) { -//check if wrapped data starts with separator - size_t separatorSize = separator.size(); - if (wrappedData.compare(pos, separatorSize, separator) != 0) - return false; - -//find ending separator - size_t unitStartIndex = pos + separatorSize; - size_t endingSeparatorIndex = wrappedData.find(separator, unitStartIndex); - if (endingSeparatorIndex == std::string::npos) - return false; - -//return found unit - pos = endingSeparatorIndex + separatorSize; - size_t unitSize = endingSeparatorIndex - unitStartIndex; - unit.assign(wrappedData, unitStartIndex, unitSize); - return true; -} - -bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data) { - std::string record; - size_t pos = 0; - if (!unwrapAgentDataFromSeparator(wrappedData, AGENT_DATA_RECORD_SEPARATOR, pos, record)) - return false; - - pos = 0; - while (pos < record.size()) { - std::string unit; - if (!unwrapAgentDataFromSeparator(record, AGENT_DATA_UNIT_SEPARATOR, pos, unit)) - return false; - data.push_back(unit); - } - return true; -} - -} // namespace CynaraTestPlugins diff --git a/src/cynara-tests/plugins/plugins.h b/src/cynara-tests/plugins/plugins.h deleted file mode 100644 index 11c99f31..00000000 --- a/src/cynara-tests/plugins/plugins.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file plugins.h - * @author Lukasz Wojciechowski - * @brief Definition of types, constants and functions common for both tests and plugins - */ - -#ifndef CYNARA_TEST_PLUGINS_H -#define CYNARA_TEST_PLUGINS_H - -#include -#include -#include -#include - -#include -#include -#include - -namespace CynaraTestPlugins { - -typedef std::vector Descriptions; -typedef std::pair DescriptionsPair; -typedef std::map DescriptionsMap; - -static const std::string TEST_PLUGIN_PATH("/usr/lib/security-tests/cynara-tests/plugins/"); - -static const std::string DEFAULT_POLICY(""); -static const std::string SINGLE_POLICY("single-policy"); -static const std::string MULTIPLE_POLICY("multiple-policy"); -static const std::string TEST_AGENT("test-agent"); - -static const DescriptionsMap POLICY_DESCRIPTIONS = { - DescriptionsPair(DEFAULT_POLICY, { - { Cynara::PredefinedPolicyType::DENY, "Deny" }, - { Cynara::PredefinedPolicyType::ALLOW, "Allow" }, - }), - DescriptionsPair(SINGLE_POLICY, { - { 2001, "Single Policy Type 1" } - }), - DescriptionsPair(MULTIPLE_POLICY, { - { 3001, "Multiple Policy Type 1" }, - { 3002, "Multiple Policy Type 2" }, - { 3003, "Multiple Policy Type 3" }, - }), - DescriptionsPair(TEST_AGENT, { - { 4001, "Test Agent Type 1" } - }), -}; - -static const std::string TEST_AGENT_TYPE("SecurityCynaraTestsAgentType"); - -static const std::string AGENT_DATA_UNIT_SEPARATOR("\31"); -static const std::string AGENT_DATA_RECORD_SEPARATOR("\30"); -static const std::string AGENT_DATA_ALLOW("Allow"); -static const std::string AGENT_DATA_DENY("Deny"); - -typedef std::vector AgentDataVector; - -Cynara::PluginData wrapAgentData(const AgentDataVector &data); -bool unwrapAgentData(const Cynara::PluginData &wrappedData, AgentDataVector& data); - -} // namespace CynaraTestPlugins - -#endif // CYNARA_TEST_PLUGINS_H diff --git a/src/cynara-tests/plugins/single-policy/CMakeLists.txt b/src/cynara-tests/plugins/single-policy/CMakeLists.txt deleted file mode 100644 index d0df3a80..00000000 --- a/src/cynara-tests/plugins/single-policy/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Lukasz Wojciechowski -# - -CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3) - -INCLUDE(FindPkgConfig) - -SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY "cynara-test-plugin-single-policy") - -PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP - REQUIRED - cynara-plugin - ) - -INCLUDE_DIRECTORIES( - ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEP_INCLUDE_DIRS} - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/ - ) - -SET(CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/single-policy/plugin.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp - ) - -ADD_DEFINITIONS("-fvisibility=default") - -ADD_LIBRARY( - ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY} - SHARED - ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_SOURCES} - ) - -TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY} - ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY_DEPS} - ) - -INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_SINGLE_POLICY} - DESTINATION /usr/lib/security-tests/cynara-tests/plugins/single-policy/) diff --git a/src/cynara-tests/plugins/single-policy/plugin.cpp b/src/cynara-tests/plugins/single-policy/plugin.cpp deleted file mode 100644 index 035b8cdd..00000000 --- a/src/cynara-tests/plugins/single-policy/plugin.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file plugin.cpp - * @author Lukasz Wojciechowski - * @brief Implementation of cynara test plugin handling single policy type - */ - -#include - -#include -#include -#include - -class SinglePolicyPlugin : public BaseCynaraTestPlugin -{ -public: - SinglePolicyPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::SINGLE_POLICY) {} - virtual ~SinglePolicyPlugin() {} -}; - -extern "C" { -Cynara::ExternalPluginInterface *create(void) { - return new SinglePolicyPlugin(); -} - -void destroy(Cynara::ExternalPluginInterface *ptr) { - delete ptr; -} -} // extern "C" diff --git a/src/cynara-tests/plugins/test-agent/CMakeLists.txt b/src/cynara-tests/plugins/test-agent/CMakeLists.txt deleted file mode 100644 index 799eb437..00000000 --- a/src/cynara-tests/plugins/test-agent/CMakeLists.txt +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Lukasz Wojciechowski -# - -CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3) - -INCLUDE(FindPkgConfig) - -SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT "cynara-test-plugin-test-agent") - -PKG_CHECK_MODULES(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP - REQUIRED - cynara-plugin - ) - -INCLUDE_DIRECTORIES( - ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEP_INCLUDE_DIRS} - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/ - ) - -SET(CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/test-agent/plugin.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp - ) - -ADD_DEFINITIONS("-fvisibility=default") - -ADD_LIBRARY( - ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT} - SHARED - ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_SOURCES} - ) - -TARGET_LINK_LIBRARIES(${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT} - ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT_DEPS} - ) - -INSTALL(TARGETS ${CYNARA_TARGET_TEST_PLUGIN_TEST_AGENT} - DESTINATION /usr/lib/security-tests/cynara-tests/plugins/test-agent/) diff --git a/src/cynara-tests/plugins/test-agent/plugin.cpp b/src/cynara-tests/plugins/test-agent/plugin.cpp deleted file mode 100644 index d3689408..00000000 --- a/src/cynara-tests/plugins/test-agent/plugin.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file plugin.cpp - * @author Lukasz Wojciechowski - * @brief Implementation of cynara test plugin handling communication with test-agent - */ - -#include - -#include -#include -#include - -class TestAgentPlugin : public BaseCynaraTestPlugin -{ -public: - TestAgentPlugin() : BaseCynaraTestPlugin(CynaraTestPlugins::TEST_AGENT) {} - virtual ~TestAgentPlugin() {} - - virtual Cynara::ServicePluginInterface::PluginStatus check(const std::string &client, - const std::string &user, - const std::string &privilege, - Cynara::PolicyResult &result, - Cynara::AgentType &requiredAgent, - Cynara::PluginData &pluginData) - noexcept - { - (void) result; - - try { - requiredAgent = CynaraTestPlugins::TEST_AGENT_TYPE; - pluginData = CynaraTestPlugins::wrapAgentData({client, user, privilege}); - } catch (...) { - return Cynara::ServicePluginInterface::PluginStatus::ERROR; - } - return Cynara::ServicePluginInterface::PluginStatus::ANSWER_NOTREADY; - } - - virtual Cynara::ServicePluginInterface::PluginStatus update(const std::string &client, - const std::string &user, - const std::string &privilege, - const Cynara::PluginData &agentData, - Cynara::PolicyResult &result) - noexcept - { - (void) client; - (void) user; - (void) privilege; - - try { - CynaraTestPlugins::AgentDataVector data; - if (!CynaraTestPlugins::unwrapAgentData(agentData, data)) - return Cynara::ServicePluginInterface::PluginStatus::ERROR; - - if (data.size() != 1) - return Cynara::ServicePluginInterface::PluginStatus::ERROR; - - if (data[0] == CynaraTestPlugins::AGENT_DATA_ALLOW) { - result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::ALLOW); - return Cynara::ServicePluginInterface::PluginStatus::SUCCESS; - } - else if (data[0] == CynaraTestPlugins::AGENT_DATA_DENY) { - result = Cynara::PolicyResult(Cynara::PredefinedPolicyType::DENY); - return Cynara::ServicePluginInterface::PluginStatus::SUCCESS; - } - } catch (...) { - return Cynara::ServicePluginInterface::PluginStatus::ERROR; - } - return Cynara::ServicePluginInterface::PluginStatus::ERROR; - } -}; - -extern "C" { -Cynara::ExternalPluginInterface *create(void) { - return new TestAgentPlugin(); -} - -void destroy(Cynara::ExternalPluginInterface *ptr) { - delete ptr; -} -} // extern "C" diff --git a/src/cynara-tests/test_cases.cpp b/src/cynara-tests/test_cases.cpp deleted file mode 100644 index 5fe9f755..00000000 --- a/src/cynara-tests/test_cases.cpp +++ /dev/null @@ -1,1393 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file test_cases.cpp - * @author Aleksander Zdyb - * @author Marcin Niesluchowski - * @author Lukasz Wojciechowski - * @version 1.1 - * @brief Tests for libcynara-client and libcynara-admin - */ - -#include - -#include -#include -#include -#include -#include - -#include - -using namespace CynaraTestAdmin; -using namespace CynaraTestClient; - -void tc01_cynara_initialize_func() -{ - Client(); -} - -void tc02_admin_initialize_func(bool isOnline) -{ - Admin admin(isOnline); -} - -void tc03_cynara_check_invalid_params_func() -{ - Client cynara; - - const char *client = "client03"; - const char *user = "user03"; - const char *privilege = "privilege03"; - const char *session = "session03"; - - cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM); - cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM); - cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM); - cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM); -} - -void checkInvalidPolicy(Admin &admin, - const char *bucket, - const char *client, - const char *user, - const char *privilege, - const int result, - const char *resultExtra) -{ - CynaraPoliciesContainer cp; - cp.add(bucket, client, user, privilege, result, resultExtra); - - admin.setPolicies(cp, CYNARA_API_INVALID_PARAM); -} - -void tc04_admin_set_policies_invalid_params_func(bool isOnline) -{ - Admin admin(isOnline); - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *client = "client04"; - const char *user = "user04"; - const char *privilege = "privilege04"; - const int resultAllow = CYNARA_ADMIN_ALLOW; - const int resultBucket = CYNARA_ADMIN_BUCKET; - const int resultNone = CYNARA_ADMIN_NONE; - const char *resultExtra = nullptr; - - checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra); - checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra); - checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra); - checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra); - checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra); - checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr ); - checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra); -} - -void tc05_admin_set_bucket_invalid_params_func(bool isOnline) -{ - Admin admin(isOnline); - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const int operationAllow = CYNARA_ADMIN_ALLOW; - const int operationDelete = CYNARA_ADMIN_DELETE; - const int operationNone = CYNARA_ADMIN_NONE; - const char *extra = nullptr; - - admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM); - admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM); - admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED); - admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED); -} - -void tc06_cynara_check_empty_admin1_func() -{ - Client cynara; - - const char *client = "client06_1"; - const char *session = "session06_1"; - const char *user = "user06_1"; - const char *privilege = "privilege06_1"; - - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc06_cynara_check_empty_admin2_func() -{ - Client cynara; - - const char *client = CYNARA_ADMIN_WILDCARD; - const char *session = "session06_2"; - const char *user = CYNARA_ADMIN_WILDCARD; - const char *privilege = CYNARA_ADMIN_WILDCARD; - - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc07_admin_set_bucket_admin_allow_deny_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *client = "client07"; - const char *session = "session07"; - const char *user = "user07"; - const char *privilege = "privilege07"; - const char *extra = nullptr; - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED); - - admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra); - - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc08_admin_set_policies_allow_remove1_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *session = "session08_1"; - const int resultAllow = CYNARA_ADMIN_ALLOW; - const int resultDelete = CYNARA_ADMIN_DELETE; - const char *resultExtra = nullptr; - - const std::vector< std::vector > data = { - { "client08_1_a", "user08_1_a", "privilege08_1_a" }, - { "client08_1_b", "user08_1_b", "privilege08_1_b" }, - }; - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - // allow first policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - // allow second policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED); - - // delete first policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED); - - // delete second policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); -} - -void tc08_admin_set_policies_allow_remove2_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *session = "session08_2"; - const int resultAllow = CYNARA_ADMIN_ALLOW; - const int resultDelete = CYNARA_ADMIN_DELETE; - const char *resultExtra = nullptr; - - const std::vector< std::vector > data = { - { "client08_2_a", "user08_2_a", "privilege08_2_a" }, - { "client08_2_b", "user08_2_b", "privilege08_2_b" }, - }; - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - // allow first policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - // delete first, allow second policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra); - cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED); - - // delete second policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra); - admin.setPolicies(cp); - } - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); -} - -void tc08_admin_set_policies_allow_remove3_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *session = "session08_3"; - const int resultAllow = CYNARA_ADMIN_ALLOW; - const int resultDelete = CYNARA_ADMIN_DELETE; - const char *resultExtra = nullptr; - - const std::vector< std::vector > data = { - { "client08_3_a", "user08_3_a", "privilege08_3_a" }, - { "client08_3_b", "user08_3_b", "privilege08_3_b" }, - }; - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - // allow first and second policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra); - cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra); - admin.setPolicies(cp); - } - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED); - - // delete first and second policy - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra); - cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra); - admin.setPolicies(cp); - } - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); -} - -void checkAllDeny(const std::vector< std::vector > &data, - const char *session) -{ - Client cynara; - - for (auto it = data.begin(); it != data.end(); ++it) { - RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size"); - } - - for (auto itClient = data.begin(); itClient != data.end(); ++itClient) { - for (auto itUser = data.begin(); itUser != data.end(); ++itUser) { - for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) { - cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED); - } - } - } -} - -void checkSingleWildcardData(const std::vector< std::vector > &data) -{ - RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size"); - for (auto it = data.begin(); it != data.end(); ++it) { - RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size"); - } -} - -void checkSingleWildcardAllowRestDeny(const std::vector< std::vector > &data, - const char *session) -{ - Client cynara; - - checkSingleWildcardData(data); - - for (size_t c = 0; c < data.size(); ++c) { - for (size_t u = 0; u < data.size(); ++u) { - for (size_t p = 0; p < data.size(); ++p) { - if ((u == 0 && p == 0) - || (c == 1 && p == 1) - || (c == 2 && u == 2)) { - cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED); - } else { - cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED); - } - } - } - } -} - -void setSingleWildcardPolicies(const char *bucket, - const std::vector< std::vector > &data, - const int result, const char* resultExtra, bool isOnline) -{ - Admin admin(isOnline); - CynaraPoliciesContainer cp; - - checkSingleWildcardData(data); - - cp.add(bucket, - CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2], - result, resultExtra); - cp.add(bucket, - data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2], - result, resultExtra); - cp.add(bucket, - data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD, - result, resultExtra); - - admin.setPolicies(cp); -} - -void tc09_admin_set_policies_wildcard_accesses_func(bool isOnline) -{ - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *session = "session09"; - const char *resultExtra = nullptr; - - const std::vector< std::vector > data = { - { "client09_a", "user09_a", "privilege09_a" }, - { "client09_b", "user09_b", "privilege09_b" }, - { "client09_c", "user09_c", "privilege09_c" } - }; - - checkAllDeny(data, session); - - setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra, isOnline); - - checkSingleWildcardAllowRestDeny(data, session); - - setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra, isOnline); - - checkAllDeny(data, session); -} - -void tc10_admin_change_extra_bucket_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket10"; - const char *session = "session10"; - const char *extra = nullptr; - const char *extraResult = nullptr; - - - const std::vector< std::vector > data = { - { "client10_a", "user10_a", "privilege10_a" }, - { "client10_b", "user10_b", "privilege10_b" } - }; - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - data[0][0], data[0][1], data[0][2], - CYNARA_ADMIN_BUCKET, bucket); - admin.setPolicies(cp); - } - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra); - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - data[0][0], data[0][1], data[0][2], - CYNARA_ADMIN_DELETE, extraResult); - admin.setPolicies(cp); - } - - cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); - cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); - - admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); -} - -void tc11_admin_bucket_not_found_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket11"; - const char *client = "client11"; - const char *session = "session11"; - const char *user = "user11"; - const char *privilege = "privilege11"; - - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND); - } - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc12_admin_delete_bucket_with_policies_pointing_to_it_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket12"; - const char *client = "client12"; - const char *session = "session12"; - const char *user = "user12"; - const char *privilege = "privilege12"; - const char *extra = nullptr; - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - admin.setPolicies(cp); - } - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED); - - admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); - - admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc13_admin_set_policies_to_extra_bucket_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket13"; - const char *client = "client13"; - const char *session = "session13"; - const char *user = "user13"; - const char *privilege = "privilege13"; - const char *extra = nullptr; - const char *extraResult = nullptr; - - admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra); - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - cp.add(bucket, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp); - } - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED); - - admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc14_admin_set_policies_integrity_func(bool isOnline) -{ - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket14"; - const char *client = "client14"; - const char *session = "session14"; - const char *user = "user14"; - const char *privilege = "privilege14"; - const char *extraResult = nullptr; - - { - Client cynara; - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); - } - - { - Admin admin(isOnline); - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - cp.add(bucket, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND); - } - - { - Client cynara; - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); - } -} - -void tc15_admin_set_bucket_admin_none1_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket15_1"; - const char *client = "client15_1"; - const char *session = "session15_1"; - const char *user = "user15_1"; - const char *privilege = "privilege15_1"; - const char *extra = nullptr; - const char *extraResult = nullptr; - - admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - cp.add(bucket, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp); - } - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED); -} - -void tc15_admin_set_bucket_admin_none2_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket15_2"; - const char *client = "client15_2"; - const char *session = "session15_2"; - const char *user = "user15_2"; - const char *privilege = "privilege15_2"; - const char *extra = nullptr; - - admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - admin.setPolicies(cp); - } - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); -} - -void tc15_admin_set_bucket_admin_none3_func(bool isOnline) -{ - Admin admin(isOnline); - Client cynara; - - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket15_3"; - const char *client = "client15_3"; - const char *session = "session15_3"; - const char *user = "user15_3"; - const char *privilege = "privilege15_3"; - const char *extra = nullptr; - const char *extraResult = nullptr; - - admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - cp.add(bucketDefault, - client, user, CYNARA_ADMIN_WILDCARD, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp); - } - cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED); -} - -void tc16_admin_check_single_bucket_func(bool isOnline) -{ - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *client = "client16"; - const char *user = "user16"; - const char *privilege = "privilege16"; - const char *extraResult = nullptr; - int recursive = 1; - int notrecursive = 0; - - Admin admin(isOnline); - - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp); - - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); -} - -void tc17_admin_check_nested_bucket_func(bool isOnline) -{ - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket = "bucket17"; - const char *client = "client17"; - const char *user = "user17"; - const char *privilege = "privilege17"; - const char *extra = nullptr; - const char *extraResult = nullptr; - int recursive = 1; - int notrecursive = 0; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra); - - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket, recursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket, notrecursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket); - cp.add(bucket, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp); - } - - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket, notrecursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); -} - -void tc18_admin_check_multiple_matches_func(bool isOnline) -{ - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *client = "client18"; - const char *user = "user18"; - const char *privilege = "privilege18"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *extra = nullptr; - const char *extraResult = nullptr; - int recursive = 1; - int notrecursive = 0; - - Admin admin(isOnline); - - auto check = [&](int expected_result) - { - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - expected_result, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - expected_result, nullptr, CYNARA_API_SUCCESS); - }; - - check(CYNARA_ADMIN_DENY); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_ALLOW, extraResult); - admin.setPolicies(cp); - } - - check(CYNARA_ADMIN_ALLOW); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - wildcard, user, privilege, - CYNARA_ADMIN_DENY, extraResult); - admin.setPolicies(cp); - } - - check(CYNARA_ADMIN_DENY); - - admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra); - - check(CYNARA_ADMIN_DENY); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_DELETE, extraResult); - admin.setPolicies(cp); - } - - check(CYNARA_ADMIN_DENY); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - wildcard, user, privilege, - CYNARA_ADMIN_DELETE, extraResult); - admin.setPolicies(cp); - } - - check(CYNARA_ADMIN_ALLOW); -} - -void tc19_admin_check_none_bucket_func(bool isOnline) -{ - const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *bucket1 = "bucket19_a"; - const char *bucket2 = "bucket19_b"; - const char *client = "client19"; - const char *user = "user19"; - const char *privilege = "privilege19"; - const char *extra = nullptr; - int recursive = 1; - int notrecursive = 0; - - Admin admin(isOnline); - admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra); - admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra); - - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket1, recursive, client, user, privilege, - CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket1, notrecursive, client, user, privilege, - CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket2, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket2, notrecursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - - { - CynaraPoliciesContainer cp; - cp.add(bucketDefault, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket1); - cp.add(bucket1, - client, user, privilege, - CYNARA_ADMIN_BUCKET, bucket2); - admin.setPolicies(cp); - } - - admin.adminCheck(bucketDefault, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucketDefault, notrecursive, client, user, privilege, - CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket1, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket1, notrecursive, client, user, privilege, - CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket2, recursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); - admin.adminCheck(bucket2, notrecursive, client, user, privilege, - CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS); -} - -void tc20_admin_list_empty_bucket_func(bool isOnline) -{ - const char *emptyBucket = "empty_bucket20"; - const char *client = "client20"; - const char *user = "user20"; - const char *privilege = "privilege20"; - const char *extra = nullptr; - - Admin admin(isOnline); - admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra); - - CynaraPoliciesContainer emptyPolicies; - - admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies); -} - -void tc21_admin_list_no_bucket_func(bool isOnline) -{ - const char *emptyBucket = "empty_bucket21"; - const char *notExistingBucket = "not_existing_bucket21"; - const char *client = "client21"; - const char *user = "user21"; - const char *privilege = "privilege21"; - const char *extra = nullptr; - - Admin admin(isOnline); - admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra); - - CynaraPoliciesContainer emptyPolicies; - - admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies, - CYNARA_API_BUCKET_NOT_FOUND); -} - -void tc22_admin_list_bucket_func(bool isOnline) -{ - const char *bucket = "bucket22"; - const char *emptyBucket = "empty_bucket22"; - const char *client = "client22"; - const char *user = "user22"; - const char *privilege = "privilege22"; - const char *client2 = "client22_2"; - const char *user2 = "user22_2"; - const char *privilege2 = "privilege22_2"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *any = CYNARA_ADMIN_ANY; - - const char *extra = nullptr; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - admin.setPolicies(cp); - } - - CynaraPoliciesContainer expectedPolicies; - expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra); - expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - - admin.listPolicies(bucket, client, wildcard, any, expectedPolicies); -} - -void tc23_admin_erase_empty_bucket_func(bool isOnline) -{ - const char *emptyBucket = "empty_bucket23"; - const char *client = "client23"; - const char *user = "user23"; - const char *privilege = "privilege23"; - const char *extra = nullptr; - int recursive = 1; - - Admin admin(isOnline); - admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra); - - admin.erasePolicies(emptyBucket, recursive, client, user, privilege); -} - -void tc24_admin_erase_no_bucket_func(bool isOnline) -{ - const char *emptyBucket = "empty_bucket24"; - const char *notExistingBucket = "not_existing_bucket24"; - const char *client = "client24"; - const char *user = "user24"; - const char *privilege = "privilege24"; - const char *extra = nullptr; - int recursive = 1; - - Admin admin(isOnline); - admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra); - - admin.erasePolicies(notExistingBucket, recursive, client, user, privilege, - CYNARA_API_BUCKET_NOT_FOUND); -} - -void tc25_admin_erase_single_bucket_func(bool isOnline) -{ - const char *bucket = "bucket25"; - const char *emptyBucket = "empty_bucket25"; - const char *client = "client25"; - const char *user = "user25"; - const char *privilege = "privilege25"; - const char *client2 = "client25_2"; - const char *user2 = "user25_2"; - const char *privilege2 = "privilege25_2"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *any = CYNARA_ADMIN_ANY; - const char *extra = nullptr; - int recursive = 1; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - admin.setPolicies(cp); - } - - admin.erasePolicies(bucket, recursive, client, wildcard, any); - - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - // WAS ERASED (bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - // WAS ERASED (bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - // WAS ERASED (bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - expPolicies.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket); - admin.listPolicies(bucket, any, any, any, expPolicies); - } - { - CynaraPoliciesContainer expPolicies; - admin.listPolicies(emptyBucket, any, any, any, expPolicies); - } -} - -void tc26_admin_erase_recursive_not_linked_buckets_func(bool isOnline) -{ - const char *bucket = "bucket26"; - const char *subBucket = "sub_bucket26"; - const char *client = "client26"; - const char *user = "user26"; - const char *privilege = "privilege26"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *any = CYNARA_ADMIN_ANY; - const char *extra = nullptr; - int recursive = 1; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - - cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.setPolicies(cp); - } - - admin.erasePolicies(bucket, recursive, any, user, wildcard); - - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.listPolicies(bucket, any, any, any, expPolicies); - } - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.listPolicies(subBucket, any, any, any, expPolicies); - } -} - -void tc27_admin_erase_recursive_linked_buckets_func(bool isOnline) -{ - const char *bucket = "bucket27"; - const char *subBucket = "sub_bucket27"; - const char *client = "client27"; - const char *user = "user27"; - const char *privilege = "privilege27"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *any = CYNARA_ADMIN_ANY; - const char *extra = nullptr; - int recursive = 1; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket); - - cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - - cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.setPolicies(cp); - } - - admin.erasePolicies(bucket, recursive, any, user, wildcard); - - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket); - admin.listPolicies(bucket, any, any, any, expPolicies); - } - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.listPolicies(subBucket, any, any, any, expPolicies); - } -} - -void tc28_admin_erase_non_recursive_linked_buckets_func(bool isOnline) -{ - const char *bucket = "bucket28"; - const char *subBucket = "sub_bucket28"; - const char *client = "client28"; - const char *user = "user28"; - const char *privilege = "privilege28"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *any = CYNARA_ADMIN_ANY; - const char *extra = nullptr; - int recursive = 0; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket); - - cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - - cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.setPolicies(cp); - } - - admin.erasePolicies(bucket, recursive, any, user, wildcard); - - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket); - admin.listPolicies(bucket, any, any, any, expPolicies); - } - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.listPolicies(subBucket, any, any, any, expPolicies); - } -} - -void tc29_admin_erase_recursive_from_sub_bucket_func(bool isOnline) -{ - const char *bucket = "bucket29"; - const char *subBucket = "sub_bucket29"; - const char *client = "client29"; - const char *user = "user29"; - const char *privilege = "privilege29"; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *any = CYNARA_ADMIN_ANY; - const char *extra = nullptr; - int recursive = 1; - - Admin admin(isOnline); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket); - - cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - - cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.setPolicies(cp); - } - - admin.erasePolicies(subBucket, recursive, any, user, wildcard); - - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket); - expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra); - expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.listPolicies(bucket, any, any, any, expPolicies); - } - { - CynaraPoliciesContainer expPolicies; - expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.listPolicies(subBucket, any, any, any, expPolicies); - } -} - -void testPlugins(const std::vector &plugins, bool isOnline) -{ - using namespace CynaraTestPlugins; - - DirectoryPaths paths; - Descriptions expectedDescriptions(POLICY_DESCRIPTIONS.at(DEFAULT_POLICY)); - - for (auto &plugin : plugins) { - paths.push_back(TEST_PLUGIN_PATH + plugin); - - const Descriptions &pluginDescriptions = POLICY_DESCRIPTIONS.at(plugin); - expectedDescriptions.insert(expectedDescriptions.end(), - pluginDescriptions.begin(), pluginDescriptions.end()); - } - - loadServicePlugins(paths); - - Admin admin(isOnline); - admin.listPoliciesDescriptions(expectedDescriptions); -} - -void tc30_admin_list_descriptions_no_plugins_func(bool isOnline) -{ - testPlugins({}, isOnline); -} - -void tc31_admin_list_descriptions_1_plugin_single_policy_func(bool isOnline) -{ - testPlugins({CynaraTestPlugins::SINGLE_POLICY}, isOnline); -} - -void tc32_admin_list_descriptions_1_plugin_multiple_policy_func(bool isOnline) -{ - testPlugins({CynaraTestPlugins::MULTIPLE_POLICY}, isOnline); -} - -void tc33_admin_list_descriptions_multiple_plugins_func(bool isOnline) -{ - testPlugins({CynaraTestPlugins::SINGLE_POLICY, - CynaraTestPlugins::MULTIPLE_POLICY}, isOnline); -} - -#define ONLINE(Proc) \ - RUNNER_TEST(Proc##_online, CynaraTestEnv) \ - { \ - Proc##_func(true); \ - } - -#define OFFLINE(Proc) \ - RUNNER_TEST(Proc##_offline, CynaraTestEnv) \ - { \ - Proc##_func(false); \ - } - -RUNNER_TEST_GROUP_INIT(cynara_tests_online) - -RUN_CYNARA_TEST(tc01_cynara_initialize) -ONLINE(tc02_admin_initialize) -RUN_CYNARA_TEST(tc03_cynara_check_invalid_params) -ONLINE(tc04_admin_set_policies_invalid_params) -ONLINE(tc05_admin_set_bucket_invalid_params) -RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1) -RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2) -ONLINE(tc07_admin_set_bucket_admin_allow_deny) -ONLINE(tc08_admin_set_policies_allow_remove1) -ONLINE(tc08_admin_set_policies_allow_remove2) -ONLINE(tc08_admin_set_policies_allow_remove3) -ONLINE(tc09_admin_set_policies_wildcard_accesses) -ONLINE(tc10_admin_change_extra_bucket) -ONLINE(tc11_admin_bucket_not_found) -ONLINE(tc12_admin_delete_bucket_with_policies_pointing_to_it) -ONLINE(tc13_admin_set_policies_to_extra_bucket) -ONLINE(tc14_admin_set_policies_integrity) -ONLINE(tc15_admin_set_bucket_admin_none1) -ONLINE(tc15_admin_set_bucket_admin_none2) -ONLINE(tc15_admin_set_bucket_admin_none3) -ONLINE(tc16_admin_check_single_bucket) -ONLINE(tc17_admin_check_nested_bucket) -ONLINE(tc18_admin_check_multiple_matches) -ONLINE(tc19_admin_check_none_bucket) -ONLINE(tc20_admin_list_empty_bucket) -ONLINE(tc21_admin_list_no_bucket) -ONLINE(tc22_admin_list_bucket) -ONLINE(tc23_admin_erase_empty_bucket) -ONLINE(tc24_admin_erase_no_bucket) -ONLINE(tc25_admin_erase_single_bucket) -ONLINE(tc26_admin_erase_recursive_not_linked_buckets) -ONLINE(tc27_admin_erase_recursive_linked_buckets) -ONLINE(tc28_admin_erase_non_recursive_linked_buckets) -ONLINE(tc29_admin_erase_recursive_from_sub_bucket) -ONLINE(tc30_admin_list_descriptions_no_plugins) -ONLINE(tc31_admin_list_descriptions_1_plugin_single_policy) -ONLINE(tc32_admin_list_descriptions_1_plugin_multiple_policy) -ONLINE(tc33_admin_list_descriptions_multiple_plugins) - - -RUNNER_TEST_GROUP_INIT(cynara_tests_offline) - -OFFLINE(tc02_admin_initialize) -OFFLINE(tc04_admin_set_policies_invalid_params) -OFFLINE(tc05_admin_set_bucket_invalid_params) -OFFLINE(tc07_admin_set_bucket_admin_allow_deny) -OFFLINE(tc08_admin_set_policies_allow_remove1) -OFFLINE(tc08_admin_set_policies_allow_remove2) -OFFLINE(tc08_admin_set_policies_allow_remove3) -OFFLINE(tc09_admin_set_policies_wildcard_accesses) -OFFLINE(tc10_admin_change_extra_bucket) -OFFLINE(tc11_admin_bucket_not_found) -OFFLINE(tc12_admin_delete_bucket_with_policies_pointing_to_it) -OFFLINE(tc13_admin_set_policies_to_extra_bucket) -OFFLINE(tc14_admin_set_policies_integrity) -OFFLINE(tc15_admin_set_bucket_admin_none1) -OFFLINE(tc15_admin_set_bucket_admin_none2) -OFFLINE(tc15_admin_set_bucket_admin_none3) -OFFLINE(tc16_admin_check_single_bucket) -OFFLINE(tc17_admin_check_nested_bucket) -OFFLINE(tc18_admin_check_multiple_matches) -OFFLINE(tc19_admin_check_none_bucket) -OFFLINE(tc20_admin_list_empty_bucket) -OFFLINE(tc21_admin_list_no_bucket) -OFFLINE(tc22_admin_list_bucket) -OFFLINE(tc23_admin_erase_empty_bucket) -OFFLINE(tc24_admin_erase_no_bucket) -OFFLINE(tc25_admin_erase_single_bucket) -OFFLINE(tc26_admin_erase_recursive_not_linked_buckets) -OFFLINE(tc27_admin_erase_recursive_linked_buckets) -OFFLINE(tc28_admin_erase_non_recursive_linked_buckets) -OFFLINE(tc29_admin_erase_recursive_from_sub_bucket) -OFFLINE(tc30_admin_list_descriptions_no_plugins) -OFFLINE(tc31_admin_list_descriptions_1_plugin_single_policy) -OFFLINE(tc32_admin_list_descriptions_1_plugin_multiple_policy) -OFFLINE(tc33_admin_list_descriptions_multiple_plugins) diff --git a/src/cynara-tests/test_cases_agent.cpp b/src/cynara-tests/test_cases_agent.cpp deleted file mode 100644 index a8c74ae1..00000000 --- a/src/cynara-tests/test_cases_agent.cpp +++ /dev/null @@ -1,472 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file test_cases_agent.cpp - * @author Lukasz Wojciechowski - * @author Radoslaw Bartosiak - * @version 1.0 - * @brief Tests for libcynara-agent - */ - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace CynaraTestAdmin; -using namespace CynaraTestAgent; -using namespace CynaraTestClientAsync; -using namespace CynaraTestPlugins; - -void loadAgentPlugin() -{ - DirectoryPaths paths; - paths.push_back(TEST_PLUGIN_PATH + TEST_AGENT); - loadServicePlugins(paths); -} - -void setAgentPolicy(int expectedResult = CYNARA_API_SUCCESS) -{ - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *wildcard = CYNARA_ADMIN_WILDCARD; - const char *extra = nullptr; -// collection of policy descriptions defined by plugin that causes use of TestAgent - auto testAgentPolicies = POLICY_DESCRIPTIONS.at(TEST_AGENT); -// any policy type from above collection - auto policyType = testAgentPolicies[0].type; - - CynaraPoliciesContainer cp; - cp.add(bucket, wildcard, wildcard, wildcard, policyType, extra); - - Admin admin; - admin.setPolicies(cp, expectedResult); -} - -void getAgentRequest(Agent &agent, AgentRequest &request, Client &client, - int expectedResult = CYNARA_API_SUCCESS, - Timeout::ExpectMode expectTimeoutMode = Timeout::ExpectMode::TIMEOUT) -{ - auto timeLimit = std::chrono::seconds(2); - auto hangOnGetRequest = [&agent, &request, &expectedResult]() { - agent.getRequest(request, expectedResult); - }; - Timeout::CancelFunction sendClientRequest = [&client]() { - client.process(); - client.assertStatus(READ); - }; - - Timeout::callAndWait(timeLimit, expectTimeoutMode, - sendClientRequest, hangOnGetRequest); -} - -void tcag01_set_agent_type_policy_without_plugin_func() -{ - loadServicePlugins(DirectoryPaths()); - setAgentPolicy(CYNARA_API_INVALID_PARAM); -} - -void tcag02_set_agent_type_policy_with_plugin_loaded_func() -{ - loadAgentPlugin(); - setAgentPolicy(); -} - -void tcag03_check_with_no_agent_func() -{ - std::string testNo("03"); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - loadAgentPlugin(); - setAgentPolicy(); - - Client client; - client.createRequest({testNo}, id, callbackData); - client.assertStatus(READWRITE); - - //send requests - client.process(); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tcag04_agent_initialize_func() -{ - Agent(); -} - -void tcag05_agent_request_timeout_func() -{ - Agent agent; - AgentRequest request; - - auto testTimeLimit = std::chrono::seconds(2); - auto hangOnGetRequest = [&agent, &request]() { - agent.getRequest(request, CYNARA_API_SERVICE_NOT_AVAILABLE); - }; - - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT, - restartCynaraServiceAndSockets, hangOnGetRequest); -} - -void tcag06_check_with_unregistered_agent_func() -{ - std::string testNo("06"); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - - Client client; - client.createRequest({testNo}, id, callbackData); - client.assertStatus(READWRITE); - - //send requests - client.process(); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tcag07_get_request_func() -{ - std::string testNo("07"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_ANSWER}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequest; - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - - agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege); - agent.putResponse(AgentResponse::createAllow(agentRequest.id())); - client.process(); -} - -void tcag08_get_request_and_respond_with_wrong_id_func() -{ - std::string testNo("08"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_SUCCESS, - CYNARA_CALL_CAUSE_FINISH}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequest; - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege); - agent.putResponse(AgentResponse::createAllow(agentRequest.id() + 1)); - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_TIMEOUT, 2); -} - -void tcag09_get_request_and_correct_responded_id_func() -{ - std::string testNo("09"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_ANSWER}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequest; - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege); - agent.putResponse(AgentResponse::createAllow(agentRequest.id() + 1)); - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_TIMEOUT, 2); - agent.putResponse(AgentResponse::createAllow(agentRequest.id())); - client.process(); -} - -void tcag10_cancel_request_func() -{ - std::string testNo("10"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_CANCEL}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequest; - - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege); - client.cancel(id); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequest.assertCancel(); - agent.putResponse(AgentResponse::createCancel(id)); - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2); -} - -void tcag11_cancel_processed_request_func() -{ - std::string testNo("11"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_CANCEL}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequest; - - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequest.assertAction(data.m_client, data.m_user, data.m_privilege); - agent.putResponse(AgentResponse::createCancel(id)); - client.cancel(id); - // we do not expect getting the cancel request in the agent - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SERVICE_NOT_AVAILABLE, Timeout::ExpectMode::TIMEOUT); - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2); -} - -void tcag12_create_two_requests_func() -{ - std::string testNo("12"); - CheckData data1(testNo, 1), data2(testNo, 2); - cynara_check_id id1, id2; - RequestEntity callbackData1 = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - RequestEntity callbackData2 = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_CANCEL}; - - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequest1, agentRequest2, agentRequest3; - Client client; - client.createRequest(data1, id1, callbackData1); - client.assertStatus(READWRITE); - client.createRequest(data2, id2, callbackData2); - client.assertStatus(READWRITE); - - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest1), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest2), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::IGNORE); - client.cancel(id2); - client.assertStatus(READWRITE); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest3), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequest1.assertAction(data1.m_client, data1.m_user, data1.m_privilege); - agentRequest2.assertAction(data2.m_client, data2.m_user, data2.m_privilege); - agentRequest3.assertCancel(); - - agent.putResponse(AgentResponse::createDeny(id1)); - agent.putResponse(AgentResponse::createCancel(id2)); - - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 3); - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::IGNORE_TIMEOUT, 1); -} - -void tcag13_create_many_requests_func() -{ - const int numberOfRequests = 4; - std::string testNo("13"); - cynara_check_id ids[numberOfRequests]; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - loadAgentPlugin(); - setAgentPolicy(); - - Agent agent; - AgentRequest agentRequests[numberOfRequests]; - Client client; - for (int i = 0; i < numberOfRequests; i++) { - CheckData data(testNo, i); - client.createRequest(data, ids[i], callbackData); - client.assertStatus(READWRITE); - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequests[i]), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - agentRequests[i].assertAction(data.m_client, data.m_user, data.m_privilege); - }; - for (int i = numberOfRequests - 1; i >= 0; i--) { - agent.putResponse(AgentResponse::createDeny(ids[i])); - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2); - } -} - -void tcag14_client_disconnects_func() -{ - std::string testNo("14"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_FINISH}; - - loadAgentPlugin(); - setAgentPolicy(); - Agent agent; - AgentRequest agentRequest; - auto testTimeLimit = std::chrono::seconds(5); - { - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - }; - auto getAgentRequestWrap = [&agent, &agentRequest]() { - agent.getRequest(agentRequest, CYNARA_API_SUCCESS); - }; - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequestWrap); - agentRequest.assertCancel(); -} - -void tcag15_agent_disconnects_func() -{ - std::string testNo("15"); - CheckData data(testNo); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - loadAgentPlugin(); - setAgentPolicy(); - Client client; - client.createRequest(data, id, callbackData); - client.assertStatus(READWRITE); - AgentRequest agentRequest; - { - Agent agent; - auto testTimeLimit = std::chrono::seconds(5); - Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::FINISHED, - restartCynaraServiceAndSockets, getAgentRequest, - std::ref(agent), std::ref(agentRequest), std::ref(client), - CYNARA_API_SUCCESS, Timeout::ExpectMode::TIMEOUT); - }; - client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2); -} - -RUNNER_TEST_GROUP_INIT(cynara_agent_tests) - -RUN_CYNARA_TEST(tcag01_set_agent_type_policy_without_plugin) -RUN_CYNARA_TEST(tcag02_set_agent_type_policy_with_plugin_loaded) -RUN_CYNARA_TEST(tcag03_check_with_no_agent) -RUN_CYNARA_TEST(tcag04_agent_initialize) -RUN_CYNARA_TEST(tcag05_agent_request_timeout) -RUN_CYNARA_TEST(tcag06_check_with_unregistered_agent) -RUN_CYNARA_TEST(tcag07_get_request) -RUN_CYNARA_TEST(tcag08_get_request_and_respond_with_wrong_id) -RUN_CYNARA_TEST(tcag09_get_request_and_correct_responded_id) -RUN_CYNARA_TEST(tcag10_cancel_request) -RUN_CYNARA_TEST(tcag11_cancel_processed_request) -RUN_CYNARA_TEST(tcag12_create_two_requests) -RUN_CYNARA_TEST(tcag13_create_many_requests) -RUN_CYNARA_TEST(tcag14_client_disconnects) -RUN_CYNARA_TEST(tcag15_agent_disconnects) diff --git a/src/cynara-tests/test_cases_async.cpp b/src/cynara-tests/test_cases_async.cpp deleted file mode 100644 index 1412fcdf..00000000 --- a/src/cynara-tests/test_cases_async.cpp +++ /dev/null @@ -1,457 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file test_cases_async.cpp - * @author Lukasz Wojciechowski - * @version 1.0 - * @brief Tests for libcynara-client-async - */ - -#include -#include -#include - -#include -#include - -#include - -#include -#include - -using namespace CynaraTestClientAsync; -using namespace CynaraTestAdmin; - -void tca01_initialize_func() -{ - Client client; -} - -void tca02_empty_cache_miss_func() -{ - std::string testNo("02"); - Client client; - - client.checkCache({testNo}, CYNARA_API_CACHE_MISS); - client.checkCache({testNo}, CYNARA_API_CACHE_MISS); -} - -void tca03_create_max_requests_func() -{ - std::string testNo("03"); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), 0, CYNARA_CALL_CAUSE_FINISH}; - - Client client; - - for (auto i = 0; i <= UINT16_MAX; ++i) { - client.createRequest({testNo, i}, id, callbackData, CYNARA_API_SUCCESS); - client.assertStatus(READWRITE); - } - - client.createRequest({testNo}, id, callbackData, CYNARA_API_MAX_PENDING_REQUESTS); - client.assertStatus(READWRITE); -} - -void tca04_request_and_process_func() -{ - std::string testNo("04"); - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - Client client; - - client.createRequest({testNo}, id, callbackData); - client.assertStatus(READWRITE); - - //send request - client.process(); - client.assertStatus(READ); - - //get answer - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca05_request_and_cancel1_func() -{ - std::string testNo("05"); - int subtest = 1; - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_CANCEL}; - - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - client.cancel(id); - client.assertStatus(READWRITE); - - //send request and cancel - client.process(); - client.assertStatus(READ); - - //get answer - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca05_request_and_cancel2_func() -{ - std::string testNo("05"); - int subtest = 2; - cynara_check_id id1, id2; - Client client; - - RequestEntity callbackData1 = {[&]()->void {client.cancel(id2);}, - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - RequestEntity callbackData2 = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_CANCEL}; - - client.createRequest({testNo, subtest}, id1, callbackData1); - client.createRequest({testNo, subtest}, id2, callbackData2); - client.assertStatus(READWRITE); - - //send requests - client.process(); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca05_request_and_cancel3_func() -{ - std::string testNo("05"); - int subtest = 3; - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - //send request - client.process(); - client.assertStatus(READ); - - //get answer - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.assertStatus(READ); - - client.cancel(id, CYNARA_API_INVALID_PARAM); -} - -void tca06_cancel_fail_func() -{ - cynara_check_id id = 0xDEAD; - - Client client; - - client.cancel(id, CYNARA_API_INVALID_PARAM); -} - -void tca07_request_with_data_insertion_func() -{ - std::string testNo("07"); - Admin admin; - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const int resultAllow = CYNARA_ADMIN_ALLOW; - CheckData data[2] = {{testNo, 1}, {testNo, 2}}; - RequestEntity callbackAllow = {RequestFunction(), - CYNARA_API_ACCESS_ALLOWED, - CYNARA_CALL_CAUSE_ANSWER}; - RequestEntity callbackDeny = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - cynara_check_id id; - Client client; - - client.checkCache(data[0], CYNARA_API_CACHE_MISS); - client.checkCache(data[1], CYNARA_API_CACHE_MISS); - - client.createRequest(data[0], id, callbackDeny); - client.assertStatus(READWRITE); - client.process(); - client.assertStatus(READ); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.assertStatus(READ); - - client.checkCache(data[0], CYNARA_API_ACCESS_DENIED); - client.checkCache(data[1], CYNARA_API_CACHE_MISS); - - { - CynaraPoliciesContainer cp; - cp.add(bucket, data[0].toAdminPolicy(), resultAllow); - admin.setPolicies(cp); - } - - client.checkCache(data[0], CYNARA_API_CACHE_MISS); - client.checkCache(data[1], CYNARA_API_CACHE_MISS); - - client.createRequest(data[0], id, callbackAllow); - client.assertStatus(READWRITE); - client.process(); - client.assertStatus(READ); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.assertStatus(READ); - - client.checkCache(data[0], CYNARA_API_ACCESS_ALLOWED); - client.checkCache(data[1], CYNARA_API_CACHE_MISS); -} - -void tca08_disconnect1_func() -{ - std::string testNo("08"); - int subtest = 1; - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - restartCynaraServiceAndSockets(); - - client.process(); - client.assertStatus(READ); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca08_disconnect2_func() -{ - std::string testNo("08"); - int subtest = 2; - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - restartCynaraServiceAndSockets(); - - client.process(); - client.assertStatus(READ); - - restartCynaraServiceAndSockets(); - - client.process(); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca08_disconnect3_func() -{ - std::string testNo("08"); - int subtest = 2; - cynara_check_id id; - RequestEntity callbackData = {restartCynaraServiceAndSockets, - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - client.process(); - client.assertStatus(READ); - - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca09_disconnect_and_cancel1_func() -{ - std::string testNo("09"); - int subtest = 1; - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_CANCEL}; - - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - //send request - client.process(); - client.assertStatus(READ); - - restartCynaraServiceAndSockets(); - - client.cancel(id); - client.assertStatus(READWRITE); - - //send cancel - client.process(); - client.assertStatus(READ); - - //get answer - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.assertStatus(READ); -} - -void tca09_disconnect_and_cancel2_func() -{ - std::string testNo("09"); - int subtest = 2; - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_CANCEL}; - - Client client; - - client.createRequest({testNo, subtest}, id, callbackData); - client.assertStatus(READWRITE); - - //send request - client.process(); - client.assertStatus(READ); - - client.cancel(id); - client.assertStatus(READWRITE); - - restartCynaraServiceAndSockets(); - - //handle reconnect - client.process(); - client.assertStatus(READ); - - //get answer - client.process(CYNARA_API_SUCCESS, Client::EXPECT_TIMEOUT); - client.assertStatus(READ); -} - -void tca10_double_request_func() -{ - std::string testNo("10"); - cynara_check_id id, id2; - Client client; - - RequestEntity callbackData2 = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - RequestEntity callbackData = {[&](){client.createRequest({testNo}, id2, callbackData2);}, - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - - client.createRequest({testNo}, id, callbackData); - client.assertStatus(READWRITE); - - client.process(); - client.process(); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca11_double_request_with_restart_func() -{ - std::string testNo("11"); - cynara_check_id id, id2; - Client client; - - RequestEntity callbackData2 = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - RequestEntity callbackData = {[&](){ - restartCynaraServiceAndSockets(); - client.createRequest({testNo}, id2, callbackData2); - }, - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_ANSWER}; - - - client.createRequest({testNo}, id, callbackData); - client.assertStatus(READWRITE); - - client.process(); - client.process(); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); - client.process(CYNARA_API_SUCCESS, Client::IGNORE_TIMEOUT); -} - -void tca12_multiple_connections_without_requests_func() -{ - std::string testNo("12"); - - cynara_check_id id; - RequestEntity callbackData = {RequestFunction(), - CYNARA_API_ACCESS_DENIED, - CYNARA_CALL_CAUSE_FINISH}; - - ServiceManager serviceManager(CynaraTestConsts::SERVICE); - pid_t before = serviceManager.getServicePid(); - timeval beforeTimestamp = serviceManager.getServiceStartTimestamp(); - - for (int i = 0; i < 10; ++i) - { - Client client; - client.createRequest({testNo}, id, callbackData); - client.assertStatus(READWRITE); - } - -//wait until cynara possibly restarts - sleep(3); - - pid_t after = serviceManager.getServicePid(); - timeval afterTimestamp = serviceManager.getServiceStartTimestamp(); - RUNNER_ASSERT_MSG(after != 0, - "cynara service not running. After = " << after << "."); - RUNNER_ASSERT_MSG(before == after - && beforeTimestamp.tv_sec == afterTimestamp.tv_sec - && beforeTimestamp.tv_usec == afterTimestamp.tv_usec, - "cynara service was restarted during the test. Before pid / timestamp = " - << before << " / " << beforeTimestamp.tv_sec << "." - << beforeTimestamp.tv_usec << " and after pid / timestamp = " - << after << " / " << afterTimestamp.tv_sec << "." - << afterTimestamp.tv_usec); -} - -RUNNER_TEST_GROUP_INIT(cynara_async_tests) - -RUN_CYNARA_TEST(tca01_initialize) -RUN_CYNARA_TEST(tca02_empty_cache_miss) -RUN_CYNARA_TEST(tca03_create_max_requests) -RUN_CYNARA_TEST(tca04_request_and_process) -RUN_CYNARA_TEST(tca05_request_and_cancel1) -RUN_CYNARA_TEST(tca05_request_and_cancel2) -RUN_CYNARA_TEST(tca05_request_and_cancel3) -RUN_CYNARA_TEST(tca06_cancel_fail) -RUN_CYNARA_TEST(tca07_request_with_data_insertion) -RUN_CYNARA_TEST(tca08_disconnect1) -RUN_CYNARA_TEST(tca08_disconnect2) -RUN_CYNARA_TEST(tca08_disconnect3) -RUN_CYNARA_TEST(tca09_disconnect_and_cancel1) -RUN_CYNARA_TEST(tca09_disconnect_and_cancel2) -RUN_CYNARA_TEST(tca10_double_request) -RUN_CYNARA_TEST(tca11_double_request_with_restart) -RUN_CYNARA_TEST(tca12_multiple_connections_without_requests) diff --git a/src/cynara-tests/test_cases_db.cpp b/src/cynara-tests/test_cases_db.cpp deleted file mode 100644 index 9ac246c5..00000000 --- a/src/cynara-tests/test_cases_db.cpp +++ /dev/null @@ -1,338 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file test_cases_db.cpp - * @author Pawel Wieczorek - * @version 0.1 - * @brief Tests for Cynara's mechanism assuring integrity of database - */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace CynaraTestAdmin; -using namespace CynaraTestClient; - -namespace -{ - -const std::string defDb("default"); -const std::string defDbAllow("defaultAllowed"); -const std::string nonEmptyDb("nonEmptyDatabase"); -const std::string cynaraTestPatternsPath("/etc/security-tests/db_patterns/"); -const std::string directoryWildcard("/*"); -const char directorySeparator('/'); - -void createDbFile(const std::string &filename) -{ - int fileFd = TEMP_FAILURE_RETRY(creat(filename.c_str(), 0000)); - RUNNER_ASSERT_ERRNO_MSG(fileFd > 0, "Creating " << filename << " file failed"); - FdUniquePtr fileFdPtr(&fileFd); - - int ret = smack_fsetlabel(fileFd, CynaraTestConsts::LABEL.c_str(), SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(ret == 0, "Setting smack label failed"); -} - -void deleteDbFile(const std::string &filename) -{ - RUNNER_ASSERT_ERRNO_MSG(!unlink(filename.c_str()), "Unable to unlink " << filename << " file"); -} - -bool unordered_files_match(const std::string &patternFilePath, const std::string &resultFilePath) { - std::ifstream patternFile(patternFilePath, std::ifstream::in | std::ifstream::binary); - std::ifstream resultFile(resultFilePath, std::ifstream::in | std::ifstream::binary); - - RUNNER_ASSERT_MSG(patternFile.is_open(), "Failed to open " << patternFile << "."); - RUNNER_ASSERT_MSG(resultFile.is_open(), "Failed to open " << resultFile << "."); - - auto patternRecords = std::multiset(std::istream_iterator(patternFile), - std::istream_iterator()); - - auto resultRecords = std::multiset(std::istream_iterator(resultFile), - std::istream_iterator()); - - return patternRecords == resultRecords; -} - -size_t glob_count(const std::string &source, const std::string &wildcard) { - //for counting files in directory - glob_t globbuf; - std::string pattern = source + wildcard; - - //for freeing allocated memory - GlobPtr globbufPtr(&globbuf); - - //actually count files in directory - including dotfiles - RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf), - "Failed to search for requested pathnames in " << source << "."); - - return globbuf.gl_pathc; -} - -size_t db_files_count(const std::string &source) { - size_t dbFilesCount = 0; - - //database directory must not be empty - RUNNER_ASSERT_MSG(0 != (dbFilesCount = glob_count(source, directoryWildcard)), - "Unexpected condition: " << source << " was empty."); - - return dbFilesCount; -} - -const std::set dump_glob_filenames(const glob_t &globbuf) { - std::set set; - - for (unsigned i = 0; i < globbuf.gl_pathc; ++i) { - std::string filename(globbuf.gl_pathv[i]); - set.insert(filename.substr(filename.find_last_of(directorySeparator)+1)); - } - - return set; -} - -const std::set glob_filenames(const std::string &source, const std::string &wildcard) { - //for finding files matching pattern in directory - glob_t globbuf; - std::string pattern = source + wildcard; - - //for freeing allocated memory - GlobPtr globbufPtr(&globbuf); - - //actually find files matching pattern in directory - including dotfiles - RUNNER_ASSERT_MSG(0 == glob(pattern.c_str(), GLOB_NOSORT | GLOB_PERIOD, NULL, &globbuf), - "Failed to search for requested pathnames in " << source << "."); - - return dump_glob_filenames(globbuf); -} - -const std::set db_files_pathnames(const std::string &source) { - return glob_filenames(source, directoryWildcard); -} - -std::ostream& operator<<(std::ostream& os, const std::set &set) -{ - os << "{"; - for (const auto &item : set) { - os << " " << item; - } - os << " }"; - return os; -} - -void compareDbs(const std::string &source) -{ - //for accessing files in directory - std::string patternDir = cynaraTestPatternsPath + source; - std::string resultDir = CynaraTestConsts::DB_DIR; - DIR *patternDirPtr = nullptr; - struct dirent *direntPtr; - - size_t patternFileCount = db_files_count(patternDir); - size_t resultFileCount = db_files_count(resultDir); - - //directories do not match if there is different number of files - RUNNER_ASSERT_MSG(patternFileCount == resultFileCount, - "No match in database and pattern directory file count: " - << resultFileCount << " != " << patternFileCount << "." << std::endl - << "Expected: " << db_files_pathnames(patternDir) << std::endl - << "Actual: " << db_files_pathnames(resultDir)); - - //compare files in database directory with pattern directory - RUNNER_ASSERT_ERRNO_MSG(patternDirPtr = opendir(patternDir.c_str()), - "Opening " << patternDir << " directory failed"); - DirPtr patternDirScopedPtr(patternDirPtr); - - while ((direntPtr = readdir(patternDirPtr)) != nullptr) { - if (!strcmp(direntPtr->d_name, ".") - || !strcmp(direntPtr->d_name, "..")) - continue; - std::string patternName = patternDir + directorySeparator + direntPtr->d_name; - std::string resultName = CynaraTestConsts::DB_DIR + directorySeparator + direntPtr->d_name; - - //comparing file saved db dir with reference file from patterns dir - RUNNER_ASSERT_MSG(true == unordered_files_match(patternName, resultName), - "No match in stored file and pattern file: " << resultName); - } -} - -} // anonymous namespace - - -/** - * @brief Lockdown initialization failure caused by fake guard existence - * @test Expected result: refuse to write data to storage as long as guard file creation fails - * 1. Create fake guard file with 0000 attributes in policy database - * 2. Try to make a change (ALLOW) in default bucket (data dump should fail) - * 3. Delete fake guard file from policy database - * 4. Retry to make a change (ALLOW) in default bucket (data dump should proceed) - * 5. Check if database is saved correctly - */ -void tcdb01_lockdown_init_failure_func() -{ - Admin admin; - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *extra = nullptr; - - const auto fakeBackupGuard = CynaraTestConsts::DB_DIR + directorySeparator + "guard"; - - createDbFile(fakeBackupGuard); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED); - - deleteDbFile(fakeBackupGuard); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - - restartCynaraServiceAndSockets(); - compareDbs(defDbAllow); -} - -/** - * @brief Failure during writing to backup (before lockdown) - * @test Expected result: read from primary policy database - * 1. Write ALLOW to default bucket - * 2. Check if data is saved correctly - * 3. Create fake backup file with 0000 attributes in policy database - * 4. Try to make a change (DENY) in default bucket (data dump should fail) - * 5. Reload Cynara - policies loaded from default bucket should still be ALLOW - */ -void tcdb02_write_to_backup_failure_func() -{ - Admin admin; - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *extra = nullptr; - - const auto fakeBucketDumpFile = CynaraTestConsts::DB_DIR + directorySeparator + "_~"; - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - compareDbs(defDbAllow); - - createDbFile(fakeBucketDumpFile); - admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra, CYNARA_API_OPERATION_FAILED); - - restartCynaraServiceAndSockets(); - compareDbs(defDbAllow); -} - -/** - * @brief Check whether both invalid and valid backup databases are removed - * @test Expected result: no unnecessary backup files in policy database directory - * 1. Fail writing to backup database - * 2. Reload Cynara - policies should be loaded from primary (valid) database - * 3. Check if all backup files were removed - * 4. Successfully write changes to database - * 5. Reload Cynara - policies should be loaded from primary (revalidated) database - * 6. Check if all backup files were removed - */ -void tcdb03_invalid_and_valid_backup_removal_func() -{ - Admin admin; - Client cynara; - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *extra = nullptr; - - const auto defaultBucketDumpFile = CynaraTestConsts::DB_DIR + directorySeparator + "_~"; - - createDbFile(defaultBucketDumpFile); - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra, CYNARA_API_OPERATION_FAILED); - - restartCynaraServiceAndSockets(); - compareDbs(defDb); - - admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); - - restartCynaraServiceAndSockets(); - compareDbs(defDbAllow); -} - -/** - * @brief Comparison between database modified by Cynara with expected one - * @test Expected result: no differences between those files - * 1. Write sample policy to database (and let it save to storage) - * 2. Compare freshly saved files with samples from test patterns directory - */ -void tcdb04_dumped_file_binary_comparison_func() -{ - Admin admin; - Client cynara; - ServiceManager serviceManager(CynaraTestConsts::SERVICE); - - const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; - const char *client = "client"; - const char *user = "user"; - const char *privilege = "privilege"; - const char *extra = nullptr; - - { - CynaraPoliciesContainer cp; - cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra); - admin.setPolicies(cp, CYNARA_API_SUCCESS); - } - - compareDbs(nonEmptyDb); -} - -/** - * @brief Invalid database files removal - * @test Expected result: no unnecessary files in policy database directory - * 1. Fill Cynara's policy database directory with garbage: - * - Sample backup file which should be removed earlier - * - Sample bucket file which is not mentioned in index (shouldn't exist at all) - * - Sample files which don't belong to database - * 2. Reload Cynara - * 3. Check if any of mentioned above files still remained - */ -void tcdb05_non_indexed_files_removal_func() -{ - std::vector filenames = { "_broken-backup~", "_non-indexed-bucket", - "some-file-that-doesnt-belong-here" }; - - for (const auto &filename : filenames) { - auto garbageFilename = CynaraTestConsts::DB_DIR + directorySeparator + filename; - createDbFile(garbageFilename); - } - - restartCynaraServiceAndSockets(); - compareDbs(defDb); -} - -RUNNER_TEST_GROUP_INIT(cynara_db_tests) - -RUN_CYNARA_TEST(tcdb01_lockdown_init_failure) -RUN_CYNARA_TEST(tcdb02_write_to_backup_failure) -RUN_CYNARA_TEST(tcdb03_invalid_and_valid_backup_removal) -RUN_CYNARA_TEST(tcdb04_dumped_file_binary_comparison) -RUN_CYNARA_TEST(tcdb05_non_indexed_files_removal) diff --git a/src/cynara-tests/test_cases_helpers.cpp b/src/cynara-tests/test_cases_helpers.cpp deleted file mode 100644 index 992a77e5..00000000 --- a/src/cynara-tests/test_cases_helpers.cpp +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file test_cases_helpers.cpp - * @author Aleksander Zdyb - * @version 1.0 - * @brief Tests for cynara-helper-credentials-socket - */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include - -class ProcessCredentials { -public: - ProcessCredentials() {} - - const std::string &label(void) const { - return m_label; - } - - uid_t uid(void) const { - return PasswdAccess::uid(APP_USER); - } - - gid_t gid(void) const { - return PasswdAccess::gid("users"); - } - -private: - std::string m_label = "cynara_helpers"; -}; - -pid_t runInChild(const std::function &process) { - pid_t pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "fork failed"); - - if (pid == 0) { - process(); - exit(EXIT_SUCCESS); - } - - return pid; -} - -void udsServer(SynchronizationPipe &pipe, const struct sockaddr_un &sockaddr, - const struct ProcessCredentials &peerCredentials) { - SecurityServer::AccessProvider ap(peerCredentials.label()); - ap.applyAndSwithToUser(peerCredentials.uid(), peerCredentials.gid()); - pipe.claimChildEp(); - - int sock = UDSHelpers::createServer(&sockaddr); - SockUniquePtr sockPtr(&sock); - pipe.post(); - int clientSock = UDSHelpers::acceptClient(sock); - - UDSHelpers::waitForDisconnect(clientSock); -} - -typedef std::function SocketAssertionFn; - -void socketTestTemplate(SocketAssertionFn assertion, const std::string &scope) { - const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_" + scope + ".socket"); - const ProcessCredentials peerCredentials; - - SynchronizationPipe pipe; - - pid_t pid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr), - std::cref(peerCredentials))); - - pipe.claimParentEp(); - pipe.wait(); - int sock = UDSHelpers::createClient(&sockaddr); - SockUniquePtr sockPtr(&sock); - - assertion(sock, pid, peerCredentials); -} - -RUNNER_TEST_GROUP_INIT(cynara_creds_socket) - -RUNNER_MULTIPROCESS_TEST_SMACK(tccs01_socket_credentials_client_smack) -{ - socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) { - CStringPtr label(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_SMACK)); - RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(), - "Labels don't match ret = " << label.get() - << "; expected = " << peerCredentials.label()); - }, "tccs01"); -} - -RUNNER_MULTIPROCESS_TEST_SMACK(tccs02_socket_credentials_client_pid) -{ - socketTestTemplate([] (int sock, pid_t pid, const ProcessCredentials &) { - CStringPtr clientPidStr(CynaraHelperCredentials::socketGetClient(sock, CLIENT_METHOD_PID)); - pid_t clientPid = std::stoi(clientPidStr.get()); - RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid - << "; expected = " << pid); - }, "tccs02"); -} - -RUNNER_MULTIPROCESS_TEST_SMACK(tccs03_socket_credentials_user_uid) -{ - socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) { - CStringPtr uidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_UID)); - uid_t uid = std::stoul(uidStr.get()); - RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid - << "; expected = "<< peerCredentials.uid()); - }, "tccs03"); -} - -RUNNER_MULTIPROCESS_TEST_SMACK(tccs04_socket_credentials_user_gid) -{ - socketTestTemplate([] (int sock, pid_t, const ProcessCredentials &peerCredentials) { - CStringPtr gidStr(CynaraHelperCredentials::socketGetUser(sock, USER_METHOD_GID)); - gid_t gid = std::stoul(gidStr.get()); - RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid - << "; expected = "<< peerCredentials.gid()); - }, "tccs04"); -} - -RUNNER_MULTIPROCESS_TEST_SMACK(tccs05_cynara_creds_socket_pid) -{ - const auto sockaddr = UDSHelpers::makeAbstractAddress("helper_tccs05.socket"); - const ProcessCredentials peerCredentials; - - SynchronizationPipe pipe; - pid_t expectedPid = runInChild(std::bind(udsServer, std::ref(pipe), std::cref(sockaddr), - std::cref(peerCredentials))); - - pipe.claimParentEp(); - pipe.wait(); - int sock = UDSHelpers::createClient(&sockaddr); - SockUniquePtr sockPtr(&sock); - - pid_t helperPid = CynaraHelperCredentials::socketGetPid(sock); - RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid - << "; expected = " << expectedPid); -} diff --git a/src/libprivilege-control-tests/CMakeLists.txt b/src/libprivilege-control-tests/CMakeLists.txt deleted file mode 100644 index 96c9c1d3..00000000 --- a/src/libprivilege-control-tests/CMakeLists.txt +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @file CMakeLists.txt -# @author Jan Olszak (j.olszak@samsung.com) -# @author Rafal Krypa (r.krypa@samsung.com) -# @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) -# @version 0.1 -# @brief -# -INCLUDE(FindPkgConfig) - -SET(TEST_APP_EFL "test-app-efl") -SET(TEST_APP_WGT "test-app-wgt") -SET(TEST_APP_OSP "test-app-osp") -SET(HELLO_TIZEN_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/hello-tizen.cpp - ) -ADD_EXECUTABLE( ${TEST_APP_EFL} ${HELLO_TIZEN_TEST_SOURCES} ) -INSTALL(TARGETS ${TEST_APP_EFL} - DESTINATION /usr/bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -INSTALL(FILES ${TEST_APP_EFL} - DESTINATION /usr/bin - RENAME ${TEST_APP_OSP} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE) - -INSTALL(FILES ${TEST_APP_EFL} - DESTINATION /usr/bin - RENAME ${TEST_APP_WGT} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE) - -SET(LPC_TARGET_TEST "libprivilege-control-test") - -#dependencies -PKG_CHECK_MODULES(LPC_TARGET_DEP - libsmack - libprivilege-control - sqlite3 - libtzplatform-config - REQUIRED - libiri - ) - -#files to compile -SET(LPC_TARGET_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/db.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/duplicates.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control-test.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_nosmack.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_incorrect_params.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_cases_stress.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp - ) - -#header directories -INCLUDE_DIRECTORIES(SYSTEM - ${LPC_TARGET_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/ - ) - -#preprocessor definitions -#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") - -#output format -ADD_EXECUTABLE(${LPC_TARGET_TEST} ${LPC_TARGET_TEST_SOURCES}) - -#linker directories -TARGET_LINK_LIBRARIES(${LPC_TARGET_TEST} - ${LPC_TARGET_DEP_LIBRARIES} - dpl-test-framework - tests-common - -lcrypt - ) - -#place for output file -INSTALL(TARGETS ${LPC_TARGET_TEST} - DESTINATION /usr/bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -# Test SMACK rules -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(DIRECTORY - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/test_privilege_control_DIR - DESTINATION /etc/smack/ -) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac - DESTINATION /usr/share/privilege-control/ - ) - - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack - DESTINATION /usr/share/privilege-control/ - ) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac - DESTINATION /usr/share/privilege-control/ - ) diff --git a/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac b/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac deleted file mode 100644 index d6838693..00000000 --- a/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.dac +++ /dev/null @@ -1,2 +0,0 @@ -24567 -75678 diff --git a/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack b/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack deleted file mode 100644 index 5438c545..00000000 --- a/src/libprivilege-control-tests/EFL_test_privilege_control_rules_efl.smack +++ /dev/null @@ -1 +0,0 @@ -~APP~ test_book_efl r diff --git a/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac b/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac deleted file mode 100644 index 8654033d..00000000 --- a/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.dac +++ /dev/null @@ -1,2 +0,0 @@ -56789 -67890 diff --git a/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack b/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack deleted file mode 100644 index e1be7dee..00000000 --- a/src/libprivilege-control-tests/OSP_test_privilege_control_rules_osp.smack +++ /dev/null @@ -1,16 +0,0 @@ -~APP~ test_book_osp_8 r -~APP~ test_book_osp_9 w -~APP~ test_book_osp_10 x -~APP~ test_book_osp_11 rw -~APP~ test_book_osp_12 rx -~APP~ test_book_osp_13 wx -~APP~ test_book_osp_14 rwx -~APP~ test_book_osp_15 rwxat -test_subject_osp_8 ~APP~ r -test_subject_osp_9 ~APP~ w -test_subject_osp_10 ~APP~ x -test_subject_osp_11 ~APP~ rw -test_subject_osp_12 ~APP~ rx -test_subject_osp_13 ~APP~ wx -test_subject_osp_14 ~APP~ rwx -test_subject_osp_15 ~APP~ rwxat diff --git a/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack b/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack deleted file mode 100644 index 1a94bb04..00000000 --- a/src/libprivilege-control-tests/WRT_test_privilege_control_rules1.smack +++ /dev/null @@ -1,14 +0,0 @@ -~APP~ test_book_1 r -~APP~ test_book_2 w -~APP~ test_book_3 x -~APP~ test_book_4 rw -~APP~ test_book_5 rx -~APP~ test_book_6 wx -~APP~ test_book_7 rwx -test_subject_1 ~APP~ r -test_subject_2 ~APP~ w -test_subject_3 ~APP~ x -test_subject_4 ~APP~ rw -test_subject_5 ~APP~ rx -test_subject_6 ~APP~ wx -test_subject_7 ~APP~ rwx diff --git a/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack b/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack deleted file mode 100644 index 858f5b1d..00000000 --- a/src/libprivilege-control-tests/WRT_test_privilege_control_rules2.smack +++ /dev/null @@ -1,16 +0,0 @@ -~APP~ test_book_8 r -~APP~ test_book_9 w -~APP~ test_book_10 x -~APP~ test_book_11 rw -~APP~ test_book_12 rx -~APP~ test_book_13 wx -~APP~ test_book_14 rwx -~APP~ test_book_15 rwxat -test_subject_8 ~APP~ r -test_subject_9 ~APP~ w -test_subject_10 ~APP~ x -test_subject_11 ~APP~ rw -test_subject_12 ~APP~ rx -test_subject_13 ~APP~ wx -test_subject_14 ~APP~ rwx -test_subject_15 ~APP~ rwxat diff --git a/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack b/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack deleted file mode 100644 index 6acd0ecd..00000000 --- a/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_no_r.smack +++ /dev/null @@ -1,14 +0,0 @@ -~APP~ test_book_9 w -~APP~ test_book_10 x -~APP~ test_book_11 w -~APP~ test_book_12 x -~APP~ test_book_13 wx -~APP~ test_book_14 wx -~APP~ test_book_15 wxat -test_subject_9 ~APP~ w -test_subject_10 ~APP~ x -test_subject_11 ~APP~ w -test_subject_12 ~APP~ x -test_subject_13 ~APP~ wx -test_subject_14 ~APP~ wx -test_subject_15 ~APP~ wxat diff --git a/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack b/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack deleted file mode 100644 index 9dee9845..00000000 --- a/src/libprivilege-control-tests/WRT_test_privilege_control_rules2_r.smack +++ /dev/null @@ -1,10 +0,0 @@ -~APP~ test_book_8 r -~APP~ test_book_11 r -~APP~ test_book_12 r -~APP~ test_book_14 r -~APP~ test_book_15 r -test_subject_8 ~APP~ r -test_subject_11 ~APP~ r -test_subject_12 ~APP~ r -test_subject_14 ~APP~ r -test_subject_15 ~APP~ r diff --git a/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac b/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac deleted file mode 100644 index 3d1b597d..00000000 --- a/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.dac +++ /dev/null @@ -1,2 +0,0 @@ -34567 -45678 diff --git a/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack b/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack deleted file mode 100644 index 7c7571b8..00000000 --- a/src/libprivilege-control-tests/WRT_test_privilege_control_rules_wgt.smack +++ /dev/null @@ -1,16 +0,0 @@ -~APP~ test_book_wgt_8 r -~APP~ test_book_wgt_9 w -~APP~ test_book_wgt_10 x -~APP~ test_book_wgt_11 rw -~APP~ test_book_wgt_12 rx -~APP~ test_book_wgt_13 wx -~APP~ test_book_wgt_14 rwx -~APP~ test_book_wgt_15 rwxat -test_subject_wgt_8 ~APP~ r -test_subject_wgt_9 ~APP~ w -test_subject_wgt_10 ~APP~ x -test_subject_wgt_11 ~APP~ rw -test_subject_wgt_12 ~APP~ rx -test_subject_wgt_13 ~APP~ wx -test_subject_wgt_14 ~APP~ rwx -test_subject_wgt_15 ~APP~ rwxat diff --git a/src/libprivilege-control-tests/common/db.cpp b/src/libprivilege-control-tests/common/db.cpp deleted file mode 100644 index bbfd12ed..00000000 --- a/src/libprivilege-control-tests/common/db.cpp +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file libprivilege-control_test_db.cpp - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control tests database record check functions - */ - -#include -#include -#include -#include -#include -#include "db.h" -#include "db_sqlite.h" -#include "duplicates.h" - -const std::string DBASE_PATH = tzplatform_mkpath(TZ_SYS_DB, ".rules-db.db3"); -const std::string ALL_APPS ="ALL_APPS"; - -const int PERMISSION_VOLATILE = 1; -const int PERMISSION_PERSISTENT = 0; - -const int PERMISSION_ENABLED = 1; -const int PERMISSION_DISABLED = 0; - -using std::ostringstream; -using std::string; - -TestLibPrivilegeControlDatabase::TestLibPrivilegeControlDatabase() : m_base(DBASE_PATH) -{ -} - -void TestLibPrivilegeControlDatabase::test_db_after__perm_app_install(const char* name) -{ - if (!m_base.is_open()) - m_base.open(); - - app_label(name); - app_permission(name, ALL_APPS, ALL_APPS, PERMISSION_PERSISTENT, PERMISSION_ENABLED); -} - -void TestLibPrivilegeControlDatabase::test_db_after__perm_app_uninstall(const char* name) -{ - if (!m_base.is_open()) - m_base.open(); - - app_not_label(name); -} - -void TestLibPrivilegeControlDatabase::test_db_after__perm_app_enable_permissions( - const char* name, app_type_t app_type, const char** perm_list, bool persistent) -{ - if (!m_base.is_open()) - m_base.open(); - - string permission_type_name = app_type_name(app_type); - string permission_group_type_name = app_type_group_name(app_type); - const int is_volatile = persistent ? PERMISSION_PERSISTENT : PERMISSION_VOLATILE; - string permission_name; - int ret; - - app_permission(name, permission_type_name, permission_type_name, is_volatile, - PERMISSION_ENABLED); - - int i; - for (i = 0; perm_list[i] != nullptr; ++i) { - // Ignore empty lines - if (strspn(perm_list[i], " \t\n") == strlen(perm_list[i])) - continue; - - ret = base_name_from_perm(perm_list[i], permission_name); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, "permission : <" << perm_list[i] << - "> cannot be converted to basename (iri parse error)"); - app_permission(name, permission_name, permission_group_type_name, is_volatile, - PERMISSION_ENABLED); - } -} - -void TestLibPrivilegeControlDatabase::app_label(const std::string& app_name) -{ - Sqlite3DBaseSelectResult result; - ostringstream sql; - sql << "SELECT app_id FROM app " - "NATURAL JOIN label " - "WHERE name == '" << app_name << "' ;"; - m_base.execute(sql.str(), result); - - RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 1, "query : <" << - sql.str() << "> returned [" << result.rows.size() << "] rows"); -} - -void TestLibPrivilegeControlDatabase::app_not_label(const std::string& app_name) -{ - Sqlite3DBaseSelectResult result; - ostringstream sql; - sql << "SELECT label_id FROM label " - "WHERE name == '" << app_name << "' ;"; - m_base.execute(sql.str(), result); - - RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << "> returned [" << - result.rows.size() << "] rows"); -} - -void TestLibPrivilegeControlDatabase::app_permission(const std::string& app_name, - const std::string& permission_name, const std::string& permission_type_name, - int is_volatile, int is_enabled) -{ - Sqlite3DBaseSelectResult result; - ostringstream sql; - sql << "SELECT * FROM app_permission " - "INNER JOIN app USING(app_id) " - "INNER JOIN permission USING(permission_id) " - "INNER JOIN permission_type USING(permission_type_id)" - "INNER JOIN label USING(label_id)" - "WHERE " - "label.name == '" << app_name << "' " - "AND app_permission.is_enabled == " << is_enabled << " " - "AND app_permission.is_volatile == " << is_volatile << " " - "AND permission.name == '" << permission_name << "' " - "AND permission_type.type_name == '" << permission_type_name << "' " - ";"; - m_base.execute(sql.str(), result); - - RUNNER_ASSERT_MSG(result.rows.size() == 1, "query : <" << sql.str() << "> returned [" << - result.rows.size() << "] rows"); -} diff --git a/src/libprivilege-control-tests/common/db.h b/src/libprivilege-control-tests/common/db.h deleted file mode 100644 index d8d29e7e..00000000 --- a/src/libprivilege-control-tests/common/db.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file libprivilege-control_test_db.h - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control tests database record check functions - */ - -#ifndef LIBPRIVILEGE_CONTROL_TEST_DB_H_ -#define LIBPRIVILEGE_CONTROL_TEST_DB_H_ - -#include -#include "libprivilege-control_test_common.h" -#include "db_sqlite.h" - -/** - * @class TestLibPrivilegeControlDatabase - * @brief Class containing methods for testing libprivlege database. - */ -class TestLibPrivilegeControlDatabase -{ -public: -/** - * @brief A constructor - */ - TestLibPrivilegeControlDatabase(); - -/** - * @brief A destructor - */ - ~TestLibPrivilegeControlDatabase() = default; - -/** - * @brief Method for testing database after "perm_app_install" was run. - * - * It checks existence of proper: label, app records and permission for ALL_APPS for installed app. - * - * @param name name of installed app - */ - void test_db_after__perm_app_install(const char* name); - -/** - * @brief Method for testing database after "perm_app_uninstall" was run. - * - * It checks absence of proper: label for installed app. - * - * @param name name of uninstalled app - */ - void test_db_after__perm_app_uninstall(const char* name); - -/** - * @brief Method for testing database after "perm_app_enable_permissions" was run. - * - * It checks existence of proper permissions from perm_list and main permission for whole app_type. - * - * @param name name of application - * @param app_type type of application (EFL, WRT, etc. ) - * @param perm_list list of permission to enable - * @param persistent persistence or volatileness of permissions - */ - void test_db_after__perm_app_enable_permissions(const char* name, app_type_t app_type, - const char** perm_list, bool persistent); - -private: -/** - * @var base - * @brief Sqlite3DBase object giving simple access to database - * - * Connection to database is open first time it is needed - * and closed in destructor of TestLibPrivilegeControlDatabase. - */ - Sqlite3DBase m_base; - -/** - * @brief Check existence of label related records for given app. - * - * @param app_name name of application - */ - void app_label(const std::string& app_name); - -/** - * @brief Check absence of label record for given app. - * - * @param app_name name of application - */ - void app_not_label(const std::string& app_name); - -/** - * @brief It checks existence of single permission. - * - * @param app_name name of application - * @param permission_name name of permission - * @param permission_type_name name of permission type - * @param is_volatile persistence or volatileness of permissions - * @param is_enabled permission enable flag - */ - void app_permission(const std::string& app_name, const std::string& permission_name, - const std::string& permission_type_name, int is_volatile, int is_enabled); -}; - -#endif /* LIBPRIVILEGE_CONTROL_TEST_DB_H_ */ diff --git a/src/libprivilege-control-tests/common/duplicates.cpp b/src/libprivilege-control-tests/common/duplicates.cpp deleted file mode 100644 index 652e1d88..00000000 --- a/src/libprivilege-control-tests/common/duplicates.cpp +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file libprivilege-control_test_duplicates.cpp - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control private functions duplicates - */ - -#include -#include -#include -#include -#include -#include -#ifndef _XOPEN_SOURCE -#define _XOPEN_SOURCE -#endif -#include -#include "duplicates.h" - -std::string app_type_name(app_type_t app_type) -{ - switch(app_type) - { - case APP_TYPE_WGT: - return "WRT"; - case APP_TYPE_OSP: - return "OSP"; - case APP_TYPE_EFL: - return "EFL"; - default: - return ""; - } -} - -std::string app_type_group_name(app_type_t app_type) -{ - switch (app_type) - { - case APP_TYPE_WGT: - return "WRT"; - case APP_TYPE_OSP: - return "OSP"; - case APP_TYPE_EFL: - return "EFL"; - default: - return ""; - } -} - - -/* - * This function changes permission URI to basename for file name. - * For e.g. from http://tizen.org/privilege/contact.read will be - * created basename : org.tizen.privilege.contact.read - */ -int base_name_from_perm(const char *perm, std::string& name) -{ - iri_t *iris = iri_parse(perm); - if (iris == nullptr || iris->host == nullptr) - { - iri_destroy(iris); - return PC_ERR_INVALID_PARAM; - } - - std::string host_dot; - std::string host; - std::string path; - std::string::size_type pos; - - if (iris->path == nullptr) - { - path = iris->host; - } - else - { - path = iris->path; - host = iris->host; - pos = host.rfind('.'); - if (pos != std::string::npos) - { - host_dot = host.substr(pos + 1) + "."; - host = host.substr(0, pos); - } - } - - iri_destroy(iris); - - std::replace(path.begin(), path.end(), '/', '.'); - - name = host_dot + host + path; - - return PC_OPERATION_SUCCESS; -} diff --git a/src/libprivilege-control-tests/common/duplicates.h b/src/libprivilege-control-tests/common/duplicates.h deleted file mode 100644 index 3b746563..00000000 --- a/src/libprivilege-control-tests/common/duplicates.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file libprivilege-control_test_duplicates.h - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control private functions duplicates - */ - -#ifndef LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ -#define LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ - -#include -#include - -/** - * @brief Get the permission family type name. - * - * @ingroup RDB internal functions test duplicate - * - * @param app_type type of the application - * @return PC_OPERATION_SUCCESS on success, - * error code otherwise - */ -std::string app_type_name(app_type_t app_type); - -/** - * @brief Get the permission type name - * - * @ingroup RDB internal functions test duplicate - * - * @param app_type type of the application - * @return PC_OPERATION_SUCCESS on success, - * error code otherwise - */ -std::string app_type_group_name(app_type_t app_type); - -/** - * @brief URI to basename conversion - * - * This function changes permission URI to basename for file name. - * For e.g. from http://tizen.org/privilege/contact.read will be - * created basename : org.tizen.privilege.contact.read - * - * @ingroup RDB internal functions test duplicate - * - * @param perm permission URI - * @param name created basename - * @return PC_OPERATION_SUCCESS on success, - * error code otherwise - */ -int base_name_from_perm(const char *perm, std::string& name); - -#endif /* LIBPRIVILEGE_CONTROL_TEST_DUPLICATES_H_ */ diff --git a/src/libprivilege-control-tests/common/libprivilege-control_test_common.h b/src/libprivilege-control-tests/common/libprivilege-control_test_common.h deleted file mode 100644 index 031782af..00000000 --- a/src/libprivilege-control-tests/common/libprivilege-control_test_common.h +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file test_cases.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control tests commons - */ - -#ifndef LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ -#define LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -// How many open file descriptors should ftw() function use? -#define FTW_MAX_FDS 16 - -#define SOCK_PATH "/tmp/test-smack-socket" - -#define TEST_APP_DIR "/etc/smack/test_privilege_control_DIR/app_dir" -#define TEST_NON_APP_DIR "/etc/smack/test_privilege_control_DIR/non_app_dir" - -#define APP_ID "test_APP" -#define APPID_DIR "test_APP_ID_dir" -#define GENERATED_APP_ID "User" // TODO to be replaced in the future - -const uid_t TZ_APP_UID = tzplatform_getuid(TZ_USER_NAME); -const gid_t TZ_APP_GID = tzplatform_getgid(TZ_USER_NAME); - -#define PERM_TO_REDEFINE "Test::RedefinePermission" -#define PERM_SUB_TO_REDEFINE "Test::RedefinePermission::Sub" - -#define APP_1 "app_1" -#define APP_1_DIR "/tmp/app_1" - -#define APP_2 "app_2" -#define APP_2_DIR "/tmp/app_2" - -#define APP_TEST "app_test" - -#define EFL_APP_ID "hello-tizen" - -#define LIBPRIVILEGE_TEST_DAC_FILE_WGT "/usr/share/privilege-control/WRT_test_privilege_control_rules_wgt.dac" -#define LIBPRIVILEGE_TEST_DAC_FILE_OSP "/usr/share/privilege-control/OSP_test_privilege_control_rules_osp.dac" -#define LIBPRIVILEGE_TEST_DAC_FILE_EFL "/usr/share/privilege-control/EFL_test_privilege_control_rules_efl.dac" - -#define OSP_APP_ID "uqNfgEjqc7" - -#define WGT_APP_PATH "/usr/bin/test-app-wgt" -#define OSP_APP_PATH "/usr/bin/test-app-osp" -#define EFL_APP_PATH "/usr/bin/test-app-efl" - -#define APP_SET_PRIV_PATH "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP" - -extern const char *USER_APP_ID; - -extern const char *PRIVS1[]; -extern const char *PRIVS2[]; -extern const char *PRIVS2_NO_R[]; -extern const char *PRIVS2_R[]; -extern const char *PRIVS2_R_AND_NO_R[]; - -extern const char *PRIVS_WGT[]; -extern const char *PRIVS_OSP[]; -extern const char *PRIVS_EFL[]; - -extern const char *PRIV_APPSETTING[]; -extern const char *PRIV_APPSETTING_RULES[]; - -typedef std::vector< std::vector > rules_t; - -// Rules from WRT_test_privilege_control_rules1.smack for wgt -const rules_t rules1 = { - { USER_APP_ID, "test_book_1", "r" }, - { USER_APP_ID, "test_book_2", "w" }, - { USER_APP_ID, "test_book_3", "x" }, - { USER_APP_ID, "test_book_4", "rw" }, - { USER_APP_ID, "test_book_5", "rx" }, - { USER_APP_ID, "test_book_6", "wx" }, - { USER_APP_ID, "test_book_7", "rwx" }, - { "test_subject_1", USER_APP_ID, "r" }, - { "test_subject_2", USER_APP_ID, "w" }, - { "test_subject_3", USER_APP_ID, "x" }, - { "test_subject_4", USER_APP_ID, "rw" }, - { "test_subject_5", USER_APP_ID, "rx" }, - { "test_subject_6", USER_APP_ID, "wx" }, - { "test_subject_7", USER_APP_ID, "rwx" } -}; - -// Rules from WRT_test_privilege_control_rules2.smack -const rules_t rules2 = { - { USER_APP_ID, "test_book_8", "r" }, - { USER_APP_ID, "test_book_9", "w" }, - { USER_APP_ID, "test_book_10", "x" }, - { USER_APP_ID, "test_book_11", "rw" }, - { USER_APP_ID, "test_book_12", "rx" }, - { USER_APP_ID, "test_book_13", "wx" }, - { USER_APP_ID, "test_book_14", "rwx" }, - { USER_APP_ID, "test_book_15", "rwxat" }, - { "test_subject_8", USER_APP_ID, "r" }, - { "test_subject_9", USER_APP_ID, "w" }, - { "test_subject_10", USER_APP_ID, "x" }, - { "test_subject_11", USER_APP_ID, "rw" }, - { "test_subject_12", USER_APP_ID, "rx" }, - { "test_subject_13", USER_APP_ID, "wx" }, - { "test_subject_14", USER_APP_ID, "rwx" }, - { "test_subject_15", USER_APP_ID, "rwxat" } -}; - -// Rules from WRT_test_privilege_control_rules_no_r.smack -const rules_t rules2_no_r = { - { USER_APP_ID, "test_book_9", "w" }, - { USER_APP_ID, "test_book_10", "x" }, - { USER_APP_ID, "test_book_11", "w" }, - { USER_APP_ID, "test_book_12", "x" }, - { USER_APP_ID, "test_book_13", "x" }, - { USER_APP_ID, "test_book_14", "wx" }, - { USER_APP_ID, "test_book_15", "wxat" }, - { "test_subject_9", USER_APP_ID, "w" }, - { "test_subject_10", USER_APP_ID, "x" }, - { "test_subject_11", USER_APP_ID, "w" }, - { "test_subject_12", USER_APP_ID, "x" }, - { "test_subject_13", USER_APP_ID, "x" }, - { "test_subject_14", USER_APP_ID, "wx" }, - { "test_subject_15", USER_APP_ID, "wxat" } -}; - -// Rules from test_privilege_control_rules.smack -// minus WRT_test_privilege_control_rules_no_r.smack -const rules_t rules2_r = { - { USER_APP_ID, "test_book_8", "r" }, - { USER_APP_ID, "test_book_11", "r" }, - { USER_APP_ID, "test_book_12", "r" }, - { USER_APP_ID, "test_book_14", "r" }, - { USER_APP_ID, "test_book_15", "r" }, - { "test_subject_8", USER_APP_ID, "r" }, - { "test_subject_11", USER_APP_ID, "r" }, - { "test_subject_12", USER_APP_ID, "r" }, - { "test_subject_14", USER_APP_ID, "r" }, - { "test_subject_15", USER_APP_ID, "r" } -}; - -// Rules from EFL_test_privilege_control_rules_efl.smack for rpm -const rules_t rules_efl = { - { USER_APP_ID, "test_book_efl", "r" } -}; - -// Rules from WRT_test_privilege_control_rules_wgt.smack for wgt -const rules_t rules_wgt = { - { USER_APP_ID, "test_book_wgt_8", "r" }, - { USER_APP_ID, "test_book_wgt_9", "w" }, - { USER_APP_ID, "test_book_wgt_10", "x" }, - { USER_APP_ID, "test_book_wgt_11", "rw" }, - { USER_APP_ID, "test_book_wgt_12", "rx" }, - { USER_APP_ID, "test_book_wgt_13", "wx" }, - { USER_APP_ID, "test_book_wgt_14", "rwx" }, - { USER_APP_ID, "test_book_wgt_15", "rwxat" }, - { "test_subject_wgt_8", USER_APP_ID, "r" }, - { "test_subject_wgt_9", USER_APP_ID, "w" }, - { "test_subject_wgt_10", USER_APP_ID, "x" }, - { "test_subject_wgt_11", USER_APP_ID, "rw" }, - { "test_subject_wgt_12", USER_APP_ID, "rx" }, - { "test_subject_wgt_13", USER_APP_ID, "wx" }, - { "test_subject_wgt_14", USER_APP_ID, "rwx" }, - { "test_subject_wgt_15", USER_APP_ID, "rwxat" } -}; - -// Rules from OSP_test_privilege_control_rules_osp.smack for osp -const rules_t rules_osp = { - { USER_APP_ID, "test_book_osp_8", "r" }, - { USER_APP_ID, "test_book_osp_9", "w" }, - { USER_APP_ID, "test_book_osp_10", "x" }, - { USER_APP_ID, "test_book_osp_11", "rw" }, - { USER_APP_ID, "test_book_osp_12", "rx" }, - { USER_APP_ID, "test_book_osp_13", "wx" }, - { USER_APP_ID, "test_book_osp_14", "rwx" }, - { USER_APP_ID, "test_book_osp_15", "rwxat" }, - { "test_subject_osp_8", USER_APP_ID, "r" }, - { "test_subject_osp_9", USER_APP_ID, "w" }, - { "test_subject_osp_10", USER_APP_ID, "x" }, - { "test_subject_osp_11", USER_APP_ID, "rw" }, - { "test_subject_osp_12", USER_APP_ID, "rx" }, - { "test_subject_osp_13", USER_APP_ID, "wx" }, - { "test_subject_osp_14", USER_APP_ID, "rwx" }, - { "test_subject_osp_15", USER_APP_ID, "rwxat" } -}; - -int test_have_all_accesses(const rules_t &rules); -int test_have_any_accesses(const rules_t &rules); -int test_have_nosmack_accesses(const rules_t &rules); - -void read_user_gids(std::set &set, const uid_t user_id); -void check_groups(const std::set &groups_prev, const char *dac_file); - -int file_exists(const char *path); -void check_app_installed(const char *app_path); - -void check_perm_app_has_permission(const char *app_label, - const char *permission, - bool is_enabled_expected); - -int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/, - int /*typeflag*/, struct FTW* /*ftwbuf*/); -int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/); -int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/); -int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, - int /*typeflag*/, struct FTW* /*ftwbuf*/); -int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, - int /*typeflag*/, struct FTW* /*ftwbuf*/); - -void test_perm_app_setup_path_PUBLIC_RO(bool smack); -void test_revoke_permissions(int line_no, const char* app_id); -void test_app_enable_permissions_efl(bool smack); -void test_app_disable_permissions_efl(bool smack); -void test_app_disable_permissions(bool smack); -bool check_all_accesses(bool smack, const rules_t &rules); -bool check_no_accesses(bool smack, const rules_t &rules); - -#endif /* LIBPRIVILEGE_CONTROL_TEST_COMMON_H_ */ diff --git a/src/libprivilege-control-tests/hello-tizen.cpp b/src/libprivilege-control-tests/hello-tizen.cpp deleted file mode 100644 index a33b090a..00000000 --- a/src/libprivilege-control-tests/hello-tizen.cpp +++ /dev/null @@ -1,6 +0,0 @@ -#include - -int main() { - std::cout << "Hello Tizen!" << std::endl; - return 0; -} diff --git a/src/libprivilege-control-tests/libprivilege-control-test.cpp b/src/libprivilege-control-tests/libprivilege-control-test.cpp deleted file mode 100644 index dbec70c8..00000000 --- a/src/libprivilege-control-tests/libprivilege-control-test.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file libprivilege-control-test.cpp - * @author Jan Olszak (j.olszak@samsung.com) - * @version 1.0 - * @brief Main file for libprivilege-control unit tests. - */ - -#include -#include - -int main (int argc, char *argv[]) -{ - LogInfo("Starting libprivilege-control tests"); - - int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); - return status; -} diff --git a/src/libprivilege-control-tests/libprivilege-control_test_common.cpp b/src/libprivilege-control-tests/libprivilege-control_test_common.cpp deleted file mode 100644 index ef7681fc..00000000 --- a/src/libprivilege-control-tests/libprivilege-control_test_common.cpp +++ /dev/null @@ -1,704 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file libprivilege-control-test.cpp - * @author Jan Olszak (j.olszak@samsung.com) - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief Main file for libprivilege-control unit tests. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include "common/duplicates.h" -#include - -#define CANARY_LABEL "tiny_yellow_canary" - -const char *USER_APP_ID = "User"; - -const char *PRIVS1[] = { "WRT", "test_privilege_control_rules1", nullptr }; -const char *PRIVS2[] = { "test_privilege_control_rules2", nullptr }; -const char *PRIVS2_NO_R[] = { "test_privilege_control_rules2_no_r", nullptr }; -const char *PRIVS2_R[] = { "test_privilege_control_rules2_r", nullptr }; -const char *PRIVS2_R_AND_NO_R[] = { "test_privilege_control_rules2_r", "test_privilege_control_rules2_no_r", nullptr }; - -const char *PRIVS_WGT[] = { "test_privilege_control_rules_wgt", nullptr }; -const char *PRIVS_OSP[] = { "test_privilege_control_rules_osp", nullptr }; -const char *PRIVS_EFL[] = { "test_privilege_control_rules_efl", nullptr }; - -const char *PRIV_APPSETTING[] {"org.tizen.privilege.appsetting", nullptr}; -const char *PRIV_APPSETTING_RULES[] = { "~APP~ ~SETTINGS_PATH~ rwx", - "~APP~ ~ALL_APPS~ rx", - nullptr}; -/** - * Check if every rule is true. - * @return 1 if ALL rules in SMACK, 0 if ANY rule isn't, -1 on failure - */ -int test_have_all_accesses(const rules_t &rules) -{ - for (size_t i = 0; i < rules.size(); ++i) { - int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str()); - if (access <= 0) - return 0; - } - return 1; -} - -/** - * Check if every rule is true. - * @return 1 if ANY rule in SMACK, 0 if NO rule in SMACK, -1 on failure - */ -int test_have_any_accesses(const rules_t &rules) -{ - for (size_t i = 0; i < rules.size(); ++i) { - int access = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str()); - if (access > 0) - return 1; - } - return 0; -} - -/** - * NOSMACK version of test_have_accesses functions. - * - * This will be used in many tests. Checks if for every rule smack_have_access returns error. - * If for any of rules smack_have_access will return something different than error, this result - * is being returned to caller. - */ -int test_have_nosmack_accesses(const rules_t &rules) -{ - int result; - for (uint i = 0; i < rules.size(); ++i) { - result = smack_have_access(rules[i][0].c_str(),rules[i][1].c_str(),rules[i][2].c_str()); - if (result != -1) - return result; - } - return -1; -} - -bool check_all_accesses(bool smack, const rules_t &rules) -{ - if (smack) - return test_have_all_accesses(rules) == 1; - else - return test_have_nosmack_accesses(rules) == -1; -} - -bool check_no_accesses(bool smack, const rules_t &rules) -{ - if (smack) - return test_have_any_accesses(rules) == 0; - else - return test_have_nosmack_accesses(rules) == -1; -} - -void read_gids(std::set &set, const char *file_path) -{ - FILE *f = fopen(file_path, "r"); - RUNNER_ASSERT_ERRNO_MSG(f != nullptr, "Unable to open file " << file_path); - unsigned gid; - while (fscanf(f, "%u\n", &gid) == 1) { - set.insert(gid); - } - fclose(f); -} - -void read_user_gids(std::set &set, const uid_t user_id) -{ - int ret; - - errno = 0; - struct passwd *pw = getpwuid(user_id); - RUNNER_ASSERT_ERRNO_MSG(pw != nullptr, "getpwuid() failed"); - - int groups_cnt = 0; - gid_t *groups_list = nullptr; - ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt); - RUNNER_ASSERT_MSG(ret == -1, "getgrouplist() failed."); - if (groups_cnt == 0) - return; - groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t)); - RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed."); - - ret = getgrouplist(pw->pw_name, pw->pw_gid, groups_list, &groups_cnt); - if (ret == -1) { - free(groups_list); - RUNNER_FAIL_MSG("getgrouplist() failed."); - } - - for (int i = 0; i < groups_cnt; ++i) { - set.insert(groups_list[i]); - } - free(groups_list); -} - -void read_current_gids(std::set &set) -{ - int groups_cnt = getgroups(0, nullptr); - RUNNER_ASSERT_ERRNO_MSG(groups_cnt > 0, "Wrong number of supplementary groups"); - gid_t *groups_list = (gid_t*) calloc(groups_cnt, sizeof(gid_t)); - RUNNER_ASSERT_MSG(groups_list != nullptr, "Memory allocation failed."); - if (getgroups(groups_cnt, groups_list) == -1){ - free(groups_list); - RUNNER_FAIL_MSG("getgroups failed."); - } - - for (int i = 0; i < groups_cnt; ++i) { - set.insert(groups_list[i]); - } - free(groups_list); -} - -void check_groups(const std::set &groups_prev, const char *dac_file) -{ - std::set groups_check; - std::set groups_current; - if(dac_file != nullptr) - read_gids(groups_check, dac_file); - read_current_gids(groups_current); - - std::string groups_left; - for (auto it = groups_prev.begin(); it != groups_prev.end(); ++it) - { - (void)groups_check.erase(*it); - if(groups_current.erase(*it) == 0) - groups_left.append(std::to_string(*it)).append(" "); - } - RUNNER_ASSERT_MSG(groups_left.empty(), - "Application lost some groups: " << groups_left); - - for (auto it = groups_check.begin(); it != groups_check.end(); ++it) - { - if(groups_current.erase(*it) == 0) - groups_left.append(std::to_string(*it)).append(" "); - } - RUNNER_ASSERT_MSG(groups_left.empty(), - "Application doesn't belong to some required groups: " << groups_left); - - for (auto it = groups_current.begin(); it != groups_current.end(); ++it) - { - groups_left.append(std::to_string(*it)).append(" "); - } - RUNNER_ASSERT_MSG(groups_left.empty(), - "Application belongs to groups it should't belong to: " << groups_left); -} - -int file_exists(const char *path) -{ - FILE *file = fopen(path, "r"); - if (file) { - fclose(file); - return 0; - } - return -1; -} - -void check_app_installed(const char *app_path) -{ - RUNNER_ASSERT_MSG(file_exists(app_path) == 0, - " App not installed: " << app_path); -} - -int nftw_remove_labels(const char *fpath, const struct stat* /*sb*/, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - smack_lsetlabel(fpath, nullptr, SMACK_LABEL_ACCESS); - smack_lsetlabel(fpath, nullptr, SMACK_LABEL_EXEC); - smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE); - - return 0; -} - -void check_perm_app_has_permission(const char *app_label, - const char *permission, - bool is_enabled_expected) -{ - int result; - bool is_enabled_result; - - result = perm_app_has_permission(app_label, APP_TYPE_WGT, permission, &is_enabled_result); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error calling perm_app_has_permission. Result: " << result); - - RUNNER_ASSERT_MSG(is_enabled_result == is_enabled_expected, - " Result of perm_app_has_permission should be: " << is_enabled_expected); -} - -int nftw_check_labels_app_dir(const char *fpath, const struct stat *sb, - const char* correctLabel) -{ - int result; - CStringPtr labelPtr; - char* label = nullptr; - - /* ACCESS */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set"); - result = strcmp(correctLabel, label); - RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"); - - /* EXEC */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR)) { - RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set"); - result = strcmp(correctLabel, label); - RUNNER_ASSERT_MSG(result == 0, "EXEC label on executable file " << fpath << " is incorrect"); - } else - RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set"); - - /* TRANSMUTE */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set"); - - return 0; -} - - -int nftw_check_labels_app_private_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - return nftw_check_labels_app_dir(fpath, sb, USER_APP_ID); -} - -int nftw_check_labels_app_floor_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - return nftw_check_labels_app_dir(fpath, sb, "_"); -} - -int nftw_check_labels_app_public_ro_dir(const char *fpath, const struct stat *sb, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - int result; - CStringPtr labelPtr; - char *label; - - /* ACCESS */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set"); - result = strcmp(LABEL_FOR_PUBLIC_SHARED_DIRS, label); - RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect"); - - /* EXEC */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set"); - - /* TRANSMUTE */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - if (S_ISDIR(sb->st_mode)) { - RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set"); - result = strcmp("TRUE", label); - RUNNER_ASSERT_MSG(result == 0, "TRANSMUTE label on " << fpath << " is not set"); - } else - RUNNER_ASSERT_MSG(label == nullptr, "TRANSMUTE label on " << fpath << " is set"); - - return 0; -} - -int nftw_set_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_ACCESS); - smack_lsetlabel(fpath, CANARY_LABEL, SMACK_LABEL_EXEC); - smack_lsetlabel(fpath, nullptr, SMACK_LABEL_TRANSMUTE); - - return 0; -} - -int nftw_check_labels_non_app_dir(const char *fpath, const struct stat* /*sb*/, - int /*typeflag*/, struct FTW* /*ftwbuf*/) -{ - int result; - CStringPtr labelPtr; - char* label = nullptr; - - /* ACCESS */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - result = strcmp(CANARY_LABEL, labelPtr.get()); - RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is overwritten"); - - /* EXEC */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - result = strcmp(CANARY_LABEL, labelPtr.get()); - RUNNER_ASSERT_MSG(result == 0, "EXEC label on " << fpath << " is overwritten"); - - /* TRANSMUTE */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - RUNNER_ASSERT_MSG(labelPtr.get() == nullptr, "TRANSMUTE label on " << fpath << " is set"); - - return 0; -} - -void test_perm_app_setup_path_PUBLIC_RO(bool smack) -{ - int result; - - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to clean Smack labels in " << TEST_APP_DIR); - - result = nftw(TEST_NON_APP_DIR, &nftw_set_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to set Smack labels in " << TEST_NON_APP_DIR); - - DB_BEGIN - - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, APP_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG(result == 0, "perm_app_setup_path() failed"); - - DB_END - - result = nftw(TEST_APP_DIR, &nftw_check_labels_app_public_ro_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for app dir"); - - result = nftw(TEST_NON_APP_DIR, &nftw_check_labels_non_app_dir, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, "Unable to check Smack labels for non-app dir"); - - RUNNER_ASSERT(check_all_accesses(smack, {{ USER_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "r"}})); -} - -void test_revoke_permissions(int line_no, const char* app_id) -{ - int result; - - // Cleanup - DB_BEGIN - - result = perm_app_uninstall(app_id); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << - "perm_app_uninstall returned " << result); - - // Close transaction to commit uninstallation before further actions - DB_END - - DB_BEGIN - - // Install test apps - result = perm_app_install(app_id); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << - "perm_app_install returned " << result); - - // Close transaction to commit installation before further actions - DB_END - - DB_BEGIN - - // TEST: - // Revoke permissions - result = perm_app_revoke_permissions(app_id); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "Line: " << line_no << - "Error revoking app permissions. Result: " << result); - - DB_END - - DB_BEGIN - - // Cleanup - uninstall test apps - result = perm_app_uninstall(app_id); - RUNNER_ASSERT_MSG(result == 0, "Line: " << line_no << - "perm_app_uninstall returned " << result); - - DB_END -} - -void test_app_enable_permissions_efl(bool smack) -{ - int result; - - DB_BEGIN - - // Prepare - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - result = perm_app_install(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << result); - - // Register a permission: - result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), - "SMACK accesses not granted for EFL_APP"); - - DB_BEGIN - - // Cleanup - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - - DB_END -} - -void test_app_disable_permissions_efl(bool smack) -{ - int result; - - DB_BEGIN - - // Prepare - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - - result = perm_app_install(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << result); - - result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), - "SMACK accesses not disabled for EFL_APP"); - - DB_BEGIN - - // Register a permission - result = perm_app_enable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_all_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), - "SMACK accesses not granted for EFL_APP"); - - DB_BEGIN - - // Disable a permission - result = perm_app_disable_permissions(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_no_accesses(smack, {{USER_APP_ID,"test_book_efl", "r"}}), - "SMACK accesses not disabled for EFL_APP"); - - DB_BEGIN - - // Cleanup - result = perm_app_uninstall(EFL_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - - DB_END -} - -void test_app_disable_permissions(bool smack) -{ - int result; - - DB_BEGIN - - // Prepare - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << result); - - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << result); - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app first permissions. Result: " << result); - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app no r permissions. Result: " << result); - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), - "SMACK accesses not disabled."); - - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), - "SMACK accesses not disabled."); - - DB_BEGIN - -/** - * Test - disable all granted permissions. - */ - - // Prepare permissions that we want to disable - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions. Result: " << result); - - DB_END - - // Are all the permissions enabled? - RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2), "Not all permisions enabled."); - - DB_BEGIN - - // Disable permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - DB_END - - // Are all the permissions disabled? - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all permisions disabled."); - -/** - * Test - disable some granted permissions leaving non complementary and then disabling those too. - */ - - DB_BEGIN - - // Prepare permissions that will not be disabled - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app first permissions. Result: " << result); - - // Prepare permissions that we want to disable - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app second permissions. Result: " << result); - - // Disable second permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app second permissions. Result: " << result); - - DB_END - - // Are all second permissions disabled? - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2), "Not all first permisions disabled."); - - // Are all first permissions not disabled? - RUNNER_ASSERT_MSG(check_all_accesses(smack, rules1), "Some of second permissions disabled."); - - DB_BEGIN - - // Disable first permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app first permissions. Result: " << result); - - DB_END - - // Are all second permissions disabled? - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules1), "Not all second permisions disabled."); - -/** - * Test - disable only no r granted permissions. - */ - - DB_BEGIN - - // Prepare permissions - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app r permissions. Result: " << result); - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app no r permissions. Result: " << result); - - // Disable same permissions without r - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app no r permissions. Result: " << result); - - DB_END - - // Is any r permissions disabled? - RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_r), "Some of r permissions disabled."); - // Are all no r permissions disabled? - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_no_r), "Not all no r permissions disabled."); - - DB_BEGIN - - // Prepare permissions - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app no r permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_all_accesses(smack, rules2_no_r), "Not all no r permissions enabled."); - - DB_BEGIN - - // Disable all permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - DB_END - - RUNNER_ASSERT_MSG(check_no_accesses(smack, rules2_r), "Not all r permissions disabled."); - - DB_BEGIN - - // Clean up after test: - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - DB_END -} diff --git a/src/libprivilege-control-tests/test_cases.cpp b/src/libprivilege-control-tests/test_cases.cpp deleted file mode 100644 index 5cb09183..00000000 --- a/src/libprivilege-control-tests/test_cases.cpp +++ /dev/null @@ -1,1032 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file test_cases.cpp - * @author Jan Olszak (j.olszak@samsung.com) - * @author Rafal Krypa (r.krypa@samsung.com) - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control test runner - */ - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include "common/duplicates.h" -#include "common/db.h" -#include "memory.h" - -// Error codes for test_libprivilege_strerror -const std::vector error_codes { - PC_OPERATION_SUCCESS, PC_ERR_FILE_OPERATION, PC_ERR_MEM_OPERATION, PC_ERR_NOT_PERMITTED, - PC_ERR_INVALID_PARAM, PC_ERR_INVALID_OPERATION, PC_ERR_DB_OPERATION, PC_ERR_DB_LABEL_TAKEN, - PC_ERR_DB_QUERY_PREP, PC_ERR_DB_QUERY_BIND, PC_ERR_DB_QUERY_STEP, PC_ERR_DB_CONNECTION, - PC_ERR_DB_NO_SUCH_APP, PC_ERR_DB_PERM_FORBIDDEN -}; - -namespace { - -std::vector gen_names(std::string prefix, std::string suffix, size_t size) -{ - std::vector names; - for(size_t i = 0; i < size; ++i) { - names.push_back(prefix + "_" + std::to_string(i) + suffix); - } - return names; -} - -const char *OSP_BLAHBLAH = "/usr/share/privilege-control/OSP_feature.blah.blahblah.smack"; -const char *WRT_BLAHBLAH ="/usr/share/privilege-control/WGT_blahblah.smack"; -const char *OTHER_BLAHBLAH ="/usr/share/privilege-control/blahblah.smack"; -const std::vector OSP_BLAHBLAH_DAC = gen_names("/usr/share/privilege-control/OSP_feature.blah.blahblah", ".dac", 16); -const char *WRT_BLAHBLAH_DAC ="/usr/share/privilege-control/WGT_blahblah.dac"; -const char *OTHER_BLAHBLAH_DAC = "/usr/share/privilege-control/blahblah.dac"; -const std::vector BLAHBLAH_FEATURE = gen_names("http://feature/blah/blahblah", "", 16); - -void osp_blahblah_dac_check(int line_no, const std::vector &gids, std::string dac_file_path) -{ - std::ifstream dac_file(dac_file_path); - RUNNER_ASSERT_MSG(dac_file, "Line: " << line_no << " Failed to create " << dac_file_path); - - auto it = gids.begin(); - std::string line; - while (std::getline(dac_file,line)) { - std::istringstream is(line); - unsigned gid; - is >> gid; - RUNNER_ASSERT_MSG(it != gids.end(), "Line: " << line_no << "Additional line in file: " << gid); - RUNNER_ASSERT_MSG(*it == gid, "Line: " << line_no << " " << *it << "!=" << gid); - it++; - } - - RUNNER_ASSERT_MSG(it == gids.end(), "Line: " << line_no << " Missing line in file: " << *it); - - dac_file.close(); -} - -void remove_smack_files() -{ - // TODO array - unlink(OSP_BLAHBLAH); - unlink(WRT_BLAHBLAH); - unlink(OTHER_BLAHBLAH); - unlink(WRT_BLAHBLAH_DAC); - unlink(OTHER_BLAHBLAH_DAC); - - for(size_t i=0; i groups_before; - read_user_gids(groups_before, TZ_APP_UID); - - result = perm_app_set_privilege(app_id, type, app_path); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error in perm_app_set_privilege. Error: " << result); - - // Check if SMACK label really set - char *label; - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result >= 0, - " Error getting current process label"); - RUNNER_ASSERT_MSG(label != nullptr, - " Process label is not set"); - - result = strcmp(USER_APP_ID, label); - RUNNER_ASSERT_MSG(result == 0, - " Process label " << label << " is incorrect"); - - check_groups(groups_before, dac_file); -} - -/** - * Set APP privileges. wgt. - */ -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_wgt) -{ - test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt); -} - -/** - * Set APP privileges. osp app. - */ -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_osp) -{ - test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp); -} - -RUNNER_CHILD_TEST_SMACK(privilege_control05_set_app_privilege_efl) -{ - test_set_app_privilege(GENERATED_APP_ID, APP_TYPE_EFL, PRIVS_EFL, - "rpm", EFL_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl); -} - -/** - * Add new API feature - */ -RUNNER_TEST(privilege_control08_add_api_feature) -{ - int result; - - remove_smack_files(); - - DB_BEGIN - - // argument validation - result = perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0); - RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM); - - result = perm_add_api_feature(APP_TYPE_OSP,"", nullptr, nullptr, 0); - RUNNER_ASSERT(result == PC_ERR_INVALID_PARAM); - - - // Already existing feature: - // TODO: Database will be malformed. (Rules for these features will be removed.) - result = perm_add_api_feature(APP_TYPE_OSP,"http://tizen.org/privilege/messaging.read", nullptr, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - result = perm_add_api_feature(APP_TYPE_WGT,"http://tizen.org/privilege/messaging.sms", nullptr, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - // empty features - result = perm_add_api_feature(APP_TYPE_OSP,"blahblah", nullptr, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - result = perm_add_api_feature(APP_TYPE_WGT,"blahblah", nullptr, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - // empty rules - const char *test1[] = { nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[0].c_str(), test1, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - const char *test2[] = { "", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[1].c_str(), test2, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - const char *test3[] = { " \t\n", "\t \n", "\n\t ", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[2].c_str(), test3, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - // malformed rules - const char *test4[] = { "malformed", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[3].c_str(), test4, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - - const char *test5[] = { "malformed malformed", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[4].c_str(), test5, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - - const char *test6[] = { "-malformed malformed rwxat", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[5].c_str(), test6, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - - const char *test7[] = { "~/\"\\ malformed rwxat", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[6].c_str(), test7, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - - const char *test8[] = { "subject object rwxat something else", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[7].c_str(), test8, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_ERR_INVALID_PARAM, "perm_add_api_feature returned: " << result); - - - // correct rules - const char *test9[] = { - "~APP~ object\t rwxatl", - " \t \n", - "subject2\t~APP~ ltxarw", - "", - nullptr}; - - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[8].c_str(), test9, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - const char *test10[] = { "Sub::jE,ct ~APP~ a-rwxl", nullptr }; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[9].c_str(), test10, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - const char *test11[] = { "Sub::sjE,ct ~APP~ a-RwXL", nullptr }; // TODO This fails. - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[10].c_str(), test11, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - - // TODO For now identical/complementary rules are not merged. - const char *test12[] = { - "subject1 ~APP~ rwxatl", - " \t \n", - "subject2 ~APP~ ltxarw", - "", - nullptr}; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[11].c_str(), test12, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - - // empty group ids - const char *test13[] = { "~APP~ b a", nullptr}; - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[12].c_str(), test13,(const gid_t[]) {0,1,2},0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - result = file_exists(OSP_BLAHBLAH_DAC[12].c_str()); - RUNNER_ASSERT(result == -1); - remove_smack_files(); - - - // valid group ids - result = perm_add_api_feature(APP_TYPE_OSP,BLAHBLAH_FEATURE[13].c_str(), test13,(const gid_t[]) {0,1,2},3); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - osp_blahblah_dac_check(__LINE__, {0,1,2}, OSP_BLAHBLAH_DAC[13]); - remove_smack_files(); - - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[14].c_str(), test13,(const gid_t[]) {0,1,2},1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - osp_blahblah_dac_check(__LINE__, {0}, OSP_BLAHBLAH_DAC[14]); - remove_smack_files(); - - result = perm_add_api_feature(APP_TYPE_OSP, BLAHBLAH_FEATURE[15].c_str(), test13,(const gid_t[]) {1,1,1},3); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_add_api_feature returned: " << result); - osp_blahblah_dac_check(__LINE__, {1,1,1},OSP_BLAHBLAH_DAC[15]); - remove_smack_files(); - - DB_END -} - -/** - * Add new API feature, assign it to an app and redefine the API feature. - * Check if app rules has changed after redefinition. - */ -RUNNER_TEST_SMACK(privilege_control09_perm_add_api_feature_redefine) -{ - int result; - const char *permissionName[] = { "org.tizen.test.permtoberedefined", nullptr}; - - // Rules to be used with the first check - const rules_t test_rules1 = { - { GENERATED_APP_ID, PERM_TO_REDEFINE, "rx" }, - { PERM_TO_REDEFINE, GENERATED_APP_ID, "rwx" }, - { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" } - }; - - // Rules that contain differences - to be used with the second check (after re-def) - const rules_t test_rules2 = { - { GENERATED_APP_ID, PERM_TO_REDEFINE, "rwx" }, - { PERM_TO_REDEFINE, GENERATED_APP_ID, "rx" }, - { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "watl" } - }; - - // Differences between rules1 and rules2 - should be revoked after re-def) - const rules_t diff_rules = { - { PERM_TO_REDEFINE, GENERATED_APP_ID, "w" }, - { GENERATED_APP_ID, PERM_SUB_TO_REDEFINE, "rx" } - }; - - // Rules to be used with the first definition - const char *perm_rules1[] = { - "~APP~ " PERM_TO_REDEFINE " rx", - PERM_TO_REDEFINE " ~APP~ rwx", - "~APP~ " PERM_SUB_TO_REDEFINE " rx", - nullptr - }; - - // Rules that contain differences - to be used with the second definition (re-def) - const char *perm_rules2[] = { - "~APP~ " PERM_TO_REDEFINE " rwx", - PERM_TO_REDEFINE " ~APP~ rx", - "~APP~ " PERM_SUB_TO_REDEFINE " watl", - nullptr - }; - - DB_BEGIN - - // uninstall app to make sure that all rules and permissions are revoked - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall failed: " << perm_strerror(result)); - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install failed: " << perm_strerror(result)); - - result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules1, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_add_api_feature failed: " << result); - - result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, permissionName, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_enable_permissions failed: " << perm_strerror(result)); - - DB_END - - // Check if rules are applied - result = test_have_all_accesses(test_rules1); - RUNNER_ASSERT_MSG(result == 1, "Not all permissions added."); - - DB_BEGIN - - // Redefine the permission - result = perm_add_api_feature(APP_TYPE_OSP, permissionName[0], perm_rules2, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_add_api_feature failed: " << result); - - DB_END - - // Check if rules are updated - result = test_have_all_accesses(test_rules2); - RUNNER_ASSERT_MSG(result == 1, "Not all permissions added after update."); - // The difference between rules1 and rules2 should be revoked! - result = test_have_any_accesses(diff_rules); - RUNNER_ASSERT_MSG(result == 0, "Permissions are not fully updated."); -} - -/* - * Check perm_app_uninstall function - */ -void check_perm_app_uninstall(const char* pkg_id) -{ - int result; - - DB_BEGIN - - result = perm_app_uninstall(pkg_id); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned: " << perm_strerror(result)); - - DB_END -} - -RUNNER_TEST(privilege_control07_app_uninstall) -{ - check_perm_app_uninstall(APP_ID); -} - -/* - * Check perm_app_install function - */ -void check_perm_app_install(const char* pkg_id) -{ - int result; - - DB_BEGIN - - result = perm_app_install(pkg_id); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result)); - - DB_END - - TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(USER_APP_ID); -} - -RUNNER_TEST(privilege_control01_app_install) -{ - check_perm_app_uninstall(APP_ID); - check_perm_app_install(APP_ID); - // try install second time app with the same ID - it should pass. - check_perm_app_install(APP_ID); -} - -/* - * Check perm_rollback function - */ -RUNNER_TEST(privilege_control07_app_rollback) -{ - check_perm_app_uninstall(APP_ID); - - int result; - - DB_BEGIN - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result)); - - // transaction rollback - result = perm_rollback(); - RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result)); - - DB_END -} - -RUNNER_TEST(privilege_control07_app_rollback_2) -{ - check_perm_app_uninstall(APP_ID); - - int result; - - DB_BEGIN - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result)); - - // transaction rollback - result = perm_rollback(); - RUNNER_ASSERT_MSG(result == 0, "perm_rollback returned: " << perm_strerror(result)); - - // install once again after the rollback - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned: " << perm_strerror(result)); - - DB_END - - TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(USER_APP_ID); -} - -/** - * Grant SMACK permissions based on permissions list. - */ -RUNNER_TEST_SMACK(privilege_control11_app_enable_permissions) -{ - int result; - - // Clean up after test: - DB_BEGIN - - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - -/** - * Test - Enabling all permissions with persistant mode enabled - */ - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); - - DB_BEGIN - - // Clean up - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - DB_END - -/** - * Test - Enabling all permissions with persistant mode disabled - */ - - DB_BEGIN - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions. Result: " << result); - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); - - DB_BEGIN - - // Clean up - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - DB_END - -/** - * Test - Registering new permissions in two complementary files - */ - - DB_BEGIN - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions not added."); - - DB_BEGIN - - // Clean up - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - DB_END - -/** - * Test - Enabling some permissions and then enabling complementary permissions - */ - - DB_BEGIN - - // Register permission for rules 2 no r - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions without r. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added."); - - DB_BEGIN - - // Register permission for rules 2 - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app all permissions. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Permissions all not added."); - - DB_BEGIN - - // Clean up - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - -/** - * Test - Enabling some permissions and then enabling all permissions - */ - - // Enable permission for rules 2 no r - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions without r. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2_no_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions without r not added."); - - DB_BEGIN - - // Enable permission for rules 2 - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions with only r. Result: " << result); - - DB_END - - // Check if the accesses are realy applied.. - result = test_have_all_accesses(rules2_r); - RUNNER_ASSERT_MSG(result == 1, "Permissions with only r not added."); - - DB_BEGIN - - // Clean up - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - - - // Clean up after test: - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - DB_END -} - -RUNNER_CHILD_TEST_SMACK(privilege_control11_app_enable_permissions_efl) -{ - test_app_enable_permissions_efl(true); -} - -/* - * Check perm_app_install function - */ -RUNNER_CHILD_TEST_SMACK(privilege_control12_app_disable_permissions_efl) -{ - test_app_disable_permissions_efl(true); -} - - -/** - * Remove previously granted SMACK permissions based on permissions list. - */ -RUNNER_TEST_SMACK(privilege_control12_app_disable_permissions) -{ - test_app_disable_permissions(true); -} - -/** - * Reset SMACK permissions for an application by revoking all previously - * granted rules and enabling them again from a rules file from disk. - */ -// TODO: This test is incomplete. -RUNNER_TEST_SMACK(privilege_control13_app_reset_permissions) -{ - int result; - -/** - * Test - doing reset and checking if rules exist again. - */ - - DB_BEGIN - - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - // Disable permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - // Prepare permissions to reset - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error registering app permissions. Result: " << result); - - // Reset permissions - result = perm_app_reset_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error reseting app permissions. Result: " << result); - - DB_END - - // Are all second permissions not disabled? - result = test_have_all_accesses(rules2); - RUNNER_ASSERT_MSG(result == 1, "Not all permissions added."); - - DB_BEGIN - - // Disable permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == 0, "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - DB_END -} - -static void smack_set_random_label_based_on_pid_on_self(void) -{ - int result; - std::stringstream ss; - - ss << "s-" << getpid() << "-" << getppid(); - result = smack_set_label_for_self(ss.str().c_str()); - RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" - << ss.str().c_str() << ") failed"); -} - -static void smack_unix_sock_server(int sock) -{ - int fd, result; - char *smack_label; - - alarm(2); - fd = accept(sock, nullptr, nullptr); - alarm(0); - if (fd < 0) - return; - - FdUniquePtr fdPtr(&fd); - - result = smack_new_label_from_self(&smack_label); - RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed"); - SmackLabelPtr smackLabelPtr(smack_label); - - ssize_t bitsNum = write(fd, smack_label, strlen(smack_label)); - RUNNER_ASSERT_ERRNO_MSG(bitsNum >= 0 && static_cast(bitsNum) == strlen(smack_label), - "write() failed"); -} - -RUNNER_MULTIPROCESS_TEST_SMACK(privilege_control15_app_id_from_socket) -{ - int pid; - struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; - - unlink(SOCK_PATH); - pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); - - smack_set_random_label_based_on_pid_on_self(); - - if (!pid) { /* child process, server */ - int sock, result; - - /* Set the process label before creating a socket */ - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sockPtr(&sock); - - result = bind(sock, - (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed"); - - result = listen(sock, 1); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed"); - smack_unix_sock_server(sock); - - /* Change the process label with listening socket */ - smack_unix_sock_server(sock); - - pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); - /* Now running two concurrent servers. - Test if socket label was unaffected by fork() */ - smack_unix_sock_server(sock); - /* Let's give the two servers different labels */ - smack_unix_sock_server(sock); - - exit(0); - } else { /* parent process, client */ - sleep(1); /* Give server some time to setup listening socket */ - int i; - for (i = 0; i < 4; ++i) { - int sock; - int result; - char smack_label1[SMACK_LABEL_LEN + 1]; - char *smack_label2; - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sockPtr(&sock); - - result = connect(sock, - (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed"); - - alarm(2); - result = read(sock, smack_label1, SMACK_LABEL_LEN); - alarm(0); - RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed"); - - smack_label1[result] = '\0'; - smack_label2 = perm_app_id_from_socket(sock); - RUNNER_ASSERT_MSG(smack_label2 != nullptr, "perm_app_id_from_socket failed"); - result = strcmp(smack_label1, smack_label2); - RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1 - << "' != '" << smack_label2 << "-" << random() << "'"); - } - } -} - -RUNNER_TEST(privilege_control20_perm_app_has_permission) -{ - int result; - const char *other_app_label = "test_other_app_label"; - - DB_BEGIN - - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error uninstalling app. Result" << result); - - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error installing app. Result" << result); - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R_AND_NO_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r and no r permissions. Result: " << result); - - DB_END - - check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false); - check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false); - - DB_BEGIN - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering app r permissions. Result: " << result); - - DB_END - - check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true); - check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false); - - DB_BEGIN - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering app r permissions. Result: " << result); - - DB_END - - check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], true); - check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true); - check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false); - - DB_BEGIN - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r and no r permissions. Result: " << result); - - DB_END - - check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false); - check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], true); - check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false); - - DB_BEGIN - - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2_NO_R); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r and no r permissions. Result: " << result); - - DB_END - - check_perm_app_has_permission(USER_APP_ID, PRIVS2_R[0], false); - check_perm_app_has_permission(USER_APP_ID, PRIVS2_NO_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_R[0], false); - check_perm_app_has_permission(other_app_label, PRIVS2_NO_R[0], false); -} - -RUNNER_TEST(privilege_control25_test_libprivilege_strerror) { - int POSITIVE_ERROR_CODE = 1; - int NONEXISTING_ERROR_CODE = -239042; - const char *result; - - for (auto itr = error_codes.begin(); itr != error_codes.end(); ++itr) { - RUNNER_ASSERT_MSG(strcmp(perm_strerror(*itr), "Unknown error") != 0, - "Returned invalid error code description."); - } - - result = perm_strerror(POSITIVE_ERROR_CODE); - RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0, - "Bad message returned for invalid error code: \"" << result << "\""); - - result = perm_strerror(NONEXISTING_ERROR_CODE); - RUNNER_ASSERT_MSG(strcmp(result, "Unknown error") == 0, - "Bad message returned for invalid error code: \"" << result << "\""); -} diff --git a/src/libprivilege-control-tests/test_cases_incorrect_params.cpp b/src/libprivilege-control-tests/test_cases_incorrect_params.cpp deleted file mode 100644 index 077e2480..00000000 --- a/src/libprivilege-control-tests/test_cases_incorrect_params.cpp +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file test_cases.cpp - * @author Jan Olszak (j.olszak@samsung.com) - * @author Rafal Krypa (r.krypa@samsung.com) - * @version 1.0 - * @brief libprivilege-control test runner - */ - -#include -#include -#include -#include -#include -#include - - - -////////////////////////////////////////////////////// -//TEST FOR INCORRECT PARAMS CHECK IN LIBPRIVILEGE APIS -////////////////////////////////////////////////////// - -RUNNER_TEST_GROUP_INIT(libprivilegecontrol_incorrect_params) - -RUNNER_TEST(privilege_control21c_incorrect_params_perm_app_set_privilege) -{ - RUNNER_ASSERT_MSG(perm_app_set_privilege(nullptr, nullptr, APP_SET_PRIV_PATH) == PC_ERR_INVALID_PARAM, - "perm_app_set_privilege didn't check if package name isn't nullptr."); -} - -RUNNER_TEST(privilege_control21d_incorrect_params_perm_app_install) -{ - RUNNER_ASSERT_MSG(perm_app_install(nullptr) == PC_ERR_INVALID_PARAM, - "perm_app_install didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_install("") == PC_ERR_INVALID_PARAM, - "perm_app_install didn't check if pkg_id isn't empty."); -} - -RUNNER_TEST(privilege_control21e_incorrect_params_perm_app_uninstall) -{ - RUNNER_ASSERT_MSG(perm_app_uninstall(nullptr) == PC_ERR_INVALID_PARAM, - "perm_app_uninstall didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_uninstall("") == PC_ERR_INVALID_PARAM, - "perm_app_uninstall didn't check if pkg_id isn't empty."); -} - -RUNNER_TEST(privilege_control21f_incorrect_params_perm_app_enable_permissions) -{ - RUNNER_ASSERT_MSG(perm_app_enable_permissions(APP_ID, APP_TYPE_OTHER, nullptr, 1) == PC_ERR_INVALID_PARAM, - "perm_app_enable_permissions didn't check if perm_list isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_enable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM, - "perm_app_enable_permissions didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_enable_permissions("", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM, - "perm_app_enable_permissions didn't check if pkg_id isn't empty."); - RUNNER_ASSERT_MSG(perm_app_enable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2, 1) == PC_ERR_INVALID_PARAM, - "perm_app_enable_permissions didn't check if pkg_id is valid"); -} - -RUNNER_TEST(privilege_control21g_incorrect_params_app_revoke_permissions) -{ - RUNNER_ASSERT_MSG(perm_app_revoke_permissions(nullptr) == PC_ERR_INVALID_PARAM, - "perm_app_revoke_permissions didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_revoke_permissions("") == PC_ERR_INVALID_PARAM, - "perm_app_revoke_permissions didn't check if pkg_id isn't empty."); - RUNNER_ASSERT_MSG(perm_app_revoke_permissions("~APP~") == PC_ERR_INVALID_PARAM, - "perm_app_revoke_permissions didn't check if pkg_id is valid."); -} - -RUNNER_TEST(privilege_control21h_incorrect_params_app_reset_permissions) -{ - RUNNER_ASSERT_MSG(perm_app_reset_permissions(nullptr) == PC_ERR_INVALID_PARAM, - "perm_app_reset_permissions didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_reset_permissions("") == PC_ERR_INVALID_PARAM, - "perm_app_reset_permissions didn't check if pkg_id isn't empty."); - RUNNER_ASSERT_MSG(perm_app_reset_permissions("~APP~") == PC_ERR_INVALID_PARAM, - "perm_app_reset_permissions didn't check if pkg_id is valid."); -} - -RUNNER_TEST(privilege_control21i_incorrect_params_app_setup_path) -{ - RUNNER_ASSERT_MSG(perm_app_setup_path(APPID_DIR, nullptr, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, - "perm_app_setup_path didn't check if path isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_setup_path(nullptr, TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, - "perm_app_setup_path didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_setup_path("", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, - "perm_app_setup_path didn't check if pkg_id isn't empty."); - RUNNER_ASSERT_MSG(perm_app_setup_path("~APP~", TEST_APP_DIR, APP_PATH_PRIVATE) == PC_ERR_INVALID_PARAM, - "perm_app_setup_path didn't check if pkg_id is valid."); -} - -RUNNER_TEST(privilege_control21k_incorrect_params_add_api_feature) -{ - RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, nullptr, nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM, - "perm_add_api_feature didn't check if api_feature_name isn't nullptr."); - RUNNER_ASSERT_MSG(perm_add_api_feature(APP_TYPE_OSP, "", nullptr, nullptr, 0) == PC_ERR_INVALID_PARAM, - "perm_add_api_feature didn't check if api_feature_name isn't empty."); -} - -RUNNER_TEST(privilege_control21l_incorrect_params_ignored_disable_permissions) -{ - RUNNER_ASSERT_MSG(perm_app_disable_permissions(APP_ID, APP_TYPE_OTHER, nullptr) == PC_ERR_INVALID_PARAM, - "perm_app_disable_permissions didn't check if perm_list isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_disable_permissions(nullptr, APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, - "perm_app_disable_permissions didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_disable_permissions("", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, - "perm_app_disable_permissions didn't check if pkg_id isn't empty."); - RUNNER_ASSERT_MSG(perm_app_disable_permissions("~APP~", APP_TYPE_OTHER, PRIVS2) == PC_ERR_INVALID_PARAM, - "perm_app_disable_permissions didn't check if pkg_id is valid."); -} - -RUNNER_TEST(privilege_control21m_incorrect_params_perm_app_has_permission) -{ - bool has_permission; - const char *app_label = "test_app_label"; - - RUNNER_ASSERT_MSG(perm_app_has_permission(nullptr, APP_TYPE_WGT, - PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM, - "perm_app_has_permission didn't check if pkg_id isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_OTHER, - PRIVS2[0], &has_permission) == PC_ERR_INVALID_PARAM, - "perm_app_has_permission should not accept app_type = OTHER."); - RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT, - nullptr, &has_permission) == PC_ERR_INVALID_PARAM, - "perm_app_has_permission didn't check if permission_name isn't nullptr."); - RUNNER_ASSERT_MSG(perm_app_has_permission(app_label, APP_TYPE_WGT, - PRIVS2[0], nullptr) == PC_ERR_INVALID_PARAM, - "perm_app_has_permission didn't check if has_permission isn't nullptr."); -} diff --git a/src/libprivilege-control-tests/test_cases_nosmack.cpp b/src/libprivilege-control-tests/test_cases_nosmack.cpp deleted file mode 100644 index 03fdf237..00000000 --- a/src/libprivilege-control-tests/test_cases_nosmack.cpp +++ /dev/null @@ -1,447 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file test_cases.cpp - * @author Jan Olszak (j.olszak@samsung.com) - * @author Rafal Krypa (r.krypa@samsung.com) - * @author Lukasz Wojciechowski (l.wojciechow@partner.samsung.com) - * @version 1.0 - * @brief libprivilege-control test runner - */ - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include "common/db.h" -#include - -#define APP_USER_NAME "app" -#define APP_HOME_DIR "/opt/home/app" - - -#define APP_SET_PRIV_PATH_REAL "/etc/smack/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL" - - -///////////////////////////////////////// -//////NOSMACK ENVIRONMENT TESTS////////// -///////////////////////////////////////// - -RUNNER_TEST_GROUP_INIT(libprivilegecontrol_nosmack) - -RUNNER_TEST_NOSMACK(privilege_control02_perm_app_setup_path_03_PUBLIC_RO_nosmack) -{ - test_perm_app_setup_path_PUBLIC_RO(false); -} - -/** - * NOSMACK version of privilege_control04 test. - * - * Tries to add permisions from test_privilege_control_rules template and checks if - * smack_have_access returns -1 on check between every rule. - */ -RUNNER_TEST_NOSMACK(privilege_control04_add_permissions_nosmack) -{ - int result; - - DB_BEGIN - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == 0, - "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == 0, - "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - //Add permissions - result = perm_app_enable_permissions(APP_ID, APP_TYPE_EFL, PRIVS_EFL, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error adding app permissions. Result: " << result); - - DB_END - - //Check if smack_have_access always fails on every rule - result = test_have_nosmack_accesses(rules_efl); - RUNNER_ASSERT_MSG(result == -1, - "Despite SMACK being off some accesses were added. Result: " << result); - - TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(USER_APP_ID); - db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL, true); - - DB_BEGIN - - result = perm_app_disable_permissions(USER_APP_ID, APP_TYPE_EFL, PRIVS_EFL); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling permissions: " << perm_strerror(result)); - DB_END -} - -void test_set_app_privilege_nosmack( - const char* app_id, app_type_t app_type, - const char** privileges, const char* type, - const char* app_path, const char* dac_file, - const rules_t &rules) -{ - check_app_installed(app_path); - - int result; - - DB_BEGIN - - result = perm_app_uninstall(app_id); - RUNNER_ASSERT_MSG(result == 0, - "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_install(app_id); - RUNNER_ASSERT_MSG(result == 0, - "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_enable_permissions(app_id, app_type, privileges, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error enabling app permissions. Result: " << result); - - DB_END - - result = test_have_nosmack_accesses(rules); - RUNNER_ASSERT_MSG(result == -1, - " Permissions shouldn't be added. Result: " << result); - - std::set groups_before; - read_user_gids(groups_before, TZ_APP_UID); - - result = perm_app_set_privilege(app_id, type, app_path); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error in perm_app_set_privilege. Error: " << result); - - //Even though app privileges are set, no smack label should be extracted. - char* label = nullptr; - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result == -1, - " new_label_from_self should return error (SMACK is off). Result: " << result); - RUNNER_ASSERT_MSG(label == nullptr, - " new_label_from_self shouldn't allocate memory for label."); - - check_groups(groups_before, dac_file); -} - -/** - * NOSMACK version of privilege_control05_set_app_privilege test. - * - * Another very similar test to it's SMACK version, this time smack_new_label_from_self is - * expected to return different result. - */ -RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_nosmack) -{ - int result; - - check_app_installed(APP_SET_PRIV_PATH); - - //Preset exec label - smack_lsetlabel(APP_SET_PRIV_PATH_REAL, APP_ID, SMACK_LABEL_EXEC); - smack_lsetlabel(APP_SET_PRIV_PATH, APP_ID "_symlink", SMACK_LABEL_EXEC); - - DB_BEGIN - perm_app_uninstall(APP_ID); - DB_END - - std::set groups_before; - read_user_gids(groups_before, TZ_APP_UID); - - //Set app privileges - result = perm_app_set_privilege(APP_ID, nullptr, APP_SET_PRIV_PATH); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_set_privilege. Error: " << result); - - //Even though app privileges are set, no smack label should be extracted. - char* label = nullptr; - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result == -1, - "new_label_from_self should return error (SMACK is off). Result: " << result); - RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory for label."); - - //Check if DAC privileges really set - RUNNER_ASSERT_MSG(getuid() == TZ_APP_UID, "Wrong UID"); - RUNNER_ASSERT_MSG(getgid() == TZ_APP_GID, "Wrong GID"); - - result = strcmp(getenv("HOME"), APP_HOME_DIR); - RUNNER_ASSERT_MSG(result == 0, "Wrong HOME DIR. Result: " << result); - - result = strcmp(getenv("USER"), APP_USER_NAME); - RUNNER_ASSERT_MSG(result == 0, "Wrong user USER NAME. Result: " << result); - - check_groups(groups_before, nullptr); -} - -/** - * NOSMACK version of privilege_control05_set_app_privilege_wgt test. - * - * Same as the above, plus uses test_have_nosmack_accesses instead of test_have_all_accesses. - */ -RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_wgt_nosmack) -{ - test_set_app_privilege_nosmack(WGT_APP_ID, APP_TYPE_WGT, PRIVS_WGT, "wgt", WGT_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_WGT, rules_wgt); -} - -/** - * NOSMACK version of privilege_control05_set_app_privilege_osp test. - * - * Same as the above. - */ -RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_osp_nosmack) -{ - test_set_app_privilege_nosmack(OSP_APP_ID, APP_TYPE_OSP, PRIVS_OSP, "tpk", OSP_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_OSP, rules_osp); -} - -RUNNER_CHILD_TEST_NOSMACK(privilege_control05_set_app_privilege_efl_nosmack) -{ - test_set_app_privilege_nosmack(EFL_APP_ID, APP_TYPE_EFL, PRIVS_EFL, - "rpm", EFL_APP_PATH, - LIBPRIVILEGE_TEST_DAC_FILE_EFL, rules_efl); -} - -/** - * Revoke permissions from the list. Should be executed as privileged user. - */ -RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_wgt_nosmack) -{ - test_revoke_permissions(__LINE__, WGT_APP_ID); -} - -/** - * Revoke permissions from the list. Should be executed as privileged user. - */ -RUNNER_CHILD_TEST_NOSMACK(privilege_control06_revoke_permissions_osp_nosmack) -{ - test_revoke_permissions(__LINE__, OSP_APP_ID); -} - -/** - * NOSMACK version of privilege_control11_app_enable_permissions test. - * - * Since the original test did the same thing around five times, there is no need to redo the - * same test for perm_app_enable_permissions. perm_app_enable_permissions will be called once, - * test_have_nosmack_accesses will check if smack_have_access still returns error and then - * we will check if SMACK file was correctly created. - */ -RUNNER_TEST_NOSMACK(privilege_control11_app_enable_permissions_nosmack) -{ - int result; - - DB_BEGIN - - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, 1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error enabling app permissions. Result: " << result); - - DB_END - - //Check if accesses aren't added - result = test_have_nosmack_accesses(rules2); - RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be added. Result: " << result); - - TestLibPrivilegeControlDatabase db_test; - db_test.test_db_after__perm_app_install(USER_APP_ID); - db_test.test_db_after__perm_app_enable_permissions(USER_APP_ID, APP_TYPE_WGT, PRIVS2, true); - - DB_BEGIN - - //Clean up - result = perm_app_revoke_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error revoking app permissions. Result: " << result); - - DB_END - - db_test.test_db_after__perm_app_install(USER_APP_ID); -} - -RUNNER_CHILD_TEST_NOSMACK(privilege_control11_app_enable_permissions_efl_nosmack) -{ - test_app_enable_permissions_efl(false); -} - -/* - * Check perm_app_install function - */ -RUNNER_CHILD_TEST_NOSMACK(privilege_control12_app_disable_permissions_efl_nosmack) -{ - test_app_disable_permissions_efl(false); -} - -/** - * Remove previously granted SMACK permissions based on permissions list. - */ -RUNNER_TEST_NOSMACK(privilege_control12_app_disable_permissions_nosmack) -{ - test_app_disable_permissions(false); -} - -/** - * NOSMACK version of privilege_control13 test. - * - * Uses perm_app_reset_permissions and checks with test_have_nosmack_accesses if nothing has - * changed. - */ -RUNNER_TEST_NOSMACK(privilege_control13_app_reset_permissions_nosmack) -{ - int result; - - DB_BEGIN - - result = perm_app_uninstall(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_uninstall returned " << result << ". Errno: " << strerror(errno)); - - result = perm_app_install(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "perm_app_install returned " << result << ". Errno: " << strerror(errno)); - - // Disable permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - // Prepare permissions to reset - result = perm_app_enable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error adding app permissions. Result: " << result); - - // Reset permissions - result = perm_app_reset_permissions(WGT_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error reseting app permissions. Result: " << result); - - DB_END - - result = test_have_nosmack_accesses(rules2); - RUNNER_ASSERT_MSG(result == -1, "Permissions shouldn't be changed. Result: " << result); - - DB_BEGIN - - // Disable permissions - result = perm_app_disable_permissions(WGT_APP_ID, APP_TYPE_WGT, PRIVS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app permissions. Result: " << result); - - DB_END -} - -/** - * NOSMACK version of privilege_control15_app_id_from_socket. - * - * SMACK version of this test case utilized smack_new_label_from_self and smack_set_label_for_self. - * Those functions rely on /proc/self/attr/current file, which is unreadable and has no contents on - * NOSMACK environment. Functions mentioned above were tested during libsmack tests, so they are - * assumed to react correctly and are not tested in this test case. - * - * This test works similarly to libsmack test smack09_new_label_from_socket. At first server and - * client are created then sockets are set up and perm_app_id_from_socket is used. On NOSMACK env - * correct behavior for perm_app_id_from_socket would be returning nullptr label. - */ -RUNNER_MULTIPROCESS_TEST_NOSMACK(privilege_control15_app_id_from_socket_nosmack) -{ - int pid; - struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; - - //Clean up before creating socket - unlink(SOCK_PATH); - - //Create our server and client with fork - pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); - - if (!pid) { //child (server) - int sock, result, fd; - - //Create a socket - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sockPtr(&sock); - - //Bind socket to address - result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed"); - - //Prepare for listening - result = listen(sock, 1); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed"); - - //Accept connection - alarm(2); - fd = accept(sock, nullptr, nullptr); - alarm(0); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "accept failed"); - - //Wait a little bit for client to use perm_app_id_from_socket - usleep(200); - - //cleanup - exit(0); - } else { //parent (client) - // Give server some time to setup listening socket - sleep(1); - int sock, result; - char* smack_label = nullptr; - - //Create socket - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sockPtr(&sock); - - //Try connecting to address - result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed"); - - //Use perm_app_id_from_socket. Should fail and return nullptr smack_label. - smack_label = perm_app_id_from_socket(sock); - RUNNER_ASSERT_MSG(!smack_label, "perm_app_id_from_socket should fail."); - - //cleanup - RUNNER_ASSERT_MSG(smack_label == nullptr, "perm_app_id_from_socket should fail."); - } -} diff --git a/src/libprivilege-control-tests/test_cases_stress.cpp b/src/libprivilege-control-tests/test_cases_stress.cpp deleted file mode 100644 index 31d91625..00000000 --- a/src/libprivilege-control-tests/test_cases_stress.cpp +++ /dev/null @@ -1,888 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file test_cases.cpp - * @author Jan Olszak (j.olszak@samsung.com) - * @author Rafal Krypa (r.krypa@samsung.com) - * @version 1.0 - * @brief libprivilege-control test runner - */ - -#include -#include -#include -#include -#include -#include -#include - -// ---- Macros and arrays used in stress tests ---- -#define TEST_OSP_FEATURE_APP_ID "test-osp-feature-app" -#define TEST_WGT_FEATURE_APP_ID "test-wgt-feature-app" -#define TEST_OSP_FEATURE "OSP_test-feature.osp_rxl" -#define TEST_WGT_FEATURE "WGT_test-feature.wgt_rxl" - -#define APP_TEST_SETTINGS_ASP1 "test-app-settings-asp1" -// OSP Api Feature Test data - gives rxl access to OSP app and rl access to WGT app also! -const char *test_osp_feature_rule_set[] = { "~APP~ " TEST_OSP_FEATURE_APP_ID " rxl", - "~APP~ " TEST_WGT_FEATURE_APP_ID " rl", - nullptr }; -const char *TEST_OSP_FEATURE_PRIVS[] = { TEST_OSP_FEATURE, nullptr }; -// WGT Api Feature Test data - rwx access only to WGT app -const char *test_wgt_feature_rule_set[] = { "~APP~ " TEST_WGT_FEATURE_APP_ID " rwx", - nullptr }; -const char *TEST_WGT_FEATURE_PRIVS[] = { TEST_WGT_FEATURE, nullptr }; - -rules_t rules_to_test_any_access1 = { - { TEST_OSP_FEATURE_APP_ID, APP_ID, "r" }, - { TEST_OSP_FEATURE_APP_ID, APP_ID, "w" }, - { TEST_OSP_FEATURE_APP_ID, APP_ID, "x" }, - { TEST_OSP_FEATURE_APP_ID, APP_ID, "a" }, - { TEST_OSP_FEATURE_APP_ID, APP_ID, "t" }, - { TEST_OSP_FEATURE_APP_ID, APP_ID, "l" } -}; - -rules_t rules_to_test_any_access2 = { - { APP_ID, TEST_OSP_FEATURE_APP_ID, "r" }, - { APP_ID, TEST_OSP_FEATURE_APP_ID, "x" }, - { APP_ID, TEST_OSP_FEATURE_APP_ID, "l" }, - { APP_ID, TEST_WGT_FEATURE_APP_ID, "r" }, - { APP_ID, TEST_WGT_FEATURE_APP_ID, "w" }, - { APP_ID, TEST_WGT_FEATURE_APP_ID, "x" }, - { APP_ID, TEST_WGT_FEATURE_APP_ID, "l" } -}; - -#define FMT_VECTOR_TO_TEST_ANY_ACCESS(sub,obj) \ - (const rules_t) { \ - { sub, obj, "r" }, \ - { sub, obj, "w" }, \ - { sub, obj, "x" }, \ - { sub, obj, "a" }, \ - { sub, obj, "t" }, \ - { sub, obj, "l" } } - -RUNNER_TEST_GROUP_INIT(libprivilegecontrol_stress) - -/** - * Test - Simulation of 100 installations and uninstallations of one application. - * Installed application will have various kind of permissions from api - * features and shared folders. - */ -void privilege_control22_app_installation_1x100(bool smack) -{ - int result; - const int expected_smack_result = smack ? 1:-1; - std::string shared_dir_auto_label; - - // Clear any previously created apps, files, labels and permissions - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, - "Unable to clean up Smack labels in: " << TEST_APP_DIR - << ". Result: " << result); - - result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, - "Unable to clean up Smack labels in: " << TEST_NON_APP_DIR - << ". Result: " << result); - - DB_BEGIN - - result = perm_app_revoke_permissions(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions. Result: " << result); - - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Result: " << result); - - // Install setting app and give it app-setting permissions - result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions. Result: " << result); - result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Result: " << result); - result = perm_app_install(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_install. Result: " << result); - - // Register appsettings feature - result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error while registering api feature. Result: " << result); - - result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1, - APP_TYPE_OSP, PRIV_APPSETTING, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error enabling App-Setting permissions. Result: " << result); - - // Install one additional app (used to check perm to shared directories) - result = perm_app_revoke_permissions(TEST_OSP_FEATURE_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions. Result: " << result); - result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Result: " << result); - result = perm_app_install(TEST_OSP_FEATURE_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_install. Result: " << result); - const char *test1[] = { nullptr }; - result = perm_app_enable_permissions(TEST_OSP_FEATURE_APP_ID, - APP_TYPE_OSP, test1, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error enabling permissions. Result: " << result); - - // Register two valid api features - result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE, - test_osp_feature_rule_set, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: " - << TEST_OSP_FEATURE << ". Result: " << result); - - result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE, - test_wgt_feature_rule_set, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: " - << TEST_WGT_FEATURE << ". Result: " << result); - - DB_END - - - // Install app loop - for (int i = 0; i < 100; ++i) - { - DB_BEGIN - - // Add application - result = perm_app_install(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_install. Loop index: " << i - << ". Result: " << result); - - // Add persistent permissions - result = perm_app_enable_permissions(APP_ID, APP_TYPE_OSP, - TEST_OSP_FEATURE_PRIVS, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_enable_permissions from OSP Feature. Loop index: " - << i << ". Result: " << result); - - result = perm_app_enable_permissions(APP_ID, APP_TYPE_WGT, - TEST_WGT_FEATURE_PRIVS, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_enable_permissions from WGT Feature. Loop index: " - << i << ". Result: " << result); - - DB_END - - // add shared dirs - switch (i%2) // separate odd and even loop runs - { - case 0: // Shared dirs: APP_PATH_PRIVATE & APP_PATH_PUBLIC_RO - { - DB_BEGIN - - // Add app shared dir - APP_PATH_PRIVATE - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, - APP_PATH_PRIVATE); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. Loop index: " << i - << ". Result: " << result); - - // Add app shared dir - APP_PATH_PUBLIC_RO - result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR, - APP_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. Loop index: " << i - << ". Result: " << result); - - DB_END - - // Verify that some previously installed app does not have any access - // to APP_ID private label - result = check_no_accesses(smack, rules_to_test_any_access1); - RUNNER_ASSERT_MSG(result == 1, - "Error - other app has access to private label. Loop index: " - << i); - - // Get autogenerated Public RO label - char *label; - result = smack_getlabel(TEST_NON_APP_DIR, &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from Public RO shared dir. Loop index: " - << i << ". Result: " << result); - shared_dir_auto_label = label; - free(label); - - // Verify that all permissions to public dir have been added - // correctly, also to other app - result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl"); - - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to Public RO dir are granted. Loop index: " - << i); - - /* all apps are getting the label "User" at the moment. Calling smack_have_access with - "User" as an argument is no different from previous call */ - /*result = smack_have_access(TEST_OSP_FEATURE_APP_ID, shared_dir_auto_label.c_str(), "rx" ); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to Public RO dir are granted. Loop index: " - << i);*/ - - break; - } - case 1: // Shared dirs: APP_PATH_APPSETTING_RW & APP_PATH_GROUP_RW - { - DB_BEGIN - - // Add app shared dir - APP_PATH_SETTINGS_RW - result = perm_app_setup_path(APP_ID, TEST_APP_DIR, - APP_PATH_SETTINGS_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. Loop index: " << i - << ". Result: " << result); - - // Add app shared dir - APP_PATH_GROUP_RW - result = perm_app_setup_path(APP_ID, TEST_NON_APP_DIR, - APP_PATH_GROUP_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. Loop index: " << i - << ". Result: " << result); - - DB_END - - // Get autogenerated App-Setting label - char *label; - result = smack_getlabel(TEST_APP_DIR, &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from App-Setting shared dir. Loop index: " - << i << ". Result: " << result); - shared_dir_auto_label = label; - free(label); - - // Verify that setting app has rwx permission to app dir - // and rx permissions to app - result = smack_have_access(GENERATED_APP_ID, shared_dir_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted. " - << APP_ID << " "<< shared_dir_auto_label << " rwxatl " - << "Loop index: " << i); - - /* all apps are getting the label "User" at the moment. Calling smack_have_access with - "User" as an argument is no different from previous call */ - /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, shared_dir_auto_label.c_str(), "rwx"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted. " - << APP_TEST_SETTINGS_ASP1 << " " << shared_dir_auto_label << " rwx. " - << "Loop index: " << i); - - result = smack_have_access(APP_TEST_SETTINGS_ASP1, GENERATED_APP_ID, "rx"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted. " - << APP_TEST_SETTINGS_ASP1 << " " << GENERATED_APP_ID << " rx" - << "Loop index: " << i);*/ - - // Verify that all permissions to public dir have been added - // correctly, also to other app - result = smack_have_access(GENERATED_APP_ID, LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to Group RW dir are granted. Loop index: " - << i); - - break; - } - } // END switch - - // check if api-features permissions are added properly - result = check_all_accesses(smack, - (const rules_t) { - { GENERATED_APP_ID, TEST_OSP_FEATURE_APP_ID, "rxl" }, - { GENERATED_APP_ID, TEST_WGT_FEATURE_APP_ID, "rwxl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all permisions from api features added. Loop index: " - << i); - - // revoke permissions - result = perm_app_revoke_permissions(GENERATED_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions. Loop index: " << i - << ". Result: " << result); - - // check if api-features permissions are removed properly - result = check_no_accesses(smack, rules_to_test_any_access2); - RUNNER_ASSERT_MSG(result == 1, - "Not all permisions revoked. Loop index: " << i); - - // remove labels from app folder - result = nftw(TEST_APP_DIR, &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, - "Unable to clean up Smack labels in " << TEST_APP_DIR - << " . Loop index: " << i << ". Result: " << result); - // remove labels from shared folder - result = nftw(TEST_NON_APP_DIR, &nftw_remove_labels, - FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, - "Unable to clean up Smack labels in " << TEST_NON_APP_DIR - << " . Loop index: " << i << ". Result: " << result); - - // uninstall app - result = perm_app_uninstall(APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Loop index: " << i - << ". Result: " << result); - } // END Install app loop - - DB_BEGIN - - // Uninstall setting app and additional app - result = perm_app_uninstall(TEST_OSP_FEATURE_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Result: " << result); - result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Result: " << result); - - DB_END -} - -/** - * Test - Simulation of 10 installations and uninstallations of set of 10 applications. - * Installed applications will have various kind of permissions to each other - * from api-features and shared folders. - * - * APP_TEST_SETTINGS_ASP1 ("test-app-settings-asp1") - registered as setting app - * - * Permissions: - * test_APP0-4 - receive test_osp_feature_rule_set2 - * test_APP5-9 - receive test_wgt_feature_rule_set2 - * - * During this test there is one directory created for each app for each loop run, - * dir name syntax is: /tmp/_ - * - * test_APP0 & test_APP5 register their directories as APP_PATH_PRIVATE - * test_APP1, test_APP2 & test_APP6 register their directories as - * APP_PATH_GROUP_RW using the same label - * LABEL_FOR_PUBLIC_SHARED_DIRS - * test_APP3, test_APP7 & test_APP8 register their directories as - * APP_PATH_PUBLIC_RO - * test_APP4 & test_APP9 register their directories as - * APP_PATH_SETTINGS_RW - */ -void privilege_control23_app_installation2_10x10(bool smack) -{ - int result; - const int expected_smack_result = smack ? 1:-1; - const int app_count = 10; - std::string shared_dir3_auto_label; - std::string shared_dir7_auto_label; - std::string shared_dir8_auto_label; - std::string setting_dir4_auto_label; - std::string setting_dir9_auto_label; - char app_ids[app_count][strlen(APP_ID) + 3]; - char app_dirs[app_count][strlen(APP_ID) + 12]; - const char *test_osp_feature_rule_set2[] = { "~APP~ " APP_ID "6 r", - "~APP~ " APP_ID "7 rxl", - "~APP~ " APP_ID "8 rwxal", - "~APP~ " APP_ID "9 rwxatl", - nullptr }; - const char *test_wgt_feature_rule_set2[] = { "~APP~ " APP_ID "1 r", - "~APP~ " APP_ID "2 rxl", - "~APP~ " APP_ID "3 rwxal", - "~APP~ " APP_ID "4 rwxatl", - nullptr }; - - - // generate app ids: test_APP0, test_APP1, test_APP2 etc.: - for (int i = 0; i < app_count; ++i) - { - /* Libprivilege-control assigns "User" label to all apps. Replace it when individual labels - are supported. */ - result = sprintf(app_ids[i], GENERATED_APP_ID); - RUNNER_ASSERT_MSG(result > 0, "Cannot generate name for app nr: " << i); - } - - DB_BEGIN - - // Clear any previously created apps, files, labels and permissions - for (int i = 0; i < app_count; ++i) - { - result = perm_app_revoke_permissions(app_ids[i]); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions for app: " - << app_ids[i] << ". Result: " << result); - - result = perm_app_uninstall(app_ids[i]); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall for app: " - << app_ids[i] << ". Result: " << result); - } - - // Install setting app and give it app-setting permissions - result = perm_app_revoke_permissions(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions." - << " Result: " << result); - result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall." - << " Result: " << result); - result = perm_app_install(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_install." - << " Result: " << result); - - // Register appsettings feature - result = perm_add_api_feature(APP_TYPE_OSP, PRIV_APPSETTING[0], PRIV_APPSETTING_RULES, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - " Error while registering api feature. Result: " << result); - - result = perm_app_enable_permissions(APP_TEST_SETTINGS_ASP1, - APP_TYPE_OSP, PRIV_APPSETTING, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering App-Setting permissions." - << " Result: " << result); - - // Register two valid api features - result = perm_add_api_feature(APP_TYPE_OSP, TEST_OSP_FEATURE, - test_osp_feature_rule_set2, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_add_api_feature. Cannot add TEST_OSP_FEATURE: " - << TEST_OSP_FEATURE << ". Result: " << result); - - result = perm_add_api_feature(APP_TYPE_WGT, TEST_WGT_FEATURE, - test_wgt_feature_rule_set2, nullptr, 0); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_add_api_feature. Cannot add TEST_WGT_FEATURE: " - << TEST_WGT_FEATURE << ". Result: " << result); - - DB_END - - - // Install apps loop - for (int i = 0; i < 10; ++i) - { - DB_BEGIN - - // Install 10 apps - for (int j = 0; j < app_count; ++j) - { - result = perm_app_install(app_ids[j]); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_install. App id: " - << app_ids[j] - << " Loop index: " << i - << ". Result: " << result); - - // Create 10 directories - result = sprintf(app_dirs[j],"/tmp/" APP_ID "%d_%d", j, i); - RUNNER_ASSERT_MSG(result > 0, - "Cannot generate directory name for app nr: " << j - << " Loop index: " << i); - result = mkdir(app_dirs[j], S_IRWXU | S_IRGRP | S_IXGRP); - RUNNER_ASSERT_ERRNO_MSG(result == 0 || errno == EEXIST, - "Cannot create directory: " << app_dirs[j]); - result = nftw(app_dirs[j], &nftw_remove_labels, FTW_MAX_FDS, FTW_PHYS); - RUNNER_ASSERT_MSG(result == 0, - "Unable to clean up Smack labels in: " << app_dirs[j] - << ". Result: " << result); - } - - // Give permissions from api-features - for (int j = 0; j < (app_count/2); ++j) - { - // add persistent api feature permissions - result = perm_app_enable_permissions(app_ids[j], APP_TYPE_OSP, - TEST_OSP_FEATURE_PRIVS, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app__permissions from OSP Feature. App id: " - << app_ids[j] << " Loop index: " << i << ". Result: " << result); - - result = perm_app_enable_permissions(app_ids[j+5], APP_TYPE_WGT, - TEST_WGT_FEATURE_PRIVS, true); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_enable_permissions from WGT Feature. App id: " - << app_ids[j+5] << " Loop index: " << i << ". Result: " << result); - } - - // Add app shared dirs - APP_PATH_PRIVATE (apps 0, 5) - result = perm_app_setup_path(app_ids[0], app_dirs[0], APP_PATH_PRIVATE); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[0] - << " Loop index: " << i << ". Result: " << result); - result = perm_app_setup_path(app_ids[5], app_dirs[5], APP_PATH_PRIVATE); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[5] - << " Loop index: " << i << ". Result: " << result); - - // Add app shared dir - APP_PATH_GROUP_RW (apps 1, 2, 6) - result = perm_app_setup_path(app_ids[1], app_dirs[1], - APP_PATH_GROUP_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[1] - << " Loop index: " << i << ". Result: " << result); - result = perm_app_setup_path(app_ids[2], app_dirs[2], - APP_PATH_GROUP_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[2] - << " Loop index: " << i << ". Result: " << result); - result = perm_app_setup_path(app_ids[6], app_dirs[6], - APP_PATH_GROUP_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[6] - << " Loop index: " << i << ". Result: " << result); - - // Add app shared dir - APP_PATH_PUBLIC_RO (apps 3, 7, 8) - result = perm_app_setup_path(app_ids[3], app_dirs[3], - APP_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[1] - << " Loop index: " << i << ". Result: " << result); - result = perm_app_setup_path(app_ids[7], app_dirs[7], - APP_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[7] - << " Loop index: " << i << ". Result: " << result); - result = perm_app_setup_path(app_ids[8], app_dirs[8], - APP_PATH_PUBLIC_RO); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[8] - << " Loop index: " << i << ". Result: " << result); - - // Add app shared dir - APP_PATH_SETTINGS_RW (apps ,4, 9) - result = perm_app_setup_path(app_ids[4], app_dirs[4], - APP_PATH_SETTINGS_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[4] - << " Loop index: " << i << ". Result: " << result); - result = perm_app_setup_path(app_ids[9], app_dirs[9], - APP_PATH_SETTINGS_RW); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_setup_path. App id: " << app_ids[9] - << " Loop index: " << i << ". Result: " << result); - - DB_END - - // All apps have the same label "User" so this check makes no sense. - // Verify that some previously installed app does not have - // any acces to app 0 and app 5 PRIVATE folders - /*for (int j = 0; j < app_count; ++j) - { - // Apps 1-9 should not have any access to app 0 - if (j != 0) - { - result = check_no_accesses(smack, - FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[0]) - ); - RUNNER_ASSERT_MSG(result == 1, - "Other app (app id: " << app_ids[j] << - ") has access to private label of: " << app_ids[0] << - ". It may not be shared. Loop index: " << i << "."); - } - - // Apps 0-4 and 6-9 should not have any access to app 5 - if (j != 5) - { - result = check_no_accesses(smack, - FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[5]) - ); - RUNNER_ASSERT_MSG(result == 1, - "Other app (app id: " << app_ids[j] << - ") has access to private label of: " << app_ids[5] << - ". It may not be shared. Loop index: " << i << "."); - } - }*/ // End for Verify PRIVATE - - // Verify that apps 1, 2 and 6 have all accesses to GROUP_RW folders - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[1], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" }, - { app_ids[2], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" }, - { app_ids[6], LABEL_FOR_PUBLIC_SHARED_DIRS, "rwxatl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all accesses to Group RW dir are granted. Loop index: " - << i); - - // Get autogenerated Public_RO labels - char *label; - result = smack_getlabel(app_dirs[3], &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from Public RO shared dir: " << app_dirs[3] - << " . Loop index: " << i << ". Result: " << result); - shared_dir3_auto_label = label; - free(label); - - result = smack_getlabel(app_dirs[7], &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from Public RO shared dir: " << app_dirs[7] - << " . Loop index: " << i << ". Result: " << result); - shared_dir7_auto_label = label; - free(label); - - result = smack_getlabel(app_dirs[8], &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from Public RO shared dir: " << app_dirs[8] - << " . Loop index: " << i << ". Result: " << result); - shared_dir8_auto_label = label; - free(label); - - // Verify that all apps have ro permissions to public folders of apps 3, 7 and 8 - // Also apps 3, 7 and 8 should have all permisisons to their own PUBLIC_RO dirs - for (int j = 0; j < app_count; ++j) - { - if (j == 3) - { - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir3_auto_label.c_str(), "rwxatl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all accesses to owned Public RO dir are granted. App id: " - << app_ids[j] << " Loop index: " << i); - // All apps have the same label "User" so this check makes no sense. - // Verify that there are no extra permissions to public dirs - /*result = check_no_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir7_auto_label.c_str(), "w" }, - { app_ids[j], shared_dir7_auto_label.c_str(), "t" }, - { app_ids[j], shared_dir8_auto_label.c_str(), "w" }, - { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Unexpected extra permissions added for app:" << app_ids[j] - << ". Loop index: " << i);*/ - } - if (j == 7) - { - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir7_auto_label.c_str(), "rwxatl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all accesses to owned Public RO dir are granted. App id: " - << app_ids[j] << " Loop index: " << i); - // All apps have the same label "User" so this check makes no sense. - // Verify that there are no extra permissions to public dirs - /*result = check_no_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir3_auto_label.c_str(), "w" }, - { app_ids[j], shared_dir3_auto_label.c_str(), "t" }, - { app_ids[j], shared_dir8_auto_label.c_str(), "w" }, - { app_ids[j], shared_dir8_auto_label.c_str(), "t" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Unexpected extra permissions added for app:" << app_ids[j] - << ". Loop index: " << i);*/ - } - if (j == 8) - { - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir8_auto_label.c_str(), "rwxatl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all accesses to owned Public RO dir are granted. App id: " - << app_ids[j] << " Loop index: " << i); - // All apps have the same label "User" so this check makes no sense. - // Verify that there are no extra permissions to other public dirs - /*result = check_no_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir3_auto_label.c_str(), "w" }, - { app_ids[j], shared_dir3_auto_label.c_str(), "t" }, - { app_ids[j], shared_dir7_auto_label.c_str(), "w" }, - { app_ids[j], shared_dir7_auto_label.c_str(), "t" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Unexpected extra permissions added for app:" << app_ids[j] - << ". Loop index: " << i);*/ - } - - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[j], shared_dir3_auto_label.c_str(), "rx" }, - { app_ids[j], shared_dir7_auto_label.c_str(), "rx" }, - { app_ids[j], shared_dir8_auto_label.c_str(), "rx" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all accesses to Public RO dirs are granted. App id: " - << app_ids[j] << ". Loop index: " << i); - } // End for Verify PUBLIC_RO - - // Get autogenerated SETTING_RW labels - result = smack_getlabel(app_dirs[4], &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from App-Setting shared dir: " - << app_dirs[4] << " . Loop index: " << i - << ". Result: " << result); - setting_dir4_auto_label = label; - free(label); - - result = smack_getlabel(app_dirs[9], &label, - SMACK_LABEL_ACCESS ); - RUNNER_ASSERT_MSG(result == 0, - "Cannot get access label from App-Setting shared dir: " - << app_dirs[9] << " . Loop index: " << i - << ". Result: " << result); - setting_dir9_auto_label = label; - free(label); - - // Verify that setting app has rwx permission to app-settings dirs and rx to apps - result = smack_have_access(app_ids[4], setting_dir4_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted." - << app_ids[4] << " " << setting_dir4_auto_label - << " Loop index: " << i); - result = smack_have_access(app_ids[9], setting_dir9_auto_label.c_str(), "rwxatl"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted." - << app_ids[9] << " " << setting_dir9_auto_label - << " Loop index: " << i); - // All apps have the same label "User" so this check makes no sense. - /*result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[4], "rx"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted." - << APP_TEST_SETTINGS_ASP1 << " " << app_ids[4] - << " Loop index: " << i); - result = smack_have_access(APP_TEST_SETTINGS_ASP1, app_ids[9], "rx"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted." - << APP_TEST_SETTINGS_ASP1 << " " << app_ids[9] - << " Loop index: " << i); - result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir4_auto_label.c_str(), "rwx"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted." - << APP_TEST_SETTINGS_ASP1 << " " << setting_dir4_auto_label - << " Loop index: " << i); - result = smack_have_access(APP_TEST_SETTINGS_ASP1, setting_dir9_auto_label.c_str(), "rwx"); - RUNNER_ASSERT_MSG(result == expected_smack_result, - "Not all accesses to App-Setting dir are granted." - << APP_TEST_SETTINGS_ASP1 << " " << setting_dir9_auto_label - << " Loop index: " << i);*/ - - - - // Check if api-features permissions are added properly - for (int j = 0; j < 5; ++j) - { - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[j], app_ids[6], "r" }, - { app_ids[j], app_ids[7], "rxl" }, - { app_ids[j], app_ids[8], "rwxal" }, - { app_ids[j], app_ids[9], "rwxatl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all permisions from api features added for app id: " - << app_ids[j] << ". Loop index: " << i); - } - - for (int j = 5; j < app_count; ++j) - { - result = check_all_accesses(smack, - (const rules_t) { - { app_ids[j], app_ids[1], "r" }, - { app_ids[j], app_ids[2], "rxl" }, - { app_ids[j], app_ids[3], "rwxal" }, - { app_ids[j], app_ids[4], "rwxatl" } } ); - RUNNER_ASSERT_MSG(result == 1, - "Not all permisions from api features added for app id: " - << app_ids[j] << ". Loop index: " << i); - } - - DB_BEGIN - - // Revoke permissions - for (int j = 0; j < app_count; ++j) - { - result = perm_app_revoke_permissions(app_ids[j]); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_revoke_permissions. App id: " - << app_ids[j] << " Loop index: " << i - << ". Result: " << result); - } - - DB_END - - // All apps have the same label "User" so this check makes no sense. - // Check if permissions are removed properly - /*for (int j = 0; j < app_count; ++j) - { - // To all other apps - for (int k = 0; k < app_count; ++k) - if (j != k) - { - result = check_no_accesses(smack, - FMT_VECTOR_TO_TEST_ANY_ACCESS(app_ids[j], app_ids[k]) - ); - RUNNER_ASSERT_MSG(result == 1, - "Not all permisions revoked. Subject: " << app_ids[j] - << " Object: " << app_ids[k] << " Loop index: " << i); - } - }*/ - - DB_BEGIN - - // Remove labels from folders and uninstall all apps - for (int j = 0; j < app_count; ++j) - { - result = nftw(app_dirs[j], &nftw_remove_labels, - FTW_MAX_FDS, FTW_PHYS); // rm labels from app folder - RUNNER_ASSERT_MSG(result == 0, - "Unable to clean up Smack labels in: " - << app_dirs[j] << " . Loop index: " << i - << ". Result: " << result); - - result = perm_app_uninstall(app_ids[j]); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall for app: " - << app_ids[j] << " . Loop index: " << i - << ". Result: " << result); - } - - DB_END - - // Remove created dirs - for (int j = 0; j < app_count; ++j) - { - result = rmdir(app_dirs[j]); - RUNNER_ASSERT_ERRNO_MSG(result == 0, - "Cannot remove directory: " << app_dirs[j]); - } - } // END Install app loop - - // Uninstall setting app - result = perm_app_uninstall(APP_TEST_SETTINGS_ASP1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error in perm_app_uninstall. Result: " << result); - -} - -RUNNER_TEST_SMACK(privilege_control22_app_installation_1x100_smack) -{ - privilege_control22_app_installation_1x100(true); -} - -RUNNER_TEST_NOSMACK(privilege_control22_app_installation_1x100_nosmack) -{ - privilege_control22_app_installation_1x100(false); -} - -RUNNER_TEST_SMACK(privilege_control23_app_installation2_10x10_smack) -{ - privilege_control23_app_installation2_10x10(true); -} - -RUNNER_TEST_NOSMACK(privilege_control23_app_installation2_10x10_nosmack) -{ - privilege_control23_app_installation2_10x10(false); -} diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/.level_2/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/.level_2/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/level_2/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/level_2/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/cycle b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/cycle deleted file mode 120000 index 945c9b46..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/cycle +++ /dev/null @@ -1 +0,0 @@ -. \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/.level_2/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/.level_2/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/cycle b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/cycle deleted file mode 120000 index b870225a..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/cycle +++ /dev/null @@ -1 +0,0 @@ -../ \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/cycle b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/cycle deleted file mode 120000 index 6581736d..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/cycle +++ /dev/null @@ -1 +0,0 @@ -../../ \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/non_app_dir b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/non_app_dir deleted file mode 120000 index 187d0024..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/non_app_dir +++ /dev/null @@ -1 +0,0 @@ -../../../non_app_dir/ \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/non_app_file b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/non_app_file deleted file mode 120000 index b63f27f7..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/non_app_file +++ /dev/null @@ -1 +0,0 @@ -../../../non_app_dir/normal \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/non_app_dir b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/non_app_dir deleted file mode 120000 index 80559f62..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/non_app_dir +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/ \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/non_app_file b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/non_app_file deleted file mode 120000 index 1fdebecc..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/non_app_file +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/normal \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/link_to_exec b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/link_to_exec deleted file mode 120000 index 94e54050..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -../non_app_dir/exec \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/non_app_dir b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/non_app_dir deleted file mode 120000 index a870a2a9..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/non_app_dir +++ /dev/null @@ -1 +0,0 @@ -../non_app_dir/ \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/non_app_file b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/non_app_file deleted file mode 120000 index f7f5e537..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/non_app_file +++ /dev/null @@ -1 +0,0 @@ -../non_app_dir/normal \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/app_dir/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/non_app_subdir/exec b/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/non_app_subdir/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/non_app_subdir/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/non_app_subdir/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/normal b/src/libprivilege-control-tests/test_privilege_control_DIR/non_app_dir/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP b/src/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP deleted file mode 120000 index 749f7478..00000000 --- a/src/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP +++ /dev/null @@ -1 +0,0 @@ -test_APP_REAL \ No newline at end of file diff --git a/src/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL b/src/libprivilege-control-tests/test_privilege_control_DIR/test_set_app_privilege/test_APP_REAL deleted file mode 100644 index e69de29b..00000000 diff --git a/src/libsmack-tests/CMakeLists.txt b/src/libsmack-tests/CMakeLists.txt deleted file mode 100644 index 857d9ef2..00000000 --- a/src/libsmack-tests/CMakeLists.txt +++ /dev/null @@ -1,120 +0,0 @@ -# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @file CMakeLists.txt -# @author Pawel Polawski (p.polawski@samsung.com) -# @version 0.1 -# @brief -# -INCLUDE(FindPkgConfig) -SET(TARGET_TEST "libsmack-test") - -#dependencies -PKG_CHECK_MODULES(TARGET_DEP - libsmack - REQUIRED - ) - -#files to compile -SET(TARGET_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/libsmack-test.cpp - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_cases.cpp - ) - -#header directories -INCLUDE_DIRECTORIES(SYSTEM - ${TARGET_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ) - -#preprocessor definitions -#ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") - -#output format -ADD_EXECUTABLE(${TARGET_TEST} ${TARGET_TEST_SOURCES}) - -#linker directories -TARGET_LINK_LIBRARIES(${TARGET_TEST} - ${TARGET_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -#place for output file -INSTALL(TARGETS ${TARGET_TEST} - DESTINATION /usr/bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -#place for additional files -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules - DESTINATION /etc/smack - PERMISSIONS - OWNER_READ - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - -#place for full rules -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules_full - DESTINATION /etc/smack - PERMISSIONS - OWNER_READ - GROUP_READ - WORLD_READ - ) - -#place for rules2 -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules2 - DESTINATION /etc/smack - PERMISSIONS - OWNER_READ - GROUP_READ - WORLD_READ - ) - -#place for rules3 -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules3 - DESTINATION /etc/smack - PERMISSIONS - OWNER_READ - GROUP_READ - WORLD_READ - ) - -#place for rules4 -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/libsmack-tests/test_smack_rules4 - DESTINATION /etc/smack - PERMISSIONS - OWNER_READ - GROUP_READ - WORLD_READ - ) diff --git a/src/libsmack-tests/libsmack-test.cpp b/src/libsmack-tests/libsmack-test.cpp deleted file mode 100644 index ccbb00e8..00000000 --- a/src/libsmack-tests/libsmack-test.cpp +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file libprivilege-test.cpp - * @author Pawel Polawski (p.polawski@samsung.com) - * @version 1.0 - * @brief libsmack test runer - */ -#include - -int main (int argc, char *argv[]) -{ - int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); - return status; -} - diff --git a/src/libsmack-tests/test_cases.cpp b/src/libsmack-tests/test_cases.cpp deleted file mode 100644 index e1a5265a..00000000 --- a/src/libsmack-tests/test_cases.cpp +++ /dev/null @@ -1,1727 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file test_cases.cpp - * @author Pawel Polawski (p.polawski@samsung.com) - * @author Jan Olszak (j.olszak@samsung.com) - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief libsmack test runner - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "tests_common.h" -#include -#include -#include "memory.h" - -const char* const TEST_SUBJECT = "test_subject"; -const char* const TEST_OBJECT = "test_object"; -const char* const TEST_OBJECT_2 = "test_object_2"; - -const std::string testDir = "/tmp/"; -const std::vector accessesBasic = { "r", "w", "x", "wx", "rx", "rw", "rwx", "rwxat" }; - -//This one define is required for sockaddr_un initialization -#define SOCK_PATH "/tmp/test-smack-socket" - -RUNNER_TEST_GROUP_INIT(libsmack) -/** - * Helper method to reset privileges at the begginning of tests. - */ -void clean_up() -{ - smack_revoke_subject(TEST_SUBJECT); -} - -/** - * Checking if subject has any access to object - */ -bool checkNoAccesses(const char *subject, const char *object) -{ - int result; - - for(const auto &perm : std::vector {"r", "w", "a","t", "l"}) { - result = smack_have_access(subject, object, perm.c_str()); - if (result == 1) { - return false; - } - } - return true; -} - -void removeAccessesAll() -{ - for(int i = 1; i <=3; i++) - //smack_revoke_subject will fail, when subject does not exist in kernel - //as this function is called at test beginning we cannot check return value - smack_revoke_subject(("test_subject_0" + std::to_string(i)).c_str()); -} - -/** - * Add a new access with smack_accesses_add_modify() - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_1){ - int result; - - clean_up(); - - struct smack_accesses *rules = nullptr; - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - // THE TEST - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"xr",""); - RUNNER_ASSERT_MSG(result == 0, "Unable to add modify by empty rules"); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"xr"); - RUNNER_ASSERT_MSG(result == 1, "Rule modified (added 'xr'), but no change made."); - - // CLEAN UP - clean_up(); -} - - -/** - * Test if rules are applied in the right order, and modification works. - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_2){ - int result; - struct smack_accesses *rules = nullptr; - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - clean_up(); - - // THE TEST - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r",""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 0, - "Modification didn't work"); - - // CLEAN UP - clean_up(); -} - - -/** - * Test if rules are applied in the right order, and modification works. - * Using different smack_accesses list to add and delete. - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_3){ - int result; - struct smack_accesses *rules = nullptr; - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - clean_up(); - - // THE TEST - // Add r privilage - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"r",""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - RUNNER_ASSERT_MSG(smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r") == 1, - "Adding privileges didn't work"); - - // Revoke r privilege - rules_ptr.release(); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r"); - RUNNER_ASSERT_MSG(result == 0, "Modification didn't work, rule has still 'r' privileges."); - - // CLEAN UP - clean_up(); -} - -/** - * Add a list of privileges and then revoke just ONE of them. - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_4){ - int result; - struct smack_accesses *rules = nullptr; - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - clean_up(); - - // THE TEST - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat",""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt"); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges."); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r"); - RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege."); - - // CLEAN UP - clean_up(); -} - -/** - * Add a list of privileges and then revoke just ONE of them. - * Without applying privileges in between those actions. - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_5){ - int result; - struct smack_accesses *rules = nullptr; - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - clean_up(); - - // THE TEST - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwxat",""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"","r"); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"awxt"); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'awxt' privileges."); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r"); - RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege."); - - // CLEAN UP - clean_up(); -} - - -/** - * Add a list of privileges and then revoke just TWO of them. - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_6){ - int result; - struct smack_accesses *rules = nullptr; - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - clean_up(); - - // THE TEST - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwt",""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"ax","rt"); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule."); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"wax"); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule should have 'wax' privileges."); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,"r"); - RUNNER_ASSERT_MSG(result != 1, "Modification didn't work. Rule should NOT have 'r' privilege."); - - // CLEAN UP - clean_up(); -} - -/** - * Run smack_accesses_add_modify with the same accesses_add and accesses_del. - */ -RUNNER_TEST_SMACK(smack_accesses_add_modify_test_7){ - unsigned int i; - int result; - - struct smack_accesses *rules = nullptr; - - for (i = 0; i < accessesBasic.size(); ++i) { - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, - accessesBasic[i].c_str(), accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance"); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT), - " Error while checking smack access. Accesses exist."); - - // CLEAN UP - clean_up(); - } -} - -/** - * Revoke subject with previously added rules and revoke it again. - */ -RUNNER_TEST_SMACK(smack_revoke_subject_test_1){ - unsigned int i; - int result; - - struct smack_accesses *rules = nullptr; - - for (i = 0; i < accessesBasic.size(); ++i) { - // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2 - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, - accessesBasic[i].c_str(),""); - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2, - accessesBasic[i].c_str(),""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance"); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. " - "Rule " << accessesBasic[i].c_str() << " does not exist."); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. " - "Rule " << accessesBasic[i].c_str() << " does not exist."); - - // Revoking subject - result = smack_revoke_subject(TEST_SUBJECT); - RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work."); - - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT), - " Revoke didn't work. Accesses exist."); - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2), - " Revoke didn't work. Accesses exist."); - - - // Revoking subject again - result = smack_revoke_subject(TEST_SUBJECT); - RUNNER_ASSERT_MSG(result == 0, "Revoking subject didn't work."); - - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT), - " Revoke didn't work. Accesses exist."); - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2), - " Revoke didn't work. Accesses exist."); - - } -} - -/** - * Clearing accesses - */ -RUNNER_TEST_SMACK(smack_accesses_clear_test_1){ - unsigned int i; - int result; - - struct smack_accesses *rules = nullptr; - - for (i = 0; i < accessesBasic.size(); ++i) { - // Creating and adding rules with TEST_OBJECT and TEST_OBJECT_2 - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, - accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance"); - result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2, - accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance"); - RUNNER_ASSERT_MSG(smack_accesses_apply(rules_ptr.get()) == 0, "Unable to apply rules"); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " - << accessesBasic[i].c_str() << " does not exist."); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, "Modification didn't work. Rule " - << accessesBasic[i].c_str() << " does not exist."); - - // Creating and clearing rules with TEST_OBJECT - rules_ptr.release(); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, - accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance"); - result = smack_accesses_clear(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work."); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work. Rule " - << accessesBasic[i].c_str() << " does exist."); - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT_2,accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, "Clearing rules didn't work. Rule " - << accessesBasic[i].c_str() << " does not exist."); - - // Creating and clearing rules with TEST_OBJECT - rules_ptr.release(); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - - result = smack_accesses_add(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT_2, - accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify accesses instance"); - result = smack_accesses_clear(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Clearing rules didn't work."); - - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT), - " Clear didn't work. Accesses exist."); - RUNNER_ASSERT_MSG(checkNoAccesses(TEST_SUBJECT, TEST_OBJECT_2), - " Clear didn't work. Accesses exist."); - } -} - -RUNNER_TEST(smack01_storing_and_restoring_rules) -{ - /* - * author: Pawel Polawski - * test: smack_accesses_new, smack_accesses_add, smack_accesses_add_modify, smack_accesses_add_from_file, - * smack_accesses_free, smack_accesses_save - * description: This test case will create structure holding SMACK rules and add new one to it. Next rules will be - * stored and restored from file. - * expect: Rules created and stored in file should be identical to predefined template. - */ - - struct smack_accesses *rules = nullptr; //rules prepared in this test case - struct smack_accesses *import_test = nullptr; //rules imported from file - - int result; //result of each operation to be tested by RUNNER_ASSERT - int fd, tmp, sample; //file descripptors for save / restore rules tests - - //int smack_accesses_new(struct smack_accesses **accesses); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - RUNNER_ASSERT(smack_accesses_new(&import_test) == 0); - SmackAccessesPtr import_ptr(import_test); - - //opening files - fd = open("/tmp/smack01_rules", O_RDWR | O_CREAT | O_TRUNC, 0644); //for export prepared rules - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_rules"); - FdUniquePtr fd_ptr(&fd); - tmp = open("/tmp/smack01_tmp", O_RDWR | O_CREAT | O_TRUNC, 0644); //for import rules exported before - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to create /tmp/smack01_tmp"); - FdUniquePtr tmp_ptr(&tmp); - sample = open("/etc/smack/test_smack_rules", O_RDONLY, 0644); //reference preinstalled rules - RUNNER_ASSERT_ERRNO_MSG(sample >= 0, "Unable to open /etc/smack/test_smack_rules"); - FdUniquePtr sample_ptr(&sample); - - result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rw"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules_ptr.get(), "reader", "book", "wx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - - result = smack_accesses_add_modify(rules_ptr.get(), "reader", "book", "r", "wx"); - RUNNER_ASSERT_MSG(0 == result, "Unable to modify smack rules"); - - result = smack_accesses_save(rules_ptr.get(), fd); - RUNNER_ASSERT_MSG(0 == result, "Unable to save smack_accesses instance in file"); - - result = lseek(fd, 0, SEEK_SET); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error"); - result = smack_accesses_add_from_file(import_ptr.get(), fd); - RUNNER_ASSERT_MSG(result == 0, "Unable to import rules from file"); - - result = smack_accesses_save(import_ptr.get(), tmp); - RUNNER_ASSERT_MSG(result == 0, "Unable to save smack_accesses instance in file"); - - //comparing rules saved in file, restored from it and stored one more time - result = files_compare(fd, tmp); - RUNNER_ASSERT_MSG(result == 0, "No match in stored and restored rules"); - - //comparing rules stored in file with reference preinstalled rules - result = files_compare(tmp, sample); - RUNNER_ASSERT_MSG(result == 0, "No match in stored rules and pattern file"); -} - -RUNNER_TEST_SMACK(smack02_aplying_rules_into_kernel) -{ - /* - * author: Pawel Polawski - * test: smack_accesses_apply, smack_have_access, smack_revoke_subject, smack_accesses_clear, smack_accesses_new, - * smack_accesses_add, smack_accesses_free - * description: In this test case aplying rules to kernel will be tested. After that function for test - * accesses will be used. - * expect: In case of correct rules access should be granted. - */ - - //CAP_MAC_ADMIN needed for process to be able to change rules in kernel (apllying, removing) - - struct smack_accesses *rules = nullptr; //rules prepared in this test case - int result; //for storing functions results - - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - //adding test rules to struct - result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - - result = smack_accesses_apply(rules_ptr.get()); //applying rules to kernel - RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel"); - - //should have access - rule exist - result = smack_have_access("spy", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 1, "Error while checking Smack access"); - //should have no access - wrong rule, should be "r" only - result = smack_have_access("reader", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access"); - //should have no access - rule not exist - result = smack_have_access("s02badsubjectlabel", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Error while checking Smack access"); - - //this subject do not exist in kernel rules - result = smack_revoke_subject("s02nonexistinglabel"); - RUNNER_ASSERT_MSG(result == 0, "Error in removing not existing subject from kernel"); - result = smack_revoke_subject("spy"); //this subject exist in kernel rules - RUNNER_ASSERT_MSG(result == 0, "Error in removing existing subject from kernel"); - - //testing access after revoke_subject() from kernel - result = smack_have_access("spy", "book", "rwx"); - //now spy should have no access - RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); - - //for create new rule as a consequence of use accesses_clear() below - result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - - //"spy" removed before by using smack_revoke_subject() - result = smack_accesses_clear(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel"); - - //testing acces after acces_clear() - result = smack_have_access("writer", "book", "rwx"); - //now writer also should have no access - RUNNER_ASSERT_MSG(result == 0, "Error in acces aplied to kernel"); - -} - -//pairs of rules for test with mixed cases, different length and mixed order -std::vector< std::vector > correct_rules = { - { "reader1", "-", "------" }, - { "reader2", "--------", "------" }, - { "reader3", "RwXaTl", "rwxatl" }, - { "reader4", "RrrXXXXTTT", "r-x-t-" }, - { "reader5", "-r-w-a-t-", "rw-at-" }, - { "reader6", "", "------" }, - { "reader7", "xa--Rt---W--L", "rwxatl" }, -}; - -RUNNER_TEST_SMACK(smack03_mixed_rule_string_add) -{ - /* - * author: Pawel Polawski - * test: smack_have_access, smack_accesses_new, smack_accesses_add, smack_accesses_apply, smack_accesses_free - * description: In thist test case rules based on mixed string are added to kernel. - * Strings are presented above and contains lower / upper case alpha, numbers and special signs. - * expect: Rules should be parsed correct and aplied to kernel. - */ - - //In thist test case mixed string are used as rules applied to kernel, next they are - //readed and compared with correct form of rules - - struct smack_accesses *rules = nullptr; //rules prepared in this test case - int result; //for storing functions results - int expected; - - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - //adding test rules with mixed string - for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) { - //using mixed rules from table - result = smack_accesses_add(rules_ptr.get(), - (*rule)[0].c_str(), - "book", - (*rule)[1].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - } - - //clearing - //FIXME: Using clear() here can cover error in accesses_apply() function - //result = smack_accesses_clear(rules); - //RUNNER_ASSERT_MSG(result == 0, "Error in clearing rules in kernel"); - - //applying rules to kernel - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Unable to apply rules into kernel"); - - //checking accesses using normal rules - for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) { - if ((*rule)[2] == "------") - expected = 0; - else - expected = 1; - //using normal rules from table - result = smack_have_access((*rule)[0].c_str(), - "book", - (*rule)[2].c_str()); - RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access"); - } -} - -RUNNER_TEST_SMACK(smack04_mixed_rule_string_have_access) -{ - /* - * author: Pawel Polawski - * test: smack_have_access - * description: In this test case we testing aplied before SMACK rules and comparing them using mixed strings. - * expect: Subjects should have accesses to the objects. - */ - - //In this test case we checking previous aplied rules but for compare mixed strings are used - - int result; - int expected; - - //rules were added in previous RUNNER_TEST section - //checking accesses using mixed rules - for (auto rule=correct_rules.begin(); rule != correct_rules.end(); ++rule) { - if ((*rule)[2] == "------") - expected = 0; - else - expected = 1; - //using mixed rules from table - result = smack_have_access((*rule)[0].c_str(), - "book", - (*rule)[1].c_str()); - RUNNER_ASSERT_MSG(result == expected, "Error while checking Smack access"); - } -} - -//RUNNER_TEST(smackXX_accesses_add_modify) -//{ -//IDEAS FOR TESTS -// - what if we want to apply rule that is already in kernel? -// - tests for smack_accesses_add_modify() + smack_have_access() (check if add_modify sets the proper rule) -// - smack_accesses_add_modify("subject", "object", "rwx", "rwx") should create empty rule -//} - -RUNNER_TEST_SMACK(smack05_self_label) -{ - /* - * author: Pawel Polawski - * test: smack_set_label_for_self, smack_new_label_from_self - * description: In this test case process test it own default label. Next label is changed - * and tested one more time if change was successfull. - * expect: Proces should have default "-" label and can change it to the oter one. - */ - - //In this test case process will manipulate it own label - - char *label = nullptr; - int result; - int fd; - - const int B_SIZE = 8; - char buff[B_SIZE]; - - const char *def_rule = "_"; - - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label"); - //comparing this label with default one "_" - result = strcmp(label, def_rule); - free(label); - RUNNER_ASSERT_MSG(result == 0, "Wrong default process label"); - - //comparing this rule with received from /proc/self/attr/current - fd = open("/proc/self/attr/current", O_RDONLY, 0644); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /proc/self/attr/current"); - FdUniquePtr fd_ptr(&fd); - result = read(fd, buff, B_SIZE); - RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current"); - result = strncmp(buff, def_rule, result); - RUNNER_ASSERT_MSG(result == 0, "Wrong default process rule"); - - //now time for setting labels: - - result = smack_set_label_for_self("cola"); - RUNNER_ASSERT_MSG(result == 0, "Error in setting self label"); - - //checking new label using smack function - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result >= 0, "Error in getting self label"); - result = strcmp(label, "cola"); - free(label); - RUNNER_ASSERT_MSG(result == 0, "Wrong process label"); - - //checking new label using /proc/self/attr/current - result = lseek(fd, 0, SEEK_SET); //going to the file beginning - RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error"); - result = read(fd, buff, B_SIZE); - RUNNER_ASSERT_ERRNO_MSG(result >= 0, "Error in reading from file /proc/self/attr/current"); - result = strncmp(buff, "cola", result); - RUNNER_ASSERT_MSG(result == 0, "Proces rule in /proc/self/attr/current other than set"); -} - -RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_0) -{ - RUNNER_IGNORED_MSG("Upstream does not support label removal yet"); - const std::string fsLabel = "smack06_setlabel_getlabel_test_0"; - const std::string fsPath = std::string("/tmp/") + fsLabel; - - const std::string filePath = "file"; - - FsLabelManager fs(fsPath, fsLabel); - fs.createFile(filePath); - - // reset labels first time - fs.testSmackClearLabels(filePath); - - // reset labels second time - fs.testSmackClearLabels(filePath); -} - -RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_1) -{ - const std::string fsLabel = "smack06_setlabel_getlabel_test_1"; - const std::string fsPath = std::string("/tmp/") + fsLabel; - - const char* testLabelAccess = "access"; - const char* testLabelExec = "exec"; - const std::string filePath = "file"; - - FsLabelManager fs(fsPath, fsLabel); - fs.createFile(filePath); - - // set and get labels first time - fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - - fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - - // set and get same labels second time - fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - - fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); -} - -RUNNER_TEST_SMACK(smack06_setlabel_getlabel_test_2) -{ - RUNNER_IGNORED_MSG("Upstream does not support label removal yet"); - const std::string fsLabel = "smack06_setlabel_getlabel_test_2"; - const std::string fsPath = std::string("/tmp/") + fsLabel; - - const char* testLabelAccess = "access"; - const char* testLabelExec = "exec"; - const std::string filePath = "file"; - const std::string linkPath = "link"; - - FsLabelManager fs(fsPath, fsLabel); - fs.createFile(filePath); - fs.createLink(linkPath, filePath); - - // set and get labels for file to which link points - fs.testSmackSetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackSetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackGetLabel(linkPath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(linkPath, testLabelExec, SMACK_LABEL_EXEC); - - // link labels should not be changed - fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_ACCESS); - fs.testSmackLGetLabel(linkPath, nullptr, SMACK_LABEL_EXEC); -} - -RUNNER_TEST_SMACK(smack06_lsetlabel_lgetlabel_test_1) -{ - const std::string fsLabel = "smack06_lsetlabel_lgetlabel_test_1"; - const std::string fsPath = std::string("/tmp/") + fsLabel; - - const char* testLabelAccess = "fileAccess"; - const char* testLabelExec = "fileExec"; - const char* testLinkLabelAccess = "linkAccess"; - const char* testLinkLabelExec = "linkExec"; - const std::string filePath = "file"; - const std::string linkPath = "link"; - - FsLabelManager fs(fsPath, fsLabel); - fs.createFile(filePath); - fs.createLink(linkPath, filePath); - - // set different labels for link and file - fs.testSmackSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackLSetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackLSetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC); - - // get those labels - fs.testSmackGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackLGetLabel(linkPath, testLinkLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackLGetLabel(linkPath, testLinkLabelExec, SMACK_LABEL_EXEC); -} - -RUNNER_TEST_SMACK(smack06_fsetlabel_fgetlabel_test_1) -{ - const std::string fsLabel = "smack06_fsetlabel_fgetlabel_test_1"; - const std::string fsPath = std::string("/tmp/") + fsLabel; - - const char* testLabelAccess = "access"; - const char* testLabelExec = "exec"; - const std::string filePath = "file"; - - FsLabelManager fs(fsPath, fsLabel); - fs.createFile(filePath); - - // set and get labels for fd - fs.testSmackFSetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackFSetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); - fs.testSmackFGetLabel(filePath, testLabelAccess, SMACK_LABEL_ACCESS); - fs.testSmackFGetLabel(filePath, testLabelExec, SMACK_LABEL_EXEC); -} - -RUNNER_TEST_SMACK(smack10_adding_removing_rules) -{ - unsigned int i; - int result; - - struct smack_accesses *rules = nullptr; - - for (i = 0; i < accessesBasic.size(); ++i) - { - // Creating rules - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - // Adding accesses - result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // Deleting all rules - clean_up(); - } - - for (i = 0; i < 3; ++i) - { - // --- Creating rules (r or w or x) - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - // Adding accesses - result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // Checking if wrong accesses were not created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str()); - RUNNER_ASSERT_MSG(result == 0, - " Error while checking smack access. Result: " << result); - - // --- Modifying accesses (r for wx or w for rx or x for rw) - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, - accessesBasic[i + 3].c_str(),accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // Checking if wrong accesses were not created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, - " Error while checking smack access. Result: " << result); - - rules_ptr.release(); - // --- Creating complementary rules (r or w or x) - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - - // Adding accesses - result = smack_accesses_add(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, - accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to add rulesBasic. Result: " << result); - - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // --- Modifying accesses (adding rwx and removing r or w or x) - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT,"rwx", - accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i + 3].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // Checking if wrong accesses were not created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, accessesBasic[i].c_str()); - RUNNER_ASSERT_MSG(result == 0, - " Error while checking smack access. Result: " << result); - - // --- Adding crossing accesses (rx or rw or wx) - result = smack_accesses_add_modify(rules_ptr.get(),TEST_SUBJECT, TEST_OBJECT, - accessesBasic[3 + ((i + 1) % 3)].c_str(),""); - RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking if accesses were created - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, - accessesBasic[3 + ((i + 1) % 3)].c_str()); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access. Result: " << result); - - // Deleting all rules - result = smack_accesses_add_modify(rules,TEST_SUBJECT, TEST_OBJECT,"","rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add modify rulesBasic. Result: " << result); - - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while checking smack access. Result: " << result); - - // Deleting all rules - clean_up(); - } -} - -RUNNER_TEST_SMACK(smack11_saving_loading_rules) -{ - int result; - int fd; - - struct smack_accesses *rules = nullptr; - - // Pre-cleanup - removeAccessesAll(); - - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - SmackAccessesPtr rules_ptr(rules); - - // Loading file with rwxat rules - test_smack_rules_full - fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full"); - - // Adding rules from file - result = smack_accesses_add_from_file(rules_ptr.get(), fd); - close(fd); - RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file"); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking rules - result = smack_have_access("test_subject_01", "test_object_02", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_01", "test_object_03", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_02", "test_object_01", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_02", "test_object_02", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_02", "test_object_03", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_03", "test_object_01", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_03", "test_object_02", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - result = smack_have_access("test_subject_03", "test_object_03", "rwxat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack accesses."); - - // Removing rules - removeAccessesAll(); - - // Creating rules - rules_ptr.release(); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - - // Loading file with partial wrong rules - test_smack_rules2 - fd = open("/etc/smack/test_smack_rules2", O_RDONLY, 0644); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules2"); - - // Adding rules from file - result = smack_accesses_add_from_file(rules_ptr.get(), fd); - close(fd); - RUNNER_ASSERT_MSG(result == 0, "Error importing accesses from file"); - - // Applying rules - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == 0, "Error while applying accesses. Result: " << result); - - // Checking rules - RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_01", "test_object_01"), - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist."); - result = smack_have_access("test_subject_01", "test_object_02", "rwatl"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - result = smack_have_access("test_subject_01", "test_object_03", "wat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - RUNNER_ASSERT_MSG(checkNoAccesses("test_subject_02", "test_object_01"), - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Accesses exist."); - result = smack_have_access("test_subject_02", "test_object_02", "wa-lt"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - result = smack_have_access("test_subject_02", "test_object_03", "wr"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - result = smack_have_access("test_subject_03", "test_object_01", "a"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - result = smack_have_access("test_subject_03", "test_object_02", "rwat"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - result = smack_have_access("test_subject_03", "test_object_03", "w---l-"); - RUNNER_ASSERT_MSG(result == 1, - " Error while checking smack access loaded from /etc/smack/test_smack_rules2. Result: " << result ); - - // Removing rules - removeAccessesAll(); - - // Creating rules - rules_ptr.release(); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - - // Loading file with partial wrong rules - test_smack_rules3 - fd = open("/etc/smack/test_smack_rules3", O_RDONLY, 0644); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules3"); - - // Adding rules from file - result = smack_accesses_add_from_file(rules_ptr.get(), fd); - close(fd); - RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file"); - - // Removing rules - removeAccessesAll(); - - // Creating rules - rules_ptr.release(); - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - rules_ptr.reset(rules); - - // Loading file with partial wrong rules - test_smack_rules4 - fd = open("/etc/smack/test_smack_rules4", O_RDONLY, 0644); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules4"); - - // Adding rules from file - result = smack_accesses_add_from_file(rules_ptr.get(), fd); - close(fd); - RUNNER_ASSERT_MSG(result != 0, "Accesses were loaded from file"); - - // Removing rules - removeAccessesAll(); -} - -//int smack_new_label_from_socket(int fd, char **label); - - -static void smack_set_another_label_for_self(void) -{ - static int number = time(nullptr); - - number++; - std::string smack_label("s" + std::to_string(number)); - - int result = smack_set_label_for_self(smack_label.c_str()); - RUNNER_ASSERT_MSG(result == 0, "smack_set_label_for_self(" << smack_label << ") failed"); -} - -static void smack_unix_sock_server(int sock) -{ - int fd, result; - char *label; - - alarm(2); - fd = accept(sock, nullptr, nullptr); - alarm(0); - RUNNER_ASSERT_ERRNO(fd >= 0); - FdUniquePtr fd_ptr(&fd); - - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result >= 0, "smack_new_label_from_self() failed"); - CStringPtr label_ptr(label); - result = write(fd, label, strlen(label)); - RUNNER_ASSERT_ERRNO_MSG(result == (int)strlen(label), "write() failed"); - -} - -RUNNER_MULTIPROCESS_TEST_SMACK(smack09_new_label_from_socket) -{ - int pid; - struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; - unlink(SOCK_PATH); - smack_set_another_label_for_self(); - pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); - if (!pid) { /* child process, server */ - int sock, result; - - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sock_ptr(&sock); - result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed"); - result = listen(sock, 1); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed"); - smack_unix_sock_server(sock); - - pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); - /* Test if socket label was unaffected by fork() */ - smack_unix_sock_server(sock); - if (!pid) { - usleep (100); - smack_set_another_label_for_self(); - smack_unix_sock_server(sock); - } - - exit(0); - } else { /* parent process, client */ - sleep(1); /* Give server some time to setup listening socket */ - for (int i = 0; i < 4; ++i) { - int sock, result; - char smack_label1[SMACK_LABEL_LEN + 1]; - char *smack_label2; - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sock_ptr(&sock); - result = connect(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed"); - alarm(2); - result = read(sock, smack_label1, SMACK_LABEL_LEN); - alarm(0); - RUNNER_ASSERT_ERRNO_MSG(result >= 0, "read failed"); - smack_label1[result] = '\0'; - result = smack_new_label_from_socket(sock, &smack_label2); - SmackLabelPtr label2_ptr(smack_label2); - RUNNER_ASSERT_MSG(result >= 0, "smack_label_from_socket failed"); - result = strcmp(smack_label1, label2_ptr.get()); - if (i < 3) - RUNNER_ASSERT_MSG(result == 0, "smack labels differ: '" << smack_label1 - << "' != '" << smack_label2 << "' i == " << i); - else - RUNNER_ASSERT_MSG(result != 0, "smack labels do not differ: '" << smack_label1 - << "' != '" << smack_label2 << "' i == " << i); - } - } -} - -void createFileWithLabel(const std::string &filePath, const std::string &fileLabel) -{ - //create temporary file and set label for it - mode_t systemMask; - - unlink(filePath.c_str()); - //allow to create file with 777 rights - systemMask = umask(0000); - int fd = open(filePath.c_str(), O_RDWR | O_CREAT, S_IRWXU | S_IRWXG | S_IRWXO); - //restore system mask - umask(systemMask); - RUNNER_ASSERT_ERRNO_MSG(fd > -1, "Unable to create file for tests"); - - //for descriptor protection - FdUniquePtr fd_ptr(&fd); - - //change owner and group to user APP - int ret = chown(filePath.c_str(), APP_UID, APP_GID); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Unable to change file owner"); - - //set smack label on file - ret = smack_setlabel(filePath.c_str(), fileLabel.c_str(), SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(ret == 0, "Unable to set label for file: " << ret); - - char *label = nullptr; - ret = smack_getlabel(filePath.c_str(), &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(ret == 0, "Unable to get label from file"); - std::string label_str(label ? label : ""); - free(label); - RUNNER_ASSERT_MSG(label_str == fileLabel, "File label not match set label"); -} - -void prepareEnvironment(const std::string &subject, const std::string &object, const std::string &access) -{ - const std::string ruleAll = "x"; - - SecurityServer::AccessProvider provider(subject); - provider.addObjectRule("User", ruleAll); - provider.addObjectRule(object, access); - provider.applyAndSwithToUser(APP_UID, APP_GID); -} - -//- Add "l" rule to system -// -//Should be able to add "l" rule to system -RUNNER_CHILD_TEST_SMACK(smack13_0_checking_laccess_mode_enabled_on_device) -{ - std::string selfLabel = "smack13_0"; - std::string filename = "smack13_0_file"; - - //function inside checks if rule exist after add it - SecurityServer::AccessProvider provider(selfLabel); - provider.addObjectRule(filename, "l"); - provider.apply(); - - int ret = smack_have_access(selfLabel.c_str(), filename.c_str(), "l"); - RUNNER_ASSERT_MSG(ret == 1, "Error in adding laccess rule - l"); -} - -//- Create file -//- Set label for file and self -//- Drop privileges -// -//Should have no access due to missing SMACK rule -RUNNER_CHILD_TEST_SMACK(smack13_1_checking_laccess_mode) -{ - std::string selfLabel = "smack13_1"; - std::string filename = "smack13_1_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR, 0); - FdUniquePtr fd_ptr(&fd); - - SecurityServer::AccessProvider provider(selfLabel); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = flock(fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file"); - ret = flock(fd, LOCK_UN | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file"); - ret = flock(fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file"); -} - -//- Create file -//- Set label for file and self -//- Add SMACK rule "l" -//- Drop privileges -// -//Should be able to lock file even without "w" rule -RUNNER_CHILD_TEST_SMACK(smack13_2_checking_laccess_mode_with_l_rule) -{ - std::string selfLabel = "smack13_2"; - std::string filename = "smack13_2_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR, 0); - FdUniquePtr fd_ptr(&fd); - - prepareEnvironment(selfLabel, filename, "l"); - - int ret = flock(fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file"); - ret = flock(fd, LOCK_UN | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file"); - ret = flock(fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file"); -} - -//- Create file -//- Set label for file and self -//- Add SMACK rule "w" -//- Drop privileges -// -//Should be able to lock file even without "l" rule -RUNNER_CHILD_TEST_SMACK(smack13_3_checking_laccess_mode_with_w_rule) -{ - std::string selfLabel = "smack13_3"; - std::string filename = "smack13_3_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR, 0); - FdUniquePtr fd_ptr(&fd); - - prepareEnvironment(selfLabel, filename, "w"); - - int ret = flock(fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file"); - ret = flock(fd, LOCK_UN | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to unlock file"); - ret = flock(fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file"); -} - -//- Create file -//- Set label for file and self -//- Add SMACK rule "rw" -//- Drop privileges -//- Lock file (shared lock) -//- Spawn child process -//- Child tries to lock file (shared) -// -//Child should be able to lock file due to shared lock -RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_0_checking_laccess_mode_w_rule_child) -{ - std::string selfLabel = "smack13_4_0"; - std::string filename = "smack13_4_0_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR); - FdUniquePtr fd_ptr(&fd); - int ret = flock(fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file"); - - pid_t pid = fork(); - if (pid == 0) { - //child process - prepareEnvironment(selfLabel, filename, "rw"); - - int child_fd = open(filePath.c_str(), O_RDWR); - RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file"); - //for descriptor protection - FdUniquePtr child_fd_ptr(&child_fd); - - ret = flock(child_fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock"); - } -} - -//- Create file -//- Set label for file and self -//- Add SMACK rule "l" -//- Drop privileges -//- Lock file (shared lock) -//- Spawn child process -//- Child tries to lock file (shared) -// -//Child should be able to lock file due to shared lock -RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_1_checking_laccess_mode_l_rule_child) -{ - std::string selfLabel = "smack13_4_1"; - std::string filename = "smack13_4_1_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR); - FdUniquePtr fd_str(&fd); - int ret = flock(fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to shared lock file"); - - pid_t pid = fork(); - if (pid == 0) { - //child process - //"r" is only for open in O_RDONLY mode - prepareEnvironment(selfLabel, filename, "rl"); - - int child_fd = open(filePath.c_str(), O_RDONLY, 0); - RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file"); - //for descriptor protection - FdUniquePtr child_fd_ptr(&child_fd); - - ret = flock(child_fd, LOCK_SH | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to lock file with shared lock"); - } -} - -//- Create file -//- Set label for file and self -//- Add SMACK rule "rw" -//- Drop privileges -//- Lock file (exclusive lock) -//- Spawn child process -//- Child tries to lock file (exclusive / shared) -// -//Child should not be able to lock file due to exclusive lock -RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_2_checking_laccess_mode_w_rule_child) -{ - std::string selfLabel = "smack13_4_2"; - std::string filename = "smack13_4_2_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR); - FdUniquePtr fd_ptr(&fd); - int ret = flock(fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file"); - - pid_t pid = fork(); - if (pid == 0) { - //child process - prepareEnvironment(selfLabel, filename, "rw"); - - int child_fd = open(filePath.c_str(), O_RDWR, 0); - RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file"); - //for descriptor protection - FdUniquePtr child_fd_ptr(&child_fd); - - ret = flock(child_fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with exclusive lock"); - } -} - -//- Create file -//- Set label for file and self -//- Add SMACK rule "l" -//- Drop privileges -//- Lock file (exclusive lock) -//- Spawn child process -//- Child tries to lock file (exclusive / shared) -// -//Child should not be able to lock file due to exclusive lock -RUNNER_MULTIPROCESS_TEST_SMACK(smack13_4_3_checking_laccess_mode_l_rule_child) -{ - std::string selfLabel = "smack13_4_3"; - std::string filename = "smack13_4_3_file"; - std::string filePath = testDir + filename; - - createFileWithLabel(filePath, filename); - int fd = open(filePath.c_str(), O_RDWR, 0); - FdUniquePtr fd_ptr(&fd); - int ret = flock(fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret == 0, "Error, unable to exclusive lock file"); - - pid_t pid = fork(); - if (pid == 0) { - //child process - //"r" is only for open in O_RDONLY mode - prepareEnvironment(selfLabel, filename, "rl"); - - int child_fd = open(filePath.c_str(), O_RDONLY, 0); - RUNNER_ASSERT_ERRNO_MSG(child_fd > -1, "Unable to open created file"); - //for descriptor protection - FdUniquePtr child_fd_ptr(&child_fd); - - ret = flock(child_fd, LOCK_EX | LOCK_NB); - RUNNER_ASSERT_ERRNO_MSG(ret < 0, "Error, able to lock file with eclusive lock"); - } -} - - -///////////////////////////////////////// -//////NOSMACK ENVIRONMENT TESTS////////// -///////////////////////////////////////// - -/** - * NOSMACK version of smack02 test. Functions, that should return error instead of success: - * - smack_accesses_apply - * - smack_have_access - * - smack_revoke_subject - * - smack_acceesses_clear - * - * Tests smack03, smack04, smack10, smack_accesses_clear, smack_revoke_subject all use functions - * tested in smack02 test. Results from those functions (smack_have_access, smack_accesses_apply, - * smack_accesses_clear, smack_revoke_subject) would be the same as in this test. Tests mentioned - * above doesn't make much sense on NOSMACK environment when test smack02 exists and passes - * correctly, thus those tests are are not implemented. - */ -RUNNER_TEST_NOSMACK(smack02_aplying_rules_into_kernel_nosmack) -{ - - smack_accesses *rules = nullptr; - int result; - - //init rules - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - //pass rules to unique_ptr - SmackAccessesPtr rules_ptr(rules); - - //adding test rules to struct (same as SMACK version of smack02 test) - result = smack_accesses_add(rules_ptr.get(), "writer", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules_ptr.get(), "reader", "book", "r"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - result = smack_accesses_add(rules_ptr.get(), "spy", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - - //applying rules to kernel (should fail) - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == -1, "Unable to apply rules into kernel"); - - //calls from SMACK version of this test - all should fail because of SMACK being turned off - result = smack_have_access("spy", "book", "rwx"); - RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)"); - result = smack_have_access("reader", "book", "rwx"); - RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)"); - result = smack_have_access("s02badsubjectlabel", "book", "rwx"); - RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)"); - - //testing subject revoking - should return error (no accesses applied = no subjects to revoke) - result = smack_revoke_subject("s02nonexistinglabel"); - RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist."); - result = smack_revoke_subject("spy"); - RUNNER_ASSERT_MSG(result == -1, "smack_revoke_subject error - subject doesn't exist."); - - //after revoking smack_have_access still should return error - result = smack_have_access("spy", "book", "rwx"); - RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)."); - - result = smack_accesses_add(rules_ptr.get(), "s02subjectlabel", "book", "rwx"); - RUNNER_ASSERT_MSG(result == 0, "Unable to add smack rules"); - - //smack_accesses_clear should return error aswell - result = smack_accesses_clear(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == -1, "Clearing rules should return error - no SMACK on system."); - - result = smack_have_access("writer", "book", "rwx"); - RUNNER_ASSERT_MSG(result == -1, "smack_have_access should return error (SMACK is off)."); -} - -/** - * NOSMACK version of smack11 test. Tests functions: - * - smack_accesses_add_from_file - * - * Since other SMACK functions were tested in smack02 test, the only function needed to be checked - * is applying rules loaded from file. - */ -RUNNER_TEST_NOSMACK(smack03_saving_loading_rules_nosmack) -{ - int result; - int fd; - - smack_accesses* tmp = nullptr; - - RUNNER_ASSERT(smack_accesses_new(&tmp) == 0); - SmackAccessesPtr rules(tmp); - - //open file with rules - fd = open("/etc/smack/test_smack_rules_full", O_RDONLY, 0644); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Unable to open /etc/smack/test_smack_rules_full"); - - //load accesses from file - result = smack_accesses_add_from_file(rules.get(), fd); - close(fd); - RUNNER_ASSERT_MSG(result == 0, "Error while importing accesses from file. Result: " << result); -} - -/** - * NOSMACK version of smack05 test. Tests if functions getting, or - * setting self label work correctly (that is, return error). - */ -RUNNER_TEST_NOSMACK(smack04_self_label_nosmack) -{ - char* label = nullptr; - int result; - int fd; - - char buff[SMACK_LABEL_LEN+1]; - - //smack_new_label_from_self should fail - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off)."); - RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label."); - //We don't need to remember about freeing label - smack_new_label_from_self must return nullptr - //label if it's working properly. - - // /proc/self/attr/current shouldn't keep any rules inside - fd = open("/proc/self/attr/current", O_RDONLY, 0644); //file exists, so it should open - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "/proc/self/attr/current failed to open"); - FdUniquePtr fd_ptr(&fd); - - result = read(fd, buff, SMACK_LABEL_LEN); //however reading it should return error - RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error"); - - //setting label for self should fail - result = smack_set_label_for_self("s04testlabel"); - RUNNER_ASSERT_MSG(result == -1, "set_label_for_self should return error (SMACK is off)."); - - //getting previously set label should also fail - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result == -1, "new_label_from_self should return error (SMACK is off)."); - RUNNER_ASSERT_MSG(label == nullptr, "new_label_from_self shouldn't allocate memory to label."); - - // /proc/self/attr/current still shouldn't keep any rules inside - result = lseek(fd, 0, SEEK_SET); //going to the file beginning - RUNNER_ASSERT_ERRNO_MSG(result == 0, "lseek() error"); - - result = read(fd, buff, SMACK_LABEL_LEN); //however it should return error - RUNNER_ASSERT_ERRNO_MSG(result < 0, "Reading /proc/self/attr/current should return error"); -} - -/** - * NOSMACK version of smack_accesses_add_modify_x tests. - * - * Because all smack_accesses_add_modify tests are basically the same (all use smack_accesses_apply - * and smack_have_access, which return -1 when SMACK is turned off), it makes much more sense to - * write one test which will create rules using smack_accesses_add_modify and then check if - * smack_accesses_apply and smack_have_access indeed return -1 when SMACK is turned off. - */ -RUNNER_TEST_NOSMACK(smack05_accesses_add_modify_nosmack) -{ - int result; - smack_accesses* rules = nullptr; - - RUNNER_ASSERT(smack_accesses_new(&rules) == 0); - - SmackAccessesPtr rules_ptr(rules); - - //Not doing clean_up() every RUNNER_ASSERT_MSG - what clean_up does is just a creation of new - //rule struct and removal of currenctly added and applied rules. clean_up() must be done only - //after smack_accesses_apply(). - result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", ""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result); - - result = smack_accesses_add_modify(rules_ptr.get(), TEST_SUBJECT, TEST_OBJECT, "rwx", ""); - RUNNER_ASSERT_MSG(result == 0, "Unable to modify rule. Result: " << result); - - result = smack_accesses_apply(rules_ptr.get()); - RUNNER_ASSERT_MSG(result == -1, - "smack_accesses_apply should return error (SMACK is off). Result: " << result); - - result = smack_have_access(TEST_SUBJECT, TEST_OBJECT, "rwx"); - if(result != -1) { - clean_up(); - RUNNER_FAIL_MSG("smack_have_access should return error (SMACK is off). Result: " - << result); - } - - clean_up(); -} - -/** - * NOSMACK version of smack09 test. - * - * This test checks if smack_new_label_from_socket reacts correctly. Since label should be - * acquired from getsockopt, and it should fail, we must only set up socket and call - * smack_new_label_from_socket. It should return error. - */ -RUNNER_MULTIPROCESS_TEST_NOSMACK(smack09_new_label_from_socket_nosmack) -{ - int pid; - struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; - unlink(SOCK_PATH); - char* smack_label; - - pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed"); - if (!pid) { //child (server) - int sock, result; - int fd; - - //Create new socket - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sock_ptr(&sock); - - //Bind it to sockaddr - result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed"); - - //Prepare for listening - result = listen(sock, 1); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "listen failed"); - - //Accept client - alarm(2); - fd = accept(sock, nullptr, nullptr); - alarm(0); - RUNNER_ASSERT_ERRNO_MSG(fd >= 0, "Failed when accepting connection from client"); - FdUniquePtr fd_ptr(&fd); - - //wait for smack_new_label_from_socket execution - usleep(200); - - //Close server - exit(0); - } - else { //parent (client) - //Wait a little bit until server is set up - sleep(1); - int sock, result; - - //Create socket - sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sock_ptr(&sock); - - //Connect to sockaddr - result = connect(sock, (struct sockaddr*) &sockaddr, - sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "connect failed"); - - //Try getting label, should fail beacuse getsockopt won't get anything - result = smack_new_label_from_socket(sock, &smack_label); - RUNNER_ASSERT_MSG(result == -1, "smack_new_label_from_socket should fail."); - } -} diff --git a/src/libsmack-tests/test_smack_rules b/src/libsmack-tests/test_smack_rules deleted file mode 100644 index 4effa829..00000000 --- a/src/libsmack-tests/test_smack_rules +++ /dev/null @@ -1,2 +0,0 @@ -writer book rw---- -reader book r----- diff --git a/src/libsmack-tests/test_smack_rules2 b/src/libsmack-tests/test_smack_rules2 deleted file mode 100644 index 7708bb21..00000000 --- a/src/libsmack-tests/test_smack_rules2 +++ /dev/null @@ -1,9 +0,0 @@ -test_subject_01 test_object_01 --- -test_subject_01 test_object_02 rwatl -test_subject_01 test_object_03 wat -test_subject_02 test_object_01 ------- -test_subject_02 test_object_02 wa-lt -test_subject_02 test_object_03 -rw--r------ -test_subject_03 test_object_01 aaaaaa ------ -test_subject_03 test_object_02 rwat -test_subject_03 test_object_03 w---l- diff --git a/src/libsmack-tests/test_smack_rules3 b/src/libsmack-tests/test_smack_rules3 deleted file mode 100644 index e11b3225..00000000 --- a/src/libsmack-tests/test_smack_rules3 +++ /dev/null @@ -1,3 +0,0 @@ -test_subject_01 test_object_01 rwatl -test_subject_01 test_object_02 -test_subject_01 test_object_03 xxxxx diff --git a/src/libsmack-tests/test_smack_rules4 b/src/libsmack-tests/test_smack_rules4 deleted file mode 100644 index 194ef019..00000000 --- a/src/libsmack-tests/test_smack_rules4 +++ /dev/null @@ -1,3 +0,0 @@ -test_subject_01 test_object_01 rwxatl -test_subject_01 test_object_02 +rwh4r9d32!@#$ 49$%^x2 rwxat -test_subject_01 test_object_03 aaaaaa xxxxxx diff --git a/src/libsmack-tests/test_smack_rules_full b/src/libsmack-tests/test_smack_rules_full deleted file mode 100644 index b8600a5e..00000000 --- a/src/libsmack-tests/test_smack_rules_full +++ /dev/null @@ -1,9 +0,0 @@ -test_subject_01 test_object_01 rwxatl -test_subject_01 test_object_02 rwxatl -test_subject_01 test_object_03 rwxatl -test_subject_02 test_object_01 rwxatl -test_subject_02 test_object_02 rwxatl -test_subject_02 test_object_03 rwxatl -test_subject_03 test_object_01 rwxatl -test_subject_03 test_object_02 rwxatl -test_subject_03 test_object_03 rwxatl diff --git a/src/libwebappenc-tests/CMakeLists.txt b/src/libwebappenc-tests/CMakeLists.txt deleted file mode 100644 index 3f4b5aea..00000000 --- a/src/libwebappenc-tests/CMakeLists.txt +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright (c) 2012-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @file CMakeLists.txt -# @author Dongsun Lee (ds73.lee@samsung.com) -# @version 0.1 -# @brief -# -INCLUDE(FindPkgConfig) -SET(TARGET_WAE_TEST "libwebappenc-tests") - -#dependencies -PKG_CHECK_MODULES(TARGET_WAE_DEP - libwebappenc - REQUIRED - ) - -#files to compile -SET(TARGET_WAE_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/src/libwebappenc-tests/libwebappenc-tests.cpp - ${PROJECT_SOURCE_DIR}/src/libwebappenc-tests/test_cases.cpp - ) - -#header directories -INCLUDE_DIRECTORIES(SYSTEM - ${TARGET_WAE_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ) - -#output format -ADD_EXECUTABLE(${TARGET_WAE_TEST} ${TARGET_WAE_TEST_SOURCES}) - -#linker directories -TARGET_LINK_LIBRARIES(${TARGET_WAE_TEST} - ${TARGET_WAE_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -#place for output file -INSTALL(TARGETS ${TARGET_WAE_TEST} - DESTINATION /usr/bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - diff --git a/src/libwebappenc-tests/libwebappenc-tests.cpp b/src/libwebappenc-tests/libwebappenc-tests.cpp deleted file mode 100644 index 83a8f252..00000000 --- a/src/libwebappenc-tests/libwebappenc-tests.cpp +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file libwebappenc-tests.cpp - * @author Dongsun Lee (ds73.lee@samsung.com) - * @version 1.0 - * @brief libwebappenc test runer - */ -#include - -int main (int argc, char *argv[]) -{ - int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); - return status; -} - diff --git a/src/libwebappenc-tests/test_cases.cpp b/src/libwebappenc-tests/test_cases.cpp deleted file mode 100644 index 052fb37b..00000000 --- a/src/libwebappenc-tests/test_cases.cpp +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * @file test_cases.cpp - * @author Dongsun Lee (ds73.lee@samsung.com) - * @version 1.0 - * @brief libwebappenc test cases - */ - - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "tests_common.h" -#include - -#define TEST_PKGID_1 "testpkg_for_downloaded" -#define TEST_PKGID_2 "testpkg_for_preloaded" -#define TEST_PLAINTEXT "adbdfdfdfdfdererfdfdfererfdrerfdrer" -#define PRELOADED_WAPP_FILE1 "/usr/share/wae/test/PRELOADED_WAPP_FILE1.enc" - -#define DOWNLOADED_ENC_FILE "/tmp/downloaded_enc_file" -#define PRELOADED_ENC_FILE "/tmp/preloaded_enc_file" - -int _read_from_file(const char* path, unsigned char** data, size_t* len) -{ - int ret = WAE_ERROR_NONE; - FILE* f = NULL; - int file_len = -1; - unsigned char* file_contents = NULL; - int ch = 0; - int i = 0; - - f = fopen(path, "r"); - if( f == NULL) { - ret = WAE_ERROR_FILE; - goto error; - } - - fseek(f, 0, SEEK_END); // move to the end of a file - file_len = ftell(f); - fseek(f, 0, SEEK_SET); // move to the start of a file - - file_contents = (unsigned char*) malloc(file_len); - if(file_contents == NULL) { - ret = WAE_ERROR_MEMORY; - goto error; - } - memset(file_contents, 0x00, file_len); - - while( (ch = fgetc(f)) != EOF) { - file_contents[i++]=(char)ch; - } - - *data = file_contents; - *len = file_len; - -error: - if(f != NULL) - fclose(f); - if(ret != WAE_ERROR_NONE && file_contents != NULL) - free(file_contents); - - return ret; -} - -int _write_to_file(const char* path, const unsigned char* data, size_t len) -{ - int ret = WAE_ERROR_NONE; - - FILE* f = NULL; - int write_len = -1; - - f = fopen(path, "w"); - if( f == NULL) { - ret = WAE_ERROR_FILE; - goto error; - } - - write_len = fwrite(data, 1, len, f); - if(write_len != (int) len) { - ret = WAE_ERROR_FILE; - goto error; - } -error: - if(f != NULL) - fclose(f); - - return ret; -} - - -RUNNER_TEST_GROUP_INIT(libwebappenc) - -RUNNER_TEST(T01_init) { - wae_remove_app_dek(TEST_PKGID_1, WAE_DOWNLOADED_GLOBAL_APP); - wae_remove_app_dek(TEST_PKGID_2, WAE_PRELOADED_APP); -} - -RUNNER_CHILD_TEST(T02_downloaded_web_app_enc){ - int ret = WAE_ERROR_NONE; - const char* pkgId = TEST_PKGID_1; - const char* plaintext = TEST_PLAINTEXT; - size_t plaintextLen = strlen(plaintext); - unsigned char* encrypted = NULL; - size_t encLen = 0; - - wae_app_type_e appType = WAE_DOWNLOADED_GLOBAL_APP; - - ret = wae_encrypt_web_application(pkgId, appType, - (const unsigned char*)plaintext, plaintextLen, - &encrypted, &encLen); - RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_encrypt_web_application. ret=" << ret); - - ret = _write_to_file(DOWNLOADED_ENC_FILE, encrypted, encLen); - RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _write_to_file. file=" << DOWNLOADED_ENC_FILE); -} - -RUNNER_CHILD_TEST(T03_downloaded_web_app_dec){ - int ret = WAE_ERROR_NONE; - const char* pkgId = TEST_PKGID_1; - const char* plaintext = TEST_PLAINTEXT; - size_t plaintextLen = strlen(plaintext); - unsigned char* encrypted = NULL; - size_t encLen = 0; - unsigned char* decrypted = NULL; - size_t decLen = 0; - - wae_app_type_e appType = WAE_DOWNLOADED_GLOBAL_APP; - - ret = _read_from_file(DOWNLOADED_ENC_FILE, &encrypted, &encLen); - RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: _read_from_file. ret=" << ret); - - ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen); - RUNNER_ASSERT_MSG(ret == WAE_ERROR_NONE, "FAIL: wae_decrypt_web_application. ret=" << ret); - - RUNNER_ASSERT_MSG(plaintextLen == decLen, - "FAIL: plaintext_len("< +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +static std::vector UrlList = { + "https://www.google.com", + "https://www.facebook.com", + "https://www.twitter.com", + "https://www.dropbox.com", + "https://www.spideroak.com", + "https://www.youtube.com", + "https://thehackernews.com" /* no static pinned data */ +}; + +const std::string targetUrl = "https://WwW.GooGle.cO.Kr"; +const std::string targetInvalidUrl = "https://WwW.GooGle.cO.Kr11143343jiuj::"; + +int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + if (preverify_ok == 0) + return 0; + + /* + * Do something which isn't related with HPKP here + * And update value to preverify_ok of validation result + */ + + /* call tpkp_verify_callback as additional step */ + return tpkp_curl_verify_callback(preverify_ok, x509_ctx); +} + +static CURLcode ssl_ctx_callback_set_verify(CURL *curl, void *ssl_ctx, void *userptr) +{ + (void)userptr; + + SSL_CTX_set_verify((SSL_CTX *)ssl_ctx, SSL_VERIFY_PEER, verify_callback); + tpkp_e res = tpkp_curl_set_url_data(curl); + if (res != TPKP_E_NONE) + return CURLE_FAILED_INIT; + + return CURLE_OK; +} + +static CURLcode ssl_ctx_callback_not_set_verify(CURL *curl, void *ssl_ctx, void *userptr) +{ + (void)userptr; + + tpkp_e res = tpkp_curl_set_verify(curl, (SSL_CTX *)ssl_ctx); + if (res != TPKP_E_NONE) + return CURLE_FAILED_INIT; + + return CURLE_OK; +} + +static CURL *makeLocalDefaultHandle(std::string url) +{ + CURL *handle = curl_easy_init(); + + RUNNER_ASSERT_MSG( + curl_easy_setopt(handle, CURLOPT_URL, url.c_str()) == CURLE_OK, + "Failed to set opt url : " << targetUrl); + + RUNNER_ASSERT_MSG( + curl_easy_setopt(handle, CURLOPT_VERBOSE, 0L) == CURLE_OK, + "Failed to set opt verbose"); + + RUNNER_ASSERT_MSG( + curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 1L) == CURLE_OK, + "Failed to set opt verify peer"); + + RUNNER_ASSERT_MSG( + curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 2L) == CURLE_OK, + "Failed to set opt verify host"); + + RUNNER_ASSERT_MSG( + curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, 1L) == CURLE_OK, + "Failed to set opt follow location"); + + RUNNER_ASSERT_MSG( + curl_easy_setopt(handle, CURLOPT_NOBODY, 1L) == CURLE_OK, + "Failed to set opt no body"); + + return handle; +} + +static CURL *makeDefaultHandle(std::string url) +{ + curl_global_init(CURL_GLOBAL_DEFAULT); + + return makeLocalDefaultHandle(url); +} + +static void performWithUrl(std::string url) +{ + CURL *curl = makeLocalDefaultHandle(url); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); +} + +RUNNER_TEST_GROUP_INIT(T001_TPKP_CURL_TEST) + +RUNNER_TEST(T00101_posivite_notusing_ssl_ctx_func_opt) +{ + CURL *curl = makeDefaultHandle(targetUrl); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00102_posivite_using_ssl_ctx_func_opt_notusing_ssl_ctx_set_verify) +{ + CURL *curl = makeDefaultHandle(targetUrl); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback_not_set_verify); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00103_posivite_using_ssl_ctx_func_opt_using_ssl_ctx_set_verify) +{ + CURL *curl = makeDefaultHandle(targetUrl); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback_set_verify); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00104_negative_invalid_url) +{ + CURL *curl = makeDefaultHandle(targetInvalidUrl); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback_set_verify); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res != CURLE_OK, + "Shouldnot success perform curl: " << curl_easy_strerror(res)); + std::cout << "code: " << res << " description: " << curl_easy_strerror(res) << std::endl; + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00105_positive_facebook_with_https) +{ + CURL *curl = makeDefaultHandle("https://www.facebook.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00106_positive_facebook_with_http) +{ + CURL *curl = makeDefaultHandle("http://www.facebook.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00107_positive_facebook_with_hostname) +{ + CURL *curl = makeDefaultHandle("www.facebook.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00108_positive_twitter_with_https) +{ + CURL *curl = makeDefaultHandle("https://www.twitter.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00109_positive_dropbox_with_https) +{ + CURL *curl = makeDefaultHandle("https://www.dropbox.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00110_positive_spideroak_with_https) +{ + CURL *curl = makeDefaultHandle("https://www.spideroak.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00111_positive_https_but_no_pinned_data_youtube) +{ + CURL *curl = makeDefaultHandle("https://www.youtube.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); +} + +RUNNER_TEST(T00112_positive_https_but_no_pinned_data_hackernews) +{ + CURL *curl = makeDefaultHandle("https://thehackernews.com"); + CURLcode res; + + res = curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to set opt ssl ctx function. code: " << curl_easy_strerror(res)); + + res = curl_easy_perform(curl); + RUNNER_ASSERT_MSG( + res == CURLE_OK, + "Failed to perform curl: " << curl_easy_strerror(res)); + + tpkp_curl_cleanup(); + curl_easy_cleanup(curl); + curl_global_cleanup(); + +} + +RUNNER_TEST(T00113_positive_threads) +{ + curl_global_init(CURL_GLOBAL_DEFAULT); + + std::vector threads; + + for (const auto &url : UrlList) + threads.emplace_back(performWithUrl, url); + + for (auto &t : threads) + t.join(); + + curl_global_cleanup(); +} + +RUNNER_TEST(T00114_positive_threads_2times) +{ + curl_global_init(CURL_GLOBAL_DEFAULT); + + std::vector threads; + + for (int i = 0; i < 2; i++) { + for (const auto &url : UrlList) + threads.emplace_back(performWithUrl, url); + } + + for (auto &t : threads) + t.join(); + + curl_global_cleanup(); +} + +RUNNER_TEST(T00113_positive_threads_3times) +{ + curl_global_init(CURL_GLOBAL_DEFAULT); + + std::vector threads; + + for (int i = 0; i < 3; i++) { + for (const auto &url : UrlList) + threads.emplace_back(performWithUrl, url); + } + + for (auto &t : threads) + t.join(); + + curl_global_cleanup(); +} diff --git a/src/pinning-tests/gnutls_test.cpp b/src/pinning-tests/gnutls_test.cpp new file mode 100644 index 00000000..12b9f9ad --- /dev/null +++ b/src/pinning-tests/gnutls_test.cpp @@ -0,0 +1,307 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file gnutls_sample.cpp + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief tpkp_gnutls unit test. + */ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +namespace { + +struct DataSet { + gnutls_session_t session; + gnutls_certificate_credentials_t cred; + int sockfd; +}; + +static std::vector s_urlList = { + "www.google.com", + "www.youtube.com", + "www.spideroak.com", + "www.facebook.com", + "www.dropbox.com", + "www.twitter.com", + "www.hackerrank.com", /* no pinned data exist */ + "www.algospot.com" /* no pinned data exist */ +}; + +void connectWithUrl(const std::string &url, int &sockfd) +{ + struct addrinfo *result; + struct addrinfo hints; + memset(&hints, 0x00, sizeof(struct addrinfo)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_CANONNAME; + + int s = getaddrinfo(url.c_str(), "https", &hints, &result); + RUNNER_ASSERT_MSG(s == 0, "getaddrinfo err code: " << s << " desc: " << gai_strerror(s)); + + struct addrinfo *rp; + for (rp = result; rp != nullptr; rp = rp->ai_next) { + sockfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); + if (sockfd == -1) + continue; + + if (connect(sockfd, rp->ai_addr, rp->ai_addrlen) != -1) { + char *ipaddr = inet_ntoa(*((struct in_addr *)rp->ai_addr)); + std::cout << "url: " << url << " connected with addr: " << ipaddr << std::endl; + break; + } + + close(sockfd); + } + + RUNNER_ASSERT_MSG(rp != nullptr, "Could not connect on url: " << url); + + std::cout << "url[" << url << "] canonname[" << result->ai_canonname << "] connected!" << std::endl; + + freeaddrinfo(result); +} + +inline gnutls_certificate_credentials_t makeDefaultCred(gnutls_certificate_verify_function *verify_callback) +{ + gnutls_certificate_credentials_t cred; + + int ret = gnutls_certificate_allocate_credentials(&cred); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to gnutls_certificate_allocate_credentials: " << gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_trust_file(cred, "/etc/ssl/ca-bundle.pem", GNUTLS_X509_FMT_PEM); + RUNNER_ASSERT_MSG( + ret > 0, + "Failed to gnutls_certificate_set_x509_trust_file ret: " << ret); + std::cout << "x509 trust file loaded. cert num: " << ret << std::endl; + + gnutls_certificate_set_verify_function(cred, verify_callback); + + return cred; +} + +DataSet makeDefaultSession(const std::string &url) +{ + DataSet data; + + data.cred = makeDefaultCred(&tpkp_gnutls_verify_callback); + + int ret = gnutls_init(&data.session, GNUTLS_CLIENT); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to gnutls init session: " << gnutls_strerror(ret)); + + ret = gnutls_set_default_priority(data.session); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to set default priority on session: " << gnutls_strerror(ret)); + + ret = gnutls_credentials_set(data.session, GNUTLS_CRD_CERTIFICATE, data.cred); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to gnutls_credentials_set: " << gnutls_strerror(ret)); + + connectWithUrl(url, data.sockfd); + + RUNNER_ASSERT_MSG( + tpkp_gnutls_set_url_data(url.c_str()) == TPKP_E_NONE, + "Failed to tpkp_gnutls_set_url_data."); + + gnutls_transport_set_int(data.session, data.sockfd); + gnutls_handshake_set_timeout(data.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + return data; +} + +DataSet makeSessionWithoutPinning(const std::string &url) +{ + DataSet data; + + int ret = gnutls_certificate_allocate_credentials(&data.cred); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to gnutls_certificate_allocate_credentials: " << gnutls_strerror(ret)); + + ret = gnutls_init(&data.session, GNUTLS_CLIENT); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to gnutls init session: " << gnutls_strerror(ret)); + + ret = gnutls_set_default_priority(data.session); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to set default priority on session: " << gnutls_strerror(ret)); + + ret = gnutls_credentials_set(data.session, GNUTLS_CRD_CERTIFICATE, data.cred); + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Failed to gnutls_credentials_set: " << gnutls_strerror(ret)); + + connectWithUrl(url, data.sockfd); + + gnutls_transport_set_int(data.session, data.sockfd); + gnutls_handshake_set_timeout(data.session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + return data; +} + +void performHandshake(DataSet &data) +{ + int ret; + do { + ret = gnutls_handshake(data.session); + } while (ret != GNUTLS_E_SUCCESS && gnutls_error_is_fatal(ret) == 0); + + RUNNER_ASSERT_MSG( + ret == GNUTLS_E_SUCCESS, + "Handshake failed! err code: " << ret << " desc: " << gnutls_strerror(ret)); +} + +void cleanup(DataSet &data) +{ + gnutls_bye(data.session, GNUTLS_SHUT_RDWR); + close(data.sockfd); + gnutls_certificate_free_credentials(data.cred); + gnutls_deinit(data.session); + + tpkp_gnutls_cleanup(); +} + +void perform(const std::string &url) +{ + DataSet data = makeDefaultSession(url); + performHandshake(data); + cleanup(data); +} + +void performWithoutPinning(const std::string &url) +{ + DataSet data = makeSessionWithoutPinning(url); + performHandshake(data); + cleanup(data); +} + +} + +RUNNER_TEST_GROUP_INIT(T002_GNUTLS_TEST) + +RUNNER_TEST(T00201_positive_1) +{ + gnutls_global_init(); + + perform(s_urlList[0]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00202_positive_2) +{ + gnutls_global_init(); + + perform(s_urlList[1]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00203_positive_3) +{ + gnutls_global_init(); + + perform(s_urlList[2]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00204_positive_4) +{ + gnutls_global_init(); + + perform(s_urlList[3]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00205_positive_5) +{ + gnutls_global_init(); + + perform(s_urlList[4]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00206_positive_6) +{ + gnutls_global_init(); + + perform(s_urlList[5]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00207_positive_7) +{ + gnutls_global_init(); + + perform(s_urlList[6]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00208_positive_8) +{ + gnutls_global_init(); + + perform(s_urlList[7]); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00209_positive_all_single_thread) +{ + gnutls_global_init(); + + for (const auto &url : s_urlList) + perform(url); + + gnutls_global_deinit(); +} + +RUNNER_TEST(T00210_positive_all_single_thread_without_pinning) +{ + gnutls_global_init(); + + for (const auto &url : s_urlList) + performWithoutPinning(url); + + gnutls_global_deinit(); +} diff --git a/src/pinning-tests/main.cpp b/src/pinning-tests/main.cpp new file mode 100644 index 00000000..4e559b2a --- /dev/null +++ b/src/pinning-tests/main.cpp @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file main.cpp + * @author Kyungwook Tak(k.tak@samsung.com) + * @version 1.0 + * @brief Https Public Key Pinning test main. + */ +#include + +int main(int argc, char *argv[]) +{ + return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); +} diff --git a/src/security-manager-tests/CMakeLists.txt b/src/security-manager-tests/CMakeLists.txt deleted file mode 100644 index 0f50b8e7..00000000 --- a/src/security-manager-tests/CMakeLists.txt +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Marcin Niesluchowski (m.niesluchow@samsung.com) -# @brief -# - -INCLUDE(FindPkgConfig) - -# Dependencies -PKG_CHECK_MODULES(SEC_MGR_TESTS_DEP - REQUIRED - libsmack - libprivilege-control - cynara-client - cynara-admin - security-manager - libtzplatform-config - sqlite3 - libcap - dbus-1 - libgum) - - -SET(TARGET_SEC_MGR_TESTS "security-manager-tests") - -SET(SEC_MGR_SOURCES - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_commons.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/security_manager_tests.cpp - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_api.cpp - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_db.cpp - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_request.cpp - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_user_request.cpp - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/sm_policy_request.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_client.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_admin.cpp - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp - ) - -INCLUDE_DIRECTORIES(SYSTEM - ${SEC_MGR_TESTS_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES(SYSTEM - ${CYNARA_TARGET_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/common/ - ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/ - ${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/ - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/ - ) - -FIND_PACKAGE(Threads) - -ADD_EXECUTABLE(${TARGET_SEC_MGR_TESTS} ${SEC_MGR_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_MGR_TESTS} - ${SEC_MGR_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ${CMAKE_THREAD_LIBS_INIT} - ) - -INSTALL(TARGETS ${TARGET_SEC_MGR_TESTS} DESTINATION /usr/bin) - -INSTALL(DIRECTORY - ${PROJECT_SOURCE_DIR}/src/security-manager-tests/app_files/ - DESTINATION /usr/apps/ -) diff --git a/src/security-manager-tests/app_files/non_app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/non_app_dir/.level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/non_app_dir/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/.level_1/exec b/src/security-manager-tests/app_files/non_app_dir/.level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/non_app_dir/.level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/non_app_dir/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/.level_1/normal b/src/security-manager-tests/app_files/non_app_dir/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/exec b/src/security-manager-tests/app_files/non_app_dir/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/non_app_dir/level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/non_app_dir/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/exec b/src/security-manager-tests/app_files/non_app_dir/level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/non_app_dir/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/non_app_dir/level_1/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/non_app_dir/level_1/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/non_app_dir/level_1/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/non_app_dir/level_1/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/non_app_dir/level_1/normal b/src/security-manager-tests/app_files/non_app_dir/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/non_app_dir/link_to_exec b/src/security-manager-tests/app_files/non_app_dir/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/non_app_dir/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/non_app_dir/link_to_non_exec b/src/security-manager-tests/app_files/non_app_dir/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/non_app_dir/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/non_app_dir/normal b/src/security-manager-tests/app_files/non_app_dir/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_exec deleted file mode 120000 index a3a6771e..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_exec +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_normal deleted file mode 120000 index 1fdebecc..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/link_to_non_app_normal +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_dir b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_dir deleted file mode 120000 index 45083fbe..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_dir +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_exec deleted file mode 120000 index a3a6771e..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_exec +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_normal deleted file mode 120000 index 1fdebecc..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_app_normal +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_dir b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_dir deleted file mode 120000 index 45083fbe..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_dir +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_exec deleted file mode 120000 index a3a6771e..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_exec +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_normal deleted file mode 120000 index 1fdebecc..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_app_normal +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_public_ro/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_exec deleted file mode 120000 index a3a6771e..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_exec +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_normal deleted file mode 120000 index 1fdebecc..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/link_to_non_app_normal +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/.level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/.level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/exec deleted file mode 100755 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/level_2/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/level_1/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_exec deleted file mode 120000 index f1b66f37..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_exec +++ /dev/null @@ -1 +0,0 @@ -exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_dir b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_dir deleted file mode 120000 index 45083fbe..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_dir +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_exec deleted file mode 120000 index a3a6771e..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_exec +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/exec \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_normal deleted file mode 120000 index 1fdebecc..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_app_normal +++ /dev/null @@ -1 +0,0 @@ -../../non_app_dir/normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_exec b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_exec deleted file mode 120000 index 5ae03463..00000000 --- a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/link_to_non_exec +++ /dev/null @@ -1 +0,0 @@ -normal \ No newline at end of file diff --git a/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/normal b/src/security-manager-tests/app_files/sm_test_02_pkg_id_full/app_dir_ro/normal deleted file mode 100644 index e69de29b..00000000 diff --git a/src/security-manager-tests/common/sm_api.cpp b/src/security-manager-tests/common/sm_api.cpp deleted file mode 100644 index 2e79f1b6..00000000 --- a/src/security-manager-tests/common/sm_api.cpp +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -#include - -namespace SecurityManagerTest { - -namespace Api { - -void free_cstring_list(char **p, size_t count) { - for (size_t i = 0; i < count; i++) { - free(p[i]); - } - delete [] p; -} - -void install(const InstallRequest &request, lib_retcode expectedResult) -{ - int result = security_manager_app_install(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "installing app returned wrong value." - << " InstallRequest: [ " << request << "];" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void uninstall(const InstallRequest &request, lib_retcode expectedResult) -{ - int result = security_manager_app_uninstall(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "uninstalling app returned wrong value." - << " InstallRequest: [ " << request << "];" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -std::string getPkgId(const char *appId, lib_retcode expectedResult) -{ - char *pkgId = nullptr; - int result = security_manager_get_app_pkgid(&pkgId, appId); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "getting pkg id from app id returned wrong value." - << " App id: " << appId << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - if (expectedResult != SECURITY_MANAGER_SUCCESS) - return std::string(); - - RUNNER_ASSERT_MSG(pkgId != nullptr, "getting pkg id did not allocate memory"); - std::string str(pkgId); - free(pkgId); - return str; -} - -void setProcessLabel(const char *appId, lib_retcode expectedResult) -{ - int result = security_manager_set_process_label_from_appid(appId); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting process label from app id returned wrong value." - << " App id: " << appId << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void setProcessGroups(const char *appId, lib_retcode expectedResult) -{ - int result = security_manager_set_process_groups_from_appid(appId); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting process groups from app id returned wrong value." - << " App id: " << appId << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void dropProcessPrivileges(lib_retcode expectedResult) -{ - int result = security_manager_drop_process_privileges(); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "dropping process privileges returned wrong value." - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void prepareApp(const char *appId, lib_retcode expectedResult) -{ - int result = security_manager_prepare_app(appId); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "preparing app returned wrong value." - << " App id: " << appId << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void addUser(const UserRequest &request, lib_retcode expectedResult) -{ - int result = security_manager_user_add(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "adding user returned wrong value." - << " UserRequest: [ " << request << "];" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void deleteUser(const UserRequest &request, lib_retcode expectedResult) -{ - int result = security_manager_user_delete(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "deleting user returned wrong value." - << " UserRequest: [ " << request << "];" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult) -{ - int result = security_manager_policy_update_send(request.get()); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "sending policy update for self returned wrong value." - << " PolicyRequest: [ " << request << "];" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); -} - -void getConfiguredPolicy(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult, bool forAdmin) -{ - policy_entry **pp_privs_policy = NULL; - size_t policy_size = 0; - int result; - - if (forAdmin) { - result = security_manager_get_configured_policy_for_admin(filter.get(), &pp_privs_policy, &policy_size); - } else { - result = security_manager_get_configured_policy_for_self(filter.get(), &pp_privs_policy, &policy_size); - }; - - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "Unexpected result for filter: " << filter << std::endl - << " Result: " << result << ";"); - - for (unsigned int i = 0; i < policy_size; ++i) { - PolicyEntry pe(*pp_privs_policy[i]); - policyEntries.push_back(pe); - }; -} - -void getPolicy(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult) -{ - policy_entry **pp_privs_policy = NULL; - size_t policy_size = 0; - int result; - - result = security_manager_get_policy(filter.get(), &pp_privs_policy, &policy_size); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "Unexpected result" << std::endl - << " Result: " << result << ";"); - for (unsigned int i = 0; i < policy_size; ++i) { - PolicyEntry pe(*pp_privs_policy[i]); - policyEntries.push_back(pe); - }; -} - -void getPolicyForSelf(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult) -{ - getConfiguredPolicy(filter, policyEntries, expectedResult, false); -} - -void getPolicyForAdmin(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult) -{ - getConfiguredPolicy(filter, policyEntries, expectedResult, true); -} - -void getPrivilegesMappings(const char *version_from, - const char *version_to, - const std::vector &privileges, - std::vector &mappings, - lib_retcode expectedResult) -{ - char **mappings_buff = nullptr; - size_t mappings_count; - - size_t i = 0; - - std::unique_ptr> privileges_buff(new char*[privileges.size()], - std::bind(free_cstring_list, std::placeholders::_1, std::ref(i))); - - for (; i < privileges.size(); i++) { - if (privileges[i].empty()) - privileges_buff.get()[i] = nullptr; - else - privileges_buff.get()[i] = strdup(privileges[i].c_str()); - RUNNER_ASSERT_MSG(privileges_buff.get()[i], "Couldn't copy string"); - } - - int result; - if (privileges.empty()) - result = security_manager_get_privileges_mapping(version_from, version_to, nullptr, - privileges.size(), &mappings_buff, &mappings_count); - else - result = security_manager_get_privileges_mapping(version_from, version_to, privileges_buff.get(), - privileges.size(), &mappings_buff, &mappings_count); - RUNNER_ASSERT_MSG(static_cast(result) == expectedResult, - "Unexpected result in security_manager_get_privileges_mapping()" << std::endl - << "For version_from: " << version_from << " version_to: " << version_to << " for set of privileges" << std::endl - << " Result: " << result << " Expected: " << expectedResult); - for (size_t i = 0; i < mappings_count; i++) { - mappings.push_back(mappings_buff[i]); - } - security_manager_privilege_mapping_free(mappings_buff, mappings_count); -} - -} // namespace Api - -} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_api.h b/src/security-manager-tests/common/sm_api.h deleted file mode 100644 index e96e249c..00000000 --- a/src/security-manager-tests/common/sm_api.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SECURITY_MANAGER_TEST_API -#define SECURITY_MANAGER_TEST_API - -#include -#include -#include - -#include - -namespace SecurityManagerTest { - -namespace Api { - -void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -std::string getPkgId(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void setProcessLabel(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void setProcessGroups(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void prepareApp(const char *appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void getPolicy(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void getPolicyForSelf(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void getPolicyForAdmin(const PolicyEntry &filter, std::vector &policyEntries, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -void getPrivilegesMappings(const char *version_from, - const char *version_to, - const std::vector &privileges, - std::vector &mappings, - lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); -} // namespace Api - -} // namespace SecurityManagerTest - -#endif // SECURITY_MANAGER_TEST_API diff --git a/src/security-manager-tests/common/sm_db.cpp b/src/security-manager-tests/common/sm_db.cpp deleted file mode 100644 index 10aa48c8..00000000 --- a/src/security-manager-tests/common/sm_db.cpp +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file sm_db.cpp - * @author Marcin Lis (m.lis@samsung.com) - * @version 1.0 - * @brief security-manager tests database record check functions - */ - -#include -#include -#include -#include "sm_db.h" -#include "db_sqlite.h" - -/* Keep this consistent with the database file path used in the security-manager */ -const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); - -/* Initialize static constants */ -const bool TestSecurityManagerDatabase::NOT_REMOVED = false; -const bool TestSecurityManagerDatabase::REMOVED = true; - -TestSecurityManagerDatabase::TestSecurityManagerDatabase() : m_base(PRIVILEGE_DB_PATH, SQLITE_OPEN_READWRITE) -{ -} - -void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name, - const std::string &pkg_name) -{ - const privileges_t dummy; /* just some empty privileges set */ - - test_db_after__app_install(app_name, pkg_name, dummy); -} - -void TestSecurityManagerDatabase::test_db_after__app_install(const std::string &app_name, - const std::string &pkg_name, - const privileges_t &privileges) -{ - if (!m_base.is_open()) - m_base.open(); - - RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty"); - RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); - - check_app_and_pkg(app_name, pkg_name, NOT_REMOVED); - - if (!privileges.empty()) { - check_privileges(app_name, pkg_name, privileges); - } -} - -void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name, - const std::string &pkg_name, - const bool is_pkg_removed) -{ - const privileges_t dummy; /* just some empty privileges set */ - - test_db_after__app_uninstall(app_name, pkg_name, dummy, is_pkg_removed); -} - -void TestSecurityManagerDatabase::test_db_after__app_uninstall(const std::string &app_name, - const std::string &pkg_name, - const privileges_t &privileges, - const bool is_pkg_removed) -{ - if (!m_base.is_open()) - m_base.open(); - - RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty"); - RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); - - check_app_and_pkg(app_name, pkg_name, REMOVED); - check_pkg(pkg_name, is_pkg_removed); - - if (!privileges.empty()) { - check_privileges_removed(app_name, pkg_name, privileges); - } -} - -void TestSecurityManagerDatabase::check_privileges(const std::string &app_name, - const std::string &pkg_name, - const privileges_t &privileges) -{ - bool result; - - RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty"); - RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); - - for (auto it = privileges.begin(); it != privileges.end(); ++it) { - result = check_privilege(app_name, pkg_name, *it); - - RUNNER_ASSERT_MSG(result == true, "privilege: <" << *it << "> not added to app: <" << - app_name << "> from pkg_id: <" << pkg_name << ">"); - } -} - -void TestSecurityManagerDatabase::check_privileges_removed(const std::string &app_name, - const std::string &pkg_name, - const privileges_t &privileges) -{ - bool result; - - RUNNER_ASSERT_MSG(!app_name.empty(), "Request is corrupted, appId is empty"); - RUNNER_ASSERT_MSG(!pkg_name.empty(), "Request is corrupted, pkgId is empty"); - - for (auto it = privileges.begin(); it != privileges.end(); ++it) { - result = check_privilege(app_name, pkg_name, *it); - - RUNNER_ASSERT_MSG(result == false, "privilege: <" << *it << "> not removed for app: <" << - app_name << "> from pkg_id: <" << pkg_name << ">"); - } -} - -void TestSecurityManagerDatabase::check_app_and_pkg(const std::string &app_name, const std::string &pkg_name, - const bool is_app_removed) -{ - Sqlite3DBaseSelectResult result; - std::ostringstream sql; - sql << "SELECT app_name, pkg_name FROM app_pkg_view" - " WHERE app_name == '" << app_name << "' " - " AND pkg_name == '" << pkg_name << "' ;"; - m_base.execute(sql.str(), result); - - if (is_app_removed) /* expect 0 results */ - RUNNER_ASSERT_MSG(result.rows.size() == 0, "query : <" << sql.str() << - "> returned [" << result.rows.size() << "] rows, expected [0]"); - else /* expect exactly 1 result with 2 columns */ - RUNNER_ASSERT_MSG(result.rows.size() == 1 && result.rows[0].size() == 2, "query : <" << - sql.str() << "> returned [" << result.rows.size() << "] rows, expected [1]"); -} - -void TestSecurityManagerDatabase::check_pkg(const std::string &pkg_name, - const bool is_pkg_removed) -{ - const unsigned expected_rows = is_pkg_removed ? 0 : 1; - Sqlite3DBaseSelectResult result; - std::ostringstream sql; - sql << "SELECT pkg_id FROM pkg" - " WHERE name == '" << pkg_name << "' ;"; - m_base.execute(sql.str(), result); - - RUNNER_ASSERT_MSG(result.rows.size() == expected_rows, "query : <" << - sql.str() << "> returned [" << result.rows.size() << "] rows, expected [" << - expected_rows << "] rows"); -} - -bool TestSecurityManagerDatabase::check_privilege(const std::string &app_name, - const std::string &pkg_name, - const std::string &privilege) -{ - Sqlite3DBaseSelectResult result; - std::ostringstream sql; - sql << "SELECT privilege_id FROM app_privilege_view" - " WHERE app_name == '" << app_name << "' " - " AND pkg_name == '" << pkg_name << "' " - " AND privilege_name == '" << privilege << "' " - ";"; - m_base.execute(sql.str(), result); - - /* only 0 or 1 resulting rows are alowed */ - RUNNER_ASSERT_MSG(result.rows.size() == 0 || result.rows.size() == 1, "query : <" << sql.str() << "> returned [" << - result.rows.size() << "] rows"); - - return result.rows.size() == 1; -} - -void TestSecurityManagerDatabase::setup_privilege_groups(const std::string &privilege, - const std::vector &groups) -{ - Sqlite3DBaseSelectResult result; - std::ostringstream sql; - - if (!m_base.is_open()) - m_base.open(); - - for (const auto &group : groups) { - sql.clear(); - sql.str(""); - sql << "INSERT INTO privilege_group_view (privilege_name, group_name) " - "VALUES (" - << "'" << privilege << "'" << "," - << "'" << group << "'" << ")"; - m_base.execute(sql.str(), result); - } -} - -void TestSecurityManagerDatabase::setup_privilege_mapping(const std::string &version_from, - const std::string &version_to, - const std::string &privilege, - const std::string &mapping) -{ - Sqlite3DBaseSelectResult result; - std::ostringstream sql; - - if (!m_base.is_open()) - m_base.open(); - - sql.clear(); - sql.str(""); - sql << "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) " - "VALUES (" - << "'" << version_from << "'" << "," - << "'" << version_to << "'" << "," - << "'" << privilege << "'" << "," - << "'" << mapping << "'" << ")"; - m_base.execute(sql.str(), result); -} - -void TestSecurityManagerDatabase::setup_default_version_privilege(const std::string &version_from, - const std::string &version_to, - const std::string &privilege) -{ - Sqlite3DBaseSelectResult result; - std::ostringstream sql; - - if (!m_base.is_open()) - m_base.open(); - - sql.clear(); - sql.str(""); - sql << "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) " - "VALUES (" - << "'" << version_from << "'" << "," - << "'" << version_to << "'" << "," - << "NULL," - << "'" << privilege << "'" << ")"; - m_base.execute(sql.str(), result); - -} diff --git a/src/security-manager-tests/common/sm_db.h b/src/security-manager-tests/common/sm_db.h deleted file mode 100644 index 0cffde26..00000000 --- a/src/security-manager-tests/common/sm_db.h +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file sm_db.h - * @author Marcin Lis (m.lis@samsung.com) - * @version 1.0 - * @brief security-manager tests database record check functions - */ - -#ifndef SECURITY_MANAGER_TEST_DB_H_ -#define SECURITY_MANAGER_TEST_DB_H_ - -#include -#include "db_sqlite.h" - -typedef std::vector privileges_t; - -/** - * @class TestSecurityManagerDatabase - * @brief Class containing methods for testing libprivlege database. - */ -class TestSecurityManagerDatabase -{ -public: -/** - * @brief A usefull constant to indicate that app/pkg should be present in db - */ - const static bool NOT_REMOVED; -/** - * @brief A usefull constant to indicate that app/pkg should not be present in db - */ - const static bool REMOVED; -/** - * @brief A constructor - */ - TestSecurityManagerDatabase(); - -/** - * @brief A destructor - */ - ~TestSecurityManagerDatabase() = default; - -/** - * @brief Method for testing database after "security_manager_app_install" was run. - * - * It checks existence of proper: - app_name - * - pkg_name - * - * @param app_name name of the app previously used in security_manager_app_install. - * @param pkg_name name of the pkg previously used in security_manager_app_install. - */ - void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name); - -/** - * @brief Method for testing database after "security_manager_app_install" was run. - * - * It checks existence of proper: - app_name - * - pkg_name - * - privileges - * TODO: appPaths are currently not handled directly by security-manager, so they are not tested. - * - * @param app_name name of the app previously used in security_manager_app_install. - * @param pkg_name name of the pkg previously used in security_manager_app_install. - * @param privileges vector of privileges previously used in security_manager_app_install. - */ - void test_db_after__app_install(const std::string &app_name, const std::string &pkg_name, - const privileges_t &privileges); - -/** - * @brief Method for testing database after "security_manager_app_uninstall" was run. - * - * It checks absence of proper: - app_name - * - optionally pkg_name - * - * @param app_name name of the app previously used in security_manager_app_uninstall. - * @param pkg_name name of the pkg previously used in security_manager_app_uninstall. - * @param is_pkg_removed tells if pkg_id is expected to remain in db or not. - */ - void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name, - const bool is_pkg_removed); - -/** - * @brief Method for testing database after "security_manager_app_uninstall" was run. - * - * It checks absence of proper: - app_name - * - optionally pkg_name - * - app privileges - * TODO: appPaths are currently not handled directly by security-manager, so they are not tested. - * - * @param app_name name of the app previously used in security_manager_app_uninstall. - * @param pkg_name name of the pkg previously used in security_manager_app_uninstall. - * @param privileges vector of privileges previously used in security_manager_app_uninstall. - * @param is_pkg_removed tells if pkg_id is expected to remain in db or not. - */ - void test_db_after__app_uninstall(const std::string &app_name, const std::string &pkg_name, - const privileges_t &privileges, const bool is_pkg_removed); - -/** - * @brief It checks db for existence of a all privileges from install request. - * - * @param app_name name of the app previously used i.e. in security_manager_app_install. - * @param pkg_name name of the pkg previously used i.e. in security_manager_app_install. - * @param privileges vector of privileges previously used i.e. in security_manager_app_install. - */ - void check_privileges(const std::string &app_name, const std::string &pkg_name, - const privileges_t &privileges); - -/** - * @brief It checks in db if all app privileges from install request are removed. - * - * @param app_name name of the app previously used i.e. in security_manager_app_uninstall. - * @param pkg_name name of the pkg previously used i.e. in security_manager_app_uninstall. - * @param privileges vector of privileges previously used i.e. in security_manager_app_uninstall. - */ - void check_privileges_removed(const std::string &app_name, const std::string &pkg_name, - const privileges_t &privileges); - -/** - * @brief Method for setting privilege to groups mapping in security-manager database - * - * @param privilege name of the privilege - * @param groups vector of group names - */ - void setup_privilege_groups(const std::string &privilege, - const std::vector &groups); - -/** - * @brief Method for setting privilege to privilege mappings from one version to another - * in security-manager database - * - * @param version_from version which mapping is from - * @param version_to version which mapping is to - * @param privilege privilege for which mapping is set - * @param mappings mapping of given privielege - * - */ - void setup_privilege_mapping(const std::string &version_from, - const std::string &version_to, - const std::string &privilege, - const std::string &mapping); -/** - * @brief Method for setting privilege to privilege mappings from one version to another - * in security-manager database - * - * @param version_from version which mapping is from - * @param version_to version which mapping is to - * @param privilege privilege for which mapping is set - * @param mappings default privilege - * - */ - void setup_default_version_privilege(const std::string &version_from, - const std::string &version_to, - const std::string &privilege); -private: -/** - * @var base - * @brief Sqlite3DBase object giving simple access to database - * - * Connection to database is open first time it is needed - * and closed in destructor of TestSecurityManagerDatabase. - */ - Sqlite3DBase m_base; - -/** - * @brief Check db for [non]existence of given app_name in pkg_name - * - * @param app_name name of application - * @param pkg_name name of package - * @param is_app_removed tells if app is expected in db - */ - void check_app_and_pkg(const std::string &app_name, const std::string &pkg_name, - const bool is_app_removed); - -/** - * @brief Check db for [non]existence of given pkg_name - * - * @param pkg_name name of the package - * @param is_pkg_removed tells if pkg is expected in db - */ - void check_pkg(const std::string &pkg_name, - const bool is_pkg_removed); - -/** - * @brief Check db for existence of a single privilege. - * - * @param app_name name of application - * @param pkg_name application's package name - * @param privilege name of the privilege - * - * @return true when privilege present - * false when privilege not present - */ - bool check_privilege(const std::string &app_name, const std::string &pkg_name, - const std::string &privilege); -}; - -#endif /* SECURITY_MANAGER_TEST_DB_H_ */ diff --git a/src/security-manager-tests/common/sm_policy_request.cpp b/src/security-manager-tests/common/sm_policy_request.cpp deleted file mode 100644 index 043b8d16..00000000 --- a/src/security-manager-tests/common/sm_policy_request.cpp +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -namespace SecurityManagerTest { - -PolicyEntry::PolicyEntry() - : m_appId(true, std::string(SECURITY_MANAGER_ANY)) - , m_user(true, std::string(SECURITY_MANAGER_ANY)) - , m_privilege(true, std::string(SECURITY_MANAGER_ANY)) - , m_currentLevel(false, std::string("")) - , m_maxLevel(false, std::string("")) -{ - int result = security_manager_policy_entry_new(&m_entry); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new policy entry failed. Result: " << result); - RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory"); - - security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str()); - security_manager_policy_entry_set_user(m_entry, m_user.second.c_str()); - security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str()); -} - -PolicyEntry::PolicyEntry(const std::string &appId, const std::string &user, - const std::string &privilege) - : m_appId(true, std::string(appId)) - , m_user(true, std::string(user)) - , m_privilege(true, std::string(privilege)) - , m_currentLevel(false, std::string("")) - , m_maxLevel(false, std::string("")) -{ - int result = security_manager_policy_entry_new(&m_entry); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new policy entry failed. Result: " << result); - RUNNER_ASSERT_MSG(m_entry != nullptr, "creation of new policy entry did not allocate memory"); - - security_manager_policy_entry_set_user(m_entry, m_user.second.c_str()); - security_manager_policy_entry_set_application(m_entry, m_appId.second.c_str()); - security_manager_policy_entry_set_privilege(m_entry, m_privilege.second.c_str()); -} - -PolicyEntry::PolicyEntry(policy_entry &entry): m_entry(&entry) -{ - m_appId.first = true; - m_appId.second = std::string(security_manager_policy_entry_get_application(m_entry)); - - m_user.first = true; - m_user.second = std::string(security_manager_policy_entry_get_user(m_entry)); - - m_privilege.first = true; - m_privilege.second = std::string(security_manager_policy_entry_get_privilege(m_entry)); - - m_currentLevel.first = true; - m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry)); - - m_maxLevel.first = true; - m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry)); -}; - -void PolicyEntry::setLevel(const std::string &level) -{ - m_currentLevel.first = true; - m_currentLevel.second = level; - security_manager_policy_entry_set_level(m_entry, level.c_str()); - m_maxLevel.first = true; - m_maxLevel.second = std::string(security_manager_policy_entry_get_max_level(m_entry)); -}; - -void PolicyEntry::setMaxLevel(const std::string &level) -{ - m_maxLevel.first = true; - m_maxLevel.second = level; - security_manager_policy_entry_admin_set_level(m_entry, level.c_str()); - m_currentLevel.first = true; - m_currentLevel.second = std::string(security_manager_policy_entry_get_level(m_entry)); -}; - - -std::ostream& operator<<(std::ostream &os, const PolicyEntry &request) -{ - if (request.m_appId.first) - os << "appId: " << request.m_appId.second << "; "; - - if (request.m_user.first) - os << "user: " << request.m_user.second << "; "; - - if (request.m_privilege.first) - os << "privilege: " << request.m_privilege.second << "; "; - - if (request.m_currentLevel.first) - os << "current: " << request.m_currentLevel.second << "; "; - - if (request.m_maxLevel.first) - os << "max: " << request.m_maxLevel.second << "; "; - - return os; -} - -PolicyEntry::~PolicyEntry() -{ -} - -void PolicyEntry::free(void) -{ - security_manager_policy_entry_free(m_entry); -} - - -PolicyRequest::PolicyRequest() - : m_req(nullptr), - m_entries() -{ - int result = security_manager_policy_update_req_new(&m_req); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new policy request failed. Result: " << result); - RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new policy request did not allocate memory"); -} - -PolicyRequest::~PolicyRequest() -{ - for(std::vector::iterator it = m_entries.begin(); it != m_entries.end(); ++it) { - it->free(); - } - security_manager_policy_update_req_free(m_req); -} - -void PolicyRequest::addEntry(PolicyEntry &entry, - lib_retcode expectedResult) -{ - int result = 0; - - result = security_manager_policy_update_req_add_entry(m_req, entry.get()); - - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "adding policy entry to request returned wrong value." - << " entry: " << entry << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - - m_entries.push_back(entry); -} - -std::ostream& operator<<(std::ostream &os, const PolicyRequest &request) -{ - if (request.m_entries.size() != 0) - { - os << "PolicyRequest m_entries size: " << request.m_entries.size() << "; "; - - for(unsigned int i = 0; i != request.m_entries.size(); i++) { - os << "entry " << i << ": " << request.m_entries[i] << "; "; - } - } - - return os; -} - -} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_policy_request.h b/src/security-manager-tests/common/sm_policy_request.h deleted file mode 100644 index bd313296..00000000 --- a/src/security-manager-tests/common/sm_policy_request.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SECURITY_MANAGER_TEST_POLICYREQUEST -#define SECURITY_MANAGER_TEST_POLICYREQUEST - -#include -#include -#include -#include - -#include - -namespace SecurityManagerTest { - -class PolicyEntry -{ -public: - PolicyEntry(); - - PolicyEntry(const std::string &appId, - const std::string &user, - const std::string &privilege - ); - ~PolicyEntry(); - - PolicyEntry(policy_entry &entry); - - policy_entry *get() const { return m_entry; } - std::string getUser() const { return m_user.second; } - std::string getAppId() const { return m_appId.second; } - std::string getPrivilege() const { return m_privilege.second; } - std::string getCurrentLevel() const { return m_currentLevel.second; } - std::string getMaxLevel() const { return m_maxLevel.second; } - void setLevel(const std::string &level); - void setMaxLevel(const std::string &level); - void free(void); - - friend std::ostream& operator<<(std::ostream &, const PolicyEntry&); - -private: - policy_entry *m_entry; - std::pair m_appId; - std::pair m_user; - std::pair m_privilege; - std::pair m_currentLevel; - std::pair m_maxLevel; -}; - -std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyEntry &request); - -class PolicyRequest -{ -public: - PolicyRequest(); - PolicyRequest(const PolicyRequest&) = delete; - PolicyRequest& operator=(const PolicyRequest&) = delete; - ~PolicyRequest(); - - void addEntry(PolicyEntry &entry, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); - - policy_update_req *get() const { return m_req; } - friend std::ostream& operator<<(std::ostream &, const PolicyRequest&); - -private: - policy_update_req *m_req; - std::vector m_entries; -}; - -std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::PolicyRequest &request); - -} // namespace SecurityManagerTest - -#endif // SECURITY_MANAGER_TEST_USERREQUEST diff --git a/src/security-manager-tests/common/sm_request.cpp b/src/security-manager-tests/common/sm_request.cpp deleted file mode 100644 index 910bbfdd..00000000 --- a/src/security-manager-tests/common/sm_request.cpp +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -namespace SecurityManagerTest { - -InstallRequest::InstallRequest() - : m_req(nullptr) - , m_appId(nullptr) - , m_pkgId(nullptr) - , m_uid(false, 0) -{ - int result = security_manager_app_inst_req_new(&m_req); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new request failed. Result: " << result); - RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory"); -} - -InstallRequest::~InstallRequest() -{ - security_manager_app_inst_req_free(m_req); -} - -void InstallRequest::setAppId(const char *appId, lib_retcode expectedResult) -{ - int result = security_manager_app_inst_req_set_app_id(m_req, appId); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting app id returned wrong value." - << " App id: " << appId << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_appId = appId; -} - -void InstallRequest::setPkgId(const char *pkgId, lib_retcode expectedResult) -{ - int result = security_manager_app_inst_req_set_pkg_id(m_req, pkgId); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting pkg id returned wrong value." - << " Pkg id: " << pkgId << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_pkgId = pkgId; -} - -void InstallRequest::addPrivilege(const char *privilege, lib_retcode expectedResult) -{ - int result = security_manager_app_inst_req_add_privilege(m_req, privilege); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "adding privilege returned wrong value." - << " Privilege: " << privilege << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_privileges.push_back(privilege); -} - -void InstallRequest::addPath(const char *path, app_install_path_type pathType, lib_retcode expectedResult) -{ - int result = security_manager_app_inst_req_add_path(m_req, path, pathType); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "adding path returned wrong value." - << " Path: " << path << ";" - << " Path type: " << pathType << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_paths.push_back(std::pair(path, pathType)); -} - -void InstallRequest::setUid(const uid_t uid, lib_retcode expectedResult) -{ - int result = security_manager_app_inst_req_set_uid(m_req, uid); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting uid returned wrong value." - << " Uid: " << uid << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_uid.first = true; - m_uid.second = uid; -} - -std::ostream& operator<<(std::ostream &os, const InstallRequest &request) -{ - if (request.m_appId != nullptr) - os << "app id: " << request.m_appId << "; "; - if (request.m_pkgId != nullptr) - os << "pkg id: " << request.m_pkgId << "; "; - if (!request.m_privileges.empty()) { - os << "privileges: [ " << request.m_privileges[0]; - for (size_t i=1; i < request.m_privileges.size(); ++i) { - os << "; " << request.m_privileges[i]; - } - os << " ]"; - } - if (!request.m_paths.empty()) { - os << "paths: [ " << "< " << request.m_paths[0].first << "; " - << request.m_paths[0].second << " >"; - for (size_t i=1; i < request.m_paths.size(); ++i) { - os << "; < " << request.m_paths[i].first << "; " - << request.m_paths[i].second << " >"; - } - os << " ]"; - } - if (request.m_uid.first) - os << "uid: " << request.m_uid.second << "; "; - return os; -} - -} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_request.h b/src/security-manager-tests/common/sm_request.h deleted file mode 100644 index 0bd08783..00000000 --- a/src/security-manager-tests/common/sm_request.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SECURITY_MANAGER_TEST_INSTALLREQUEST -#define SECURITY_MANAGER_TEST_INSTALLREQUEST - -#include -#include -#include -#include -#include - -#include - -namespace SecurityManagerTest { - -class InstallRequest -{ -public: - InstallRequest(); - InstallRequest(const InstallRequest&) = delete; - InstallRequest& operator=(const InstallRequest&) = delete; - ~InstallRequest(); - - void setAppId(const char *appId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - void setPkgId(const char *pkgId, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - void addPrivilege(const char *privilege, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - void addPath(const char *path, app_install_path_type pathType, - lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS); - void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - - const app_inst_req *get() const { return m_req; } - friend std::ostream& operator<<(std::ostream &, const InstallRequest&); - -private: - app_inst_req *m_req; - - const char *m_appId; - const char *m_pkgId; - std::vector m_privileges; - std::vector > m_paths; - std::pair m_uid; -}; - -std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::InstallRequest &request); - -} // namespace SecurityManagerTest - -#endif // SECURITY_MANAGER_TEST_INSTALLREQUEST diff --git a/src/security-manager-tests/common/sm_user_request.cpp b/src/security-manager-tests/common/sm_user_request.cpp deleted file mode 100644 index 4b176c3d..00000000 --- a/src/security-manager-tests/common/sm_user_request.cpp +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -namespace SecurityManagerTest { - -UserRequest::UserRequest() - : m_req(nullptr) - , m_uid(false, 0) - , m_utype(false, static_cast(0)) -{ - int result = security_manager_user_req_new(&m_req); - RUNNER_ASSERT_MSG((lib_retcode)result == SECURITY_MANAGER_SUCCESS, - "creation of new request failed. Result: " << result); - RUNNER_ASSERT_MSG(m_req != nullptr, "creation of new request did not allocate memory"); -} - -UserRequest::~UserRequest() -{ - security_manager_user_req_free(m_req); -} - -void UserRequest::setUid(const uid_t uid, lib_retcode expectedResult) -{ - int result = security_manager_user_req_set_uid(m_req, uid); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting uid returned wrong value." - << " Uid: " << uid << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_uid.first = true; - m_uid.second = uid; -} - -void UserRequest::setUserType(const security_manager_user_type utype, lib_retcode expectedResult) -{ - int result = security_manager_user_req_set_user_type(m_req, utype); - RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult, - "setting user type returned wrong value." - << " User type: " << utype << ";" - << " Result: " << result << ";" - << " Expected result: " << expectedResult); - m_utype.first = true; - m_utype.second = utype; -} - -std::ostream& operator<<(std::ostream &os, const UserRequest &request) -{ - if (request.m_uid.first) - os << "uid: " << request.m_uid.second << "; "; - - if (request.m_utype.first) - os << "utype: " << request.m_utype.second << "; "; - - return os; -} - -} // namespace SecurityManagerTest diff --git a/src/security-manager-tests/common/sm_user_request.h b/src/security-manager-tests/common/sm_user_request.h deleted file mode 100644 index 64da5592..00000000 --- a/src/security-manager-tests/common/sm_user_request.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SECURITY_MANAGER_TEST_USERREQUEST -#define SECURITY_MANAGER_TEST_USERREQUEST - -#include -#include -#include - -#include - -namespace SecurityManagerTest { - -class UserRequest -{ -public: - UserRequest(); - UserRequest(const UserRequest&) = delete; - UserRequest& operator=(const UserRequest&) = delete; - ~UserRequest(); - - void setUid(const uid_t uid, lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - void setUserType(const security_manager_user_type utype, - lib_retcode expectedresult = SECURITY_MANAGER_SUCCESS); - - const user_req *get() const { return m_req; } - friend std::ostream& operator<<(std::ostream &, const UserRequest&); - -private: - user_req *m_req; - - std::pair m_uid; - std::pair m_utype; -}; - -std::ostream& operator<<(std::ostream &os, const SecurityManagerTest::UserRequest &request); - -} // namespace SecurityManagerTest - -#endif // SECURITY_MANAGER_TEST_USERREQUEST diff --git a/src/security-manager-tests/security_manager_tests.cpp b/src/security-manager-tests/security_manager_tests.cpp deleted file mode 100644 index f504f994..00000000 --- a/src/security-manager-tests/security_manager_tests.cpp +++ /dev/null @@ -1,2455 +0,0 @@ - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace SecurityManagerTest; - -DEFINE_SMARTPTR(cap_free, _cap_struct, CapsSetsUniquePtr); -DEFINE_SMARTPTR(tzplatform_context_destroy, tzplatform_context, TzPlatformContextPtr); - -static const privileges_t SM_ALLOWED_PRIVILEGES = { - "http://tizen.org/privilege/location", - "http://tizen.org/privilege/camera" -}; - -static const privileges_t SM_DENIED_PRIVILEGES = { - "http://tizen.org/privilege/bluetooth", - "http://tizen.org/privilege/power" -}; - -static const privileges_t SM_NO_PRIVILEGES = { -}; - -static const std::vector SM_ALLOWED_GROUPS = {"db_browser", "db_alarm"}; - -static const char *const SM_RW_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir"; -static const char *const SM_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_ro"; -static const char *const SM_PUBLIC_RO_PATH = "/usr/apps/sm_test_02_pkg_id_full/app_dir_public_ro"; -static const char *const SM_DENIED_PATH = "/usr/apps/non_app_dir"; - -static const char *const ANY_USER_REPRESENTATION = "anyuser";/*this may be actually any string*/ -static const std::string EXEC_FILE("exec"); -static const std::string NORMAL_FILE("normal"); -static const std::string LINK_PREFIX("link_to_"); - -static const std::string PRIVILEGE_MANAGER_APP = "privilege_manager"; -static const std::string PRIVILEGE_MANAGER_PKG = "privilege_manager"; -static const std::string PRIVILEGE_MANAGER_SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings"; -static const std::string PRIVILEGE_MANAGER_ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin"; - -static const std::vector MANY_APPS = { - "security_manager_10_app_1", - "security_manager_10_app_2", - "security_manager_10_app_3", - "security_manager_10_app_4", - "security_manager_10_app_5" -}; - -static const std::map MANY_APPS_PKGS = { - {"security_manager_10_app_1", "security_manager_10_pkg_1"}, - {"security_manager_10_app_2", "security_manager_10_pkg_2"}, - {"security_manager_10_app_3", "security_manager_10_pkg_3"}, - {"security_manager_10_app_4", "security_manager_10_pkg_4"}, - {"security_manager_10_app_5", "security_manager_10_pkg_5"}, - {PRIVILEGE_MANAGER_APP, PRIVILEGE_MANAGER_PKG} -}; - -static const std::vector MANY_APPS_PRIVILEGES = { - { - "http://tizen.org/privilege/internet", - "http://tizen.org/privilege/location" - }, - { - "http://tizen.org/privilege/telephony", - "http://tizen.org/privilege/camera" - }, - { - "http://tizen.org/privilege/contact.read", - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/email" - }, - { - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/email", - "http://tizen.org/privilege/telephony", - "http://tizen.org/privilege/camera" - }, - { - "http://tizen.org/privilege/internet", - "http://tizen.org/privilege/location", - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/email" - } -}; - -/* PRIVILEGE MAPPING TEST CONSTS */ - -static const std::string OLD_VERSION = "2.4"; -static const std::string NEW_VERSION = "3.0"; - -static const std::vector OLD_PRIVILEGES = { - "http://tizen.org/privilege/internet.old", - "http://tizen.org/privilege/telephony.old", - "http://tizen.org/privilege/contact.old", - "http://tizen.org/privilege/led.old", - "http://tizen.org/privilege/email.old" -}; - -static const std::vector &NEW_PRIVILEGES = MANY_APPS_PRIVILEGES; - -static const privileges_t DEFAULT_PRIVILEGES = { - "http://tizen.org/privilege/led", - "http://tizen.org/privilege/internet" -}; - -static std::string generateAppLabel(const std::string &appId) -{ - return "User::App::" + appId; -} - -static std::string generatePkgLabel(const std::string &pkgId) -{ - return "User::Pkg::" + pkgId; -} - -static int nftw_check_sm_labels_app_dir(const char *fpath, const struct stat *sb, - const char* correctLabel, bool transmute_test, bool exec_test) -{ - int result; - CStringPtr labelPtr; - char* label = nullptr; - - /* ACCESS */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_ACCESS); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - RUNNER_ASSERT_MSG(label != nullptr, "ACCESS label on " << fpath << " is not set"); - result = strcmp(correctLabel, label); - RUNNER_ASSERT_MSG(result == 0, "ACCESS label on " << fpath << " is incorrect" - " (should be '" << correctLabel << "' and is '" << label << "')"); - - - /* EXEC */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_EXEC); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - - if (S_ISREG(sb->st_mode) && (sb->st_mode & S_IXUSR) && exec_test) { - RUNNER_ASSERT_MSG(label != nullptr, "EXEC label on " << fpath << " is not set"); - result = strcmp(correctLabel, label); - RUNNER_ASSERT_MSG(result == 0, "Incorrect EXEC label on executable file " << fpath); - } else - RUNNER_ASSERT_MSG(label == nullptr, "EXEC label on " << fpath << " is set"); - - - /* TRANSMUTE */ - result = smack_lgetlabel(fpath, &label, SMACK_LABEL_TRANSMUTE); - RUNNER_ASSERT_MSG(result == 0, "Could not get label for the path"); - labelPtr.reset(label); - - if (S_ISDIR(sb->st_mode) && transmute_test == true) { - RUNNER_ASSERT_MSG(label != nullptr, "TRANSMUTE label on " << fpath << " is not set at all"); - RUNNER_ASSERT_MSG(strcmp(label,"TRUE") == 0, - "TRANSMUTE label on " << fpath << " is not set properly: '"< &allowed_gids) -{ - int ret; - gid_t main_gid = getgid(); - std::unordered_set reference_gids(allowed_gids.begin(), allowed_gids.end()); - - // Reset supplementary groups - ret = setgroups(0, NULL); - RUNNER_ASSERT_MSG(ret != -1, "Unable to set supplementary groups"); - - Api::setProcessGroups(app_id); - - ret = getgroups(0, nullptr); - RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups"); - - std::vector actual_gids(ret); - ret = getgroups(ret, actual_gids.data()); - RUNNER_ASSERT_MSG(ret != -1, "Unable to get supplementary groups"); - - for (const auto &gid : actual_gids) { - RUNNER_ASSERT_MSG(gid == main_gid || reference_gids.count(gid) > 0, - "Application shouldn't get access to group " << gid); - reference_gids.erase(gid); - } - - RUNNER_ASSERT_MSG(reference_gids.empty(), "Application didn't get access to some groups"); -} - -static void check_app_after_install(const char *const app_id, const char *const pkg_id, - const privileges_t &allowed_privs, - const privileges_t &denied_privs, - const std::vector &allowed_groups) -{ - TestSecurityManagerDatabase dbtest; - dbtest.test_db_after__app_install(app_id, pkg_id, allowed_privs); - dbtest.check_privileges_removed(app_id, pkg_id, denied_privs); - - /*Privileges should be granted to all users if root installs app*/ - check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, allowed_privs, denied_privs); - - /* Setup mapping of gids to privileges */ - /* Do this for each privilege for extra check */ - for (const auto &privilege : allowed_privs) { - dbtest.setup_privilege_groups(privilege, allowed_groups); - } - - std::vector allowed_gids; - - for (const auto &groupName : allowed_groups) { - errno = 0; - struct group* grp = getgrnam(groupName.c_str()); - RUNNER_ASSERT_ERRNO_MSG(grp, "Group: " << groupName << " not found"); - allowed_gids.push_back(grp->gr_gid); - } - - check_app_gids(app_id, allowed_gids); -} - -static void check_app_after_install(const char *const app_id, const char *const pkg_id) -{ - TestSecurityManagerDatabase dbtest; - dbtest.test_db_after__app_install(app_id, pkg_id); -} - -static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id, - const privileges_t &privileges, const bool is_pkg_removed) -{ - TestSecurityManagerDatabase dbtest; - dbtest.test_db_after__app_uninstall(app_id, pkg_id, privileges, is_pkg_removed); - - - /*Privileges should not be granted anymore to any user*/ - check_app_permissions(app_id, pkg_id, ANY_USER_REPRESENTATION, SM_NO_PRIVILEGES, privileges); -} - -static void check_app_after_uninstall(const char *const app_id, const char *const pkg_id, - const bool is_pkg_removed) -{ - TestSecurityManagerDatabase dbtest; - dbtest.test_db_after__app_uninstall(app_id, pkg_id, is_pkg_removed); -} - -static void install_app(const char *app_id, const char *pkg_id, uid_t uid = 0) -{ - InstallRequest request; - request.setAppId(app_id); - request.setPkgId(pkg_id); - request.setUid(uid); - Api::install(request); - - check_app_after_install(app_id, pkg_id); - -} - -static void uninstall_app(const char *app_id, const char *pkg_id, bool expect_pkg_removed) -{ - InstallRequest request; - request.setAppId(app_id); - - Api::uninstall(request); - - check_app_after_uninstall(app_id, pkg_id, expect_pkg_removed); -} - -static inline void register_current_process_as_privilege_manager(uid_t uid, bool forAdmin = false) -{ - InstallRequest request; - request.setAppId(PRIVILEGE_MANAGER_APP.c_str()); - request.setPkgId(PRIVILEGE_MANAGER_PKG.c_str()); - request.setUid(uid); - request.addPrivilege(PRIVILEGE_MANAGER_SELF_PRIVILEGE.c_str()); - if (forAdmin) - request.addPrivilege(PRIVILEGE_MANAGER_ADMIN_PRIVILEGE.c_str()); - Api::install(request); - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); -}; - -static inline struct passwd *getUserStruct(const std::string &userName) { - struct passwd *pw = nullptr; - errno = 0; - - while(!(pw = getpwnam(userName.c_str()))) { - RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); - }; - - return pw; -}; - -static inline struct passwd *getUserStruct(const uid_t uid) { - struct passwd *pw = nullptr; - errno = 0; - - while(!(pw = getpwuid(uid))) { - RUNNER_ASSERT_ERRNO_MSG(errno == EINTR, "getpwnam() failed"); - }; - - return pw; -}; - -RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER) - - -RUNNER_TEST(security_manager_01a_app_double_install_double_uninstall) -{ - const char *const sm_app_id = "sm_test_01a_app_id_double"; - const char *const sm_pkg_id = "sm_test_01a_pkg_id_double"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - - Api::install(requestInst); - Api::install(requestInst); - - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); - Api::uninstall(requestUninst); - - /* Check records in the security-manager database */ - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); -} - - -RUNNER_TEST(security_manager_01b_app_double_install_wrong_pkg_id) -{ - const char *const sm_app_id = "sm_test_01b_app"; - const char *const sm_pkg_id = "sm_test_01b_pkg"; - const char *const sm_pkg_id_wrong = "sm_test_01b_pkg_BAD"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - - Api::install(requestInst); - - InstallRequest requestInst2; - requestInst2.setAppId(sm_app_id); - requestInst2.setPkgId(sm_pkg_id_wrong); - - Api::install(requestInst2, SECURITY_MANAGER_ERROR_INPUT_PARAM); - - - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); - - - /* Check records in the security-manager database */ - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); - -} - -RUNNER_TEST(security_manager_01c_app_uninstall_pkg_id_ignored) -{ - const char * const sm_app_id = "SM_TEST_01c_APPID"; - const char * const sm_pkg_id = "SM_TEST_01c_PKGID"; - const char * const sm_pkg_id_wrong = "SM_TEST_01c_PKGID_wrong"; - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - - Api::install(requestInst); - - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - requestUninst.setPkgId(sm_pkg_id_wrong); - - Api::uninstall(requestUninst); - - check_app_after_uninstall(sm_app_id, sm_pkg_id, TestSecurityManagerDatabase::REMOVED); - -} - -RUNNER_TEST(security_manager_02_app_install_uninstall_full) -{ - const char *const sm_app_id = "sm_test_02_app_id_full"; - const char *const sm_pkg_id = "sm_test_02_pkg_id_full"; - - prepare_app_env(); - - InstallRequest requestInst; - requestInst.setAppId(sm_app_id); - requestInst.setPkgId(sm_pkg_id); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[0].c_str()); - requestInst.addPrivilege(SM_ALLOWED_PRIVILEGES[1].c_str()); - requestInst.addPath(SM_RW_PATH, SECURITY_MANAGER_PATH_RW); - requestInst.addPath(SM_RO_PATH, SECURITY_MANAGER_PATH_RO); - requestInst.addPath(SM_PUBLIC_RO_PATH, SECURITY_MANAGER_PATH_PUBLIC_RO); - - Api::install(requestInst); - - /* Check records in the security-manager database */ - check_app_after_install(sm_app_id, sm_pkg_id, - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES, SM_ALLOWED_GROUPS); - - /* TODO: add parameters to this function */ - check_app_path_after_install(sm_pkg_id); - - InstallRequest requestUninst; - requestUninst.setAppId(sm_app_id); - - Api::uninstall(requestUninst); - - /* Check records in the security-manager database, - * all previously allowed privileges should be removed */ - check_app_after_uninstall(sm_app_id, sm_pkg_id, - SM_ALLOWED_PRIVILEGES, TestSecurityManagerDatabase::REMOVED); -} - -RUNNER_CHILD_TEST_SMACK(security_manager_03_set_label_from_appid) -{ - const char *const app_id = "sm_test_03_app_id_set_label_from_appid_smack"; - const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_smack"; - const char *const socketLabel = "not_expected_label"; - std::string expected_label = generateAppLabel(app_id); - char *label = nullptr; - CStringPtr labelPtr; - int result; - - uninstall_app(app_id, pkg_id, true); - install_app(app_id, pkg_id); - - struct sockaddr_un sockaddr = {AF_UNIX, SOCK_PATH}; - //Clean up before creating socket - unlink(SOCK_PATH); - int sock = socket(AF_UNIX, SOCK_STREAM, 0); - RUNNER_ASSERT_ERRNO_MSG(sock >= 0, "socket failed"); - SockUniquePtr sockPtr(&sock); - //Bind socket to address - result = bind(sock, (struct sockaddr*) &sockaddr, sizeof(struct sockaddr_un)); - RUNNER_ASSERT_ERRNO_MSG(result == 0, "bind failed"); - //Set socket label to something different than expecedLabel - result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPIN, socketLabel); - RUNNER_ASSERT_ERRNO_MSG(result == 0, - "Can't set socket label. Result: " << result); - result = smack_set_label_for_file(sock, XATTR_NAME_SMACKIPOUT, socketLabel); - RUNNER_ASSERT_ERRNO_MSG(result == 0, - "Can't set socket label. Result: " << result); - - Api::setProcessLabel(app_id); - - result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPIN, &label); - RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label); - labelPtr.reset(label); - result = expected_label.compare(label); - RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " << - expected_label << " Actual: " << label); - - result = smack_new_label_from_file(sock, XATTR_NAME_SMACKIPOUT, &label); - RUNNER_ASSERT_ERRNO_MSG(result != -1, "smack_new_label_from_file failed: " << label); - labelPtr.reset(label); - result = expected_label.compare(label); - RUNNER_ASSERT_MSG(result == 0, "Socket label is incorrect. Expected: " << - expected_label << " Actual: " << label); - - result = smack_new_label_from_self(&label); - RUNNER_ASSERT_MSG(result >= 0, - " Error getting current process label"); - RUNNER_ASSERT_MSG(label != nullptr, - " Process label is not set"); - labelPtr.reset(label); - - result = expected_label.compare(label); - RUNNER_ASSERT_MSG(result == 0, - " Process label is incorrect. Expected: \"" << expected_label << - "\" Actual: \"" << label << "\""); - - uninstall_app(app_id, pkg_id, true); -} - -RUNNER_CHILD_TEST_NOSMACK(security_manager_03_set_label_from_appid_nosmack) -{ - const char *const app_id = "sm_test_03_app_id_set_label_from_appid_nosmack"; - const char *const pkg_id = "sm_test_03_pkg_id_set_label_from_appid_nosmack"; - - uninstall_app(app_id, pkg_id, true); - install_app(app_id, pkg_id); - - Api::setProcessLabel(app_id); - - uninstall_app(app_id, pkg_id, true); -} - -static void prepare_request(InstallRequest &request, - const char *const app_id, - const char *const pkg_id, - app_install_path_type pathType, - const char *const path, - uid_t uid) -{ - request.setAppId(app_id); - request.setPkgId(pkg_id); - request.addPath(path, pathType); - - if (uid != 0) - request.setUid(uid); -} - -static uid_t getGlobalUserId(void) -{ - return tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); -} - -static const std::string appDirPath(const TemporaryTestUser &user, - const std::string &appId, const std::string &pkgId) -{ - struct tzplatform_context *tzCtxPtr = nullptr; - - RUNNER_ASSERT(0 == tzplatform_context_create(&tzCtxPtr)); - TzPlatformContextPtr tzCtxPtrSmart(tzCtxPtr); - - RUNNER_ASSERT_MSG(0 == tzplatform_context_set_user(tzCtxPtr, user.getUid()), - "Unable to set user <" << user.getUserName() << "> for tzplatform context"); - - const char *appDir = tzplatform_context_getenv(tzCtxPtr, - getGlobalUserId() == user.getUid() ? TZ_SYS_RW_APP : TZ_USER_APP); - RUNNER_ASSERT_MSG(nullptr != appDir, - "tzplatform_context_getenv failed" - << "for getting sys rw app of user <" << user.getUserName() << ">"); - - return std::string(appDir) + "/" + pkgId + "/" + appId; -} - -static const std::string nonAppDirPath(const TemporaryTestUser &user) -{ - return TMP_DIR + "/" + user.getUserName(); -} - -static const std::string uidToStr(const uid_t uid) -{ - return std::to_string(static_cast(uid)); -} - -static void install_and_check(const char *const sm_app_id, - const char *const sm_pkg_id, - const TemporaryTestUser& user, - const std::string &appDir, - bool requestUid) -{ - InstallRequest requestPrivate; - - //install app for non-root user - //should fail (users may only register folders inside their home) - prepare_request(requestPrivate, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, SM_RW_PATH, - requestUid ? user.getUid() : 0); - - Api::install(requestPrivate, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED); - - InstallRequest requestPrivateUser; - - //install app for non-root user - //should succeed - this time i register folder inside user's home dir - prepare_request(requestPrivateUser, sm_app_id, sm_pkg_id, - SECURITY_MANAGER_PATH_RW, appDir.c_str(), - requestUid ? user.getUid() : 0); - - for (auto &privilege : SM_ALLOWED_PRIVILEGES) - requestPrivateUser.addPrivilege(privilege.c_str()); - - Api::install(requestPrivateUser); - - check_app_permissions(sm_app_id, sm_pkg_id, - uidToStr(user.getUid()).c_str(), - SM_ALLOWED_PRIVILEGES, SM_DENIED_PRIVILEGES); -} - -static void createTestDir(const std::string &dir) -{ - mode_t dirMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; - mode_t execFileMode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH; - mode_t normalFileMode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; - - mktreeSafe(dir, dirMode); - creatSafe(dir + "/" + EXEC_FILE, execFileMode); - creatSafe(dir + "/" + NORMAL_FILE, normalFileMode); - symlinkSafe(dir + "/" + EXEC_FILE, dir + "/" + LINK_PREFIX + EXEC_FILE); - symlinkSafe(dir + "/" + NORMAL_FILE, dir + "/" + LINK_PREFIX + NORMAL_FILE); -} - -static void createInnerAppDir(const std::string &dir, const std::string &nonAppDir) -{ - createTestDir(dir); - - symlinkSafe(nonAppDir, dir + "/" + LINK_PREFIX + "non_app_dir"); - symlinkSafe(nonAppDir + "/" + EXEC_FILE, - dir + "/" + LINK_PREFIX + "non_app_" + EXEC_FILE); - symlinkSafe(nonAppDir + "/" + NORMAL_FILE, - dir + "/" + LINK_PREFIX + "non_app_" + NORMAL_FILE); -} - -static void generateAppDir(const TemporaryTestUser &user, - const std::string &appId, const std::string &pkgId) -{ - const std::string dir = appDirPath(user, appId, pkgId); - const std::string nonAppDir = nonAppDirPath(user); - - createInnerAppDir(dir, nonAppDir); - createInnerAppDir(dir + "/.inner_dir", nonAppDir); - createInnerAppDir(dir + "/inner_dir", nonAppDir); -} - -static void generateNonAppDir(const TemporaryTestUser &user) -{ - const std::string dir = nonAppDirPath(user); - - createTestDir(dir); - createTestDir(dir + "/.inner_dir"); - createTestDir(dir + "/inner_dir"); -} - -static void createTestDirs(const TemporaryTestUser &user, - const std::string &appId, const std::string &pkgId) -{ - generateAppDir(user, appId, pkgId); - generateNonAppDir(user); -} - -static void removeTestDirs(const TemporaryTestUser &user, - const std::string &appId, const std::string &pkgId) -{ - removeDir(appDirPath(user, appId, pkgId)); - removeDir(nonAppDirPath(user)); -} - -RUNNER_CHILD_TEST(security_manager_04a_app_install_uninstall_by_app_user_for_self) -{ - int result; - const char *const sm_app_id = "sm_test_04a_app_id_uid"; - const char *const sm_pkg_id = "sm_test_04a_pkg_id_uid"; - const std::string new_user_name = "sm_test_04a_user_name"; - - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); - testUser.create(); - - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); - - const std::string userAppDirPath = appDirPath(testUser, sm_app_id, sm_pkg_id); - - //switch user to non-root - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - install_and_check(sm_app_id, sm_pkg_id, testUser, userAppDirPath, false); - - //uninstall app as non-root user - InstallRequest request; - request.setAppId(sm_app_id); - - Api::uninstall(request); - - check_app_permissions(sm_app_id, sm_pkg_id, - uidToStr(testUser.getUid()).c_str(), - SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); -} - -RUNNER_CHILD_TEST(security_manager_04b_app_install_by_root_for_app_user) -{ - int result; - const char *const sm_app_id = "sm_test_04b_app_id_uid"; - const char *const sm_pkg_id = "sm_test_04b_pkg_id_uid"; - const std::string new_user_name = "sm_test_04b_user_name"; - - TemporaryTestUser testUser(new_user_name, GUM_USERTYPE_NORMAL, false); - testUser.create(); - - removeTestDirs(testUser, sm_app_id, sm_pkg_id); - createTestDirs(testUser, sm_app_id, sm_pkg_id); - - install_and_check(sm_app_id, sm_pkg_id, testUser, appDirPath(testUser, sm_app_id, sm_pkg_id), true); - - //switch user to non-root - root may not uninstall apps for specified users - result = drop_root_privileges(testUser.getUid(), testUser.getGid()); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - //uninstall app as non-root user - InstallRequest request; - request.setAppId(sm_app_id); - - Api::uninstall(request); - - check_app_permissions(sm_app_id, sm_pkg_id, - uidToStr(testUser.getUid()).c_str(), - SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); -} - - -RUNNER_CHILD_TEST(security_manager_05_drop_process_capabilities) -{ - int result; - CapsSetsUniquePtr caps, caps_empty(cap_init()); - - caps.reset(cap_from_text("all=eip")); - RUNNER_ASSERT_MSG(caps, "can't convert capabilities from text"); - result = cap_set_proc(caps.get()); - RUNNER_ASSERT_MSG(result == 0, - "can't set capabilities. Result: " << result); - - Api::dropProcessPrivileges(); - - caps.reset(cap_get_proc()); - RUNNER_ASSERT_MSG(caps, "can't get proc capabilities"); - - result = cap_compare(caps.get(), caps_empty.get()); - RUNNER_ASSERT_MSG(result == 0, - "capabilities not dropped. Current: " << cap_to_text(caps.get(), NULL)); -} - -RUNNER_CHILD_TEST(security_manager_06_install_app_offline) -{ - const char *const app_id = "sm_test_06_app_id_install_app_offline"; - const char *const pkg_id = "sm_test_06_pkg_id_install_app_offline"; - - // Uninstall app on-line, off-line mode doesn't support it - uninstall_app(app_id, pkg_id, true); - - ServiceManager("security-manager.service").stopService(); - - ServiceManager serviceManager("security-manager.socket"); - serviceManager.stopService(); - - install_app(app_id, pkg_id); - - serviceManager.startService(); - - uninstall_app(app_id, pkg_id, true); -} - -RUNNER_CHILD_TEST(security_manager_07_user_add_app_install) -{ - const char *const sm_app_id = "sm_test_07_app_id_user"; - const char *const sm_pkg_id = "sm_test_07_pkg_id_user"; - const std::string new_user_name = "sm_test_07_user_name"; - std::string uid_string; - TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false); - test_user.create(); - test_user.getUidString(uid_string); - - removeTestDirs(test_user, sm_app_id, sm_pkg_id); - createTestDirs(test_user, sm_app_id, sm_pkg_id); - - install_app(sm_app_id, sm_pkg_id, test_user.getUid()); - - check_app_after_install(sm_app_id, sm_pkg_id); - - test_user.remove(); - - check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); - - check_app_after_uninstall(sm_app_id, sm_pkg_id, true); -} - -RUNNER_CHILD_TEST(security_manager_08_user_double_add_double_remove) -{ - UserRequest addUserRequest; - - const char *const sm_app_id = "sm_test_08_app_id_user"; - const char *const sm_pkg_id = "sm_test_08_pkg_id_user"; - const std::string new_user_name = "sm_test_08_user_name"; - std::string uid_string; - - // gumd user add - TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, false); - test_user.create(); - test_user.getUidString(uid_string); - - removeTestDirs(test_user, sm_app_id, sm_pkg_id); - createTestDirs(test_user, sm_app_id, sm_pkg_id); - - addUserRequest.setUid(test_user.getUid()); - addUserRequest.setUserType(SM_USER_TYPE_NORMAL); - - //sm user add - Api::addUser(addUserRequest); - - install_app(sm_app_id, sm_pkg_id, test_user.getUid()); - - check_app_after_install(sm_app_id, sm_pkg_id); - - test_user.remove(); - - UserRequest deleteUserRequest; - deleteUserRequest.setUid(test_user.getUid()); - - Api::deleteUser(deleteUserRequest); - - check_app_permissions(sm_app_id, sm_pkg_id, uid_string.c_str(), SM_NO_PRIVILEGES, SM_ALLOWED_PRIVILEGES); - - check_app_after_uninstall(sm_app_id, sm_pkg_id, true); -} - -RUNNER_CHILD_TEST(security_manager_09_add_user_offline) -{ - const char *const app_id = "security_manager_09_add_user_offline_app"; - const char *const pkg_id = "security_manager_09_add_user_offline_pkg"; - const std::string new_user_name("sm_test_09_user_name"); - - ServiceManager("security-manager.service").stopService(); - - ServiceManager serviceManager("security-manager.socket"); - serviceManager.stopService(); - - TemporaryTestUser test_user(new_user_name, GUM_USERTYPE_NORMAL, true); - test_user.create(); - - removeTestDirs(test_user, app_id, pkg_id); - createTestDirs(test_user, app_id, pkg_id); - - install_app(app_id, pkg_id, test_user.getUid()); - - check_app_after_install(app_id, pkg_id); - - serviceManager.startService(); - - test_user.remove(); - - check_app_after_uninstall(app_id, pkg_id, true); -} - -RUNNER_MULTIPROCESS_TEST(security_manager_10_privacy_manager_fetch_whole_policy_for_self) -{ - //TEST DATA - const std::string username("sm_test_10_user_name"); - unsigned int privileges_count = 0; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - MANY_APPS.at(i), std::set( - MANY_APPS_PRIVILEGES.at(i).begin(), - MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); - }; - - apps2PrivsMap.insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); - ++privileges_count; - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - //TEST DATA END - - sem_t *mutex; - errno = 0; - RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); - pid_t pid = fork(); - - if (pid != 0) { //parent process - TemporaryTestUser tmpUser(username, GUM_USERTYPE_NORMAL, false); - tmpUser.create(); - - for(const auto &user : users2AppsMap) { - - for(const auto &app : user.second) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(tmpUser.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); - }; - //Start child process - errno = 0; - RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); - - int status; - wait(&status); - - tmpUser.remove(); - }; - - if (pid == 0) { //child process - errno = 0; - RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno); - //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable - - struct passwd *pw = getUserStruct(username); - register_current_process_as_privilege_manager(pw->pw_uid); - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - std::vector policyEntries; - PolicyEntry filter; - Api::getPolicy(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); - - for (const auto &policyEntry : policyEntries) { - std::string user = policyEntry.getUser(); - std::string app = policyEntry.getAppId(); - std::string privilege = policyEntry.getPrivilege(); - - try { - struct passwd *pw_current = getUserStruct(static_cast(std::stoul(user))); - std::set::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege); - if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end()) - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what()); - } catch (const std::invalid_argument& e) { - RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); - }; - }; - exit(0); - }; -} - -RUNNER_MULTIPROCESS_TEST(security_manager_11_privacy_manager_fetch_whole_policy_for_admin_unprivileged) -{ - //TEST DATA - const std::vector usernames = {"sm_test_11_user_name_1", "sm_test_11_user_name_2"}; - unsigned int privileges_count = 0; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for (const auto &username : usernames) { - //Only entries for one of the users will be listed - privileges_count = 0; - - for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - MANY_APPS.at(i), std::set( - MANY_APPS_PRIVILEGES.at(i).begin(), - MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); - }; - - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - }; - - users2AppsMap.at(usernames.at(0)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); - - ++privileges_count; - //TEST DATA END - - sem_t *mutex; - errno = 0; - RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); - pid_t pid = fork(); - - if (pid != 0) { //parent process - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - - //Install apps for both users - for(const auto &user : users) { - for(const auto &app : users2AppsMap.at(user.getUserName())) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(user.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); - }; - //Start child - errno = 0; - RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); - - int status; - wait(&status); - - for(auto &user : users) { - user.remove(); - }; - }; - - if (pid == 0) { - errno = 0; - RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno); - struct passwd *pw = getUserStruct(usernames.at(0)); - register_current_process_as_privilege_manager(pw->pw_uid); - - //change uid to normal user - errno = 0; - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - std::vector policyEntries; - PolicyEntry filter; - - //this call should only return privileges belonging to the current uid - Api::getPolicy(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); - - for (const auto &policyEntry : policyEntries) { - std::string user = policyEntry.getUser(); - std::string app = policyEntry.getAppId(); - std::string privilege = policyEntry.getPrivilege(); - - try { - struct passwd *pw_current = getUserStruct(static_cast(std::stoul(user))); - std::set::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege); - if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end()) - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what()); - } catch (const std::invalid_argument& e) { - RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); - }; - }; - exit(0); - }; -} - -RUNNER_MULTIPROCESS_TEST(security_manager_12_privacy_manager_fetch_whole_policy_for_admin_privileged) -{ - //TEST DATA - const std::vector usernames = {"sm_test_12_user_name_1", "sm_test_12_user_name_2"}; - unsigned int privileges_count = 0; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for (const auto &username : usernames) { - - for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - MANY_APPS.at(i), std::set( - MANY_APPS_PRIVILEGES.at(i).begin(), - MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); - }; - - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - }; - - users2AppsMap.at(usernames.at(1)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE, PRIVILEGE_MANAGER_ADMIN_PRIVILEGE})); - - privileges_count += 2; - //TEST DATA END - - sem_t *mutex; - errno = 0; - RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); - pid_t pid = fork(); - - if (pid != 0) { //parent process - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - //Install apps for both users - for(const auto &user : users) { - for(const auto &app : users2AppsMap.at(user.getUserName())) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(user.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); - }; - - //Start child - errno = 0; - RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); - - //Wait for child to finish - int status; - wait(&status); - - for(auto &user : users) { - user.remove(); - }; - }; - - if (pid == 0) { //child process - errno = 0; - RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child failed, errno: " << errno); - - struct passwd *pw = getUserStruct(usernames.at(1)); - register_current_process_as_privilege_manager(pw->pw_uid, true); - - //change uid to normal user - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - std::vector policyEntries; - PolicyEntry filter; - //this call should succeed as the calling user is privileged - Api::getPolicy(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == privileges_count, "Number of policies doesn't match - should be: " << privileges_count << " and is " << policyEntries.size()); - - for (const auto &policyEntry : policyEntries) { - std::string user = policyEntry.getUser(); - std::string app = policyEntry.getAppId(); - std::string privilege = policyEntry.getPrivilege(); - - try { - struct passwd *pw_current = getUserStruct(static_cast(std::stoul(user))); - std::set::iterator tmp = users2AppsMap.at(pw_current->pw_name).at(app).find(privilege); - if (tmp == users2AppsMap.at(pw_current->pw_name).at(app).end()) - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected privilege: " << policyEntry); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Unexpected policy entry: unexpected user or app: " << policyEntry << ". Exception: " << e.what()); - } catch (const std::invalid_argument& e) { - RUNNER_FAIL_MSG("Incorrect UID: " << user << ". Exception: " << e.what()); - }; - }; - - exit(0); - }; -} - -RUNNER_MULTIPROCESS_TEST(security_manager_13_privacy_manager_fetch_policy_after_update_unprivileged) -{ - //TEST DATA - const std::vector usernames = {"sm_test_13_user_name_1", "sm_test_13_user_name_2"}; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for (const auto &username : usernames) { - - for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - MANY_APPS.at(i), std::set( - MANY_APPS_PRIVILEGES.at(i).begin(), - MANY_APPS_PRIVILEGES.at(i).end()))); - }; - - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - }; - - users2AppsMap.at(usernames.at(1)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); - - //TEST DATA END - - pid_t pid[2]; - sem_t *mutex[2]; - errno = 0; - RUNNER_ASSERT_MSG(((mutex[0] = sem_open("mutex_1", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #1, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(((mutex[1] = sem_open("mutex_2", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex #2, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(sem_init(mutex[0], 1, 0) == 0, "failed to setup mutex #1, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(sem_init(mutex[1], 1, 0) == 0, "failed to setup mutex #2, errno: " << errno); - std::vector policyEntries; - - pid[0] = fork(); - - if(pid[0] == 0) { //child #1 process - RUNNER_ASSERT_MSG(sem_wait(mutex[0]) == 0, "sem_wait in child #1 failed, errno: " << errno); - struct passwd *pw = getUserStruct(usernames.at(0)); - register_current_process_as_privilege_manager(pw->pw_uid); - - //change uid to normal user - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyEntry filter; - PolicyRequest policyRequest; - //this call should succeed as the calling user is privileged - Api::getPolicyForSelf(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); - - PolicyEntry policyEntry( - MANY_APPS[0], - std::to_string(pw->pw_uid), - "http://tizen.org/privilege/internet" - ); - policyEntry.setLevel("Deny"); - - policyRequest.addEntry(policyEntry); - policyEntry = PolicyEntry( - MANY_APPS[1], - std::to_string(pw->pw_uid), - "http://tizen.org/privilege/location" - ); - policyEntry.setLevel("Deny"); - - policyRequest.addEntry(policyEntry); - Api::sendPolicy(policyRequest); - Api::getPolicyForSelf(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); - exit(0); - }; - - if (pid[0] != 0) {//parent process - pid[1] = fork(); - - if (pid[1] == 0) { //child #2 process - errno = 0; - RUNNER_ASSERT_MSG(sem_wait(mutex[1]) == 0, "sem_wait in child #2 failed, errno: " << errno); - struct passwd *pw_target = getUserStruct(usernames.at(0)); - struct passwd *pw = getUserStruct(usernames.at(1)); - register_current_process_as_privilege_manager(pw->pw_uid); - - //change uid to normal user - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyEntry filter = PolicyEntry( - SECURITY_MANAGER_ANY, - std::to_string(pw_target->pw_uid), - SECURITY_MANAGER_ANY - ); - - //U2 requests contents of U1 privacy manager - should fail - Api::getPolicyForSelf(filter, policyEntries); - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); - - filter = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY - ); - - policyEntries.clear(); - - //U2 requests contents of ADMIN bucket - should fail - Api::getPolicyForAdmin(filter, policyEntries, SECURITY_MANAGER_ERROR_ACCESS_DENIED); - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); - exit(0); - }; - - if (pid[1] != 0) { //parent - - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - - //Install apps for both users - for(const auto &user : users2AppsMap) { - - for(const auto &app : user.second) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(users.at(0).getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - - //check_app_after_install(MANY_APPS[i].c_str(), MANY_APPS_PKGS[i].c_str()); - }; - - int status; - //Start child #1 - errno = 0; - RUNNER_ASSERT_MSG(sem_post(mutex[0]) == 0, "Error while opening mutex #1, errno: " << errno); - - //Wait until child #1 finishes - pid_t ret = wait(&status); - RUNNER_ASSERT_MSG((ret != -1) && WIFEXITED(status), "Updating privileges failed"); - - //Start child #2 - errno = 0; - RUNNER_ASSERT_MSG(sem_post(mutex[1]) == 0, "Error while opening mutex #2, errno: " << errno); - //Wait until child #2 finishes - ret = wait(&status); - RUNNER_ASSERT_MSG((ret =-1) && WIFEXITED(status), "Listing privileges failed"); - - for(auto &user : users) { - user.remove(); - }; - - sem_close(mutex[0]); - sem_close(mutex[1]); - }; - }; -} - -RUNNER_MULTIPROCESS_TEST(security_manager_14_privacy_manager_fetch_and_update_policy_for_admin) -{ - //TEST DATA - const std::vector usernames = {"sm_test_14_user_name_1", "sm_test_14_user_name_2"}; - unsigned int privileges_count = 0; - - std::map>> users2AppsMap; - std::map> apps2PrivsMap; - - for (const auto &username : usernames) { - - for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { - apps2PrivsMap.insert(std::pair>( - MANY_APPS.at(i), std::set( - MANY_APPS_PRIVILEGES.at(i).begin(), - MANY_APPS_PRIVILEGES.at(i).end()))); - privileges_count+=MANY_APPS_PRIVILEGES.at(i).size(); - }; - - users2AppsMap.insert(std::pair>>(username, apps2PrivsMap)); - }; - - users2AppsMap.at(usernames.at(1)).insert(std::pair>( - PRIVILEGE_MANAGER_APP, std::set{PRIVILEGE_MANAGER_SELF_PRIVILEGE})); - - privileges_count += 2; - //TEST DATA END - sem_t *mutex; - errno = 0; - RUNNER_ASSERT_MSG(((mutex = sem_open("mutex", O_CREAT, 0644, 1)) != SEM_FAILED), "Failure creating mutex, errno: " << errno); - errno = 0; - RUNNER_ASSERT_MSG(sem_init(mutex, 1, 0) == 0, "failed to setup mutex, errno: " << errno); - - pid_t pid = fork(); - if (pid != 0) { - std::vector users = { - TemporaryTestUser(usernames.at(0), GUM_USERTYPE_NORMAL, false), - TemporaryTestUser(usernames.at(1), GUM_USERTYPE_ADMIN, false) - }; - - users.at(0).create(); - users.at(1).create(); - - //Install apps for both users - for(const auto &user : users) { - - for(const auto &app : users2AppsMap.at(user.getUserName())) { - InstallRequest requestInst; - requestInst.setAppId(app.first.c_str()); - try { - requestInst.setPkgId(MANY_APPS_PKGS.at(app.first).c_str()); - } catch (const std::out_of_range &e) { - RUNNER_FAIL_MSG("Couldn't find package for app: " << app.first); - }; - requestInst.setUid(user.getUid()); - - for (const auto &privilege : app.second) { - requestInst.addPrivilege(privilege.c_str()); - }; - - Api::install(requestInst); - }; - }; - //Start child process - errno = 0; - RUNNER_ASSERT_MSG(sem_post(mutex) == 0, "Error while opening mutex, errno: " << errno); - int status; - //Wait for child process to finish - wait(&status); - - //switch back to root - for(auto &user : users) { - user.remove(); - }; - - sem_close(mutex); - } - - if (pid == 0) { //child process - errno = 0; - RUNNER_ASSERT_MSG(sem_wait(mutex) == 0, "sem_wait in child process failed, errno: " << errno); - - struct passwd *pw = getUserStruct(usernames.at(0)); - register_current_process_as_privilege_manager(pw->pw_uid, true); - - //change uid to normal user - int result = drop_root_privileges(pw->pw_uid, pw->pw_gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyRequest *policyRequest = new PolicyRequest(); - PolicyEntry filter; - std::vector policyEntries; - //this call should succeed as the calling user is privileged - Api::getPolicyForSelf(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Policy is not empty"); - - PolicyEntry policyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/internet" - ); - policyEntry.setMaxLevel("Deny"); - - policyRequest->addEntry(policyEntry); - policyEntry = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/location" - ); - policyEntry.setMaxLevel("Deny"); - - policyRequest->addEntry(policyEntry); - Api::sendPolicy(*policyRequest); - Api::getPolicyForAdmin(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); - - delete policyRequest; - policyRequest = new PolicyRequest(); - policyEntry = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/internet" - ); - policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); - policyRequest->addEntry(policyEntry); - - policyEntry = PolicyEntry( - SECURITY_MANAGER_ANY, - SECURITY_MANAGER_ANY, - "http://tizen.org/privilege/location" - ); - policyEntry.setMaxLevel(SECURITY_MANAGER_DELETE); - - policyRequest->addEntry(policyEntry); - Api::sendPolicy(*policyRequest); - - policyEntries.clear(); - Api::getPolicyForAdmin(filter, policyEntries); - RUNNER_ASSERT_MSG(policyEntries.size() == 0, "Number of policies doesn't match - should be: 0 and is " << policyEntries.size()); - - delete policyRequest; - - exit(0); - }; - -} - -RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin) -{ - const char *const update_app_id = "security_manager_15_update_app_id"; - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = "ADMIN"; - const std::string username("sm_test_15_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); - user.create(); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), true); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); - entry.setMaxLevel("Allow"); - - addPolicyRequest.addEntry(entry); - Api::sendPolicy(addPolicyRequest); - exit(0); - } -} - -RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_admin_wildcard) -{ - const char *const update_other_app_id = "security_manager_15_update_other_app_id"; - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = "ADMIN"; - const std::string username("sm_test_15_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_ADMIN, false); - user.create(); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), true); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_other_app_id).c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - // use wildcard as appId - PolicyEntry entry(SECURITY_MANAGER_ANY, std::to_string(static_cast(msg.uid)), update_privilege); - entry.setMaxLevel("Allow"); - - addPolicyRequest.addEntry(entry); - Api::sendPolicy(addPolicyRequest); - exit(0); - } -} - -RUNNER_MULTIPROCESS_TEST(security_manager_15_privacy_manager_send_policy_update_for_self) -{ - const char *const update_app_id = "security_manager_15_update_app_id"; - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = ""; - const std::string username("sm_test_15_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); - user.create(); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), false); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); - entry.setLevel("Allow"); - - addPolicyRequest.addEntry(entry); - Api::sendPolicy(addPolicyRequest); - exit(0); - } -} - -RUNNER_MULTIPROCESS_TEST(security_manager_16_policy_levels_get) -{ - const std::string username("sm_test_16_user_cynara_policy"); - CynaraTestAdmin::Admin admin; - int pipefd[2]; - pid_t pid; - int result = 0; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); - user.create(); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - } - if(pid == 0) - { - int ret; - char** levels; - std::string allow_policy, deny_policy; - size_t count; - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - // without plugins there should only be 2 policies - Allow and Deny - ret = security_manager_policy_levels_get(&levels, &count); - - RUNNER_ASSERT_MSG((lib_retcode)ret == SECURITY_MANAGER_SUCCESS, - "Invlid return code: " << ret); - - RUNNER_ASSERT_MSG(count == 2, "Invalid number of policy levels. Should be 2, instead there is: " << static_cast(count)); - - deny_policy = std::string(levels[0]); - allow_policy = std::string(levels[count-1]); - - // first should always be Deny - RUNNER_ASSERT_MSG(deny_policy.compare("Deny") == 0, - "Invalid first policy level. Should be Deny, instead there is: " << levels[0]); - - // last should always be Allow - RUNNER_ASSERT_MSG(allow_policy.compare("Allow") == 0, - "Invalid last policy level. Should be Allow, instead there is: " << levels[count-1]); - - security_manager_policy_levels_free(levels, count); - exit(0); - } -} - -RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_delete_policy_for_self) -{ - const char *const update_app_id = "security_manager_17_update_app_id"; - const char *const update_privilege = "http://tizen.org/privilege/led"; - const char *const check_start_bucket = ""; - const std::string username("sm_test_17_username"); - PolicyRequest addPolicyRequest; - CynaraTestAdmin::Admin admin; - - struct message { - uid_t uid; - gid_t gid; - } msg; - - int pipefd[2]; - int pipefd2[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - RUNNER_ASSERT_MSG((pipe(pipefd2) != -1),"second pipe failed"); - - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, false); - user.create(); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - register_current_process_as_privilege_manager(user.getUid(), false); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_ALLOW, nullptr); - - pid = fork(); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd2+1); - close(pipefd2[0]); - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd2[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - - //wait for child - waitpid(-1, &result, 0); - - admin.adminCheck(check_start_bucket, false, generateAppLabel(update_app_id).c_str(), - std::to_string(static_cast(msg.uid)).c_str(), update_privilege, CYNARA_ADMIN_DENY, nullptr); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd2); - close(pipefd2[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd2[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - // delete this entry - PolicyRequest deletePolicyRequest; - PolicyEntry deleteEntry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); - deleteEntry.setLevel(SECURITY_MANAGER_DELETE); - - deletePolicyRequest.addEntry(deleteEntry); - Api::sendPolicy(deletePolicyRequest); - exit(0); - } - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - PolicyEntry entry(update_app_id, std::to_string(static_cast(msg.uid)), update_privilege); - entry.setLevel("Allow"); - - addPolicyRequest.addEntry(entry); - Api::sendPolicy(addPolicyRequest); - exit(0); - } -} - -RUNNER_MULTIPROCESS_TEST(security_manager_17_privacy_manager_fetch_whole_policy_for_self_filtered) -{ - const std::string username("sm_test_17_user_name"); - - struct message { - uid_t uid; - gid_t gid; - unsigned int privileges_count; - } msg; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - TemporaryTestUser user(username, static_cast(GUM_USERTYPE_NORMAL), false); - user.create(); - - unsigned int privileges_count = 0; - - register_current_process_as_privilege_manager(user.getUid(), false); - //the above call, registers 1 new privilege for the given user, hence the incrementation of below variable - ++privileges_count; - - for(unsigned int i = 0; i < MANY_APPS.size(); ++i) { - InstallRequest requestInst; - requestInst.setAppId(MANY_APPS[i].c_str()); - requestInst.setPkgId(MANY_APPS_PKGS.at(MANY_APPS[i]).c_str()); - requestInst.setUid(user.getUid()); - - for (auto &priv : MANY_APPS_PRIVILEGES.at(i)) { - requestInst.addPrivilege(priv.c_str()); - }; - - Api::install(requestInst); - privileges_count += MANY_APPS_PRIVILEGES.at(i).size(); - }; - - //send info to child - msg.uid = user.getUid(); - msg.gid = user.getGid(); - msg.privileges_count = privileges_count; - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - } - if(pid == 0) - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(PRIVILEGE_MANAGER_APP.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - - // filter by privilege - std::vector policyEntries; - PolicyEntry filter(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/internet"); - Api::getPolicy(filter, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == 2, "Number of policies doesn't match - should be: 2 and is " << policyEntries.size()); - - // filter by other privilege - policyEntries.clear(); - PolicyEntry filter2(SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY, "http://tizen.org/privilege/email"); - Api::getPolicy(filter2, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == 3, "Number of policies doesn't match - should be: 3 and is " << policyEntries.size()); - - // filter by appId - policyEntries.clear(); - PolicyEntry filter3(MANY_APPS[4].c_str(), SECURITY_MANAGER_ANY, SECURITY_MANAGER_ANY); - Api::getPolicy(filter3, policyEntries); - - RUNNER_ASSERT_MSG(policyEntries.size() != 0, "Policy is empty"); - RUNNER_ASSERT_MSG(policyEntries.size() == 4, "Number of policies doesn't match - should be: 4 and is " << policyEntries.size()); - } -} - -RUNNER_CHILD_TEST(security_manager_18_user_cynara_policy) -{ - RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts"); - const char *const MAIN_BUCKET = "MAIN"; - const char *const MANIFESTS_BUCKET = "MANIFESTS"; - const char *const ADMIN_BUCKET = "ADMIN"; - const char *const USER_TYPE_NORMAL_BUCKET = "USER_TYPE_NORMAL"; - const std::string username("sm_test_10_user_cynara_policy"); - CynaraTestAdmin::Admin admin; - std::string uid_string; - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true); - user.create(); - user.getUidString(uid_string); - - CynaraTestAdmin::CynaraPoliciesContainer nonemptyContainer; - nonemptyContainer.add(MAIN_BUCKET,CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_BUCKET, USER_TYPE_NORMAL_BUCKET); - admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, nonemptyContainer,CYNARA_API_SUCCESS); - - user.remove(); - CynaraTestAdmin::CynaraPoliciesContainer emptyContainer; - - admin.listPolicies(MAIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); - admin.listPolicies(MANIFESTS_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); - admin.listPolicies(CYNARA_ADMIN_DEFAULT_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); - admin.listPolicies(ADMIN_BUCKET, CYNARA_ADMIN_WILDCARD, uid_string.c_str(), CYNARA_ADMIN_WILDCARD, emptyContainer, CYNARA_API_SUCCESS); -} - -RUNNER_CHILD_TEST(security_manager_19_security_manager_cmd_install) -{ - RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts"); - int ret; - const int SUCCESS = 0; - const int FAILURE = 256; - const std::string app_id = "security_manager_10_app"; - const std::string pkg_id = "security_manager_10_pkg"; - const std::string username("sm_test_10_user_name"); - std::string uid_string; - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true); - user.create(); - user.getUidString(uid_string); - const std::string path1 = appDirPath(user, app_id, pkg_id) + "/p1"; - const std::string path2 = appDirPath(user, app_id, pkg_id) + "/p2"; - const std::string pkgopt = " --pkg=" + pkg_id; - const std::string appopt = " --app=" + app_id; - const std::string uidopt = " --uid=" + uid_string; - - mktreeSafe(path1.c_str(), 0); - mktreeSafe(path2.c_str(), 0); - - const std::string installcmd = "security-manager-cmd --install " + appopt + pkgopt + uidopt; - - struct operation { - std::string command; - int expected_result; - }; - std::vector operations = { - {"security-manager-cmd", FAILURE},//no option - {"security-manager-cmd --blah", FAILURE},//blah option is not known - {"security-manager-cmd --help", SUCCESS}, - {"security-manager-cmd --install", FAILURE},//no params - {"security-manager-cmd -i", FAILURE},//no params - {"security-manager-cmd --i --app=app_id_10 --pkg=pkg_id_10", FAILURE},//no uid - {installcmd, SUCCESS}, - {"security-manager-cmd -i -a" + app_id + " -g" + pkg_id + uidopt, SUCCESS}, - {installcmd + " --path " + path1 + " writable", SUCCESS}, - {installcmd + " --path " + path1, FAILURE},//no path type - {installcmd + " --path " + path1 + " writable" + " --path " + path2 + " readable", SUCCESS}, - {installcmd + " --path " + path1 + " prie" + " --path " + path2 + " readable", FAILURE},//wrong path type - {installcmd + " --path " + path1 + " writable" + " --privilege somepriv --privilege somepriv2" , SUCCESS}, - }; - - for (auto &op : operations) { - ret = system(op.command.c_str()); - RUNNER_ASSERT_MSG(ret == op.expected_result, - "Unexpected result for command '" << op.command <<"': " - << ret << " Expected was: "<< op.expected_result); - } -} - -RUNNER_CHILD_TEST(security_manager_20_security_manager_cmd_users) -{ - RUNNER_IGNORED_MSG("temporarily disabled due to gumd timeouts"); - int ret; - const int SUCCESS = 0; - const int FAILURE = 256; - const std::string username("sm_test_11_user_name"); - std::string uid_string; - TemporaryTestUser user(username, GUM_USERTYPE_NORMAL, true); - user.create(); - user.getUidString(uid_string); - const std::string uidopt = " --uid=" + uid_string; - - struct operation { - std::string command; - int expected_result; - }; - std::vector operations = { - {"security-manager-cmd --manage-users=remove", FAILURE},//no params - {"security-manager-cmd -m", FAILURE},//no params - {"security-manager-cmd -mr", FAILURE},//no uid - {"security-manager-cmd -mr --uid" + uidopt, FAILURE},//no uid - {"security-manager-cmd -mr --sdfj" + uidopt, FAILURE},//sdfj? - {"security-manager-cmd --msdf -u2004" , FAILURE},//sdf? - {"security-manager-cmd -mr" + uidopt, SUCCESS},//ok, removed - {"security-manager-cmd -mr --blah" + uidopt, FAILURE},//blah - {"security-manager-cmd -ma" + uidopt, SUCCESS},//ok, added - {"security-manager-cmd -ma --usertype=normal" + uidopt, SUCCESS},//ok, added - {"security-manager-cmd -ma --usertype=mal" + uidopt, FAILURE},//ok, added - }; - - for (auto &op : operations) { - ret = system(op.command.c_str()); - RUNNER_ASSERT_MSG(ret == op.expected_result, - "Unexpected result for command '" << op.command <<"': " - << ret << " Expected was: "<< op.expected_result); - } -} - -RUNNER_MULTIPROCESS_TEST(security_manager_21_security_manager_admin_deny_user_priv) -{ - const int BUFFER_SIZE = 128; - struct message { - uid_t uid; - gid_t gid; - char buf[BUFFER_SIZE]; - } msg; - - privileges_t admin_required_privs = { - "http://tizen.org/privilege/systemsettings.admin", - "http://tizen.org/privilege/systemsettings"}; - privileges_t manifest_privs = { - "http://tizen.org/privilege/internet", - "http://tizen.org/privilege/camera"}; - privileges_t real_privs_allow = {"http://tizen.org/privilege/camera"}; - privileges_t real_privs_deny = {"http://tizen.org/privilege/internet"}; - - const std::string pirivman_id = "sm_test_13_ADMIN_APP"; - const std::string pirivman_pkg_id = "sm_test_13_ADMIN_PKG"; - const std::string app_id = "sm_test_13_SOME_APP"; - const std::string pkg_id = "sm_test_13_SOME_PKG"; - - int pipefd[2]; - pid_t pid; - int result = 0; - - RUNNER_ASSERT_MSG((pipe(pipefd) != -1),"pipe failed"); - pid = fork(); - RUNNER_ASSERT_MSG(pid >= 0, "fork failed"); - if (pid != 0)//parent process - { - std::string childuidstr; - TemporaryTestUser admin("sm_test_13_ADMIN_USER", GUM_USERTYPE_ADMIN, true); - TemporaryTestUser child("sm_test_13_NORMAL_USER", GUM_USERTYPE_NORMAL, true); - - InstallRequest request,request2; - FdUniquePtr pipeptr(pipefd+1); - close(pipefd[0]); - - admin.create(); - child.create(); - child.getUidString(childuidstr); - - //install privacy manager for admin - request.setAppId(pirivman_id.c_str()); - request.setPkgId(pirivman_pkg_id.c_str()); - request.setUid(admin.getUid()); - for (auto &priv: admin_required_privs) - request.addPrivilege(priv.c_str()); - Api::install(request); - - //install app for child that has internet privilege - request2.setAppId(app_id.c_str()); - request2.setPkgId(pkg_id.c_str()); - request2.setUid(child.getUid()); - for (auto &priv: manifest_privs) - request2.addPrivilege(priv.c_str()); - Api::install(request2); - - check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(), - manifest_privs, SM_NO_PRIVILEGES); - - //send info to child - msg.uid = admin.getUid(); - msg.gid = admin.getGid(); - strncpy (msg.buf, childuidstr.c_str(), BUFFER_SIZE); - - ssize_t written = TEMP_FAILURE_RETRY(write(pipefd[1], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG((written == sizeof(struct message)),"write failed"); - - //wait for child - RUNNER_ASSERT_MSG(wait(&result) == pid, "wait failed"); - - check_app_permissions(app_id.c_str(), pkg_id.c_str(), childuidstr.c_str(), - real_privs_allow, real_privs_deny); - } - if (pid == 0)//child - { - FdUniquePtr pipeptr(pipefd); - close(pipefd[1]); - - ssize_t fetched = TEMP_FAILURE_RETRY(read(pipefd[0], &msg, sizeof(struct message))); - RUNNER_ASSERT_MSG(fetched == sizeof(struct message), "read failed"); - - //become admin privacy manager manager - Api::setProcessLabel(pirivman_id.c_str()); - result = drop_root_privileges(msg.uid, msg.gid); - RUNNER_ASSERT_MSG(result == 0, "drop_root_privileges failed"); - PolicyRequest addPolicyReq; - //change rights - for (auto &denypriv:real_privs_deny) { - /*this entry will deny some privileges for user whose uid (as c string) - was sent in message's buf field. - That user would be denying internet for child in this case*/ - PolicyEntry entry(SECURITY_MANAGER_ANY, msg.buf, denypriv); - entry.setMaxLevel("Deny"); - addPolicyReq.addEntry(entry); - } - Api::sendPolicy(addPolicyReq); - exit(0); - } -} - -void saveMappingsToDb(const std::string &version_from, const std::string &version_to, - const privileges_t &privileges, const std::vector &mappings) { - TestSecurityManagerDatabase db; - RUNNER_ASSERT_MSG(privileges.size() == mappings.size(), "Wrong given privileges and mappings size"); - auto privIt = privileges.begin(); - auto mappIt = mappings.begin(); - for (; privIt != privileges.end() && mappIt != mappings.end(); privIt++, mappIt++) { - for (const auto &mapping : *mappIt) { - db.setup_privilege_mapping(version_from, version_to, *privIt, mapping); - } - } -} - -void saveDefaultMappingsToDb(const std::string &version_from, const std::string &version_to, - const privileges_t &privileges) { - TestSecurityManagerDatabase db; - for (auto &privilege : privileges) { - db.setup_default_version_privilege(version_from, version_to, privilege); - } -} - -void concatUnique(privileges_t &to, const privileges_t &from) { - to.reserve(to.size() + from.size()); - for (auto &new_priv : from) { - if (std::find(to.begin(), to.end(), new_priv) == to.end()) - to.push_back(new_priv); - } -} - -RUNNER_TEST(security_manager_22_get_privilege_mappings) -{ - saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES); - saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES); - privileges_t retrievedMapping; - std::string current; - auto expectedIt = NEW_PRIVILEGES.begin(); - for (const auto &privilege : OLD_PRIVILEGES) { - retrievedMapping.clear(); - std::vector privilegeToMap = {privilege}; - Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), - privilegeToMap, retrievedMapping); - std::vector expectedPrivileges = *expectedIt; - concatUnique(expectedPrivileges, DEFAULT_PRIVILEGES); - RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(), - "Wrong count of mappings returned for " << privilege << "." - " Got " << retrievedMapping.size() - << " expected " << expectedPrivileges.size()); - RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()), - "Wrong mapping returned for " << privilege); - ++expectedIt; - } -} - -RUNNER_TEST(security_manager_23_get_privileges_mappings) -{ - saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES); - saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES); - - std::vector retrievedMapping; - std::vector expectedPrivileges = DEFAULT_PRIVILEGES; - for(auto &expected : NEW_PRIVILEGES) { - concatUnique(expectedPrivileges, expected); - } - const std::vector &privilegesToMap = OLD_PRIVILEGES; - - Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegesToMap, retrievedMapping); - RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(), - "Wrong count of mappings returned. Got " << retrievedMapping.size() - << " expected " << expectedPrivileges.size()); - RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()), - "Wrong mapping returned for privileges set"); -} - -RUNNER_TEST(security_manager_24_get_privileges_mappings_default_version) -{ - saveMappingsToDb(OLD_VERSION, NEW_VERSION, OLD_PRIVILEGES, NEW_PRIVILEGES); - saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES); - - std::vector retrievedMapping; - std::vector expectedPrivileges = DEFAULT_PRIVILEGES; - for(auto &expected : NEW_PRIVILEGES) { - concatUnique(expectedPrivileges, expected); - } - const std::vector &privilegesToMap = OLD_PRIVILEGES; - - Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegesToMap, retrievedMapping); - RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(), - "Wrong count of mappings returned. Got " << retrievedMapping.size() - << " expected " << expectedPrivileges.size()); - RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()), - "Wrong mapping returned for privileges set"); -} - -RUNNER_TEST(security_manager_25_get_default_mappings) -{ - saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES); - - std::vector retrievedMapping; - std::vector expectedPrivileges = DEFAULT_PRIVILEGES; - - // Empty privilege to map vector will indicate nullptr privilege array in security-manager API - std::vector privilegeToMap; - - Api::getPrivilegesMappings(OLD_VERSION.c_str(), NEW_VERSION.c_str(), privilegeToMap, retrievedMapping); - RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(), - "Wrong count of mappings returned. Got " << retrievedMapping.size() - << " expected " << expectedPrivileges.size()); - RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()), - "Wrong default mapping returned"); -} - -RUNNER_TEST(security_manager_26_get_default_mappings_default_version) -{ - saveDefaultMappingsToDb(OLD_VERSION, NEW_VERSION, DEFAULT_PRIVILEGES); - - std::vector retrievedMapping; - std::vector expectedPrivileges = DEFAULT_PRIVILEGES; - - // Empty privilege to map vector will indicate nullptr privilege array in security-manager API - std::vector privilegeToMap; - - Api::getPrivilegesMappings(OLD_VERSION.c_str(), nullptr, privilegeToMap, retrievedMapping); - RUNNER_ASSERT_MSG(retrievedMapping.size() == expectedPrivileges.size(), - "Wrong count of mappings returned. Got " << retrievedMapping.size() - << " expected " << expectedPrivileges.size()); - RUNNER_ASSERT_MSG(std::is_permutation(retrievedMapping.begin(), retrievedMapping.end(), expectedPrivileges.begin()), - "Wrong default mapping returned"); -} - -int main(int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/security-server-tests/CMakeLists.txt b/src/security-server-tests/CMakeLists.txt deleted file mode 100644 index c4217536..00000000 --- a/src/security-server-tests/CMakeLists.txt +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# @author Mariusz Domanski (m.domanski@samsung.com) -# @brief -# - -INCLUDE(FindPkgConfig) - -# Dependencies -PKG_CHECK_MODULES(SEC_SRV_TESTS_DEP - libsmack - libprivilege-control - security-server - dlog - dbus-1 - REQUIRED) - -# Targets definition - -SET(TARGET_SEC_SRV_COMMON "security-server-tests-common") -SET(TARGET_SEC_SRV_CLIENT_SMACK_TESTS "security-server-tests-client-smack") -SET(TARGET_SEC_SRV_TC_SERVER_TESTS "security-server-tests-server") -SET(TARGET_SEC_SRV_PWD_TESTS "security-server-tests-password") -SET(TARGET_SEC_SRV_PRIVILEGE_TESTS "security-server-tests-privilege") -SET(TARGET_SEC_SRV_STRESS_TESTS "security-server-tests-stress") -SET(TARGET_SEC_SRV_MT_TESTS "security-server-tests-mt") -SET(TARGET_SEC_SRV_MEASURER "security-server-tests-api-speed") - - -# Sources definition - -SET(SEC_SRV_COMMON_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/security_server_tests_common.cpp - ) - -SET(SEC_SRV_CLIENT_SMACK_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_client_smack.cpp - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp - ) - -SET(SEC_SRV_TC_SERVER_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/server.cpp - ${PROJECT_SOURCE_DIR}/src/security-server-tests/cookie_api.cpp - ${PROJECT_SOURCE_DIR}/src/security-server-tests/weird_arguments.cpp - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp - ) - -SET(SEC_SRV_PWD_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_password.cpp - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp - ) - -SET(SEC_SRV_PRIVILEGE_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_privilege.cpp - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp - ) - -SET(SEC_SRV_STRESS_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_stress.cpp - ) - -SET(SEC_SRV_MT_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_mt.cpp - ) - -SET(SEC_SRV_MEASURER_SOURCES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_measurer_API_speed.cpp - ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp - ) - -INCLUDE_DIRECTORIES(SYSTEM - ${SEC_SRV_TESTS_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/ - ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/ - ) - -#LINK_DIRECTORIES(${SEC_SRV_PKGS_LIBRARY_DIRS}) - -ADD_LIBRARY(${TARGET_SEC_SRV_COMMON} STATIC ${SEC_SRV_COMMON_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} ${SEC_SRV_CLIENT_SMACK_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_TC_SERVER_TESTS} ${SEC_SRV_TC_SERVER_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_PWD_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_PRIVILEGE_TESTS} ${SEC_SRV_PRIVILEGE_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_STRESS_TESTS} ${SEC_SRV_STRESS_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_MT_SOURCES}) -ADD_EXECUTABLE(${TARGET_SEC_SRV_MEASURER} ${SEC_SRV_MEASURER_SOURCES}) - - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_TC_SERVER_TESTS} - ${TARGET_SEC_SRV_COMMON} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PWD_TESTS} - ${TARGET_SEC_SRV_COMMON} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PRIVILEGE_TESTS} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_STRESS_TESTS} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MT_TESTS} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MEASURER} - ${TARGET_SEC_SRV_COMMON} - ${SEC_SRV_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -# Installation - -INSTALL(TARGETS ${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} DESTINATION /usr/bin) -INSTALL(TARGETS ${TARGET_SEC_SRV_TC_SERVER_TESTS} DESTINATION /usr/bin) -INSTALL(TARGETS ${TARGET_SEC_SRV_PWD_TESTS} DESTINATION /usr/bin) -INSTALL(TARGETS ${TARGET_SEC_SRV_PRIVILEGE_TESTS} DESTINATION /usr/bin) -INSTALL(TARGETS ${TARGET_SEC_SRV_STRESS_TESTS} DESTINATION /usr/bin) -INSTALL(TARGETS ${TARGET_SEC_SRV_MT_TESTS} DESTINATION /usr/bin) -INSTALL(TARGETS ${TARGET_SEC_SRV_MEASURER} DESTINATION /usr/bin) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules1.smack - DESTINATION /usr/share/privilege-control/ -) - -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules2.smack - DESTINATION /usr/share/privilege-control/ -) diff --git a/src/security-server-tests/WRT_sstp_test_rules1.smack b/src/security-server-tests/WRT_sstp_test_rules1.smack deleted file mode 100644 index 4dece48d..00000000 --- a/src/security-server-tests/WRT_sstp_test_rules1.smack +++ /dev/null @@ -1,2 +0,0 @@ -~APP~ sstp_test_book_1 rwxatl -sstp_test_subject_1 ~APP~ rwxatl diff --git a/src/security-server-tests/WRT_sstp_test_rules2.smack b/src/security-server-tests/WRT_sstp_test_rules2.smack deleted file mode 100644 index 4dece48d..00000000 --- a/src/security-server-tests/WRT_sstp_test_rules2.smack +++ /dev/null @@ -1,2 +0,0 @@ -~APP~ sstp_test_book_1 rwxatl -sstp_test_subject_1 ~APP~ rwxatl diff --git a/src/security-server-tests/common/security_server_tests_common.cpp b/src/security-server-tests/common/security_server_tests_common.cpp deleted file mode 100644 index cd54523b..00000000 --- a/src/security-server-tests/common/security_server_tests_common.cpp +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file security_server_tests_common.cpp - * @author Marcin Lis (m.lis@samsung.com) - * @version 1.0 - * @brief security-server tests commons - */ - -#include "security_server_tests_common.h" - -const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000; - -Cookie getCookieFromSS() { - Cookie cookie(security_server_get_cookie_size()); - - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == - security_server_request_cookie(cookie.data(), cookie.size()), - "Error in security_server_request_cookie."); - - return cookie; -} diff --git a/src/security-server-tests/common/security_server_tests_common.h b/src/security-server-tests/common/security_server_tests_common.h deleted file mode 100644 index 3ece470b..00000000 --- a/src/security-server-tests/common/security_server_tests_common.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. -*/ - -/* - * @file security_server_tests_common.h - * @author Marcin Lis (m.lis@samsung.com) - * @version 1.0 - * @brief security-server tests commons - */ - -#include -#include - -#ifndef SECURITY_SERVER_TESTS_COMMON_H_ -#define SECURITY_SERVER_TESTS_COMMON_H_ - -extern const unsigned int PASSWORD_RETRY_TIMEOUT_US; -typedef std::vector Cookie; - -Cookie getCookieFromSS(); - -#endif /* SECURITY_SERVER_TESTS_COMMON_H_ */ diff --git a/src/security-server-tests/cookie_api.cpp b/src/security-server-tests/cookie_api.cpp deleted file mode 100644 index adb95695..00000000 --- a/src/security-server-tests/cookie_api.cpp +++ /dev/null @@ -1,558 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ - -/* - * @file security_server_tests_cookie_api.cpp - * @author Pawel Polawski (p.polawski@partner.samsung.com) - * @version 1.0 - * @brief Test cases for security server cookie api - * - */ - -/* -Tested API functions in this file: - - int security_server_get_cookie_size(void); - int security_server_request_cookie(char *cookie, size_t bufferSize); - - int security_server_check_privilege(const char *cookie, gid_t privilege); - int security_server_check_privilege_by_cookie(const char *cookie, - const char *object, - const char *access_rights); - int security_server_get_cookie_pid(const char *cookie); - char *security_server_get_smacklabel_cookie(const char *cookie); - int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid); - int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid); -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -const char *ROOT_USER = "root"; -const char *PROC_AUDIO_GROUP_NAME = "audio"; - -const int KNOWN_COOKIE_SIZE = 20; - -RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS) - -/* - * ************************************************************************** - * Test cases fot check various functions input params cases - * ************************************************************************** - */ - -//--------------------------------------------------------------------------- -//passing nullptr as a buffer pointer -RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie) -{ - int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, - "Error in security_server_request_cookie() argument checking: " << ret); -} - -//passing too small value as a buffer size -RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie) -{ - Cookie cookie(KNOWN_COOKIE_SIZE); - - int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, - "Error in security_server_request_cookie() argument checking: " << ret); -} - -//--------------------------------------------------------------------------- -//passing nullptr as a cookie pointer -RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege) -{ - int ret = security_server_check_privilege(nullptr, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, - "Error in security_server_check_privilege() argument checking: " << ret); -} - -//--------------------------------------------------------------------------- -//passing nullptr as a cookie pointer -RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, - "Error in security_server_check_privilege_by_cookie() argument checking: " - << ret); -} - -//passing nullptr as an object pointer -RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - Cookie cookie = getCookieFromSS(); - - int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, - "Error in security_server_check_privilege_by_cookie() argument checking: " - << ret); -} - -//passing nullptr as an access pointer -RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - Cookie cookie = getCookieFromSS(); - - int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, - "Error in security_server_check_privilege_by_cookie() argument checking: " - << ret); -} - -//--------------------------------------------------------------------------- -//passing nullptr as a cookie pointer -RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid) -{ - int ret = security_server_get_cookie_pid(nullptr); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, - "Error in security_server_get_cookie_pid() argument checking: " << ret); -} - -//getting pid of non existing cookie -RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid) -{ - const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'}; - RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) == - SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE); -} - -//--------------------------------------------------------------------------- -//passing nullptr as a cookie pointer -RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie) -{ - char *label = nullptr; - label = security_server_get_smacklabel_cookie(nullptr); - RUNNER_ASSERT_MSG(label == nullptr, - "Error in security_server_get_smacklabel_cookie() argument checking"); -} - - - -/* - * ************************************************************************** - * Unit tests for each function from API - * ************************************************************************** - */ - -//--------------------------------------------------------------------------- -//root has access to API -RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size) -{ - int ret = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, - "Error in security_server_get_cookie_size(): " << ret); -} - -//--------------------------------------------------------------------------- -// Get cookie size when smack is not loaded -RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack) -{ - int ret; - - ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - ret = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret); -} - -//--------------------------------------------------------------------------- -// Test setting up a cookie in normal case when smack is not loaded -RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack) -{ - int ret; - int cookieSize = security_server_get_cookie_size(); - Cookie cookie(cookieSize); - - ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - - ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -//--------------------------------------------------------------------------- -// Test setting up a cookie when smack is not loaded but with too small -// buffer size -RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack) -{ - int ret; - int cookieSize = security_server_get_cookie_size(); - Cookie cookie(cookieSize); - - ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - - ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret); -} - -//--------------------------------------------------------------------------- -// Get cookie size when smack is loaded -RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size) -{ - SecurityServer::AccessProvider provider("selflabel_01_05"); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, - "Error in security_server_get_cookie_size(): " << ret); -} - -//--------------------------------------------------------------------------- -//root has access to API -RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie) -{ - int cookieSize = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE, - "Error in security_server_get_cookie_size(): " << cookieSize); - - Cookie cookie(cookieSize); - int ret = security_server_request_cookie(cookie.data(), cookie.size()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "Error in security_server_request_cookie(): " << ret); -} - -//--------------------------------------------------------------------------- -// Test setting up a cookie in normal case when smack is loaded -RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie) -{ - int cookieSize = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE, - "Error in security_server_get_cookie_size(): " << cookieSize); - - SecurityServer::AccessProvider provider("selflabel_02_01"); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - Cookie cookie(cookieSize); - int ret = security_server_request_cookie(cookie.data(), cookie.size()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "Error in security_server_request_cookie(): " << ret); -} - -//--------------------------------------------------------------------------- -// Test setting up a cookie when smack is loaded but with too small buffer -// size -RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size) -{ - int cookieSize = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE, - "Error in security_server_get_cookie_size(): " << cookieSize); - cookieSize >>= 1; - - SecurityServer::AccessProvider provider("selflabel_02_02"); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - Cookie cookie(cookieSize); - int ret = security_server_request_cookie(cookie.data(), cookie.size()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, - "Error in security_server_request_cookie(): " << ret); -} - -//--------------------------------------------------------------------------- -//root has access to API -RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege) -{ - Cookie cookie = getCookieFromSS(); - - int ret = security_server_check_privilege(cookie.data(), 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "Error in security_server_check_privilege(): " << ret); -} - -//privileges drop and no smack rule -RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege) -{ - Cookie cookie = getCookieFromSS(); - - SecurityServer::AccessProvider provider("selflabel_03_02"); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_check_privilege(cookie.data(), 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_check_privilege() should return access denied: " << ret); -} - -//privileges drop and added smack rule -RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege) -{ - Cookie cookie = getCookieFromSS(); - - SecurityServer::AccessProvider provider("selflabel_03_03"); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_check_privilege(cookie.data(), 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "Error in security_server_check_privilege(): " << ret); -} - -// invalid gid -RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg) -{ - remove_process_group(PROC_AUDIO_GROUP_NAME); - - Cookie cookie = getCookieFromSS(); - int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME); - RUNNER_ASSERT_MSG(audio_gid > -1, - "security_server_get_gid() failed. result = " << audio_gid); - - int ret = security_server_check_privilege(cookie.data(), audio_gid); - - // security_server_check_privilege fails, because the process does not belong to "audio" group - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret); -} - -// add gid -RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege) -{ - add_process_group(PROC_AUDIO_GROUP_NAME); - - Cookie cookie = getCookieFromSS(); - int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME); - RUNNER_ASSERT_MSG(audio_gid > -1, - "security_server_get_gid() failed. result = " << audio_gid); - - int ret = security_server_check_privilege(cookie.data(), audio_gid); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); -} - -// test invalid cookie name -RUNNER_TEST(tc_unit_03_06_security_server_check_privilege) -{ - // create invalid cookie - int size = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size); - - Cookie cookie(size); - cookie[0] = 'a'; - int ret = security_server_check_privilege(cookie.data(), 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret); -} - -//--------------------------------------------------------------------------- -//root has access to API -RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid) -{ - Cookie cookie = getCookieFromSS(); - - int ret = security_server_get_cookie_pid(cookie.data()); - RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret); - - int pid = getpid(); - RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie"); -} - -//privileges drop and no smack rule -RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid) -{ - Cookie cookie = getCookieFromSS(); - - SecurityServer::AccessProvider provider("selflabel_05_02"); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_get_cookie_pid(cookie.data()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_get_cookie_pid() should return access denied: " << ret); -} - -//privileges drop and added smack rule -RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid) -{ - Cookie cookie = getCookieFromSS(); - - SecurityServer::AccessProvider provider("selflabel_05_03"); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_get_cookie_pid(cookie.data()); - RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret); - - int pid = getpid(); - RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie"); -} - -//--------------------------------------------------------------------------- -//root has access to API -RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack) -{ - setLabelForSelf(__LINE__, "selflabel_06_01"); - - Cookie cookie = getCookieFromSS(); - - CStringPtr label(security_server_get_smacklabel_cookie(cookie.data())); - RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0, - "No match in smack label received from cookie, received label: " - << label.get()); -} - -//--------------------------------------------------------------------------- -//root has access to API -RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack) -{ - Cookie cookie = getCookieFromSS(); - - char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data()); - RUNNER_ASSERT_MSG(receivedLabel != nullptr, - "security_server_get_smacklabel_cookie returned nullptr"); - std::string label(receivedLabel); - free(receivedLabel); - RUNNER_ASSERT_MSG(label.empty(), - "security_server_get_smacklabel_cookie returned: " - << label); -} - -//privileges drop and no smack rule -RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie) -{ - Cookie cookie = getCookieFromSS(); - - SecurityServer::AccessProvider provider("selflabel_06_02"); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - CStringPtr label(security_server_get_smacklabel_cookie(cookie.data())); - RUNNER_ASSERT_MSG(label.get() == nullptr, - "nullptr should be received due to access denied, received label: " - << label.get()); -} - -//privileges drop and added smack rule -RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie) -{ - SecurityServer::AccessProvider provider("selflabel_06_03"); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - Cookie cookie = getCookieFromSS(); - - CStringPtr label(security_server_get_smacklabel_cookie(cookie.data())); - RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0, - "No match in smack label received from cookie, received label: " - << label.get()); -} - -//--------------------------------------------------------------------------- -// apply smack labels and drop privileges -RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow) -{ - add_process_group(PROC_AUDIO_GROUP_NAME); - - SecurityServer::AccessProvider provider("subject_1d6eda7d"); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - Cookie cookie = getCookieFromSS(); - - int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME); - RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME - << "\" gid. Result: " << ret); - - ret = security_server_check_privilege(cookie.data(), ret); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - - int root_gid = security_server_get_gid(ROOT_USER); - RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid); - - ret = security_server_get_cookie_pid(cookie.data()); - RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret); - - CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data())); - RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get()); - - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - - ret = security_server_check_privilege_by_pid(getpid(), "_", "rx"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); -} - -// disable access and drop privileges -RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny) -{ - SecurityServer::AccessProvider provider("subject_1d414140"); - - Cookie cookie = getCookieFromSS(); - - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_check_privilege should return access denied, " - "ret: " << ret); - - ret = security_server_get_gid(ROOT_USER); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_get_gid should return access denied, " - "ret: " << ret); - - ret = security_server_get_cookie_pid(cookie.data()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_get_cookie_pid should return access denied, " - "ret: " << ret); - - CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data())); - RUNNER_ASSERT_MSG(ss_label.get() == nullptr, - "access should be denied so label should be nullptr: " << ss_label.get()); - - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - - ret = security_server_check_privilege_by_pid(getpid(), "_", "rx"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_check_privilege_by_pid should return access denied, " - "ret: " << ret); -} - -// NOSMACK version of the test above -RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack) -{ - add_process_group(PROC_AUDIO_GROUP_NAME); - - // drop root privileges - int ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - - Cookie cookie = getCookieFromSS(); - - ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME); - RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME - << "\" gid. Result: " << ret); - - ret = security_server_check_privilege(cookie.data(), ret); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege failed. Result: " << ret); - - ret = security_server_get_gid(ROOT_USER); - RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret); - - ret = security_server_get_cookie_pid(cookie.data()); - RUNNER_ASSERT_MSG(ret == getpid(), - "get_cookie_pid returned different pid than it should. Result: " << ret); - - CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data())); - RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed."); - - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - - ret = security_server_check_privilege_by_pid(getpid(), "_", "rx"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege_by_pid failed. Result: " << ret); -} diff --git a/src/security-server-tests/security_server_clean_env.cpp b/src/security-server-tests/security_server_clean_env.cpp deleted file mode 100644 index 94833c94..00000000 --- a/src/security-server-tests/security_server_clean_env.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_clean_env.cpp - * @author Zbigniew Jasinski (z.jasinski@samsung.com) - * @version 1.0 - * @brief Functions to prepare clean env for tests. - * - */ - -#include -#include - -#include - -int restart_security_server() { - ServiceManager serviceManager("security-server.service"); - serviceManager.restartService(); - - return 0; -} - -static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/, - int tflag, struct FTW *ftwbuf) -{ - if (tflag == FTW_F) - unlink(fpath); - else if (tflag == FTW_DP && ftwbuf->level != 0) - rmdir(fpath); - - return 0; -} - -/** - * This function should be called at the begining of every SS test, so all the tests - * are independent of each other. - */ -int reset_security_server() -{ - const char* path = "/opt/data/security-server/"; - const int max_descriptors = 10; //max number of open file descriptors by nftw function - - // Clear /opt/data/security-server/ directory - if (access(path, F_OK) == 0) { - if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) { - return 1; - } - sync(); - } - - restart_security_server(); - return 0; -} diff --git a/src/security-server-tests/security_server_clean_env.h b/src/security-server-tests/security_server_clean_env.h deleted file mode 100644 index d84740c2..00000000 --- a/src/security-server-tests/security_server_clean_env.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_clean_env.h - * @author Zbigniew Jasinski (z.jasinski@samsung.com) - * @version 1.0 - * @brief Functions definitions to prepare clean env for tests. - */ - -#ifndef SECURITY_SERVER_CLEAN_ENV_H -#define SECURITY_SERVER_CLEAN_ENV_H - -int reset_security_server(); -int restart_security_server(); - -#endif diff --git a/src/security-server-tests/security_server_measurer_API_speed.cpp b/src/security-server-tests/security_server_measurer_API_speed.cpp deleted file mode 100644 index 213f9be2..00000000 --- a/src/security-server-tests/security_server_measurer_API_speed.cpp +++ /dev/null @@ -1,728 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Bumjin Im - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/* - * @file security_server_measurer_API_speed.cpp - * @author Radoslaw Bartosiak (radoslaw.bartosiak@samsung.com) - * @version 1.0 - * @brief Log security server API functions average execution times and some aproximation of maximal and minimal execution time. - * @details The functions are run at least NUMBER_OF_CALLS times (time is measured at the beginning and at the end, the difference is taken as the execution time). - * @details One test case for one function of security-server. Test pass always when there was no connection error (API calls themselves may fail). - * @details Measured times are logged using DLP testing framework logging functions. Calls each API function many times to take the average. - * @details This file contains TEST_CASEs. Each TEST_CASE consist of one or more RUNs, each RUN consist of one or more function calls. - * @details Each test case contains RUNs of one function only. The time is being measured before & after each run. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "security_server_mockup.h" -#include - -IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem); -#include -#include - -/*Number of calls in a single test*/ -#define NUMBER_OF_CALLS (5) -#define MICROSECS_PER_SEC (1000000) -/* number of miliseconds, process will be suspended for multiplications of this quantum */ -#define QUANTUM (10000) -/*Strings used in tests*/ -/*name of existing user group on test device like "tel_gprs"*/ -#define EXISTING_GROUP_NAME "telephony_makecall" -/*below labels should not be used in the system*/ -#define M60_OBJECT_LABEL "tc060MeasurerLabel" -#define M60_SUBJECT_LABEL "tc060Subject" -#define M70_OBJECT_LABEL "tc070MeasurerLabel" -#define M70_SUBJECT_LABEL "tc070Subject" -#define M160_CUSTOMER_LABEL "my_customer_label" -#define M170_OBJECT_LABEL "myObject" - -namespace { -void securityClientEnableLogSystem(void) { - DPL::Log::LogSystemSingleton::Instance().SetTag("SEC_SRV_API_SPEED"); -} -} - -/** Store statistics from a set of function calls -*/ -struct readwrite_stats -{ - timeval current_start_time; /*of last API call*/ - timeval current_end_time; /*of last API call*/ - int number_of_calls; /*till now*/ - double total_duration; /*of all API calls*/ - double average_duration; - double minimal_duration; /*minimum of averages*/ - double maximal_duration; /*maximum of averages*/ -}; - -/*Auxiliary functions*/ - -/**Sleep for the given time - @param seconds - @param nanoseconds - @return 0 on success, -1 on error if process woken earlier -*/ -int my_nanosecsleep(long nanoseconds) { - timespec sleep_spec; - sleep_spec.tv_sec = 0; - sleep_spec.tv_nsec = nanoseconds; - return nanosleep(&sleep_spec, nullptr); -} - -/**Read from pipe descriptor to buffer; retries if less than count bytes were read. - @param fd descriptor - @param buf start of buffer - @param count number of bytes read - @return number of bytes read (count) -*/ -int my_pipe_read(int fd, void *buf, size_t count) { - ssize_t readf = 0; - ssize_t rest = count; - ssize_t s; - while (rest > 0) { - RUNNER_ASSERT_ERRNO_MSG(0 < (s = TEMP_FAILURE_RETRY(read(fd, ((char*)buf) + readf, rest))), - "Error in read from pipe"); - rest -= s; - readf += s; - } - return readf; -} - -/**Write from buffer to a pipe ; retries if less than count bytes were written. - @param fd descriptor - @param buf start of buffer - @param count number of bytes to write - @return number of bytes written (count) -*/ -int my_pipe_write(int fd, void *buf, size_t count) { - ssize_t writef = 0; - ssize_t rest = count; - ssize_t s; - while (rest > 0) { - RUNNER_ASSERT_ERRNO_MSG(0 <= (s = TEMP_FAILURE_RETRY(write(fd, ((char*)buf) + writef, rest))), - "Error in write to pipe"); - rest -= s; - writef += s; - } - return writef; -} - - -/** Check whether there was connection error during function call (Security Server API) based on exit code - @param result_code the exit code of a function - @return -1 if the function result code indicated network error, 0 otherwise -*/ -int communication_succeeded(int result_code) { - switch(result_code) - { - case SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE: - case SECURITY_SERVER_API_ERROR_SOCKET: - case SECURITY_SERVER_API_ERROR_BAD_REQUEST: - case SECURITY_SERVER_API_ERROR_BAD_RESPONSE: - return -1; - default: - return 0; - } -} - -/** Returns current system time (wrapper for standard system function) - @return current system time -*/ -timeval my_gettime() { - timeval t; - int res = gettimeofday(&t, nullptr); - RUNNER_ASSERT_ERRNO_MSG(res == 0, "gettimeofday() returned error value: " << res); - return t; -} - -/** Return a difference between two times (wrapper for standard system function) - @param time t1 - @param time t2 - @return t1 - t2 -*/ -timeval my_timersub(timeval t1, timeval t2) { - timeval result; - timersub(&t1, &t2, &result); - return result; -} - -double timeval_to_microsecs(timeval t) { - return ((double)t.tv_sec * (double)MICROSECS_PER_SEC) + ((double)t.tv_usec); -} - -/** Initialize statistics at the beginning of a TEST_CASE - @param stats [in/out] statistics to be initialized -*/ -void initialize_stats(readwrite_stats *stats) { - stats->number_of_calls = 0; - stats->total_duration = 0.0; - stats->average_duration = 0.0; - stats->minimal_duration = DBL_MAX; - stats->maximal_duration = 0.0; -} - -/** Save time at the beginning of a RUN - @param stats [in/out] statistics -*/ -void start_stats_update(readwrite_stats *stats) { - stats->current_start_time = my_gettime(); - //LogDebug("start_stats_update at: %ld.%06ld\n", stats->current_start_time.tv_sec, stats->current_start_time.tv_usec); -} - -/** Save time at the end of a RUN and updates the statistics (current_end_time, number_of_calls, total_duration, minimal_duration, maximal_duration) - @param stats [in/out] statistics -*/ -void end_stats_update(readwrite_stats *stats) { - stats->current_end_time = my_gettime(); - double current_duration = timeval_to_microsecs(my_timersub(stats->current_end_time, stats->current_start_time)); - stats->total_duration += current_duration; - stats->number_of_calls += 1; - if (current_duration < stats->minimal_duration) - (stats->minimal_duration) = current_duration; - if (current_duration > stats->maximal_duration) - (stats->maximal_duration) = current_duration; -} - -/** Updates the statistics (average_duration, number_of_new_calls, total_duration, minimal_duration, maximal_duration) - Function is used instead of start_stats_update and end_stats_update (e.g when current_duration and number_of_new_calls are reported by child process. - @param stats [in/out] statistics - @param number_of_new_calls number of function calls in the RUN - @param current_duration (total) of number_of_new calls -*/ -void stats_update(readwrite_stats *stats, int number_of_new_calls, double current_duration) { - if (number_of_new_calls > 0) { - double current_average = (double)current_duration / (double)number_of_new_calls; - stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls)); - stats->total_duration += current_duration; - stats->number_of_calls += number_of_new_calls; - if (current_average < stats->minimal_duration) - (stats->minimal_duration) = current_average; - if (current_average > stats->maximal_duration) - (stats->maximal_duration) = current_average; - } - else - LogDebug("stats_update called after zero successful function calls \n"); -} - -/** Calculate the average time and calculates statistics taken by a single function call. - Called at the end of a TEST_CASE. - @param stats [in/out] statistics - @param function_name of the function called in tests (to be printed) -*/ -void finish_stats(readwrite_stats *stats, const char* function_name) { - if ((stats->number_of_calls) > 0) { - stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls)); - printf("The approx (min, max, avg) execution times for function:\n%s are: \n---(%'.2fus, %'.2fus, %'.2fus)\n", function_name, stats->minimal_duration, stats->maximal_duration, stats->average_duration); - } - else - LogDebug("No function call succeeded\n"); -} - -/*TEST CASES*/ -RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_API_SPEED_MEASURER) - -/* - * test: Tests the tests - * expected: The minimum shall be about (QUANTUM) = 10^-2s = 10000 us, max about (NUMBER_OF_CALLS*QUANTUM) = 5*10^-2s = 50000us, avg (average) about (0.5*NUMBER_OF_CALLS+1*QUANTUM)=3*10^-2s = 30000us. Max is no more than 50% bigger than minimum. - */ -RUNNER_TEST(m000_security_server_test_the_tests) { - int ret; - readwrite_stats stats; - double expected_min_min = QUANTUM; - double expected_min_max = 1.5 * expected_min_min; - double expected_avarage_min = (((double)(NUMBER_OF_CALLS + 1)) / 2.0) * expected_min_min; - double expected_avarage_max = 1.5 * expected_avarage_min; - double expected_max_min = ((double)(NUMBER_OF_CALLS)) * expected_min_min; - double expected_max_max = 1.5 * expected_max_min; - initialize_stats(&stats); - for (int i=0; i < NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = my_nanosecsleep((long) ((i+1)*QUANTUM*1000)); - RUNNER_ASSERT_MSG(ret == 0, "system sleep function returned premature wake-up; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "my_nanosecsleep"); - RUNNER_ASSERT_MSG((stats.average_duration>expected_avarage_min) && (stats.average_duration 0, "commmunication error"); - stats_update(&stats, number_of_calls, duration_of_calls); - } - /*parent*/ - } - close(pipefd[1]); /* Close parent descriptors */ - close(pipefd[0]); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m040_security_server_get_cookie_size) { - size_t cookie_size; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - cookie_size = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(cookie_size > 0, "cookie_size = " << cookie_size); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_get_cookie_size"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m050_security_server_check_privilege) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - const char *existing_group_name = EXISTING_GROUP_NAME; - size_t cookie_size; - int call_gid; - // we use existing group name for the measurment, however this is not neccessary - call_gid = security_server_get_gid(existing_group_name); - cookie_size = security_server_get_cookie_size(); - char recved_cookie[cookie_size]; - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_check_privilege(recved_cookie, (gid_t)call_gid); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_check_privilege"); -} - -void testSecurityServerCheckPrivilegeByCookie(bool smack) { - const char *object_label = M60_OBJECT_LABEL; - const char *access_rights = "r"; - const char *access_rights_ext = "rw"; - const char *subject_label = M60_SUBJECT_LABEL; - int ret; - readwrite_stats stats; - initialize_stats(&stats); - - if (smack) { - SmackAccess smackAccess; - smackAccess.add(subject_label, object_label, access_rights); - smackAccess.apply(); - RUNNER_ASSERT_MSG(0 == (ret = smack_set_label_for_self(subject_label)), - "Error in smack_set_label_for_self(); ret = " << ret); - } - - Cookie cookie = getCookieFromSS(); - - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */ - if (i%2) - ret = security_server_check_privilege_by_cookie( - cookie.data(), - object_label, - access_rights); - else - ret = security_server_check_privilege_by_cookie( - cookie.data(), - object_label, - access_rights_ext); - - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_check_privilege_by_cookie"); -} - -/* - * measurer: Fails only on connection error. - */ - -RUNNER_TEST_SMACK(m060_security_server_check_privilege_by_cookie_smack) { - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - testSecurityServerCheckPrivilegeByCookie(true); -} - -RUNNER_TEST_NOSMACK(m060_security_server_check_privilege_by_cookie_nosmack) { - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - testSecurityServerCheckPrivilegeByCookie(false); -} - -void testSecurityServerCheckPrivilegeBySockfd(bool smack) { - const char *object_label = M70_OBJECT_LABEL; - const char *access_rights = "r"; - const char *access_rights_ext = "rw"; - const char *subject_label = M70_SUBJECT_LABEL; - int ret; - readwrite_stats stats; - initialize_stats(&stats); - - if (smack) { - SmackAccess smackAccess; - smackAccess.add(subject_label, object_label, access_rights); - smackAccess.apply(); - } - - int pid = fork(); - RUNNER_ASSERT_ERRNO(-1 != pid); - if (0 == pid) { - // child - int sockfd = create_new_socket(); - RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - if (smack) - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set"); - - RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed"); - - struct sockaddr_un client_addr; - socklen_t client_len = sizeof(client_addr); - int csockfd; - RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, - "child accept failed"); - - close(csockfd); - exit(EXIT_SUCCESS); - //end child - } else { - //parent - sleep(2); - int sockfd = connect_to_testserver(); - RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */ - if (i%2) - ret = security_server_check_privilege_by_sockfd( - sockfd, - object_label, - access_rights_ext); - else - ret = security_server_check_privilege_by_sockfd( - sockfd, - object_label, - access_rights); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - - finish_stats(&stats, "check_privilege_by_sockfd"); - } -} - -/* - * measurer: Fails only on connection error. - */ - -RUNNER_MULTIPROCESS_TEST_SMACK(m070_security_server_check_privilege_by_sockfd_smack) { - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - testSecurityServerCheckPrivilegeBySockfd(true); -} - -RUNNER_MULTIPROCESS_TEST_NOSMACK(m070_security_server_check_privilege_by_sockfd_nosmack) { - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - testSecurityServerCheckPrivilegeBySockfd(false); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m080_security_server_get_cookie_pid) { - int ret; - size_t cookie_size; - cookie_size = security_server_get_cookie_size(); - char cookie[cookie_size]; - ret = security_server_request_cookie(cookie, cookie_size); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "security_server_request_cookie failed; ret = " << ret); - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_get_cookie_pid(cookie); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_request_cookie"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m090_security_server_is_pwd_valid) { - int ret; - unsigned int attempt, max_attempt, expire_sec; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_is_pwd_valid"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m100_security_server_set_pwd) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_set_pwd"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m110_security_server_set_pwd_validity) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_set_pwd_validity(2); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_set_pwd_validity"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m120_security_server_set_pwd_max_challenge) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_set_pwd_max_challenge(3); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_set_pwd_max_challenge"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m130_security_server_reset_pwd) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_reset_pwd("apud", 1, 2); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_reset_pwd"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m140_security_server_chk_pwd) { - int ret; - unsigned int attempt, max_attempt, expire_sec; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_chk_pwd("is_this_password", &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_chk_pwd"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m150_security_server_set_pwd_history) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_set_pwd_history(100); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_set_pwd_history"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m160_security_server_app_give_access) { - int ret; - readwrite_stats stats; - initialize_stats(&stats); - const char* customer_label = M160_CUSTOMER_LABEL; - int customer_pid = getpid(); - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_app_give_access(customer_label, customer_pid); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_app_give_access"); -} - -/* - * measurer: Fails only on connection error. - */ -RUNNER_TEST(m170_security_server_check_privilege_by_pid) { - - RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success"); - int ret; - readwrite_stats stats; - initialize_stats(&stats); - int pid = getpid(); - const char *object = M170_OBJECT_LABEL; - const char *access_rights = "rw"; - for (int i = 1; i <= NUMBER_OF_CALLS; i++) { - start_stats_update(&stats); - ret = security_server_check_privilege_by_pid(pid, object, access_rights); - RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret); - end_stats_update(&stats); - } - finish_stats(&stats, "security_server_check_privilege_by_pid"); -} - - -int main(int argc, char *argv[]) -{ - securityClientEnableLogSystem(); - DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); - return 0; -} diff --git a/src/security-server-tests/security_server_mockup.cpp b/src/security-server-tests/security_server_mockup.cpp deleted file mode 100644 index 4fc9811d..00000000 --- a/src/security-server-tests/security_server_mockup.cpp +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_mockup.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief All mockups required in security-server tests. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#define SECURITY_SERVER_TEST_SOCK_PATH "/tmp/.security_server_sock_mockup" - -/* Create a Unix domain socket and bind */ -int create_new_socket() -{ - int localsockfd = -1, flags; - struct sockaddr_un serveraddr; - mode_t sock_mode; - - if (-1 == remove(SECURITY_SERVER_TEST_SOCK_PATH)) { - LogDebug("Unable to remove " << SECURITY_SERVER_TEST_SOCK_PATH); - } - - /* Create Unix domain socket */ - if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - { - localsockfd = -1; - LogDebug("Socket creation failed"); - goto error; - } - - /* Make socket as non blocking */ - if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 || - fcntl(localsockfd, F_SETFL, flags) < 0) - { - close(localsockfd); - localsockfd = -1; - LogDebug("Cannot go to nonblocking mode"); - goto error; - } - - bzero (&serveraddr, sizeof(serveraddr)); - serveraddr.sun_family = AF_UNIX; - strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH, - strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1); - - /* Bind the socket */ - if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0) - { - LogDebug("Cannot bind"); - close(localsockfd); - localsockfd = -1; - goto error; - } - - /* Change permission to accept all processes that has different uID/gID */ - sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO); - - /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw * - * * Flawfinder recommends to user fchmod insted of chmod - * * But, fchmod doesn't work on socket file so there is no other choice at this point */ - if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */ - { - LogDebug("chmod() error"); - close(localsockfd); - localsockfd = -1; - goto error; - } -error: - return localsockfd; -} - -int connect_to_testserver() -{ - struct sockaddr_un clientaddr; - int client_len = 0, localsockfd; - - /* Create a socket */ - if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - { - LogDebug("Error on socket. Errno: " << errno); - return -1; - } - - bzero(&clientaddr, sizeof(clientaddr)); - clientaddr.sun_family = AF_UNIX; - strncpy(clientaddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH, strlen(SECURITY_SERVER_TEST_SOCK_PATH)); - clientaddr.sun_path[strlen(SECURITY_SERVER_TEST_SOCK_PATH)] = 0; - client_len = sizeof(clientaddr); - if (connect(localsockfd, (struct sockaddr*)&clientaddr, client_len) < 0) - { - LogDebug("Error on connect. Errno: " << errno); - close(localsockfd); - return -1; - } - return localsockfd; -} - diff --git a/src/security-server-tests/security_server_mockup.h b/src/security-server-tests/security_server_mockup.h deleted file mode 100644 index 617e75ab..00000000 --- a/src/security-server-tests/security_server_mockup.h +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_client_smack.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Mockups. - */ - -#ifndef _SS_CLIENT_SERVER_ -#define _SS_CLIENT_SERVER_ - -int create_new_socket(); -int connect_to_testserver(); - -#endif - diff --git a/src/security-server-tests/security_server_tests_client_smack.cpp b/src/security-server-tests/security_server_tests_client_smack.cpp deleted file mode 100644 index fa7c13ba..00000000 --- a/src/security-server-tests/security_server_tests_client_smack.cpp +++ /dev/null @@ -1,548 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_client_smack.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.1 - * @brief Test cases for security-server-client-smack. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include "security_server_mockup.h" - -#include -#include -#include "tests_common.h" -#include - -#define PROPER_COOKIE_SIZE 20 - - -RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK) - -/* - * test: tc04_security_server_get_gid - * description: Checking for security_server_get_gid - * with nonexisting gid and existing one - * expected: security_server_get_gid should return - * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call - * and group id with second call - */ -RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid) -{ - SecurityServer::AccessProvider provider("tc04mylabel"); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_get_gid("abc123xyz_pysiaczek"); - LogDebug("ret = " << ret); - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret); - ret = security_server_get_gid("root"); - LogDebug("ret = " << ret); - RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret); -} - -/* - * test: tc05_check_privilege_by_cookie - * description: Function security_server_check_privilege_by_cookie should - * return status of access rights of cookie owner. In this case cookie owner - * is the same process that ask for the rights. - * expected: Function call with access rights set to "r" should return SUCCESS, - * with "rw" should return ACCESS DENIED. - */ -RUNNER_CHILD_TEST_SMACK(tc05_check_privilege_by_cookie) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - char cookie[20]; - const char *object_label = "tc05objectlabel"; - const char *access_rights = "r"; - const char *access_rights_ext = "rw"; - const char *subject_label = "tc05subjectlabel"; - - SecurityServer::AccessProvider provider(subject_label); - provider.allowSS(); - provider.addObjectRule(object_label, access_rights); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == - security_server_request_cookie(cookie,20)); - - RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == - security_server_check_privilege_by_cookie( - cookie, - object_label, - access_rights)); - - RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == - security_server_check_privilege_by_cookie( - cookie, - object_label, - access_rights_ext)); -} - -/* - * test: security_server_check_privilege_by_sockfd - * description: This test will create dummy server that will accept connection - * and die. The client will try to check access rights using connection descriptor. - * expected: Function call with access rights set to "r" should return SUCCESS, - * with "rw" should return ACCESS DENIED. - */ -RUNNER_MULTIPROCESS_TEST_SMACK(tc06_check_privilege_by_sockfd) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - const char *object_label = "tc06objectlabel"; - const char *access_rights = "r"; - const char *access_rights_ext = "rw"; - const char *subject_label = "tc06subjectlabel"; - - int result1 = -1; - int result2 = -1; - - smack_accesses *handle; - RUNNER_ASSERT(0 == smack_accesses_new(&handle)); - RUNNER_ASSERT(0 == smack_accesses_add(handle, - subject_label, - object_label, - access_rights)); - RUNNER_ASSERT(0 == smack_accesses_apply(handle)); - smack_accesses_free(handle); - - int pid = fork(); - char *label; - RUNNER_ASSERT_ERRNO(-1 != pid); - - if (0 == pid) { - // child - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set"); - - int sockfd = create_new_socket(); - RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - label = security_server_get_smacklabel_sockfd(sockfd); - RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed"); - RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\""); - free(label); - - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed"); - - label = security_server_get_smacklabel_sockfd(sockfd); - RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed"); - RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\""); - free(label); - - struct sockaddr_un client_addr; - socklen_t client_len = sizeof(client_addr); - int csockfd; - RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, - "child accept failed"); - - usleep(500); - - close(csockfd); - exit(0); - } else { - // parent - sleep(1); - int sockfd = connect_to_testserver(); - RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - label = security_server_get_smacklabel_sockfd(sockfd); - RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed"); - RUNNER_ASSERT_MSG(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" ); - free(label); - - result1 = security_server_check_privilege_by_sockfd( - sockfd, - object_label, - access_rights); - result2 = security_server_check_privilege_by_sockfd( - sockfd, - object_label, - access_rights_ext); - } - - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1); - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2); -} - -/* - * test: security_server_check_privilege_by_sockfd - * description: This test will create dummy server that will accept connection - * and die. The client will try to check access rights using connection descriptor. - * Because we read a smack label not from socket directly, but from from pid of process - * on the other end of socket - that's why smack label will be updated. - * In this test client is running under root and server is not - to test the extreme case. - * expected: Function call with access rights set to "r" should return SUCCESS, - * with "rw" should return ACCESS DENIED. - */ -RUNNER_MULTIPROCESS_TEST_SMACK(tc07_check_privilege_by_sockfd) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - const char *object_label = "tc07objectlabel"; - const char *access_rights = "r"; - const char *access_rights_ext = "rw"; - const char *subject_label = "tc07subjectlabel"; - - int result1 = -1; - int result2 = -1; - - SmackAccess access; - access.add(subject_label, object_label, access_rights); - access.apply(); - - int pid = fork(); - RUNNER_ASSERT_ERRNO(-1 != pid); - - if (0 == pid) { - - pid = fork(); - RUNNER_ASSERT_ERRNO(-1 != pid); - - if (0 == pid) { - // child - int sockfd = create_new_socket(); - RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set"); - - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed"); - - struct sockaddr_un client_addr; - socklen_t client_len = sizeof(client_addr); - int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len)); - if (csockfd >= 0) - close(csockfd); - LogDebug("Exit!"); - exit(0); - } else { - // parent - sleep(1); - int sockfd = connect_to_testserver(); - RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed"); - - result1 = security_server_check_privilege_by_sockfd( - sockfd, - object_label, - access_rights); - result2 = security_server_check_privilege_by_sockfd( - sockfd, - object_label, - access_rights_ext); - - close(sockfd); - - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1); - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2); - } - } -} - -/////////////////////////// -/////NOSMACK ENV TESTS///// -/////////////////////////// - -RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack) -{ - int ret; - - ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - - ret = security_server_get_gid("definitely_not_existing_object"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret); - ret = security_server_get_gid("root"); - RUNNER_ASSERT_MSG(ret == 0, "ret = " << ret); -} - -/* - * NOSMACK version of tc05 test. - * - * Correct behaviour of smack_accesses_apply and smack_set_label_for_self was checked by libsmack - * tests. We assume, that those tests pass. Additionally security_server_check_privilege_by_cookie - * should return SUCCESS no matter what access_rights we give to this function. - */ -RUNNER_CHILD_TEST_NOSMACK(tc05_check_privilege_by_cookie_nosmack) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - char cookie[20]; - const char* object_label = "tc05objectlabel"; - - RUNNER_ASSERT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS); - - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == - security_server_check_privilege_by_cookie(cookie, object_label, "r")); - - //On NOSMACK env security server should return success on any accesses, even those that are - //incorrect. - RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS == - security_server_check_privilege_by_cookie(cookie, object_label, "rw")); -} - -/** - * NOSMACK version of tc06 test. - * - * Differences between this and SMACK version (server): - * - Skipped setting access_rights - * - Skipped setting label for server - * - get_smacklabel_sockfd is called only once for server, almost right after fork and creation - * of socket (because it should do nothing when SMACK is off) - * - After get_smacklabel_sockfd privileges are dropped and server is prepared to accept connections - * from client - * - * For client the only difference are expected results from check_privilege_by_sockfd - both should - * return SUCCESS. - */ -RUNNER_MULTIPROCESS_TEST_NOSMACK(tc06_check_privilege_by_sockfd_nosmack) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - const char* object_label = "tc06objectlabel"; - - int result1 = -1; - int result2 = -1; - - int pid = fork(); - char* label; - RUNNER_ASSERT_ERRNO(pid >= 0); - - int ret; - - if (pid == 0) { //child process - server - //create new socket - int sockfd = create_new_socket(); - RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - //check if get_smacklabel_sockfd works correctly - label = security_server_get_smacklabel_sockfd(sockfd); - RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed"); - ret = strcmp(label, ""); - free(label); - RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\""); - - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed"); - - struct sockaddr_un client_addr; - socklen_t client_len = sizeof(client_addr); - - int csockfd; - RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, - "child accept failed"); - - //wait a little bit for parent to do it's job - usleep(200); - - //if everything works, cleanup and return 0 - close(csockfd); - exit(0); - } else { - //parent - sleep(1); - int sockfd = connect_to_testserver(); - RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to connect to server."); - - SockUniquePtr sockfd_ptr(&sockfd); - - label = security_server_get_smacklabel_sockfd(sockfd); - RUNNER_ASSERT_MSG(label != nullptr, "get_smacklabel_sockfd failed."); - ret = strcmp(label, ""); - free(label); - RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\""); - - result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r"); - result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw"); - } - - RUNNER_ASSERT_MSG(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1); - RUNNER_ASSERT_MSG(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2); -} - -/** - * NOSMACK version of tc07 test. - */ -RUNNER_MULTIPROCESS_TEST_NOSMACK(tc07_check_privilege_by_sockfd_nosmack) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - const char* object_label = "tc07objectlabel"; - - int result1 = -1; - int result2 = -1; - - int pid = fork(); - RUNNER_ASSERT_ERRNO(-1 != pid); - - if (pid == 0) { - - pid = fork(); - RUNNER_ASSERT_ERRNO(-1 != pid); - - if (pid == 0) { //child process - //Create socket - int sockfd = create_new_socket(); - RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed"); - - SockUniquePtr sockfd_ptr(&sockfd); - - //Drop privileges - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - //Prepare for accepting - RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed"); - - struct sockaddr_un client_addr; - socklen_t client_len = sizeof(client_addr); - - //Accept connections - int csockfd; - RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0, - "child accept failed"); - - //wait a little bit for parent to do it's job - usleep(200); - - //cleanup and kill child - close(csockfd); - exit(0); - } else { //parent process - //Drop root privileges - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - //Wait for server to set up - sleep(1); - - //Connect and check privileges - int sockfd = connect_to_testserver(); - RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd."); - - result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r"); - result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw"); - - close(sockfd); - - //Both results (just like in the previous test case) should return success. - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1); - RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2); - } - } -} - -RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) { - int res; - - char *label_smack = nullptr; - char *label_ss = nullptr; - char *cookie = nullptr; - - int cookie_size = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server"); - - cookie = (char*) calloc(cookie_size, 1); - RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error"); - - res = security_server_request_cookie(cookie, cookie_size); - if (res != SECURITY_SERVER_API_SUCCESS) { - free(cookie); - RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server"); - } - - label_ss = security_server_get_smacklabel_cookie(cookie); - free(cookie); - RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie"); - - - std::string label_cookie(label_ss); - free(label_ss); - - res = smack_new_label_from_self(&label_smack); - if (res < 0) { - free(label_smack); - RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label"); - } - std::string label_self(label_smack ? label_smack : ""); - free(label_smack); - - RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels"); - - - //TODO: here could be label change using SMACK API and checking if it - //is changed using security-server API function based on the same cookie -} - -/** - * NOSMACK version of tc_security_server_get_smacklabel_cookie test. - * - * Most of this test goes exactly as the original one. The only difference are the labels: - * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and nullptr - * label - there is no need to re-check it. - * - Label acquired from security_server_get_smacklabel_cookie should be an empty string. - */ -RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) { - int res; - - char* label_ss = nullptr; - char* cookie = nullptr; - - int cookie_size = security_server_get_cookie_size(); - RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, - "Wrong cookie size from security-server. Size: " << cookie_size); - - cookie = (char*) calloc(cookie_size, sizeof(char)); - RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error"); - - //Request cookie from SS - res = security_server_request_cookie(cookie, cookie_size); - CookieUniquePtr cookie_ptr(cookie); - cookie = nullptr; - RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, - "Error in requesting cookie from security-server. Result: " << res); - - label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get()); - RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie"); - - std::string label(label_ss); - free(label_ss); - RUNNER_ASSERT_MSG(label.empty(), "label_ss is not an empty string."); - -} - -//////////////////// -/////MAIN/////////// -//////////////////// - -int main(int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/security-server-tests/security_server_tests_mt.cpp b/src/security-server-tests/security_server_tests_mt.cpp deleted file mode 100644 index c1da88b8..00000000 --- a/src/security-server-tests/security_server_tests_mt.cpp +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file security_server_tests_mt.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 1.0 - * @brief This test creates multiple processes that connect to security - * server and perform random operations using its API. The purpose - * of this test is to check if security-server crashes when under - * heavy load. Test succeeds if all processes finish. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -namespace { -const size_t PROC_TOTAL = 1000; // total number of processes to spawn -const size_t PROC_MAX = 10; // max number of processes working at the same time -const size_t LOOPS = 50; // number of loop repeats - -std::default_random_engine generator(std::chrono::system_clock::now().time_since_epoch().count()); - -// common function data -struct Data { - char *cookie; // not owned - - Data(char *c) : cookie(c) {} -}; - - -// test functions -void request_cookie(const Data&) -{ - char cookie[20]; - security_server_request_cookie(cookie, 20); -} - -void check_privilege(const Data &d) -{ - int ret = security_server_get_gid("audio"); - security_server_check_privilege(d.cookie, ret); -} - -void check_privilege_by_cookie(const Data &d) -{ - security_server_check_privilege_by_cookie(d.cookie, "label", "rwxat"); -} - -void get_cookie_pid(const Data &d) -{ - security_server_get_cookie_pid(d.cookie); -} - -void get_smack_label(const Data &d) -{ - char *label = security_server_get_smacklabel_cookie(d.cookie); - free(label); -} - -void random_sleep(const Data&) -{ - std::uniform_int_distribution distribution(0,100); - usleep(distribution(generator)); -} - - -// list of test functions -std::vector > functions = { - random_sleep, - request_cookie, - check_privilege, - check_privilege_by_cookie, - get_cookie_pid, - get_smack_label -}; -} // namespace - -// randomly calls test functions -void security_server_magic() -{ - char cookie[20]; - security_server_request_cookie(cookie, 20); - Data d(cookie); - - // random loop number - std::uniform_int_distribution l_dist(0,LOOPS); - size_t loops = l_dist(generator); - - // random function call - std::uniform_int_distribution distribution(0,functions.size() - 1); - auto rnd = std::bind(distribution, generator); - for (size_t i = 0; i < loops; ++i) { - functions[rnd()](d); - } -} - -int main() -{ - size_t current = 0; - size_t spawned = 0; - for (;;) { - if (current >= PROC_MAX || spawned >= PROC_TOTAL) { - int status; - int ret = wait(&status); - - // all processes spawned, no more children to wait for - if (spawned >= PROC_TOTAL && ret <= 0) - break; - - current--; - } - - // spawn predefined number of processes - if (spawned < PROC_TOTAL) { - pid_t pid = fork(); - if (pid == 0) { - LogDebug("START " << spawned); - security_server_magic(); - LogError("STOP " << spawned); - exit(0); - } - else { - //LogWarning("PID " << pid); - spawned++; - current++; - } - } - } - LogInfo("Finished"); - return 0; -} diff --git a/src/security-server-tests/security_server_tests_password.cpp b/src/security-server-tests/security_server_tests_password.cpp deleted file mode 100644 index b9f05842..00000000 --- a/src/security-server-tests/security_server_tests_password.cpp +++ /dev/null @@ -1,1526 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_password.cpp - * @author Bumjin Im (bj.im@samsung.com) - * @author Pawel Polawski (p.polawski@partner.samsung.com) - * @author Radoslaw Bartosiak (r.bartosiak@samsung.com) - * @author Jan Olszak (j.olszak@samsung.com) - * @version 2.0 - * @brief Test cases for security server - * - * WARNING: In this file test order is very important. They have to always be run - * in correct order. This is done by correct test case names ("tcXX_"). - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "security-server.h" -#include -#include -#include -#include "security_server_clean_env.h" -#include "security_server_tests_common.h" - - -// the maximum time (in seconds) passwords can expire in -const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF; - -// test passwords -const char* TEST_PASSWORD = "IDLEPASS"; -const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS"; -const char* THIRD_TEST_PASSWORD = "THIRDPASS"; -const char* FOURTH_TEST_PASSWORD = "FOURTHPASS"; - -RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD); - -struct SystemClock { - SystemClock(time_t sft) - : m_original(time(0)) - , m_shift(0) - { - shift(sft); - } - - SystemClock() - : m_original(time(0)) - , m_shift(0) - {} - - void shift(time_t sft) { - m_shift += sft; - time_t shifted = m_original + m_shift; - RUNNER_ASSERT_ERRNO(0 == stime(&shifted)); - } - - ~SystemClock() { - if (std::uncaught_exception()) { - stime(&m_original); - return; - } - - RUNNER_ASSERT_ERRNO(0 == stime(&m_original)); - } -private: - time_t m_original; - time_t m_shift; -}; - - -/** - * Confirm there is no password before tests are run. - */ -RUNNER_TEST(tc01_clear_environment) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - if (getuid() == 0) - { - reset_security_server(); - - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - - RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec); - RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt); - RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret); - } - else - { - SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n"); - SLOGD("If not, you will see some failures\n"); - - RUNNER_IGNORED_MSG("I'm not root"); - } -} - -/** - * Basic test of setting validity period. - */ -RUNNER_TEST(tc02_security_server_set_pwd_validity) -{ - int ret; - - // Prepare environment - reset_security_server(); - - // TESTS: - // WITHOUT password - ret = security_server_set_pwd_validity(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret); - - ret = security_server_set_pwd_validity(11); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret); - - // WITH password - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_validity(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_validity(11); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Basic test of setting maximum number of password challenges. - */ -RUNNER_TEST(tc03_security_server_set_pwd_max_challenge) -{ - int ret; - - // Prepare environment - reset_security_server(); - - // TESTS: - // WITHOUT password - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(6); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret); - - // WITH password - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(6); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Test checking a too long password. - */ -RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // 33 char password - ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Test various parameter values when checking a password. - */ -RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - ret = security_server_chk_pwd(nullptr, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_chk_pwd("password", nullptr, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_chk_pwd("password", &attempt, nullptr, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_chk_pwd("password", &attempt, &max_attempt, nullptr); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Check the given password when no password is set. - */ -RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - there is no password now! - reset_security_server(); - - // TEST - ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec); - - RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec); - RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret); -} - -/** - * Checks various parameter values. - */ -RUNNER_TEST(tc07_security_server_set_pwd_null_input_case) -{ - int ret; - - // Prepare environment - reset_security_server(); - - // TEST - ret = security_server_set_pwd(nullptr, nullptr, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Test setting too long password. - */ -RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param) -{ - int ret; - - // Prepare environment - reset_security_server(); - - // TEST - // 33 char password - ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Basic password setting. - */ -RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty) -{ - int ret; - - // Prepare environment - reset_security_server(); - - // TEST - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Set a maximum password period. - */ -RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days) -{ - int ret; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - // UINT_MAX will cause api error, it is to big value - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - usleep(PASSWORD_RETRY_TIMEOUT_US); - // calculate max applicable valid days that will not be rejected by ss - // ensure, that after conversion from days to seconds in ss there will be no uint overflow - unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1; - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Set a maximum password challenge number. - */ -RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge) -{ - int ret; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Set empty password. - */ -RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero) -{ - int ret; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Change password to a too long password. - */ -RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param) -{ - int ret; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - std::string lng_pwd(5000, 'A'); - ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Check empty password. - */ -RUNNER_TEST(tc15_security_server_chk_pwd_empty_password) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Various validity parameter values. - */ -RUNNER_TEST(tc16_security_server_set_pwd_validity) -{ - int ret; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - ret = security_server_set_pwd_validity(0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_validity(1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //When trying to set UINT_MAX we should get error. - ret = security_server_set_pwd_validity(UINT_MAX); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_set_pwd_validity(2); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Check passwords validity - */ -RUNNER_TEST(tc17_security_server_is_pwd_valid) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 2); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST: - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec); -} - -/** - * Various numbers of challenges. - */ -RUNNER_TEST(tc18_security_server_set_pwd_max_challenge) -{ - int ret; - // Prepare environment - reset_security_server(); - // calculate max applicable valid days that will not be rejected by ss - // ensure, that after conversion from days to seconds in ss there will be no uint overflow - unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1; - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, valid_days); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TESTS - ret = security_server_set_pwd_max_challenge(0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(UINT_MAX); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(6); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - - -/** - * Check the max number of challenges. - */ -RUNNER_TEST(tc19_security_server_is_pwd_valid) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_max_challenge(6); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt); -} - -/** - * Basic password check. - */ -RUNNER_TEST(tc20_security_server_chk_pwd) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret); - - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); -} - -/** - * Check an incorrect password. - */ -RUNNER_TEST(tc21_security_server_chk_incorrect_pwd) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret); -} - -/** - * Check an incorrect password - */ -RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current) -{ - int ret; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret); -} - -/** - * Change password - */ -RUNNER_TEST(tc23_security_server_set_pwd_correct_current) -{ - int ret; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Check wrong password multiple times and then check a correct one. - */ -RUNNER_TEST(tc24_security_server_attempt_exceeding) -{ - int ret; - unsigned int i, attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - printf("5 subtests started..."); - for (i = 1; i <= 5; i++) { - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret); - RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i); - } - printf("DONE\n"); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret); - RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret); -} - -/** - * Try to exceed maximum number of challenges. - */ -RUNNER_TEST(tc25_security_server_attempt_exceeding) -{ - int ret; - unsigned int i, attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - printf("10 subtests started..."); - for (i = 1; i <= 10; i++) { - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret); - RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i); - } - - // The check, that exceeds max number - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret); - printf("DONE\n"); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret); -} - -/** - * Reset password - */ -RUNNER_TEST(tc26_security_server_reset_pwd) -{ - int ret; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Check too long password. - */ -RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - std::string lng_pwd(5000, 'A'); - ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/** - * Check passwords expiration (not expired) - */ -RUNNER_TEST(tc28_security_server_check_expiration) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret); -} - -/** - * Use various parameter values of parameters. - */ -RUNNER_TEST(tc29_security_server_set_pwd_history) -{ - int ret; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TESTS - ret = security_server_set_pwd_history(100); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_set_pwd_history(51); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_set_pwd_history(-5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_set_pwd_history(50); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_history(0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_set_pwd_history(INT_MAX); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_set_pwd_history(INT_MIN); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); - - ret = security_server_set_pwd_history(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - - - -int dir_filter(const struct dirent *entry) -{ - if ((strcmp(entry->d_name, ".") == 0) || - (strcmp(entry->d_name, "..") == 0) || - (strcmp(entry->d_name, "attempts") == 0) || - (strcmp(entry->d_name, "history") == 0)) - return (0); - else - return (1); -} - -void clean_password_dir(void) -{ - int ret; - int i; - struct dirent **mydirent; - - ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort); - i = ret; - while (i--) - free(mydirent[i]); - free(mydirent); -} - - -/** - * Check password history. - */ -RUNNER_TEST(tc30_security_server_check_history) -{ - int ret; - int i; - char buf1[33], buf2[33]; - - // Prepare environment - reset_security_server(); - - clean_password_dir(); - - ret = security_server_set_pwd_history(9); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_reset_pwd("history0", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - printf("11 subtests started..."); - for (i = 0; i < 11; i++) { - sprintf(buf1, "history%d", i); - sprintf(buf2, "history%d", i + 1); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(buf1, buf2, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - } - printf("DONE\n"); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd("history11", "history1", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd("history1", "history8", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd("history1", "history12", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - printf("48 subtests started..."); - for (i = 12; i < 60; i++) { - usleep(PASSWORD_RETRY_TIMEOUT_US); - - sprintf(buf1, "history%d", i); - sprintf(buf2, "history%d", i + 1); - - ret = security_server_set_pwd(buf1, buf2, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - } - printf("DONE\n"); - - clean_password_dir(); -} - -/** - * Replay attack - */ -RUNNER_TEST(tc31_security_server_replay_attack) -{ - int ret; - int i = 0; - unsigned int attempt, max_attempt, expire_sec; - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec); - - while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) { - i += 100000; - - ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec); - usleep(i); - } - - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret); -} - -/** - * Expired password - */ -RUNNER_TEST(tc32_security_server_challenge_on_expired_password) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - struct timeval cur_time; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 4, 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = gettimeofday(&cur_time, nullptr); - RUNNER_ASSERT_ERRNO(ret != -1); - - cur_time.tv_sec += (expire_sec + 1); - ret = settimeofday(&cur_time, nullptr); - RUNNER_ASSERT_ERRNO(ret != -1); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret); -} - -/** - * Reset password - */ -RUNNER_TEST(tc33_security_server_reset_by_null_pwd) -{ - int ret; - - // Prepare environment - reset_security_server(); - - // TEST - ret = security_server_reset_pwd(nullptr, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret); -} - -/* - * Use this instead of security_server_chk_pwd directly to verify the function output. - * For example: - * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string") - */ -void verify_chk_pwd ( - const char* challenge, - int expected_result, - unsigned int expected_current_attempt, - unsigned int expected_max_attempt, - const std::string &info = std::string()) -{ - /* ensure that initial values differ from expected ones */ - unsigned int attempt = expected_current_attempt - 1; - unsigned int max_attempt = expected_max_attempt - 1; - unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1; - - usleep(PASSWORD_RETRY_TIMEOUT_US); - int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec); - - // validate returned value - RUNNER_ASSERT_MSG(ret == expected_result, - info << "security_server_chk_pwd returned " - << ret << " (expected: " << expected_result << ")"); - - // validate current attempts value - RUNNER_ASSERT_MSG(attempt == expected_current_attempt, - info << "security_server_chk_pwd returned attempt = " << attempt << - " (expected: " << expected_current_attempt << ")"); - - // validate max attempt value - RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt, - info << "security_server_chk_pwd returned max_attempt = " << max_attempt << - " (expected: " << expected_max_attempt << ")"); - - RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, - info << "security_server_chk_pwd returned expire_sec = " << expire_sec << - " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")"); -} - -/** - * Reach last attempt few times in a row (before exceeding max_attempt). - */ -RUNNER_TEST(tc34_security_server_max_attempts) -{ - // Prepare environment - reset_security_server(); - - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // change max attempts number few times - std::vector max_challenge_tab = {1, 4, 2}; - - for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) { - unsigned int max_challenges = max_challenge_tab[pass]; - - ret = security_server_set_pwd_max_challenge(max_challenges); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // max_challenges-1 wrong password attempts - for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr) - verify_chk_pwd(SECOND_TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - attempt_nr, - max_challenges, - std::string("pass = ") + std::to_string(pass) + - ", attempt = " + std::to_string(attempt_nr)); - - // Check correct password finally - verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, - max_challenges, max_challenges); - } -} - -/** - * Decrease 'max challenge' number after several missed attempts. - */ -RUNNER_TEST(tc35_security_server_decrease_max_attempts) -{ - const unsigned int max_challenge_more = 10; - const unsigned int max_challenge_less = 5; - - // Prepare environment - reset_security_server(); - - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge_more, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // missed attempts - for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt) - verify_chk_pwd(SECOND_TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - attempt, - max_challenge_more, - std::string("attempt = ") + std::to_string(attempt)); - - // lower max_challenge - ret = security_server_set_pwd_max_challenge(max_challenge_less); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // try valid password - should pass (curr attempts is reset) - verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less); - - // remove max attempts limit - ret = security_server_set_pwd_max_challenge(0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // try valid password again - should pass - verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0); - - // try to change the password - should pass - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // validate new password - verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0); -} - -/** - * Change password few times and challenge previous passwords - checks if security_server_set_pwd - * works as it should. - */ -RUNNER_TEST(tc36_security_server_challenge_previous_passwords) -{ - const int history_depth = 5; - const unsigned int max_challenge = 3; - std::string prev_pass, new_pass = TEST_PASSWORD; - - // Prepare environment - reset_security_server(); - - int ret = security_server_set_pwd_history(history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - for (int depth = 0; depth < history_depth; ++depth) { - prev_pass = new_pass; - - //generate password name - new_pass = "history" + std::to_string(depth+1); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // challenge initial password - verify_chk_pwd( - TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - 1, - max_challenge, - std::string("depth = ") + std::to_string(depth)); - - // challenge previous password - verify_chk_pwd( - prev_pass.c_str(), - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - 2, - max_challenge, - std::string("depth = ") + std::to_string(depth)); - } -} - -/** - * Challenge correct and incorrect passwords, check security_server_chk_pwd output. - * This test simulates user's behaviour - challenges valid and invalid passwords - * in various combinations. - */ -RUNNER_TEST(tc37_security_server_challenge_mixed) -{ - // Prepare environment - reset_security_server(); - - const unsigned int max_challenge = 2; - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // 2x correct pwd - verify that 'cuurrent attempt' isn't increased - for (unsigned int i = 0; i < max_challenge; ++i) - verify_chk_pwd( - TEST_PASSWORD, - SECURITY_SERVER_API_SUCCESS, - 1, - max_challenge, - std::string("i = ") + std::to_string(i)); - - // Ensure that challenging valid password resets 'cuurrent attempt' value. - // If it didn't, the test would fail in third loop pass. - for (unsigned int i = 0; i < max_challenge + 1; ++i) { - // incorrect pwd - verify_chk_pwd( - SECOND_TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - 1, - max_challenge, - std::string("i = ") + std::to_string(i)); - - // correct pwd - verify_chk_pwd( - TEST_PASSWORD, - SECURITY_SERVER_API_SUCCESS, - 2, - max_challenge, - std::string("i = ") + std::to_string(i)); - } - - // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge - - // any further attempts (even correct) are blocked - for (unsigned int i = 1; i <= max_challenge; ++i) - verify_chk_pwd( - SECOND_TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - i, - max_challenge, - std::string("i = ") + std::to_string(i)); - - // correct - refused - for (unsigned int i = 1; i <= max_challenge; ++i) - verify_chk_pwd( - TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, - max_challenge + i, - max_challenge, - std::string("i = ") + std::to_string(i)); -} - -/* - * Pasword change mixed with history depth change. - */ -RUNNER_TEST(tc38_security_server_history_depth_change) -{ - int ret; - const int initial_history_depth = 2; - const int decreased_history_depth = 1; - const int increased_history_depth = 3; - - // Prepare environment - reset_security_server(); - - ret = security_server_set_pwd_history(initial_history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - /* - * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd, - * and SECOND_TEST_PASSWORD as a part of history. - */ - ret = security_server_set_pwd_history(decreased_history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - /* - * Increase history depth to 3. At this point SS should remember TEST_PASSWORD - * and THIRD_TEST_PASSWORD only. - */ - ret = security_server_set_pwd_history(increased_history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // 3rd and TEST_PASSWORD remembered => 2nd should be accepted - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); -} - -/** - * Challenge invalid password, reset server and check if 'current attempts' is restored. - */ -RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset) -{ - unsigned int attempt, max_attempt, expire_sec; - const unsigned int max_challenge = 10; - const unsigned int invalid_attempts_num = 3; - - // Prepare environment - reset_security_server(); - - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // missed attempts - for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt) - verify_chk_pwd( - SECOND_TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - attempt, - max_challenge); - - attempt = max_attempt = expire_sec = UINT_MAX; - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt); - RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt); - RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " << - expire_sec); - - // restart server - triggers loading password data from file - restart_security_server(); - - // challenge invalid password - verify_chk_pwd( - SECOND_TEST_PASSWORD, - SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, - invalid_attempts_num + 1, - max_challenge); - - // challenge valid password - verify_chk_pwd( - TEST_PASSWORD, - SECURITY_SERVER_API_SUCCESS, - invalid_attempts_num + 2, - max_challenge); -} - -/** - * Validate passwords history after security server reset. - */ -RUNNER_TEST(tc40_security_server_history_check_after_reset) -{ - const unsigned int history_depth = 2; - - // Prepare environment - reset_security_server(); - - int ret = security_server_set_pwd_history(history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - // restart server - triggers loading password data from file - restart_security_server(); - - // try to reuse history passwords - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -/** - * Check if SS has correct behaviour when changing history depth to 0. - */ -RUNNER_TEST(tc41_security_server_empty_history_check) -{ - const unsigned int history_depth = 2; - const unsigned int empty_history_depth = 0; - - //prepare environment - reset_security_server(); - - //set new history count - int ret = security_server_set_pwd_history(history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //set new password and fill history - ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //make sure, that everything went OK - try setting something that would cause reuse error - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret); - - //reset history limit to no history at all - ret = security_server_set_pwd_history(empty_history_depth); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //make sure, that current password still exists in memory - //expected attempt 3 because our previous tries increased attempt counter - verify_chk_pwd( - THIRD_TEST_PASSWORD, - SECURITY_SERVER_API_SUCCESS, - 3, - 0); - - //make sure that it's possible to reuse old password once history limit is set to 0 - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //once again try setting earlier used passwords - now API should return success - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //try setting different password and giving nullptr as current once again - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(nullptr, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); -} - -RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - unsigned int attempt, max_attempt, expire_sec; - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); -} - -RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - unsigned int attempt, max_attempt, expire_sec; - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret); - ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret); -} - -RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret); - ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret); -} - -RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - ret = security_server_set_pwd_validity(11); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - ret = security_server_set_pwd_validity(11); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - ret = security_server_set_pwd_history(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - ret = security_server_set_pwd_history(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge) -{ - //prepare environment - reset_security_server(); - - //set a password - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - //do test - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); -} - -RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time) -{ - int ret; - unsigned int attempt, max_attempt, expire_sec; - - // Prepare environment - reset_security_server(); - ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - usleep(PASSWORD_RETRY_TIMEOUT_US); - - // Assert security server sets infinite expiration time - ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - usleep(PASSWORD_RETRY_TIMEOUT_US); - - ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, - "invalid expiration time " << expire_sec); - - clean_password_dir(); -} - -RUNNER_TEST(tc51_security_server_is_pwd_valid) -{ - reset_security_server(); - - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 1); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - unsigned int attempt, maxAttempt, validSec; - attempt = maxAttempt = validSec = 0; - - ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret << - " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec); - - - SystemClock clock(60*60*24*2); - - ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec); - RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0), - "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt - << " validSec=" << validSec); -} - -RUNNER_TEST(tc52_security_server_is_pwd_valid) -{ - reset_security_server(); - - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - unsigned int attempt, maxAttempt, validSec; - attempt = maxAttempt = validSec = 0; - - ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec); - RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret << - " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec); -} - -RUNNER_TEST(tc53_security_server_is_pwd_valid) -{ - reset_security_server(); - - int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 3); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret); - - unsigned int attempt, maxAttempt, validSec; - attempt = maxAttempt = validSec = 0; - - // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds - ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG((validSec > 259000) && (validSec < 260000), "validSec = " << validSec); - - SystemClock clock; - clock.shift(-60*60*24); // one day back - - // password should be valid for 4 days == (60*60*24*4) 345600 seconds - ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG((validSec > 345000) && (validSec < 346000), "validSec = " << validSec); - - clock.shift(-60*60*24*2); // 3 days back - - // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds - ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret); - RUNNER_ASSERT_MSG((validSec > 518000) && (validSec < 519000), "validSec = " << validSec); -} - -int main(int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/security-server-tests/security_server_tests_privilege.cpp b/src/security-server-tests/security_server_tests_privilege.cpp deleted file mode 100644 index c7e698ff..00000000 --- a/src/security-server-tests/security_server_tests_privilege.cpp +++ /dev/null @@ -1,125 +0,0 @@ -#include - -#include - -#include -#include - -const char *SSTP_APP_ID = "sstp_test_app"; -const char *SSTP_OTHER_LABEL = "sstp_test_other_label"; - -const char *SSTP_PERMS[] = { - "sstp_test_rules1", - "sstp_test_rules2", - nullptr -}; - -const char *SSTP_PERMS1[] = { - SSTP_PERMS[0], - nullptr -}; - -const char *SSTP_PERMS2[] = { - SSTP_PERMS[1], - nullptr -}; - -void check_security_server_app_has_privilege(const char *app_label, - const char *permission, - int is_enabled_expected) -{ - int result; - int is_enabled; - - result = security_server_app_has_privilege(app_label, APP_TYPE_WGT, permission, &is_enabled); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error calling security_server_app_has_privilege. Result: " << result); - - RUNNER_ASSERT_MSG(is_enabled == is_enabled_expected, - "Result of security_server_app_has_privilege should be: " << is_enabled_expected); -} - -RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PRIVILEGE); - -RUNNER_TEST(sstp_01_security_server_app_has_privilege) -{ - int result; - - DB_BEGIN - - result = perm_app_uninstall(SSTP_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error uninstalling app. Result" << result); - - result = perm_app_install(SSTP_APP_ID); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error installing app. Result" << result); - - result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r and no r permissions. Result: " << result); - - DB_END - - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0); - - DB_BEGIN - - result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering app r permissions. Result: " << result); - - DB_END - - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1); - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0); - - DB_BEGIN - - result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2, false); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error registering app r permissions. Result: " << result); - - DB_END - - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1); - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0); - - DB_BEGIN - - result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r and no r permissions. Result: " << result); - - DB_END - - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0); - - DB_BEGIN - - result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2); - RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS, - "Error disabling app r and no r permissions. Result: " << result); - - DB_END - - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0); - check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0); -} - -int main(int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/security-server-tests/security_server_tests_stress.cpp b/src/security-server-tests/security_server_tests_stress.cpp deleted file mode 100644 index b8f7e128..00000000 --- a/src/security-server-tests/security_server_tests_stress.cpp +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_stress.cpp - * @author Pawel Polawski (p.polawski@partner.samsung.com) - * @version 1.0 - * @brief Test cases for security server stress tests - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "security-server.h" -#include - -std::mutex g_mutex; -std::mutex g_msgMutex; -size_t g_successes = 0; - -//number of threads -const size_t g_threadsNumber = 5; - -//environment setup -const std::string g_subject("woda"); -const std::string g_object("wiadro"); -const std::string g_rule("rwx"); - -//for storing errors -std::string g_errors; - - -void appendError(const std::string &message) -{ - std::lock_guard lock(g_msgMutex); - g_errors += message; - g_errors += "\n"; -} - -void cookie_api_thread_function(bool isSmack) -{ - /* - Tested API functions: - - int security_server_get_cookie_size(void); - int security_server_request_cookie(char *cookie, size_t bufferSize); - int security_server_check_privilege(const char *cookie, gid_t privilege); - int security_server_check_privilege_by_cookie(const char *cookie, - const char *object, - const char *access_rights); - int security_server_get_cookie_pid(const char *cookie); - char *security_server_get_smacklabel_cookie(const char *cookie); - */ - - int ret; - size_t COOKIE_SIZE; - - //security_server_get_cookie_size() - COOKIE_SIZE = security_server_get_cookie_size(); - if (COOKIE_SIZE != 20) { - appendError("Error in security_server_get_cookie_size(): " + std::to_string(COOKIE_SIZE)); - return; - } - - //security_server_request_cookie() - std::vector cookie(COOKIE_SIZE); - ret = security_server_request_cookie(cookie.data(), COOKIE_SIZE); - if (ret < 0) { - appendError("Error in security_server_request_cookie(): " + std::to_string(ret)); - return; - } - - //security_server_check_privilege() - ret = security_server_check_privilege(cookie.data(), 0); - if (ret < 0) { - appendError("Error in security_server_check_privilege(): " + std::to_string(ret)); - return; - } - - //security_server_check_privilege_by_cookie() - ret = security_server_check_privilege_by_cookie(cookie.data(), g_object.data(), g_rule.data()); - if (ret < 0) { - appendError("Error in security_server_check_privilege_by_cookie(): " + std::to_string(ret)); - return; - } - - //security_server_get_cookie_pid - ret = security_server_get_cookie_pid(cookie.data()); - if (ret < 0) { - appendError("Error in security_server_get_cookie_pid(): " + std::to_string(ret)); - return; - } - - if (isSmack) { - //security_server_get_smacklabel_cookie() - char *tmp = security_server_get_smacklabel_cookie(cookie.data()); - std::string labelFromCookie(tmp ? tmp : ""); - free(tmp); - if (labelFromCookie.size() == 0) { - appendError("Error in security_server_get_smacklabel_cookie(): " + labelFromCookie); - return; - } - - char *labelFromSelfTmp = nullptr; - ret = smack_new_label_from_self(&labelFromSelfTmp); - if (ret < 0) { - appendError("Error in smack_new_label_from_self(): " + std::to_string(ret)); - return; - } - - std::string labelFromSelf(labelFromSelfTmp ? labelFromSelfTmp : ""); - free(labelFromSelfTmp); - if (labelFromSelf != labelFromCookie) { - appendError("Error in comparing SMACK label: " + std::to_string(ret)); - return; - } - } - - std::lock_guard lock(g_mutex); - ++g_successes; -} - -void testFunction(bool isSmack) -{ - std::vector threadsVector; - - if (isSmack) { - //preapre environment - int ret = smack_set_label_for_self(g_subject.data()); - RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self()"); - - struct smack_accesses *rulesRaw = nullptr; - ret = smack_accesses_new(&rulesRaw); - RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_new()"); - SmackAccessesPtr rules(rulesRaw); - ret = smack_accesses_add(rules.get(), g_subject.data(), g_object.data(), g_rule.data()); - RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_add()"); - ret = smack_accesses_apply(rules.get()); - RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_apply()"); - } - - //spawning threads - for (size_t i = 0 ; i < g_threadsNumber; ++i) - threadsVector.push_back(std::thread(cookie_api_thread_function, isSmack)); - - //waiting for threads end - for (auto itr = threadsVector.begin(); itr != threadsVector.end(); ++itr) - itr->join(); -} - - -RUNNER_TEST_GROUP_INIT(stress_tests) - -RUNNER_CHILD_TEST_SMACK(tc_stress_cookie_api_smack) -{ - testFunction(true); - - RUNNER_ASSERT_MSG(g_successes == g_threadsNumber, - "Not all threads exit with success: " - << g_successes << "/ " << g_threadsNumber - << std::endl << "Errors:" << std::endl << g_errors); -} - -RUNNER_CHILD_TEST_NOSMACK(tc_stress_cookie_api_no_smack) -{ - testFunction(false); - - RUNNER_ASSERT_MSG(g_successes == g_threadsNumber, - "Not all threads exit with success: " - << g_successes << "/ " << g_threadsNumber - << std::endl << "Errors:" << std::endl << g_errors); -} - - - -int main (int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} - diff --git a/src/security-server-tests/server.cpp b/src/security-server-tests/server.cpp deleted file mode 100644 index e7d94b73..00000000 --- a/src/security-server-tests/server.cpp +++ /dev/null @@ -1,432 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_server.cpp - * @author Bumjin Im (bj.im@samsung.com) - * @author Mariusz Domanski (m.domanski@samsung.com) - * @version 1.0 - * @brief Test cases for security server - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "security-server.h" -#include "security_server_clean_env.h" -#include -#include -#include -#include -#include -#include "security_server_tests_common.h" -#include "tests_common.h" -#include -#include - -const char *TEST03_SUBJECT = "subject_0f09f7cc"; -const char *TEST04_SUBJECT = "subject_57dfbfc5"; -const char *TEST07_SUBJECT = "subject_cd738844"; -const char *TEST08_SUBJECT = "subject_fd84ba7f"; - -void clear_password() -{ - int ret = -1; - unsigned int attempt, max_attempt, expire_sec; - - reset_security_server(); - - attempt = max_attempt = expire_sec = UINT_MAX; - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret); - RUNNER_ASSERT(expire_sec == 0); - RUNNER_ASSERT(max_attempt == 0); - RUNNER_ASSERT(attempt == 0); - - sleep(1); -} - -void check_API_passwd(bool smack) { - int ret = -1; - int err, err_is_pwd_valid; - unsigned int attempt, max_attempt, expire_sec; - - err = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_SUCCESS; - err_is_pwd_valid = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_ERROR_PASSWORD_EXIST; - attempt = max_attempt = expire_sec = 0; - - if (smack) { - SecurityServer::AccessProvider privider(TEST04_SUBJECT); - privider.applyAndSwithToUser(APP_UID, APP_GID); - } else { - RUNNER_ASSERT_MSG((ret = drop_root_privileges()) == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - } - - ret = security_server_set_pwd_validity(APP_UID); - RUNNER_ASSERT_MSG(ret == err, - "security_server_set_pwd_validity has failed," - " ret: " << ret); - - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == err, - "security_server_set_pwd_max_challenge has failed," - " ret: " << ret); - - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == err_is_pwd_valid, - "security_server_is_pwd_valid should return password exist," - " ret: " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd("12345", "12346", 0, 0); - RUNNER_ASSERT_MSG(ret == err, - "security_server_set_pwd has failed, ret: " << ret); - - ret = security_server_reset_pwd("12346",0, 0); - RUNNER_ASSERT_MSG(ret == err, - "security_server_reset_pwd has failed, ret: " << ret); - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == err, - "security_server_chk_pwd has failed, ret: " << ret); - - ret = security_server_set_pwd_history(10); - RUNNER_ASSERT_MSG(ret == err, - "security_server_set_pwd_history has failed, ret: " << ret); -} - -RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER); - -RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs) -{ - RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0); -} - -RUNNER_TEST(tc_security_server_get_gid_empty_object_name) -{ - RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM); -} - -RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel) -{ - RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT); -} - -RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access) -{ - const char *subject = "abc345v34sfa"; - const char *object = "efg678x2lkjz"; - - SecurityServer::AccessProvider provider(object); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - security_server_app_give_access(subject, getpid()); - - RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat")); -} - -/* - * Currently we are NOT revoking any permissions given by - * security_server_app_give_access function - */ -/*RUNNER_TEST(tc01b_security_server_app_give_access) -{ - const char *subject = "abc345v34sfa"; - const char *object = "efg678x2lkjz"; - - // After part A thread from security-server will be notified about - // process end and revoke permissions. We need to give him some - // time. - sleep(1); - - RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----")); - RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---")); - RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--")); - RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-")); - RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t")); -}*/ - -RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access) -{ - const char *subject = "xxx45v34sfa"; - const char *object = "yyy78x2lkjz"; - - SmackAccess smack; - smack.add(subject, object, "-----"); - smack.apply(); - - RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(object), "Error in smack_label_for_self"); - - RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid()); - - RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == - security_server_app_give_access(subject, getpid())); - - RUNNER_ASSERT(0 == smack_have_access(subject, object, "r")); -} - -RUNNER_TEST_SMACK(tc02_check_privilege_by_pid) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success"); - int ret; - int pid; - - pid = getpid(); - - //we checking existing rule, it should return positive - ret = security_server_check_privilege_by_pid(pid, "_", "rx"); - RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS); - - //we checking rule with label that not exist - ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat"); - RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS); -} - -RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow) -{ - int ret = -1; - unsigned int attempt, max_attempt, expire_sec; - - attempt = max_attempt = expire_sec = 0; - - clear_password(); - - SecurityServer::AccessProvider provider(TEST03_SUBJECT); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - ret = security_server_set_pwd_validity(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret); - - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret); - - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(nullptr, "12345", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - - ret = security_server_reset_pwd("12345",0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - - ret = security_server_set_pwd_history(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); -} - -RUNNER_CHILD_TEST_SMACK(tc04_check_API_passwd_denied) -{ - check_API_passwd(true); -} - -RUNNER_CHILD_TEST_NOSMACK(tc04_check_API_app_user_passwd_allow_nosmack) -{ - check_API_passwd(false); -} - -RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow) -{ - SecurityServer::AccessProvider provider(TEST07_SUBJECT); - provider.allowSS(); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_app_give_access(TEST07_SUBJECT, getpid()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); -} - -RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied) -{ - SecurityServer::AccessProvider provider(TEST08_SUBJECT); - provider.applyAndSwithToUser(APP_UID, APP_GID); - - int ret = security_server_app_give_access(TEST08_SUBJECT, getpid()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, - "security_server_app_give_access should return access denied," - " ret: " << ret); -} - -////////////////////////////////////////// -/////////NOSMACK ENV TESTS//////////////// -////////////////////////////////////////// - -/** - * NOSMACK version of tc01a and tc01c tests. - * - * SMACK is turned off - that means for us, that we don't need any accesses added to our process - * in SMACK before dropping root privileges. This test drops root privileges, calls - * security_server_app_give_access and then checks if smack_have_access returns error (because - * SMACK is off). - * - * security_server_app_give_access shouldn't return anything else than success when SMACK is off, - * hence there is only one test that replaces tests tc01a and tc01c. - */ -RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack) -{ - const char* subject = "abc345v34sfa"; - const char* object = "efg678x2lkjz"; - int result = 0; - - result = drop_root_privileges(); - RUNNER_ASSERT_MSG(result == 0, - "Failed to drop root privileges. Result: " << result << "uid = " << getuid()); - - result = security_server_app_give_access(subject, getpid()); - RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS, - "Error in security_server_app_give_access. Result: " << result); - - result = smack_have_access(subject, object, "rwxat"); - RUNNER_ASSERT_MSG(result == -1, - "smack_have_access should return error when SMACK is off. Result: " << result); -} - -/** - * NOSMACK version of tc02 test. - * - * check_privilege_by_pid should always return success when SMACK is off, no matter if label is - * real or not. - */ -RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success"); - int ret; - int pid; - - pid = getpid(); - - //we checking existing rule, it should return positive - ret = security_server_check_privilege_by_pid(pid, "_", "rx"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege_by_pid for existing label failed. Result: " << ret); - - //we checking rule with label that not exist - ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege_by_pid for nonexisting label failed. Result: " << ret); -} - -/** - * NOSMACK version of clear_password function. - * - * Compared to SMACK version of this function, this one skips adding rules and setting label. - */ -int clear_password_nosmack() -{ - int ret = -1; - unsigned int attempt, max_attempt, expire_sec; - - if (getuid() == 0) { - reset_security_server(); - - attempt = max_attempt = expire_sec = UINT_MAX; - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, - "is_pwd_faild should return no password error. Result: " << ret); - RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0."); - RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0."); - RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0."); - - return 0; - } - return -1; -} - -/** - * NOSMACK version of tc03 test. - * - * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most - * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.). - * First clear password, then drop privileges and proceed to regular testing. - */ - -RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack) -{ - int ret = -1; - unsigned int attempt, max_attempt, expire_sec; - - attempt = max_attempt = expire_sec = 0; - - clear_password_nosmack(); - - // drop root privileges - ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - - ret = security_server_set_pwd_validity(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, - "set_pwd_validity should return no password error. Result: " << ret); - - ret = security_server_set_pwd_max_challenge(5); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, - "set_pwd_max_challenge should return no password error. Result: " << ret); - - ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, - "is_pwd_valid should return no password error. Result: " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_set_pwd(nullptr, "12345", 0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "set_pwd failed. Result: " << ret); - - ret = security_server_reset_pwd("12345",0, 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "reset_pwd failed. Result: " << ret); - - usleep(PASSWORD_RETRY_TIMEOUT_US); - ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "chk_pwd failed. Result: " << ret); - - ret = security_server_set_pwd_history(10); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "set_pwd_history failed. Result: " << ret); -} - -/** - * NOSMACK version of tc07 test. - * - * Similarily to previous tests - no need to set self label because SMACK is off. Just as - * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the - * NOSMACK version of tc08 test is skipped. - */ -RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack) -{ - int ret = -1; - - // drop root privileges - ret = drop_root_privileges(); - RUNNER_ASSERT_MSG(ret == 0, - "Failed to drop root privileges. Result: " << ret << "uid = " << getuid()); - - ret = security_server_app_give_access(TEST07_SUBJECT, getpid()); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "app_give_access failed. Result: " << ret); -} - -int main(int argc, char *argv[]) { - if (0 != getuid()) { - printf("Error: %s must be executed by root\n", argv[0]); - exit(1); - } - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/security-server-tests/weird_arguments.cpp b/src/security-server-tests/weird_arguments.cpp deleted file mode 100644 index fab2d6a1..00000000 --- a/src/security-server-tests/weird_arguments.cpp +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved - */ -/* - * @file security_server_tests_weird_arguments.cpp - * @author Zbigniew Jasinski (z.jasinski@samsung.com) - * @version 1.0 - * @brief Test cases for security server - * - */ -#include "tests_common.h" -#include "security-server.h" -#include -#include - -RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_WEIRD_ARGUMENTS); - -RUNNER_TEST(tc01_security_server_get_gid_weird_input_case) -{ - int ret = 0; - char weird[] = {static_cast (0xe3), 0x79, static_cast (0x82), 0x0}; - - /* normal param case */ - ret = security_server_get_gid("tel_sim"); - RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret); - - /* wrong param case */ - ret = security_server_get_gid("elephony_akecall"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret); - - /* weird param case */ - ret = security_server_get_gid(weird); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret); - - /* null param case */ - ret = security_server_get_gid(nullptr); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - /* param too long case */ - ret = security_server_get_gid("abcdefghijklmnopqrstuvwxyz01234"); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - /* empty param case */ - ret = security_server_get_gid(""); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); -} - -/* from security_server_tests_server.cpp */ - -RUNNER_TEST(tc03_security_server_request_cookie_weird_input_case) -{ - int ret = 0; - size_t cookie_size = security_server_get_cookie_size(); - - /* null cookie case */ - char *cookie = nullptr; - - ret = security_server_request_cookie(cookie, cookie_size); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - /* buffer size too small case */ - cookie_size = 19; - char cookie2[cookie_size]; - - ret = security_server_request_cookie(cookie2, cookie_size); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret: " << ret); -} - -RUNNER_TEST(tc04_security_server_check_privilege_weird_input_case) -{ - int ret = 0; - size_t cookie_size = security_server_get_cookie_size(); - gid_t gid = DB_ALARM_GID; - - /* null cookie case */ - char *cookie = nullptr; - - ret = security_server_check_privilege(cookie, gid); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - char cookie2[cookie_size]; - - ret = security_server_request_cookie(cookie2, cookie_size); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - - /* big gid case */ - gid = 70666; - - ret = security_server_check_privilege(cookie2, gid); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret); -} -RUNNER_TEST(tc05_security_server_check_privilege_by_cookie_weird_input_case) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success"); - int ret = 0; - size_t cookie_size = security_server_get_cookie_size();; - const char *object = "telephony_makecall"; - const char *access_rights = "r"; - - /* null cookie case */ - char *cookie = nullptr; - ret = security_server_check_privilege_by_cookie(cookie, object, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - /* null object case */ - char *object2 = nullptr; - char cookie2[cookie_size]; - - ret = security_server_request_cookie(cookie2, cookie_size); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); - - ret = security_server_check_privilege_by_cookie(cookie2, object2, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - /* null access rights case */ - access_rights = nullptr; - ret = security_server_check_privilege_by_cookie(cookie2, object, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); -} - -RUNNER_TEST_SMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - int ret = 0; - int sockfd = -1; - const char *object = "telephony_makecall"; - const char *access_rights = "r"; - - /* invalid sockfd case */ - ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - sockfd = 0; - - /* null object case */ - char *object2 = nullptr; - ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); - - /* null access rights case */ - access_rights = nullptr; - ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret); -} - -RUNNER_TEST(tc07_security_server_get_cookie_pid_weird_input_case) -{ - int ret = 0; - char *cookie = nullptr; - - ret = security_server_get_cookie_pid(cookie); - RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM); -} - -/////////////////////////// -/////NOSMACK ENV TESTS///// -/////////////////////////// - -/** - * NOSMACK version of tc06 test. - * - * security_server_check_privilege_by_sockfd at first checks if SMACK exists and then checks if - * params are correct. Even with incorrect params we should expect SUCCESS instead of - * ERROR_INPUT_PARAM. - */ - -RUNNER_TEST_NOSMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case_nosmack) -{ - RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success"); - int ret = 0; - int sockfd = -1; - const char* object = "telephony_makecall"; - const char* access_rights = "r"; - - //invalid sockfd case - ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege_by_sockfd failed. Result: " << ret); - sockfd = 0; - - //null object case - char *object2 = nullptr; - ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege_by_sockfd failed. Result: " << ret); - - //null access rights case - access_rights = nullptr; - ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, - "check_privilege_by_sockfd failed. Result: " << ret); -} - diff --git a/src/security-tests-all.sh b/src/security-tests-all.sh deleted file mode 100644 index 653971a8..00000000 --- a/src/security-tests-all.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh -echo "[Trigerring all tests...]" - -total=0 -passed=0 -failed=0 -ignored=0 - -ign="--runignored" -if [ $# -gt 0 ]; then - if [ "$1" = "--noignored" ]; then - ign="" - fi -fi - -function addSummary -{ - read -a words < summary.txt - total=$((total + words[0])) - passed=$((passed + words[1])) - failed=$((failed + words[2])) - ignored=$((ignored + words[3])) - - rm summary.txt -} - -function runTest -{ - # 'text' - console output - # 'summary' - used for summary view - security-tests.sh "$1" --output=text --output=summary "$ign" - addSummary -} - -function printSummary -{ - COLOR_GREEN_START="\033[1;32m" - COLOR_DARK_GREEN_START="\033[0;36m" - COLOR_END="\033[m" - - printf "\n" - printf "$COLOR_GREEN_START" - printf "Summary\n" - printf "$COLOR_END" - - printf "$COLOR_DARK_GREEN_START" - printf " Total: %i\n" "$total" - printf " Passed: %i\n" "$passed" - printf " Failed: %i\n" "$failed" - printf " Ignored: %i\n" "$ignored" - printf "$COLOR_END" - printf "\n" -} - -runTest smack -runTest smack-dbus -runTest libprivilege-control -#runTest ss-clientsmack -#runTest ss-server -#runTest ss-password -#runTest ss-privilege -#runTest ss-stress -runTest security-manager -runTest cynara -runTest ckm - -printSummary - -echo "[Done]" diff --git a/src/security-tests.sh b/src/security-tests.sh deleted file mode 100644 index f99127bc..00000000 --- a/src/security-tests.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh - -##################################################################### -# Copyright (c) 2012-2014 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -##################################################################### - -#testing internet access and date on the target - -echo "### Starting tests ######################################################" - -case $1 in - -"smack") - echo "=========================================================================" - echo $1 - echo - libsmack-test "${@:2}" # propagate all remaining arguments (except first) - ;; -"smack-dbus") - echo "=========================================================================" - echo "SMACK DBUS TEST" - echo - smack-dbus-tests "${@:2}" - ;; -"libprivilege-control") - echo "=========================================================================" - echo $1 - echo - libprivilege-control-test "${@:2}" - ;; -"ss-clientsmack") - echo "=========================================================================" - echo "SECURITY SERVER TEST CLIENT SMACK" - echo - security-server-tests-client-smack "${@:2}" - ;; -"ss-stress") - echo "=========================================================================" - echo "SECURITY SERVER TEST STRESS" - echo - security-server-tests-stress "${@:2}" - ;; -"ss-server") - echo "=========================================================================" - echo "SECURITY SERVER TEST SERVER" - echo - security-server-tests-server "${@:2}" - ;; -"ss-api-speed") - echo "=========================================================================" - echo "SECURITY SERVER MEASURER SERVER" - echo - security-server-tests-api-speed "${@:2}" - ;; -"ss-password") - echo "=========================================================================" - echo "SECURITY SERVER TEST PASSWORD" - echo - security-server-tests-password "${@:2}" - ;; -"ss-privilege") - echo "=========================================================================" - echo "SECURITY SERVER TEST PRIVILEGE" - echo - security-server-tests-privilege "${@:2}" - ;; -"security-manager") - echo "=========================================================================" - echo "SECURITY MANAGER TESTS" - echo - security-manager-tests "${@:2}" - ;; -"cynara") - echo "=========================================================================" - echo "CYNARA TEST" - echo - cynara-test "${@:2}" - ;; -"ckm") - echo "=========================================================================" - echo "KEY MANAGER TESTS" - echo - ckm-tests "${@:2}" - ;; -*) - echo "Correct using:" - echo " security_test.sh " - echo - echo "modules: smack, smack-dbus, libprivilege-control, ss-clientsmack" - echo " ss-server, ss-api-speed, ss-password, ss-stress" - echo " ss-privilege, security-manager, cynara, ckm" - ;; - -esac - -echo "### Tests done ##########################################################" diff --git a/src/smack-dbus-tests/CMakeLists.txt b/src/smack-dbus-tests/CMakeLists.txt deleted file mode 100644 index 865b714b..00000000 --- a/src/smack-dbus-tests/CMakeLists.txt +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Michal Eljasiewicz (m.eljasiewic@samsung.com) -# @brief -# - -INCLUDE(FindPkgConfig) - -# Dependencies -PKG_CHECK_MODULES(SMACK_DBUS_TESTS_DEP - libsmack - dbus-1 - REQUIRED) - -# Targets definition - -INCLUDE_DIRECTORIES(SYSTEM - ${SMACK_DBUS_TESTS_DEP_INCLUDE_DIRS} - ) - -SET(TARGET_SMACK_DBUS_TESTS "smack-dbus-tests") - -# Sources definition - -SET(SMACK_DBUS_SOURCES - ${PROJECT_SOURCE_DIR}/src/smack-dbus-tests/smack_dbus_tests.cpp - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/common/ - ) - -ADD_EXECUTABLE(${TARGET_SMACK_DBUS_TESTS} ${SMACK_DBUS_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_SMACK_DBUS_TESTS} - ${SMACK_DBUS_TESTS_DEP_LIBRARIES} - dpl-test-framework - tests-common - ) - -# Installation - -INSTALL(TARGETS ${TARGET_SMACK_DBUS_TESTS} DESTINATION /usr/bin) diff --git a/src/smack-dbus-tests/smack_dbus_tests.cpp b/src/smack-dbus-tests/smack_dbus_tests.cpp deleted file mode 100644 index 233994e8..00000000 --- a/src/smack-dbus-tests/smack_dbus_tests.cpp +++ /dev/null @@ -1,305 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include "tests_common.h" - -#define DBUS_SERVER_NAME "test.method.server" -#define DBUS_CALLER_NAME "test.method.caller" - -#define DBUS_SMACK_NAME "org.freedesktop.DBus" -#define DBUS_SMACK_OBJECT "/org/freedesktop/DBus" -#define DBUS_SMACK_INTERFACE "org.freedesktop.DBus" -#define DBUS_SMACK_METHOD "GetConnectionCredentials" - -RUNNER_TEST_GROUP_INIT(SMACK_DBUS); - -RUNNER_MULTIPROCESS_TEST_SMACK(tc01_smack_context_from_DBus) -{ - RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method" - " yet."); - - int ret = -1; - const char *subject_parent = "subject_parent"; - const char *subject_child = "subject_child"; - - DBusMessage* msg = nullptr; - DBusMessageIter args, iter, var, var_iter, var_value; - DBusConnection* conn = nullptr; - DBusError err; - DBusPendingCall *pending = nullptr; - const char *dbus_server_name = DBUS_SERVER_NAME; - char *smack_context = nullptr; - - pid_t pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed"); - - if (pid == 0) { - // child - ret = smack_set_label_for_self(subject_child); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, - "smack_set__label_for_self() failed, ret: " << ret); - - // initialize the errors - dbus_error_init(&err); - - // connect to the system bus and check for errors - conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err); - ret = dbus_error_is_set(&err); - if (1 == ret) { - dbus_error_free(&err); - RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret); - } - - // request our name on the bus - ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err); - if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) { - dbus_error_free(&err); - RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret, - "dbus_bus_request_name() failed, ret: " << ret); - } - - // crate a new method call for checking SMACK context from DBus interface - msg = dbus_message_new_method_call(DBUS_SMACK_NAME, - DBUS_SMACK_OBJECT, - DBUS_SMACK_INTERFACE, - DBUS_SMACK_METHOD); - - RUNNER_ASSERT_MSG(nullptr != msg, - "dbus_message_new_method_call() failed, ret: " << ret); - - // append arguments, we need SMACK context for our parent process "test.method.server" - dbus_message_iter_init_append(msg, &args); - ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name); - RUNNER_ASSERT_MSG(1 == ret, "Out of memory"); - - // wait for parent to connect to DBus - sleep(3); - - // send message and get a handle for a reply - // -1 is default timeout - ret = dbus_connection_send_with_reply (conn, msg, &pending, -1); - RUNNER_ASSERT_MSG(1 == ret, "Out of memory"); - RUNNER_ASSERT_MSG(nullptr != pending, "Pending call null"); - - dbus_connection_flush(conn); - - // free message - dbus_message_unref(msg); - - // block until reply - dbus_pending_call_block(pending); - - // get the reply - msg = dbus_pending_call_steal_reply(pending); - RUNNER_ASSERT_MSG(nullptr != msg, "Reply null"); - - // free message handle - dbus_pending_call_unref(pending); - - ret = dbus_message_iter_init(msg, &iter); - RUNNER_ASSERT_MSG(0 != ret, "Message has no arguments"); - - dbus_message_iter_recurse(&iter, &var); - - while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) { - dbus_message_iter_recurse(&var, &var_iter); - while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) { - dbus_message_iter_recurse(&var_iter, &var_value); - switch(dbus_message_iter_get_arg_type(&var_value)) { - case DBUS_TYPE_STRING: - dbus_message_iter_get_basic(&var_value, &smack_context); - break; - default: - ; - } - dbus_message_iter_next(&var_iter); - } - dbus_message_iter_next(&var); - } - - // free reply and close connection - dbus_message_unref(msg); - dbus_connection_unref(conn); - - RUNNER_ASSERT(smack_context != nullptr); - ret = strcmp(smack_context, subject_parent); - RUNNER_ASSERT_MSG(0 == ret, - "Context mismatch! context from dbus: " << smack_context); - - exit(0); - - } else { - // parent - ret = smack_set_label_for_self(subject_parent); - RUNNER_ASSERT_MSG(ret == PC_OPERATION_SUCCESS, - "smack_set_label_for_self() failed, ret: " << ret); - - // initialise the error - dbus_error_init(&err); - - // connect to the bus and check for errors - conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err); - ret = dbus_error_is_set(&err); - if (1 == ret) { - dbus_error_free(&err); - RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret); - } - - // request our name on the bus and check for errors - ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err); - if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) { - dbus_error_free(&err); - RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret, - "dbus_bus_request_name() failed, ret: " << ret); - } - - // close the connection - dbus_connection_unref(conn); - } -} - -/////////////////////////////////////// -//////NOSMACK ENV TESTS//////////////// -/////////////////////////////////////// - -RUNNER_MULTIPROCESS_TEST_NOSMACK(tc01_smack_context_from_DBus_nosmack) -{ - RUNNER_IGNORED_MSG("dbus does not support smack context in GetConnectionCredentials method" - " yet."); - - int ret = -1; - const char* subject_parent = "subject_parent"; - - DBusMessage* msg = nullptr; - DBusMessageIter args, iter, var, var_iter, var_value; - DBusConnection* conn = nullptr; - DBusError err; - DBusPendingCall *pending = nullptr; - const char *dbus_server_name = DBUS_SERVER_NAME; - char *smack_context = nullptr; - - pid_t pid = fork(); - RUNNER_ASSERT_ERRNO_MSG(-1 != pid, "fork() failed"); - - if (pid == 0) { - // child - - // initialize the errors - dbus_error_init(&err); - - // connect to the system bus and check for errors; failure = exit with result 1 - conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err); - ret = dbus_error_is_set(&err); - if (1 == ret) { - dbus_error_free(&err); - RUNNER_FAIL_MSG("Failed to connect to system bus. Ret " << ret); - } - - // request our name on the bus; failure = exit with result 2 - ret = dbus_bus_request_name(conn, DBUS_CALLER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err); - if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) { - dbus_error_free(&err); - RUNNER_FAIL_MSG("Failed to request name on the bus. Ret " << ret); - } - - // crate a new method call for checking SMACK context from DBus interface - msg = dbus_message_new_method_call(DBUS_SMACK_NAME, - DBUS_SMACK_OBJECT, - DBUS_SMACK_INTERFACE, - DBUS_SMACK_METHOD); - - RUNNER_ASSERT_MSG(msg != nullptr, "dbus_message_new_method_call() failed."); - - // append arguments, we need SMACK context for our parent process "test.method.server" - dbus_message_iter_init_append(msg, &args); - ret = dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &dbus_server_name); - RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret); - - // wait for parent to connect to DBus - sleep(3); - - // send message and get a handle for a reply - // -1 is default timeout - ret = dbus_connection_send_with_reply (conn, msg, &pending, -1); - RUNNER_ASSERT_MSG(ret == 1, "Out of memory. Ret " << ret); - RUNNER_ASSERT_MSG(pending != nullptr, "Pending call is nullptr."); - - dbus_connection_flush(conn); - - // free message - dbus_message_unref(msg); - - // block until reply - dbus_pending_call_block(pending); - - // get the reply - msg = dbus_pending_call_steal_reply(pending); - RUNNER_ASSERT_MSG(msg != nullptr, "Failed to get the reply from bus."); - - // free message handle - dbus_pending_call_unref(pending); - - ret = dbus_message_iter_init(msg, &iter); - RUNNER_ASSERT_MSG(ret != 0, "DBus message has no arguments. Ret " << ret); - - dbus_message_iter_recurse(&iter, &var); - while (dbus_message_iter_get_arg_type(&var) != DBUS_TYPE_INVALID) { - dbus_message_iter_recurse(&var, &var_iter); - while(dbus_message_iter_get_arg_type(&var_iter) != DBUS_TYPE_INVALID) { - dbus_message_iter_recurse(&var_iter, &var_value); - switch(dbus_message_iter_get_arg_type(&var_value)) { - case DBUS_TYPE_STRING: - dbus_message_iter_get_basic(&var_value, &smack_context); - break; - default: - ; - } - dbus_message_iter_next(&var_iter); - } - dbus_message_iter_next(&var); - } - - // free reply and close connection - dbus_message_unref(msg); - dbus_connection_unref(conn); - - RUNNER_ASSERT(smack_context != nullptr); - ret = strcmp(smack_context, subject_parent); - RUNNER_ASSERT_MSG(ret == 0, "Context mismatch. Context " << smack_context); - - exit(0); - - } else { - // parent - - // initialise the error - dbus_error_init(&err); - - // connect to the bus and check for errors - conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err); - ret = dbus_error_is_set(&err); - if (1 == ret) { - dbus_error_free(&err); - RUNNER_ASSERT_MSG(0 == ret, "dbus_bus_get() failed, ret: " << ret); - } - - // request our name on the bus and check for errors - ret = dbus_bus_request_name(conn, DBUS_SERVER_NAME, DBUS_NAME_FLAG_REPLACE_EXISTING , &err); - if (DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret) { - dbus_error_free(&err); - RUNNER_ASSERT_MSG(DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER != ret, - "dbus_bus_request_name() failed, ret: " << ret); - } - - // close the connection - dbus_connection_unref(conn); - } -} - -int main(int argc, char *argv[]) -{ - return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); -} diff --git a/src/test-performance-check.sh b/src/test-performance-check.sh deleted file mode 100644 index 5d373ce3..00000000 --- a/src/test-performance-check.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh - -NOF_TRIES=3 -i=$NOF_TRIES -ERR_FILE=error.log -RESULTS_FILE=results.log - -SUM=0 - -black="\033[0;30m"; -red="\033[0;31m"; -green="\033[0;32m"; -brown="\033[0;33m"; -blue="\033[0;34m"; -purple="\033[0;35m"; -grey="\033[1;30m"; -yellow="\033[1;33m"; -default="\033[0m"; - - -function echo_as_percent () { -full=$(( $1 / 100 )) -rest_full=$(( $1 % 100 )) -dec=$(($rest_full / 10 )) -rest_dec=$(($rest_full % 10 )) -echo "$full.$dec$rest_dec%" -echo "$full.$dec$rest_dec%" >> $RESULTS_FILE - -} - -date >> $RESULTS_FILE -date >> $ERR_FILE - -while [ $((i--)) -gt 0 ] -do -echo -e "$blue==============test no $i=============$default" - -perf record -a -g & > /dev/null 2> /dev/null -sleep 1 -security-tests-all.sh > /dev/null 2> /dev/null -pkill -SIGINT perf - -sleep 2 - -echo "perf results:" -perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk -OUTPUT=$(perf report -U -s symbol -gflat,1,caller 2>> $ERR_FILE | grep smk | sed "s:%.*$::g;s:^[ \t]::g;s:[^0-9]::g;s:^0::g;s:^0::g;s:$:+:g;$ s:+::" | tr -d "\n") - -echo -e "$blue sum:" -echo_as_percent $(($OUTPUT)) -echo -e "$default" - -SUM=$(($SUM + $OUTPUT)) - -done -echo -e "$blue==============done=============" -OUTPUT=$(($SUM/3)) -echo "average:" -echo "average:" >> $RESULTS_FILE -echo_as_percent $OUTPUT -echo -e "$default" - - diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt deleted file mode 100644 index b1b4d878..00000000 --- a/tests/CMakeLists.txt +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -cmake_minimum_required(VERSION 2.8.3) - -INCLUDE(FindPkgConfig) -SET(INNER_TARGET_TEST "security-tests-inner-test") - -PKG_CHECK_MODULES(INNER_TARGET_DEP - REQUIRED - glib-2.0 - ) - -#files to compile -SET(INNER_TARGET_TEST_SOURCES - ${PROJECT_SOURCE_DIR}/tests/inner-test.cpp - ${PROJECT_SOURCE_DIR}/tests/common/test_cases_timeout.cpp - ${PROJECT_SOURCE_DIR}/tests/framework/test_cases_deferred.cpp - ) - -#header directories -INCLUDE_DIRECTORIES(SYSTEM - ${INNER_TARGET_DEP_INCLUDE_DIRS} - ) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/src/framework/include/ - ${PROJECT_SOURCE_DIR}/src/ - ) - -#output format -ADD_EXECUTABLE(${INNER_TARGET_TEST} ${INNER_TARGET_TEST_SOURCES}) - -#linker directories -TARGET_LINK_LIBRARIES(${INNER_TARGET_TEST} - ${INNER_TARGET_DEP_LIBRARIES} - tests-common - dpl-test-framework - ) - -#place for output file -INSTALL(TARGETS ${INNER_TARGET_TEST} - DESTINATION /usr/bin - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) diff --git a/tests/common/test_cases_timeout.cpp b/tests/common/test_cases_timeout.cpp deleted file mode 100644 index f11ad41d..00000000 --- a/tests/common/test_cases_timeout.cpp +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file test_cases_timeout.cpp - * @author Lukasz Wojciechowski - * @version 1.0 - * @brief Inner tests for timeout mechanism - */ - -#include -#include -#include - -#include -#include - -RUNNER_TEST_GROUP_INIT(TIMEOUT) - -void timeout_test_ret(int waitDuration, int functionDuration, Timeout::ExpectMode expect) { - float fRet = 3.1415; - auto ret = Timeout::callAndWait(std::chrono::seconds(waitDuration), expect, - Timeout::CancelFunction(), - ([fRet](int sec) -> float { - std::this_thread::sleep_for(std::chrono::seconds(sec)); - return fRet; - }), functionDuration); - RUNNER_ASSERT_MSG(ret == fRet, - "Function returned = " << ret << " while expected value was " << fRet); -} - -RUNNER_TEST(it01_expected_timeout) -{ - timeout_test_ret(3, 5, Timeout::ExpectMode::TIMEOUT); -} - -RUNNER_TEST(it02_unexpected_finish) -{ - bool thrown = false; - try { - timeout_test_ret(3, 5, Timeout::ExpectMode::FINISHED); - } catch (const DPL::Test::TestException&) { - thrown = true; - } - RUNNER_ASSERT_MSG(thrown, - "Test should throw DPL::Test::TestException"); -} - -RUNNER_TEST(it03_ignored_timeout) -{ - timeout_test_ret(3, 5, Timeout::ExpectMode::IGNORE); -} - -RUNNER_TEST(it04_expected_finish) -{ - timeout_test_ret(5, 3, Timeout::ExpectMode::FINISHED); -} - -RUNNER_TEST(it05_unexpected_timeout) -{ - bool thrown = false; - try { - timeout_test_ret(5, 3, Timeout::ExpectMode::TIMEOUT); - } catch (const DPL::Test::TestException&) { - thrown = true; - } - RUNNER_ASSERT_MSG(thrown, - "Test should throw DPL::Test::TestException"); -} - -RUNNER_TEST(it06_ignored_finish) -{ - timeout_test_ret(5, 3, Timeout::ExpectMode::IGNORE); -} - -void timeout_test_throw(int waitDuration, int functionDuration, Timeout::ExpectMode expect) { - std::string exceptionString("exceptionString"); - bool thrown = false; - try { - Timeout::callAndWait(std::chrono::seconds(waitDuration), expect, - Timeout::CancelFunction(), - ([exceptionString](int sec) -> float { - std::this_thread::sleep_for(std::chrono::seconds(sec)); - throw exceptionString; - }), functionDuration); - } catch (const std::string &str) { - RUNNER_ASSERT_MSG(str == exceptionString, - "Function thrown = " << str - << " while expected value was " << exceptionString); - thrown = true; - } - RUNNER_ASSERT_MSG(thrown, - "Test should throw std::string(" << exceptionString << ")"); -} - -RUNNER_TEST(it07_throw_expected_timeout) -{ - timeout_test_throw(3, 5, Timeout::ExpectMode::TIMEOUT); -} - -RUNNER_TEST(it08_throw_unexpected_finish) -{ - bool thrown = false; - try { - timeout_test_throw(3, 5, Timeout::ExpectMode::FINISHED); - } catch (const DPL::Test::TestException&) { - thrown = true; - } - RUNNER_ASSERT_MSG(thrown, - "Test should throw DPL::Test::TestException"); -} - -RUNNER_TEST(it09_throw_ignored_timeout) -{ - timeout_test_throw(3, 5, Timeout::ExpectMode::IGNORE); -} - -RUNNER_TEST(it10_throw_expected_finish) -{ - timeout_test_throw(5, 3, Timeout::ExpectMode::FINISHED); -} - -RUNNER_TEST(it11_throw_unexpected_timeout) -{ - bool thrown = false; - try { - timeout_test_throw(5, 3, Timeout::ExpectMode::TIMEOUT); - } catch (const DPL::Test::TestException&) { - thrown = true; - } - RUNNER_ASSERT_MSG(thrown, - "Test should throw DPL::Test::TestException"); -} - -RUNNER_TEST(it12_throw_ignored_finish) -{ - timeout_test_throw(5, 3, Timeout::ExpectMode::IGNORE); -} diff --git a/tests/framework/test_cases_deferred.cpp b/tests/framework/test_cases_deferred.cpp deleted file mode 100644 index 036bc0f3..00000000 --- a/tests/framework/test_cases_deferred.cpp +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file test_cases_deferred.cpp - * @author Lukasz Wojciechowski - * @version 1.0 - * @brief Inner tests for defer macros mechanism - */ - -#include -#include - -#define EXPECT_EXCEPTION(expectedCatch, F) { \ - bool catched = false; \ - try { \ - F; \ - } catch (const DPL::Test::TestException & ex) { \ - catched = true; \ - } \ - RUNNER_ASSERT_MSG(catched == expectedCatch, \ - "Exception catched = " << catched \ - << " while expected is = " << expectedCatch); \ -} - -#define FILTER(F) { \ - try { \ - F; \ - } catch (...) { \ - } \ -} - -#define TRYCATCH(F) { \ - RUNNER_DEFER_TRYCATCH( \ - F; \ - ); \ -} - -#define SCOPE(F) { \ - RUNNER_DEFER_SCOPE( \ - F; \ - ); \ -} - -void fail(void) -{ - RUNNER_FAIL_MSG("Oops!"); -} - -void pass(void) -{ -} - -RUNNER_TEST_GROUP_INIT(DEFERRED) - -RUNNER_TEST(id01_simple_fail) -{ - EXPECT_EXCEPTION(true, fail()); -} - -RUNNER_TEST(id02_filtred_fail) -{ - EXPECT_EXCEPTION(false, FILTER(fail())); -} - -RUNNER_TEST(id03_saved_filtred_rethrown_fail) -{ - EXPECT_EXCEPTION(true, SCOPE(FILTER(TRYCATCH(fail())))); -} - -RUNNER_TEST(id04_saved_filtred_fail) -{ - EXPECT_EXCEPTION(false, FILTER(TRYCATCH(fail()))); -} - -RUNNER_TEST(id05_filtred_rethrown_fail) -{ - EXPECT_EXCEPTION(false, SCOPE(FILTER(fail()))); -} - -RUNNER_TEST(id06_saved_rethrown_fail) -{ - EXPECT_EXCEPTION(true, SCOPE(TRYCATCH(fail()))); -} - -RUNNER_TEST(id07_saved_fail) -{ - EXPECT_EXCEPTION(true, TRYCATCH(fail())); -} - -RUNNER_TEST(id08_rethrown_fail) -{ - EXPECT_EXCEPTION(true, SCOPE(fail())); -} - -RUNNER_TEST(id09_nested_scope) -{ - EXPECT_EXCEPTION(true, SCOPE(SCOPE(SCOPE(FILTER(TRYCATCH(fail())))))); -} - -RUNNER_TEST(id10_nested_scope2) -{ - EXPECT_EXCEPTION(true, SCOPE(SCOPE(FILTER(SCOPE(TRYCATCH(fail())))))); -} - -RUNNER_TEST(id11_saved_filtred_rethrown_pass) -{ - EXPECT_EXCEPTION(false, SCOPE(FILTER(TRYCATCH(pass())))); -} diff --git a/tests/inner-test.cpp b/tests/inner-test.cpp deleted file mode 100644 index 052acfa2..00000000 --- a/tests/inner-test.cpp +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -int main (int argc, char *argv[]) -{ - int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); - return status; -}