From 57c6caf20481518c3855a4ef8e769b5f69333fec Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Wed, 22 Apr 2015 10:43:21 +0200 Subject: [PATCH] CKM: re-factoring tests after adding system-DB support. Change-Id: Ia94c7de6604b61e8fb9d5522527dcce3c1019157 --- src/ckm/async-api.cpp | 130 +++-- src/ckm/capi-access_control.cpp | 673 +++++++++++++++---------- src/ckm/capi-certificate-chains.cpp | 38 +- src/ckm/capi-testcases.cpp | 945 ++++++++++++++++-------------------- src/ckm/cc-mode.cpp | 30 +- src/ckm/ckm-common.cpp | 67 ++- src/ckm/ckm-common.h | 8 + src/ckm/main.cpp | 603 ++++++++++++----------- src/ckm/system-db.cpp | 2 +- src/ckm/test-certs.cpp | 28 +- src/ckm/test-certs.h | 2 +- src/common/tests_common.h | 6 +- 12 files changed, 1320 insertions(+), 1212 deletions(-) diff --git a/src/ckm/async-api.cpp b/src/ckm/async-api.cpp index 27284c4..d659ba9 100644 --- a/src/ckm/async-api.cpp +++ b/src/ckm/async-api.cpp @@ -41,6 +41,7 @@ #include #include #include +#include using namespace CKM; using namespace std; @@ -48,7 +49,11 @@ using namespace TestData; namespace { -const char* TEST_LABEL = "test_label"; +const char* TEST_LABEL = "test_label"; +const char* TEST_LABEL_2 = "test_label-2"; + +const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf"; + const CertificateShPtrVector EMPTY_CERT_VECTOR; const AliasVector EMPTY_ALIAS_VECTOR; @@ -321,18 +326,8 @@ RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API); RUNNER_TEST(TA0000_init) { - int temp; - ControlShPtr control = Control::create(); - - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)), - "Error=" << CKM::ErrorToString(temp)); - - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)), - "Error=" << ErrorToString(temp)); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)), - "Error=" << ErrorToString(temp)); + remove_user_data(0); + reset_user_data(APP_UID, TEST_PASS); } // saveKey @@ -1136,37 +1131,42 @@ RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param) RUNNER_TEST(TA1820_allow_access) { - DBCleanup dbc; - CharPtr top_label = get_label(); - test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy()); - test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy()); - test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy()); - test_positive(&ManagerAsync::setPermission, - dbc.alias("alias2"), - TEST_LABEL, - CKM::Permission::READ); - test_positive(&ManagerAsync::setPermission, - dbc.alias("alias3"), - TEST_LABEL, - CKM::Permission::READ | CKM::Permission::REMOVE); + // prepare: add data + std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1"); + std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2"); + std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3"); + GarbageCollector gc; + { + ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID); + gc.save(alias1.c_str(), TEST_DATA); + gc.save(alias2.c_str(), TEST_DATA); + gc.save(alias3.c_str(), TEST_DATA); + + test_positive(&ManagerAsync::setPermission, + alias2, + TEST_LABEL_2, + CKM::Permission::READ); + test_positive(&ManagerAsync::setPermission, + alias3, + TEST_LABEL_2, + CKM::Permission::READ | CKM::Permission::REMOVE); + } { - ScopedLabel label(TEST_LABEL); + ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID); - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), ""); - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias")); + test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, ""); + test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1); // test from allowed label, but without properly addressing alias (coming from default label) - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), ""); + test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", ""); // now test with appropriate addressing - std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2")); - test_positive(&ManagerAsync::getData, full_alias2_address, ""); - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address); + test_positive(&ManagerAsync::getData, alias2, ""); + test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2); - std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3")); - test_positive(&ManagerAsync::getData, full_alias3_address, ""); - test_positive(&ManagerAsync::removeAlias, full_alias3_address); + test_positive(&ManagerAsync::getData, alias3, ""); + test_positive(&ManagerAsync::removeAlias, alias3); } } @@ -1182,21 +1182,28 @@ RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param) RUNNER_TEST(TA1920_deny_access) { - DBCleanup dbc; - CharPtr top_label = get_label(); - test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy()); - test_positive(&ManagerAsync::setPermission, - dbc.alias("alias"), - TEST_LABEL, - CKM::Permission::READ | CKM::Permission::REMOVE); - test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE); + // prepare: add data + std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1"); + GarbageCollector gc; + { + ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID); + gc.save(alias1.c_str(), TEST_DATA); + + test_positive(&ManagerAsync::setPermission, + alias1, + TEST_LABEL_2, + CKM::Permission::READ | CKM::Permission::REMOVE); + test_positive(&ManagerAsync::setPermission, + alias1, + TEST_LABEL_2, + CKM::Permission::NONE); + } { - ScopedLabel label(TEST_LABEL); + ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID); - std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias")); - test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, ""); - test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address); + test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, ""); + test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1); } } @@ -1242,25 +1249,25 @@ RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs) CKM::Policy notExportable(CKM::Password(), false); test_positive(&ManagerAsync::savePKCS12, - alias_PKCS_exportable, + sharedDatabase(alias_PKCS_exportable).c_str(), pkcs, exportable, exportable); test_negative(&ManagerAsync::savePKCS12, CKM_API_ERROR_DB_ALIAS_EXISTS, - alias_PKCS_exportable, + sharedDatabase(alias_PKCS_exportable).c_str(), pkcs, exportable, exportable); test_positive(&ManagerAsync::savePKCS12, - alias_PKCS_not_exportable, + sharedDatabase(alias_PKCS_not_exportable).c_str(), pkcs, notExportable, notExportable); test_negative(&ManagerAsync::savePKCS12, CKM_API_ERROR_DB_ALIAS_EXISTS, - alias_PKCS_not_exportable, + sharedDatabase(alias_PKCS_not_exportable).c_str(), pkcs, notExportable, notExportable); @@ -1274,7 +1281,7 @@ RUNNER_TEST(TA2010_PKCS_get) // fail - no entry test_negative(&ManagerAsync::getPKCS12, CKM_API_ERROR_DB_ALIAS_UNKNOWN, - "i-do-not-exist", + sharedDatabase("i-do-not-exist").c_str(), CKM::Password(), CKM::Password()); @@ -1282,13 +1289,13 @@ RUNNER_TEST(TA2010_PKCS_get) // fail - not exportable test_negative(&ManagerAsync::getPKCS12, CKM_API_ERROR_NOT_EXPORTABLE, - dbc.alias(alias_PKCS_not_exportable.c_str()), + dbc.alias(sharedDatabase(alias_PKCS_not_exportable).c_str()), CKM::Password(), CKM::Password()); // success - exportable auto obs = test_positive(&ManagerAsync::getPKCS12, - dbc.alias(alias_PKCS_exportable.c_str()), + dbc.alias(sharedDatabase(alias_PKCS_exportable).c_str()), CKM::Password(), CKM::Password()); @@ -1310,15 +1317,6 @@ RUNNER_TEST(TA2010_PKCS_get) RUNNER_TEST(TA9999_deinit) { - int temp; - ControlShPtr control = Control::create(); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)), - "Error=" << ErrorToString(temp)); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)), - "Error=" << ErrorToString(temp)); - - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << ErrorToString(temp)); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << ErrorToString(temp)); + remove_user_data(0); + remove_user_data(APP_UID); } diff --git a/src/ckm/capi-access_control.cpp b/src/ckm/capi-access_control.cpp index 0e1625b..1312b4e 100644 --- a/src/ckm/capi-access_control.cpp +++ b/src/ckm/capi-access_control.cpp @@ -16,10 +16,18 @@ #include namespace { +const int USER_ROOT = 0; +const int APP_1 = 6000; +const int GROUP_1 = 6000; +const int APP_2 = 6200; +const int GROUP_2 = 6200; +const char * const APP_PASS_1 = "app-pass-1"; +const char * const APP_PASS_2 = "app-pass-2"; +const char* APP_LABEL_1 = "APP_LABEL_1"; +const char* APP_LABEL_2 = "APP_LABEL_2"; +const char* APP_LABEL_3 = "APP_LABEL_3"; +const char* APP_LABEL_4 = "APP_LABEL_4"; -const uid_t USER_ROOT = 0; -const char* APP_PASS = "user-pass"; -const char* ROOT_PASS = "test-pass"; const char* NO_ALIAS = "definitely-non-existent-alias"; const char* NO_OWNER = "definitely-non-existent-owner"; @@ -28,85 +36,58 @@ const char* TEST_ALIAS = "test-alias"; const char* TEST_ALIAS2 = "test-alias2"; const char* TEST_ALIAS3 = "test-alias3"; -const char* TEST_LABEL = "test-label"; -const char* TEST_LABEL2 = "test-label2"; -const char* TEST_LABEL3 = "test-label3"; -const char* TEST_LABEL4 = "test-label4"; - const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf"; - void allow_access_deprecated(const char* alias, const char* accessor, ckmc_access_right_e accessRights) { int ret = ckmc_allow_access(alias, accessor, accessRights); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } -void allow_access_deprecated_by_adm(const char* alias, const char* accessor, ckmc_access_right_e accessRights) +void allow_access_deprecated_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, ckmc_access_right_e accessRights) { // data removal should revoke this access - int ret = ckmc_allow_access_by_adm(USER_ROOT, get_label().get(), alias, accessor, accessRights); + int ret = ckmc_allow_access_by_adm(uid, label, alias, accessor, accessRights); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } -void allow_access_by_adm(const char* alias, const char* accessor, int permissionMask) +void allow_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor, int permissionMask) { // data removal should revoke this access - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, permissionMask); + int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, permissionMask); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Trying to allow access returned: " << CKMCErrorToString(ret)); } -void deny_access_by_adm(const char* alias, const char* accessor) +void deny_access_by_adm(uid_t uid, const char *label, const char* alias, const char* accessor) { - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), alias).c_str(), accessor, CKMC_PERMISSION_NONE); + int ret = ckmc_set_permission_by_adm(uid, aliasWithLabel(label, alias).c_str(), accessor, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Denying access failed. " << CKMCErrorToString(ret)); } -int count_aliases() -{ - ckmc_alias_list_s *aliasList = NULL; - int ret = ckmc_get_data_alias_list(&aliasList); - if (ret == CKMC_ERROR_DB_ALIAS_UNKNOWN) - return 0; - - RUNNER_ASSERT_MSG(ret == 0, "Failed to get the list of data aliases. " << CKMCErrorToString(ret)); - - ckmc_alias_list_s *plist = aliasList; - int count = 0; - while(plist) - { - plist = plist->next; - count++; - } - ckmc_alias_list_all_free(aliasList); - return count; -} - -void check_alias_count(int expected) +void check_alias_count(size_t expected) { - int count = count_aliases(); + size_t count = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG(count == expected, "Expected " << expected << " aliases, got " << count); } } // namespace anonymous -RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API); +RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_USER_C_API); ///////////////////////////////////////////////////////////////////////////// // Manager RUNNER_TEST(T3000_init) { - int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp)); + reset_user_data(APP_1, APP_PASS_1); + reset_user_data(APP_2, APP_PASS_2); } // invalid arguments check RUNNER_TEST(T3001_manager_allow_access_invalid) { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + RUNNER_ASSERT( CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_READ)); RUNNER_ASSERT( @@ -116,6 +97,8 @@ RUNNER_TEST(T3001_manager_allow_access_invalid) // invalid arguments check RUNNER_TEST(T3002_manager_deny_access_invalid) { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission(NULL, "accessor", CKMC_PERMISSION_NONE)); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ckmc_set_permission("alias", NULL, CKMC_PERMISSION_NONE)); } @@ -123,7 +106,7 @@ RUNNER_TEST(T3002_manager_deny_access_invalid) // tries to allow access for non existing alias RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing) { - switch_to_storage_user(TEST_LABEL); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, @@ -133,7 +116,7 @@ RUNNER_CHILD_TEST(T3003_manager_allow_access_non_existing) // tries to deny access for non existing alias RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing) { - switch_to_storage_user(TEST_LABEL); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); int ret = ckmc_set_permission(NO_ALIAS, "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, @@ -143,7 +126,7 @@ RUNNER_CHILD_TEST(T3004_manager_deny_access_non_existing) // tries to deny access that does not exist in database RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access) { - switch_to_storage_user(TEST_LABEL); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); @@ -156,7 +139,7 @@ RUNNER_CHILD_TEST(T3005_manager_deny_access_non_existing_access) // tries to allow access to application own data RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself) { - switch_to_storage_user(TEST_LABEL); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); @@ -169,7 +152,8 @@ RUNNER_CHILD_TEST(T3006_manager_allow_access_to_myself) // verifies that alias can not contain forbidden characters RUNNER_CHILD_TEST(T3007_manager_check_alias_valid) { - switch_to_storage_user(TEST_LABEL); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); std::string test_alias_playground = std::string("AAA BBB CCC"); @@ -177,48 +161,55 @@ RUNNER_CHILD_TEST(T3007_manager_check_alias_valid) // control: expect success check_read(TEST_ALIAS, 0, TEST_DATA); - check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA); + check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA); } // verifies that label can not contain forbidden characters RUNNER_CHILD_TEST(T3008_manager_check_label_valid) { - switch_to_storage_user(TEST_LABEL); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); // basic test - std::string test_label_playground = std::string("AAA BBB CCC"); - check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); + std::string APP_LABEL_1_playground = std::string("AAA BBB CCC"); + check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); // insert part of the separator in the middle - test_label_playground = std::string(TEST_LABEL); - test_label_playground.insert(test_label_playground.size()/2, ckmc_label_name_separator); - check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); + APP_LABEL_1_playground = std::string(APP_LABEL_1); + APP_LABEL_1_playground.insert(APP_LABEL_1_playground.size()/2, ckmc_label_name_separator); + check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); // prepend separator - test_label_playground = std::string(TEST_LABEL); - test_label_playground.insert(0, ckmc_label_name_separator); - check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); + APP_LABEL_1_playground = std::string(APP_LABEL_1); + APP_LABEL_1_playground.insert(0, ckmc_label_name_separator); + check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); // append separator - test_label_playground = std::string(TEST_LABEL); - test_label_playground.append(ckmc_label_name_separator); - check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); + APP_LABEL_1_playground = std::string(APP_LABEL_1); + APP_LABEL_1_playground.append(ckmc_label_name_separator); + check_read(TEST_ALIAS, APP_LABEL_1_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER); // control: expect success - check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA); + check_read(TEST_ALIAS, APP_LABEL_1, TEST_DATA); } + // tries to access other application data without permission RUNNER_TEST(T3020_manager_access_not_allowed) { - CharPtr top_label = get_label(); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); check_read_not_visible(TEST_ALIAS_adr.c_str()); check_remove_not_visible(TEST_ALIAS_adr.c_str()); } @@ -227,42 +218,54 @@ RUNNER_TEST(T3020_manager_access_not_allowed) // tries to access other application data with permission RUNNER_TEST(T3021_manager_access_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + // prepare: add data + GarbageCollector gc; { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); + } - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + // test accessibility from another label + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to read other application data with permission for read/remove RUNNER_TEST(T3022_manager_access_allowed_with_remove) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + // prepare: add data + GarbageCollector gc; { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + } - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + // test accessibility from another label + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to remove other application data with permission for reading only RUNNER_TEST(T3023_manager_access_allowed_remove_denied) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + // prepare: add data + GarbageCollector gc; { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); + } - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + // test accessibility from another label + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); check_remove_denied(TEST_ALIAS_adr.c_str()); check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); } @@ -271,14 +274,18 @@ RUNNER_TEST(T3023_manager_access_allowed_remove_denied) // tries to remove other application data with permission RUNNER_TEST(T3025_manager_remove_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + // prepare: add data + GarbageCollector gc; { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + } - check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + // test accessibility from another label + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); + check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); } } @@ -286,16 +293,22 @@ RUNNER_TEST(T3025_manager_remove_allowed) // rights RUNNER_TEST(T3026_manager_double_allow) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - // access should be overwritten - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + // access should be overwritten + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); + } + + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); check_remove_denied(TEST_ALIAS_adr.c_str()); check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); } @@ -304,22 +317,34 @@ RUNNER_TEST(T3026_manager_double_allow) // tries to access application data with permission and after permission has been revoked RUNNER_TEST(T3027_manager_allow_deny) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); + } - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); check_remove_denied(TEST_ALIAS_adr.c_str()); check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); } - deny_access(TEST_ALIAS, TEST_LABEL2); + // remove permission + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + + deny_access(TEST_ALIAS, APP_LABEL_2); + } + + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); check_remove_not_visible(TEST_ALIAS_adr.c_str()); check_read_not_visible(TEST_ALIAS_adr.c_str()); @@ -328,61 +353,75 @@ RUNNER_TEST(T3027_manager_allow_deny) RUNNER_TEST(T3028_manager_access_by_label) { - CharPtr top_label = get_label(); + // prepare: add data + GarbageCollector gc; const char *additional_data = "label-2-data"; - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); + } + + // add data as app 2 { - ScopedLabel sl(TEST_LABEL2); - ScopedSaveData ssd(TEST_ALIAS, additional_data); - allow_access(TEST_ALIAS, top_label.get(), CKMC_PERMISSION_READ); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); + save_data(TEST_ALIAS, additional_data); + + allow_access(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ); // test if accessing valid alias (of label2 domain) check_read_allowed(TEST_ALIAS, additional_data); - - // this has to be done here - in the scope, otherwise - // scope destructor will remove the TEST_LABEL2::TEST_ALIAS - { - ScopedLabel sl(top_label.get()); - - // test if can access label2 alias from label1 domain - should succeed - check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data); - } } - // test if accessing valid alias (of label1 domain) - check_read_allowed(TEST_ALIAS, TEST_DATA); + // test accessibility to app 2 from app 1 + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); - // access should not be possible - already left the LABEL2 scope, object should be removed - check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str()); + // test if can access label2 alias from label1 domain - should succeed + check_read_allowed(aliasWithLabel(APP_LABEL_2, TEST_ALIAS).c_str(), additional_data); + } } // tries to modify another label's permission RUNNER_TEST(T3029_manager_access_modification_by_foreign_label) { - ScopedLabel sl(TEST_LABEL); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - allow_access(TEST_ALIAS, TEST_LABEL3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + // prepare: add data + GarbageCollector gc; { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - allow_access_negative(aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED); - deny_access_negative (aliasWithLabel(TEST_LABEL, TEST_ALIAS).c_str(), TEST_LABEL4, CKMC_ERROR_PERMISSION_DENIED); + allow_access(TEST_ALIAS, APP_LABEL_3, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + } + + // test accessibility from another label + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); + + allow_access_negative(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE, CKMC_ERROR_PERMISSION_DENIED); + deny_access_negative (aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_4, CKMC_ERROR_PERMISSION_DENIED); } } // checks if only aliases readable by given app are returned RUNNER_TEST(T3030_manager_get_all_aliases) { - ScopedSaveData ssd1(TEST_ALIAS, TEST_DATA); - ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA); + // prepare: add data + GarbageCollector gc; + size_t count; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + gc.save(TEST_ALIAS2, TEST_DATA); - int count = count_aliases(); + count = count_aliases(ALIAS_DATA); + allow_access(TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); + } - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); // check that app can access other aliases when it has permission check_alias_count(count - 1); @@ -393,9 +432,15 @@ RUNNER_TEST(T3030_manager_get_all_aliases) check_alias_count(count - 1 + 1); } - deny_access(TEST_ALIAS, TEST_LABEL2); + // remove permission { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + deny_access(TEST_ALIAS, APP_LABEL_2); + } + + // test accessibility from another label + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); // check that app can't access other aliases for which permission has been revoked check_alias_count(count - 2); @@ -405,42 +450,60 @@ RUNNER_TEST(T3030_manager_get_all_aliases) // tries to access other application data with permission RUNNER_TEST(T3031_manager_deprecated_access_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); + } + + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to read other application data with permission for read/remove RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); + } + + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to remove other application data with permission for reading only RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + + allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); + } - allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); check_remove_denied(TEST_ALIAS_adr.c_str()); check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); } @@ -449,54 +512,81 @@ RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied) // tries to remove other application data with permission RUNNER_TEST(T3034_manager_deprecated_remove_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + + allow_access_deprecated(TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); + } - allow_access_deprecated(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + // test accessibility from another label { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); } } - ///////////////////////////////////////////////////////////////////////////// // Control +RUNNER_TEST_GROUP_INIT (T310_CKMC_ACCESS_CONTROL_ROOT_C_API); + +RUNNER_TEST(T3100_init) +{ + reset_user_data(APP_1, APP_PASS_1); + reset_user_data(APP_2, APP_PASS_2); +} + // invalid argument check RUNNER_TEST(T3101_control_allow_access_invalid) { + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } + int ret; - ret = ckmc_set_permission_by_adm(USER_ROOT, "alias", "accessor", CKMC_PERMISSION_READ); + ret = ckmc_set_permission_by_adm(APP_1, TEST_ALIAS, "accessor", CKMC_PERMISSION_READ); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); - ret = ckmc_set_permission_by_adm(USER_ROOT, "owner alias", NULL, CKMC_PERMISSION_READ); + ret = ckmc_set_permission_by_adm(APP_1, "owner alias", NULL, CKMC_PERMISSION_READ); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); // double owner std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS); - ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_READ); + ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_READ); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == ret); } // invalid argument check RUNNER_TEST(T3102_control_deny_access_invalid) { + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } + RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NULL, "alias").c_str(), "accessor", CKMC_PERMISSION_NONE)); + ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NULL, TEST_ALIAS).c_str(), "accessor", CKMC_PERMISSION_NONE)); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), NULL, CKMC_PERMISSION_NONE)); + ckmc_set_permission_by_adm(APP_1, aliasWithLabel("owner", TEST_ALIAS).c_str(), NULL, CKMC_PERMISSION_NONE)); // double owner std::string aliasLabel = aliasWithLabel(get_label().get(), TEST_ALIAS); RUNNER_ASSERT(CKMC_ERROR_INVALID_PARAMETER == - ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), TEST_LABEL, CKMC_PERMISSION_NONE)); + ckmc_set_permission_by_adm(APP_1, aliasWithLabel("another-owner", aliasLabel.c_str()).c_str(), APP_LABEL_1, CKMC_PERMISSION_NONE)); } // tries to allow access for non existing alias RUNNER_TEST(T3103_control_allow_access_non_existing) { - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ); + int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Allowing access for non existing alias returned " << CKMCErrorToString(ret)); } @@ -504,7 +594,7 @@ RUNNER_TEST(T3103_control_allow_access_non_existing) // tries to deny access for non existing alias RUNNER_TEST(T3104_control_deny_access_non_existing) { - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); + int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(NO_OWNER, NO_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, "Denying access for non existing alias returned " << CKMCErrorToString(ret)); } @@ -512,98 +602,129 @@ RUNNER_TEST(T3104_control_deny_access_non_existing) // tries to deny non existing access RUNNER_TEST(T3105_control_deny_access_non_existing_access) { - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - CharPtr label = get_label(); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - // deny non existing access to existing alias - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), "label", CKMC_PERMISSION_NONE); + int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Denying non existing access returned: " << CKMCErrorToString(ret)); + "Denying non existing access returned: " << CKMCErrorToString(ret)); } // tries to allow application to access its own data RUNNER_TEST(T3106_control_allow_access_to_myself) { - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); - CharPtr label = get_label(); - int ret = ckmc_set_permission(TEST_ALIAS, label.get(), CKMC_PERMISSION_READ); + // test + int ret = ckmc_set_permission(TEST_ALIAS, APP_LABEL_1, CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_INVALID_PARAMETER == ret, - "Trying to allow myself returned: " << CKMCErrorToString(ret)); + "Trying to allow myself returned: " << CKMCErrorToString(ret)); } // tries to use admin API as a user RUNNER_CHILD_TEST(T3110_control_allow_access_as_user) { - switch_to_storage_user(TEST_LABEL); - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_READ); + // prepare: add data + GarbageCollector gc; + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + + // test + int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ); RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, - "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); + "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); } // tries to use admin API as a user -RUNNER_CHILD_TEST(T3111_control_allow_access_as_user) +RUNNER_CHILD_TEST(T3111_control_deny_access_as_user) { - switch_to_storage_user(TEST_LABEL); - int ret = ckmc_set_permission_by_adm(USER_ROOT, aliasWithLabel("owner", "alias").c_str(), "accessor", CKMC_PERMISSION_NONE); + // prepare: add data + GarbageCollector gc; + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + + // test + int ret = ckmc_set_permission_by_adm(APP_1, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret, - "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); + "Ordinary user should not be able to use control API. Error " << CKMCErrorToString(ret)); } // tries to read other application data with permission RUNNER_TEST(T3121_control_access_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to read other application data with permission to read/remove RUNNER_TEST(T3122_control_access_allowed_with_remove) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to remove other application data with permission to read RUNNER_TEST(T3122_control_access_allowed_remove_denied) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); } } // tries to remove other application data with permission RUNNER_TEST(T3125_control_remove_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); } } @@ -611,16 +732,20 @@ RUNNER_TEST(T3125_control_remove_allowed) // rights RUNNER_TEST(T3126_control_double_allow) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } // access should be overwritten - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); check_remove_denied(TEST_ALIAS_adr.c_str()); check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); } @@ -629,22 +754,25 @@ RUNNER_TEST(T3126_control_double_allow) // tries to access other application data with permission and after permission has been revoked RUNNER_TEST(T3127_control_allow_deny) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + std::string TEST_ALIAS_adr = aliasWithLabel(APP_LABEL_1, TEST_ALIAS); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); check_remove_denied(TEST_ALIAS_adr.c_str()); check_read_allowed(TEST_ALIAS_adr.c_str(), TEST_DATA); } - CharPtr label = get_label(); - deny_access_by_adm(TEST_ALIAS, TEST_LABEL2); + + deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); check_remove_not_visible(TEST_ALIAS_adr.c_str()); check_read_not_visible(TEST_ALIAS_adr.c_str()); @@ -654,27 +782,33 @@ RUNNER_TEST(T3127_control_allow_deny) // checks if only aliases readable by given app are returned RUNNER_TEST(T3130_control_get_all_aliases) { - ScopedSaveData ssd1(TEST_ALIAS, TEST_DATA); - ScopedSaveData ssd2(TEST_ALIAS2, TEST_DATA); + // prepare: add data + GarbageCollector gc; + size_t count; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + gc.save(TEST_ALIAS2, TEST_DATA); - int count = count_aliases(); + count = count_aliases(ALIAS_DATA); + } - allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); + allow_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_PERMISSION_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); // check that app can access other aliases when it has permission check_alias_count(count - 1); - ScopedSaveData ssd3(TEST_ALIAS3, TEST_DATA); + ScopedSaveData ssd(TEST_ALIAS3, TEST_DATA); // check that app can access its own aliases check_alias_count(count - 1 + 1); } - deny_access_by_adm(TEST_ALIAS, TEST_LABEL2); + deny_access_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); // check that app can't access other aliases for which permission has been revoked check_alias_count(count - 2); @@ -684,86 +818,101 @@ RUNNER_TEST(T3130_control_get_all_aliases) // tries to add access to data in a database of invalid user RUNNER_TEST(T3140_control_allow_invalid_user) { - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - int ret = ckmc_set_permission_by_adm( - APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); + int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret)); + "Trying to allow access to invalid user returned: " << CKMCErrorToString(ret)); } // tries to revoke access to data in a database of invalid user RUNNER_TEST(T3141_control_deny_invalid_user) { - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - int ret = ckmc_set_permission_by_adm(APP_UID, aliasWithLabel(get_label().get(), TEST_ALIAS).c_str(), TEST_LABEL2, CKMC_PERMISSION_NONE); + int ret = ckmc_set_permission_by_adm(APP_2, aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), APP_LABEL_2, CKMC_PERMISSION_NONE); RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret, - "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret)); + "Trying to deny access to invalid user returned: " << CKMCErrorToString(ret)); } // tries to read other application data with permission RUNNER_TEST(T3142_control_deprecated_access_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to read other application data with permission to read/remove RUNNER_TEST(T3143_control_deprecated_access_allowed_with_remove) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str(), TEST_DATA); + check_read_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str(), TEST_DATA); } } // tries to remove other application data with permission to read RUNNER_TEST(T3144_control_deprecated_access_allowed_remove_denied) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); + // prepare: add data + GarbageCollector gc; + { + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); + } - allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ); + allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ); { - ScopedLabel sl(TEST_LABEL2); + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); - check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + check_remove_denied(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); } } // tries to remove other application data with permission RUNNER_TEST(T3145_control_deprecated_remove_allowed) { - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS, TEST_DATA); - - allow_access_deprecated_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE); + // prepare: add data + GarbageCollector gc; { - ScopedLabel sl(TEST_LABEL2); - - check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); + ScopedAccessProvider ap(APP_LABEL_1, APP_1, GROUP_1); + gc.save(TEST_ALIAS, TEST_DATA); } -} + allow_access_deprecated_by_adm(APP_1, APP_LABEL_1, TEST_ALIAS, APP_LABEL_2, CKMC_AR_READ_REMOVE); + { + ScopedAccessProvider ap(APP_LABEL_2, APP_1, GROUP_1); -RUNNER_TEST(T3999_deinit) -{ - int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(APP_UID)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_ROOT)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp)); + check_remove_allowed(aliasWithLabel(APP_LABEL_1, TEST_ALIAS).c_str()); + } } diff --git a/src/ckm/capi-certificate-chains.cpp b/src/ckm/capi-certificate-chains.cpp index 5050165..af97c92 100644 --- a/src/ckm/capi-certificate-chains.cpp +++ b/src/ckm/capi-certificate-chains.cpp @@ -37,8 +37,6 @@ namespace { -const char *CHAINS_PASSWD = "chains-pass"; - typedef std::unique_ptr CertPtr; typedef std::unique_ptr CertListPtr; typedef std::unique_ptr AliasListPtr; @@ -229,7 +227,7 @@ void ChainVerifier::addTrusted(TestData::certificateID idx) addCert(m_trustedCerts, cert); std::stringstream ss; - ss << "TRUSTED_CERT_ALIAS_" << size; + ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size; save_cert(cert, ss.str().c_str()); addAlias(m_trustedAliases, ss.str().c_str()); } @@ -242,7 +240,7 @@ void ChainVerifier::addUntrusted(TestData::certificateID idx) addCert(m_untrustedCerts, cert); std::stringstream ss; - ss << "UNTRUSTED_CERT_ALIAS_" << size; + ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size; save_cert(cert, ss.str().c_str()); addAlias(m_untrustedAliases, ss.str().c_str()); } @@ -353,13 +351,13 @@ RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS); RUNNER_TEST(TCCH_0000_init) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); } // old API RUNNER_TEST(TCCH_0010_get_chain_old_api) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier cv; cv.verifyNegative(TestData::GOOGLE_COM); @@ -372,7 +370,7 @@ RUNNER_TEST(TCCH_0010_get_chain_old_api) // old API RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier cv; cv.verifyPositive(TestData::GIAG2, 2); // including system cert @@ -381,7 +379,7 @@ RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only) // check invalid arguments RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ckmc_cert_s* ca2 = create_cert(TestData::GIAG2); ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST); @@ -407,8 +405,8 @@ RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param) // alias ca1 = create_cert(TestData::GEOTRUST); - save_cert(ca1, "GEOTRUST"); - AliasListPtr untrusted_a = create_alias_list("GEOTRUST", NULL); + save_cert(ca1, sharedDatabase("GEOTRUST").c_str()); + AliasListPtr untrusted_a = create_alias_list(sharedDatabase("GEOTRUST").c_str(), NULL); assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias, NULL_CERT, @@ -430,12 +428,12 @@ RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param) // check invalid arguments RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ckmc_cert_s* ca2 = create_cert(TestData::GIAG2); ckmc_cert_list_s* chain = NULL; - AliasListPtr non_existing = create_alias_list("NON_EXISTING_ALIAS", NULL); + AliasListPtr non_existing = create_alias_list(sharedDatabase("NON_EXISTING_ALIAS").c_str(), NULL); assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, ckmc_get_cert_chain_with_trustedcert_alias, ca2, @@ -460,7 +458,7 @@ RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown) */ RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.enableSystem(false); @@ -476,7 +474,7 @@ RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative) */ RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.enableSystem(false); @@ -490,7 +488,7 @@ RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only) */ RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.verifyPositive(TestData::GIAG2, 2); // including system cert @@ -502,7 +500,7 @@ RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only) */ RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.addTrusted(TestData::TEST_ROOT_CA); @@ -513,7 +511,7 @@ RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted) RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.addUntrusted(TestData::GIAG2); @@ -526,7 +524,7 @@ RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted) */ RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.enableSystem(false); @@ -541,7 +539,7 @@ RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system) */ RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.enableSystem(false); @@ -553,7 +551,7 @@ RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted) RUNNER_TEST(TCCH_0200_get_certificate_chain_all) { - reset_user_data(0, CHAINS_PASSWD); + remove_user_data(0); ChainVerifier<> cv; cv.enableSystem(true); diff --git a/src/ckm/capi-testcases.cpp b/src/ckm/capi-testcases.cpp index 269e7d6..8961ba6 100644 --- a/src/ckm/capi-testcases.cpp +++ b/src/ckm/capi-testcases.cpp @@ -23,82 +23,53 @@ #include #include -static const int USER_APP = 5000; -static const int GROUP_APP = 5000; - namespace { - -typedef enum { - ALIAS_KEY, - ALIAS_CERT, - ALIAS_DATA -} alias_type_; - +const int USER_APP = 5000; +const int GROUP_APP = 5000; const char* USER_PASS = "user-pass"; +const char* TEST_LABEL = "test_label"; +const char* TEST_SYSTEM_ALIAS = "system-alias-1"; +const char* TEST_DATA = "ABCD"; +} // namespace anonymous -int count_aliases(alias_type_ type, int minimum_initial_element_count = 0) -{ - ckmc_alias_list_s *aliasList = NULL; - int ec; - switch(type) - { - case ALIAS_KEY: - ec = ckmc_get_key_alias_list(&aliasList); - break; - case ALIAS_CERT: - ec = ckmc_get_cert_alias_list(&aliasList); - break; +RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API); - case ALIAS_DATA: - ec = ckmc_get_data_alias_list(&aliasList); - break; - } - if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN) - return 0; - else if(ec==0) - { - ckmc_alias_list_s *plist = aliasList; - int return_count = 0; - while(plist) - { - plist = plist->next; - return_count ++; - } - ckmc_alias_list_all_free(aliasList); +RUNNER_TEST(T3010_Control_C_API_service_unlock_DB) +{ + int temp; - RUNNER_ASSERT_MSG( - return_count >= minimum_initial_element_count, - "Error: alias list failed, current element count: " << return_count << - " while expected minimal count of " << minimum_initial_element_count << - " elements"); + RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")), + CKMCReadableError(temp)); - return return_count; - } - else - { - // error - fail - RUNNER_ASSERT_MSG( - ec >= 0, - "Error: alias list failed, ec: " << CKMCErrorToString(ec)); - } + RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")), + CKMCReadableError(temp)); - return ec; + remove_user_data(5000); + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")), + CKMCReadableError(temp)); } -} // namespace anonymous - - -RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API); - RUNNER_TEST(T3011_Control_C_API) { int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), CKMCReadableError(temp)); } @@ -106,9 +77,9 @@ RUNNER_TEST(T3012_Control_C_API) { int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); } @@ -116,21 +87,21 @@ RUNNER_TEST(T3013_Control_C_API) { int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), CKMCReadableError(temp)); } RUNNER_TEST(T3014_Control_C_API) { int temp; - const uid_t UNIQUE_USER = 15; - - // clean up environment - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)), - CKMCReadableError(temp)); - // unlock with default password - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)), - CKMCReadableError(temp)); + const uid_t UNIQUE_USER = 6500; + + // clean up environment + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)), + CKMCReadableError(temp)); + // unlock with empty password + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)), + CKMCReadableError(temp)); // reset password (NULL, "simple-password") RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")), CKMCReadableError(temp)); @@ -143,9 +114,9 @@ RUNNER_TEST(T3014_Control_C_API) // try to reset password when db locked RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")), CKMCReadableError(temp)); - // clean up environment - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)), - CKMCReadableError(temp)); + // clean up environment + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)), + CKMCReadableError(temp)); } RUNNER_TEST(T3015_Control_C_API) @@ -153,14 +124,14 @@ RUNNER_TEST(T3015_Control_C_API) int temp; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(20, "test-pass")), + CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_change_user_password(20, "test-pass", "new-pass")), + CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")), CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), CKMCReadableError(temp)); } @@ -169,17 +140,28 @@ RUNNER_TEST(T3016_Control_C_API) int temp; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), + CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(20)), + CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), CKMCReadableError(temp)); +} + +RUNNER_TEST(T3017_Control_C_API_remove_system_DB) +{ + save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA); + + // [test] - expect success + check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA); + + // remove user data - expect to map to the system DB + int temp; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(20)), + CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)), CKMCReadableError(temp)); + + // [test] - expect fail + check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN); } RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API); @@ -188,9 +170,7 @@ RUNNER_TEST(T3021_init_C_API) { int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), CKMCReadableError(temp)); @@ -204,7 +184,7 @@ RUNNER_TEST(T3022_key_C_API) ckmc_policy_s test_policy; char* password = NULL; - const char *alias = "mykey"; + CKM::Alias alias = sharedDatabase("mykey"); std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" @@ -230,11 +210,11 @@ RUNNER_TEST(T3022_key_C_API) test_key2 = &test_key; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)), + CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)), CKMCReadableError(temp)); } @@ -248,7 +228,7 @@ RUNNER_TEST(T3023_certificate_C_API) ckmc_cert_s *cert2; ckmc_cert_s cert; - const char *alias = "test-cert-1-RSA"; + CKM::Alias alias = sharedDatabase("test-cert-1-RSA"); ckmc_policy_s test_policy; test_policy.password = password; @@ -261,11 +241,11 @@ RUNNER_TEST(T3023_certificate_C_API) cert.data_format = CKMC_FORM_PEM; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)), + CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), CKMCReadableError(temp)); ckmc_cert_free(cert2); @@ -277,19 +257,19 @@ RUNNER_TEST(T3024_certificate_remove_C_API) char* password = NULL; ckmc_cert_s *cert2; - const char *alias = "test-cert-1-RSA"; + CKM::Alias alias = sharedDatabase("test-cert-1-RSA"); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)), + CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), CKMCReadableError(temp)); ckmc_cert_free(cert2); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias)), + CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias, password, &cert2)), + CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), CKMCReadableError(temp)); } @@ -312,23 +292,24 @@ RUNNER_TEST(T3025_certificate_list_C_API) cert.cert_size = certPem.length(); cert.data_format = CKMC_FORM_PEM; - int current_aliases_num = count_aliases(ALIAS_CERT); + size_t current_aliases_num = count_aliases(ALIAS_CERT); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_CERT); RUNNER_ASSERT_MSG( - (current_aliases_num+3) == (temp = count_aliases(ALIAS_CERT)), - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp); + (current_aliases_num+3) == actual_cnt, + "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); } @@ -444,13 +425,13 @@ RUNNER_TEST(T3028_certificate_with_DSA_key_C_API) cert.cert_size = certPem.length(); cert.data_format = CKMC_FORM_PEM; - const char *alias = "test-cert-1-DSA"; + CKM::Alias alias = sharedDatabase("test-cert-1-DSA"); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias, cert, test_policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias, password, &cert2)), + CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)), CKMCReadableError(temp)); ckmc_cert_free(cert2); @@ -460,10 +441,7 @@ RUNNER_TEST(T3029_deinit_C_API) { int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); @@ -479,9 +457,7 @@ RUNNER_TEST(T3031_init_C_API) { int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), CKMCReadableError(temp)); @@ -522,23 +498,24 @@ RUNNER_TEST(T3032_save_keys_get_alias_C_API) test_policy3.password = password; test_policy3.extractable = 0; - int current_aliases_num = count_aliases(ALIAS_KEY); + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( - (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)), - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp); + (current_aliases_num+3) == actual_cnt, + "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); } @@ -550,15 +527,15 @@ RUNNER_TEST(T3033_remove_key_C_API) ckmc_key_s *test_key2; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)), + CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")), + CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)), + CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)), CKMCReadableError(temp)); } @@ -566,10 +543,7 @@ RUNNER_TEST(T3034_deinit_C_API) { int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); @@ -583,9 +557,7 @@ RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API); RUNNER_TEST(T3041_init_C_API) { int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")), CKMCReadableError(temp)); @@ -623,31 +595,32 @@ RUNNER_TEST(T3042_save_get_bin_data_C_API) test_policy3.password = password; test_policy3.extractable = 0; - int current_aliases_num = count_aliases(ALIAS_DATA); + size_t current_aliases_num = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value + CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value + CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)), + CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)), + CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( - (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)), - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp); + (current_aliases_num+3) == actual_cnt, + "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); ckmc_raw_buffer_s *testData4; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)), + CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)), CKMCReadableError(temp)); int compareResult; @@ -681,7 +654,7 @@ RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API) std::string binData = "My bin data"; - int current_aliases_num = count_aliases(ALIAS_DATA); + size_t current_aliases_num = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)), @@ -693,27 +666,29 @@ RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API) CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( - (current_aliases_num+3) == (temp = count_aliases(ALIAS_DATA)), - "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp); + (current_aliases_num+3) == actual_cnt, + "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt); } RUNNER_TEST(T3044_remove_bin_data_C_API) { int temp; - int current_aliases_num = count_aliases(ALIAS_DATA, 2); + size_t current_aliases_num = count_aliases(ALIAS_DATA, 2); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")), + CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")), + CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( - (current_aliases_num-2) == (temp = count_aliases(ALIAS_DATA)), - "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << temp); + (current_aliases_num-2) == actual_cnt, + "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt); char* password = NULL; @@ -727,7 +702,7 @@ RUNNER_TEST(T3044_remove_bin_data_C_API) CKM::RawBuffer buffer; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)), + CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)), CKMCReadableError(temp)); int compareResult; @@ -736,7 +711,7 @@ RUNNER_TEST(T3044_remove_bin_data_C_API) "Data corrupted"); RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)), + CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)), CKMCReadableError(temp)); } @@ -744,12 +719,7 @@ RUNNER_TEST(T3045_deinit_C_API) { int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); @@ -794,15 +764,16 @@ RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key) policy_public_key.extractable = 1; - int current_aliases_num = count_aliases(ALIAS_KEY); + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( - (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)), - "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp); + (current_aliases_num+2) == actual_cnt, + "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt); ckmc_key_s *privateKey; RUNNER_ASSERT_MSG( @@ -852,15 +823,16 @@ RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key) policy_public_key.password = NULL; policy_public_key.extractable = 1; - int current_aliases_num = count_aliases(ALIAS_KEY); + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), CKMCReadableError(temp)); + size_t actual_cnt = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( - (current_aliases_num+2) == (temp = count_aliases(ALIAS_KEY)), - "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp); + (current_aliases_num+2) == actual_cnt, + "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt); ckmc_key_s *privateKey = 0; RUNNER_ASSERT_MSG( @@ -910,19 +882,8 @@ RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair); RUNNER_TEST(T3061_CAPI_init) { - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), - CKMCReadableError(temp)); + remove_user_data(0); + reset_user_data(USER_APP, USER_PASS); } RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA) @@ -930,8 +891,8 @@ RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA) int temp; size_t size = 1024; - const char *private_key_alias = "rsa-test-1"; - const char *public_key_alias = "rsa-test-2"; + CKM::Alias private_key_alias = sharedDatabase("rsa-test-1"); + CKM::Alias public_key_alias = sharedDatabase("rsa-test-2"); ckmc_policy_s policy_private_key; ckmc_policy_s policy_public_key; @@ -942,12 +903,12 @@ RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA) policy_public_key.extractable = 1; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), + CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), CKMCReadableError(temp)); // on next attempt to generate keys with the same alias, expect fail (alias exists) RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), + CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), CKMCReadableError(temp)); } @@ -956,8 +917,8 @@ RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA) int temp; size_t size = 1024; - const char *private_key_alias = "dsa-test-1"; - const char *public_key_alias = "dsa-test-2"; + CKM::Alias private_key_alias = sharedDatabase("dsa-test-1"); + CKM::Alias public_key_alias = sharedDatabase("dsa-test-2"); ckmc_policy_s policy_private_key; ckmc_policy_s policy_public_key; @@ -968,7 +929,7 @@ RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA) policy_public_key.extractable = 1; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), + CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), CKMCReadableError(temp)); } @@ -977,8 +938,8 @@ RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA) int temp; ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1; - const char *private_key_alias = "ecdsa-test-1"; - const char *public_key_alias = "ecdsa-test-2"; + CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1"); + CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2"); ckmc_policy_s policy_private_key; ckmc_policy_s policy_public_key; @@ -989,20 +950,13 @@ RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA) policy_public_key.extractable = 1; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias, public_key_alias, policy_private_key, policy_public_key)), + CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)), CKMCReadableError(temp)); } RUNNER_TEST(T3065_CAPI_deinit) { - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); } // TODO @@ -1014,16 +968,13 @@ RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS); RUNNER_TEST(T3071_CAPI_init) { - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")), - CKMCReadableError(temp)); + remove_user_data(0); } RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check) { - std::string ee = TestData::getTestCertificateBase64(TestData::MBANK); - std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC); + std::string ee = TestData::getTestCertificateBase64(TestData::MBANK); + std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC); ckmc_cert_s c_cert; c_cert.raw_cert = reinterpret_cast(const_cast(ee.c_str())); @@ -1041,27 +992,20 @@ RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check) ckmc_cert_list_s *cert_chain_list; - int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list); + int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp)); RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain."); - ckmc_ocsp_status_e ocsp_status; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast(ocsp_status)); + ckmc_ocsp_status_e ocsp_status; + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp)); + RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast(ocsp_status)); } RUNNER_TEST(T3075_CAPI_deinit) { - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); } @@ -1079,13 +1023,7 @@ RUNNER_TEST(T3081_CAPI__init) CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")), - CKMCReadableError(temp)); + remove_user_data(0); } RUNNER_TEST(T3082_CAPI__rsa_key_create_verify) @@ -1135,8 +1073,8 @@ RUNNER_TEST(T3082_CAPI__rsa_key_create_verify) ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - const char *pub_alias = "pub1"; - const char *pri_alias = "prv1"; + CKM::Alias pub_alias = sharedDatabase("pub1"); + CKM::Alias pri_alias = sharedDatabase("prv1"); const char *key_passwd = "1234"; char *pri_passwd = NULL; char *pub_passwd = NULL; @@ -1166,16 +1104,16 @@ RUNNER_TEST(T3082_CAPI__rsa_key_create_verify) RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1185,7 +1123,7 @@ RUNNER_TEST(T3082_CAPI__rsa_key_create_verify) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1199,8 +1137,8 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative) int temp; ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test"); - const char *pub_alias = "pub1"; - const char *pri_alias = "prv1"; + CKM::Alias pub_alias = sharedDatabase("pub1"); + CKM::Alias pri_alias = sharedDatabase("prv1"); char *pri_passwd = NULL; char *pub_passwd = NULL; ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; @@ -1209,7 +1147,7 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1219,7 +1157,7 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1232,7 +1170,7 @@ RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative) RUNNER_ASSERT_MSG( CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1257,8 +1195,8 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify) "-----END PUBLIC KEY-----\n"; ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - const char *pri_alias = "ecprv2"; - const char *pub_alias = "ecpub2"; + CKM::Alias pri_alias = sharedDatabase("ecprv2"); + CKM::Alias pub_alias = sharedDatabase("ecpub2"); char *key_passwd = NULL; char *pri_passwd = NULL; char *pub_passwd = NULL; @@ -1287,15 +1225,15 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify) pripolicy.extractable = 0; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1305,7 +1243,7 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1318,7 +1256,7 @@ RUNNER_TEST(T3084_CAPI__ec_key_create_verify) RUNNER_ASSERT_MSG( CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1368,8 +1306,8 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature) ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - const char *pri_alias = "prv3"; - const char *pub_alias = "pub3"; + CKM::Alias pri_alias = sharedDatabase("prv3"); + CKM::Alias pub_alias = sharedDatabase("pub3"); char *key_passwd = NULL; char *pri_passwd = NULL; char *pub_passwd = NULL; @@ -1397,16 +1335,16 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature) pripolicy.extractable = 0; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1416,7 +1354,7 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1429,7 +1367,7 @@ RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature) RUNNER_ASSERT_MSG( CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1470,8 +1408,8 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative) ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - const char *pub_alias = "dsa-pub1"; - const char *pri_alias = "dsa-prv1"; + CKM::Alias pub_alias = sharedDatabase("dsa-pub1"); + CKM::Alias pri_alias = sharedDatabase("dsa-prv1"); char *pri_passwd = NULL; char *pub_passwd = NULL; ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; @@ -1500,16 +1438,16 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative) RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias, pubkey, pubpolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1520,7 +1458,7 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative) // positive test RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1532,7 +1470,7 @@ RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative) ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test"); RUNNER_ASSERT_MSG( CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, invalid_msg_buff, *signature, @@ -1559,11 +1497,11 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative) ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - const char *pub_alias = "dsa-pub2"; - const char *pri_alias = "dsa-prv2"; + CKM::Alias pub_alias = sharedDatabase("dsa-pub2"); + CKM::Alias pri_alias = sharedDatabase("dsa-prv2"); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias, pub_alias, policy_private_key, policy_public_key)), + CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)), "Error=" << temp); char *pri_passwd = NULL; @@ -1575,16 +1513,16 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative) ckmc_key_s *pubkey = NULL; ckmc_key_s *prikey = NULL; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias, 0, &prikey)), + CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias, 0, &pubkey)), + CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1595,7 +1533,7 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative) // positive test RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1607,7 +1545,7 @@ RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative) ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test"); RUNNER_ASSERT_MSG( CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, invalid_msg_buff, *signature, @@ -1654,8 +1592,8 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature) ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - const char *pri_alias = "prv4"; - const char *pub_alias = "pub4"; + CKM::Alias pri_alias = sharedDatabase("prv4"); + CKM::Alias pub_alias = sharedDatabase("pub4"); char *key_passwd = NULL; char *pri_passwd = NULL; char *pub_passwd = NULL; @@ -1684,15 +1622,15 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature) RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias, cert, certpolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias, prikey, pripolicy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_create_signature( - pri_alias, + pri_alias.c_str(), pri_passwd, msg_buff, hash_algo, @@ -1702,7 +1640,7 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1715,7 +1653,7 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature) RUNNER_ASSERT_MSG( CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature( - pub_alias, + pub_alias.c_str(), pub_passwd, msg_buff, *signature, @@ -1726,14 +1664,7 @@ RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature) RUNNER_TEST(T3089_CAPI__deinit) { - int temp; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); } @@ -1767,19 +1698,8 @@ RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES); RUNNER_TEST(T3091_CAPI_TYPE_init) { - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "test-pass")), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), - CKMCReadableError(temp)); + remove_user_data(0); + reset_user_data(USER_APP, USER_PASS); } RUNNER_TEST(T3092_CAPI_TYPE_KEY) @@ -1846,7 +1766,7 @@ RUNNER_TEST(T3093_CAPI_TYPE_BUFFER) RUNNER_TEST(T3094_CAPI_TYPE_CERT) { - std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2); + std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2); unsigned char *raw_cert = const_cast(reinterpret_cast(certPem.c_str())); unsigned int size = certPem.size(); @@ -1877,7 +1797,7 @@ RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file) { int ret; - std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK); + std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK); const char *file_name = "/tmp/ckmc_test_cert.pem"; remove(file_name); @@ -1891,18 +1811,18 @@ RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)), - CKMCReadableError(ret)); + CKMCReadableError(ret)); RUNNER_ASSERT_MSG( pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file."); - const char *lcert_alias = "lcert_alias"; + CKM::Alias lcert_alias = sharedDatabase("lcert_alias"); ckmc_policy_s policy; policy.password = NULL; policy.extractable = 1; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias, *pcert, policy)), + CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)), CKMCReadableError(ret)); remove(file_name); @@ -1931,16 +1851,16 @@ RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) { policy.extractable = 1; - const char *pkey_alias = "pkey_alias"; + CKM::Alias pkey_alias = sharedDatabase("pkey_alias"); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *private_key, policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)), CKMCReadableError(temp)); - const char *cert_alias = "cert_alias"; + CKM::Alias cert_alias = sharedDatabase("cert_alias"); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *cert, policy)), + CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)), CKMCReadableError(temp)); - std::string caCertAlias = "ca_cert_alias_"; + std::string caCertAlias = sharedDatabase("ca_cert_alias_"); const char *idx = "0"; int cnt = 0; ckmc_cert_list_s *tmpList = ca_cert_list; @@ -1961,65 +1881,60 @@ RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) { } RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) { - const char *p12file = "/usr/share/ckm-test/capi-t3096.p12"; - const char *password = "password"; + const char *p12file = "/usr/share/ckm-test/capi-t3096.p12"; + const char *password = "password"; - int temp; + int temp; - ckmc_pkcs12_s *ppkcs12 = NULL; + ckmc_pkcs12_s *ppkcs12 = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key"); - RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert"); - RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list"); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key"); + RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert"); + RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list"); - ckmc_policy_s policy; - policy.password = NULL; - policy.extractable = 1; + ckmc_policy_s policy; + policy.password = NULL; + policy.extractable = 1; - const char *pkey_alias = "pkey_alias2"; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)), - CKMCReadableError(temp)); + CKM::Alias pkey_alias = sharedDatabase("pkey_alias2"); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)), + CKMCReadableError(temp)); - const char *cert_alias = "cert_alias2"; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)), - CKMCReadableError(temp)); - std::string caCertAlias = "ca_cert_alias_2_"; - const char *idx = "0"; - int cnt = 0; - ckmc_cert_list_s *tmpList = ppkcs12->ca_chain; - while(tmpList != NULL) { - caCertAlias.append(idx); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)), - CKMCReadableError(temp)); - tmpList = tmpList->next; - cnt ++; - } + CKM::Alias cert_alias = sharedDatabase("cert_alias2"); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)), + CKMCReadableError(temp)); + std::string caCertAlias = sharedDatabase("ca_cert_alias_2_"); + const char *idx = "0"; + int cnt = 0; + ckmc_cert_list_s *tmpList = ppkcs12->ca_chain; + while(tmpList != NULL) { + caCertAlias.append(idx); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)), + CKMCReadableError(temp)); + tmpList = tmpList->next; + cnt ++; + } - RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count"); + RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count"); - ckmc_pkcs12_free(ppkcs12); + ckmc_pkcs12_free(ppkcs12); } RUNNER_TEST(T3098_CAPI_TYPE_deinit) { int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), CKMCReadableError(temp)); } @@ -2028,202 +1943,192 @@ RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12); namespace { -const char* alias_PKCS_exportable = "CAPI-test-PKCS-export"; -const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export"; +CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export"); +CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export"); } RUNNER_TEST(T3101_CAPI_PKCS12_init) { - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")), - CKMCReadableError(temp)); + remove_user_data(0); } RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password) { - const char *wrong_passwd = "wrong"; - ckmc_pkcs12_s *ppkcs12 = NULL; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)), - CKMCReadableError(temp)); + const char *wrong_passwd = "wrong"; + ckmc_pkcs12_s *ppkcs12 = NULL; + int temp; + RUNNER_ASSERT_MSG( + CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)), + CKMCReadableError(temp)); } RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) { - ckmc_pkcs12_s *ppkcs12 = NULL; - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12"); - RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12"); - RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12"); - - // save to the CKM - ckmc_policy_s exportable; - exportable.password = NULL; - exportable.extractable = 1; - ckmc_policy_s notExportable; - notExportable.password = NULL; - notExportable.extractable = 0; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)), - CKMCReadableError(temp)); - - // try to lookup key - ckmc_key_s *key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)), - CKMCReadableError(temp)); - ckmc_key_free(key_lookup); - key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)), - CKMCReadableError(temp)); - ckmc_key_free(key_lookup); - - // try to lookup certificate - ckmc_cert_s *cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)), - CKMCReadableError(temp)); - ckmc_cert_free(cert_lookup); - cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)), - CKMCReadableError(temp)); - ckmc_cert_free(cert_lookup); + ckmc_pkcs12_s *ppkcs12 = NULL; + int temp; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)), + CKMCReadableError(temp)); + + RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12"); + RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12"); + RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12"); + + // save to the CKM + ckmc_policy_s exportable; + exportable.password = NULL; + exportable.extractable = 1; + ckmc_policy_s notExportable; + notExportable.password = NULL; + notExportable.extractable = 0; + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)), + CKMCReadableError(temp)); + + // try to lookup key + ckmc_key_s *key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)), + CKMCReadableError(temp)); + ckmc_key_free(key_lookup); + key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)), + CKMCReadableError(temp)); + ckmc_key_free(key_lookup); + + // try to lookup certificate + ckmc_cert_s *cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)), + CKMCReadableError(temp)); + ckmc_cert_free(cert_lookup); + cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)), + CKMCReadableError(temp)); + ckmc_cert_free(cert_lookup); } RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS) { - int temp; - ckmc_pkcs12_s *pkcs = NULL; - - // fail - no entry - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)), - CKMCReadableError(temp)); - ckmc_pkcs12_free(pkcs); - pkcs = NULL; - - // fail - not exportable - RUNNER_ASSERT_MSG( - CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, NULL, NULL, &pkcs)), - CKMCReadableError(temp)); - ckmc_pkcs12_free(pkcs); - pkcs = NULL; - - // success - exportable - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, NULL, NULL, &pkcs)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12"); - RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12"); - RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12"); - size_t cntr = 0; - ckmc_cert_list_s *iter = pkcs->ca_chain; - do { - cntr ++; - iter = iter->next; - } while(iter); - RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12"); - - ckmc_pkcs12_free(pkcs); + int temp; + ckmc_pkcs12_s *pkcs = NULL; + + // fail - no entry + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)), + CKMCReadableError(temp)); + ckmc_pkcs12_free(pkcs); + pkcs = NULL; + + // fail - not exportable + RUNNER_ASSERT_MSG( + CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)), + CKMCReadableError(temp)); + ckmc_pkcs12_free(pkcs); + pkcs = NULL; + + // success - exportable + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)), + CKMCReadableError(temp)); + + RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12"); + RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12"); + RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12"); + size_t cntr = 0; + ckmc_cert_list_s *iter = pkcs->ca_chain; + do { + cntr ++; + iter = iter->next; + } while(iter); + RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12"); + + ckmc_pkcs12_free(pkcs); } RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature) { - ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); - - int temp; - ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; - ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; - ckmc_raw_buffer_s *signature = NULL; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_create_signature( - alias_PKCS_exportable, - NULL, - msg_buff, - hash_algo, - pad_algo, - &signature)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_verify_signature( - alias_PKCS_exportable, - NULL, - msg_buff, - *signature, - hash_algo, - pad_algo)), - CKMCReadableError(temp)); + ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); + + int temp; + ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; + ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; + ckmc_raw_buffer_s *signature = NULL; + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_create_signature( + alias_PKCS_exportable.c_str(), + NULL, + msg_buff, + hash_algo, + pad_algo, + &signature)), + CKMCReadableError(temp)); + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_verify_signature( + alias_PKCS_exportable.c_str(), + NULL, + msg_buff, + *signature, + hash_algo, + pad_algo)), + CKMCReadableError(temp)); } RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs) { - int tmp; - - // remove the whole PKCS12 bundles - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)), - CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)), - CKMCReadableError(tmp)); - - // expect lookup fails due to unknown alias - // try to lookup key - ckmc_key_s *key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)), - CKMCReadableError(tmp)); - ckmc_key_free(key_lookup); - key_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)), - CKMCReadableError(tmp)); - ckmc_key_free(key_lookup); - - // try to lookup certificate - ckmc_cert_s *cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)), - CKMCReadableError(tmp)); - ckmc_cert_free(cert_lookup); - cert_lookup = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)), - CKMCReadableError(tmp)); - ckmc_cert_free(cert_lookup); + int tmp; + + // remove the whole PKCS12 bundles + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())), + CKMCReadableError(tmp)); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())), + CKMCReadableError(tmp)); + + // expect lookup fails due to unknown alias + // try to lookup key + ckmc_key_s *key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)), + CKMCReadableError(tmp)); + ckmc_key_free(key_lookup); + key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)), + CKMCReadableError(tmp)); + ckmc_key_free(key_lookup); + + // try to lookup certificate + ckmc_cert_s *cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)), + CKMCReadableError(tmp)); + ckmc_cert_free(cert_lookup); + cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)), + CKMCReadableError(tmp)); + ckmc_cert_free(cert_lookup); } RUNNER_TEST(T3109_CAPI_PKCS12_deinit) { - int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(0); } @@ -2231,24 +2136,23 @@ RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE); RUNNER_TEST(T3201_CAPI_unlock_database) { - int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "simple-password")), - CKMCReadableError(temp)); + reset_user_data(USER_APP, USER_PASS); } RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database) { + ScopedAccessProvider ap(TEST_LABEL); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, USER_PASS); + int temp; - char alias[10] = "mykey"; + CKM::Alias alias = "mykey"; char *password = NULL; ckmc_key_s *test_key = NULL; RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias, password, &test_key)), + CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)), "Error=" << temp); RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed"); @@ -2256,20 +2160,29 @@ RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database) RUNNER_CHILD_TEST(T3203_CAPI_lock_database) { + ScopedAccessProvider ap(TEST_LABEL); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, USER_PASS); + int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(temp)); } RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database) { + ScopedAccessProvider ap(TEST_LABEL); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + int temp; - char alias[10] = "mykey"; + CKM::Alias alias = "mykey"; char *password = NULL; ckmc_key_s *test_key = NULL; RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key)), + CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed"); @@ -2277,8 +2190,6 @@ RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database) RUNNER_TEST(T3204_deinit) { - int temp; - RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), - CKMCReadableError(temp)); + remove_user_data(USER_APP); } diff --git a/src/ckm/cc-mode.cpp b/src/ckm/cc-mode.cpp index 5ec08d0..421b998 100644 --- a/src/ckm/cc-mode.cpp +++ b/src/ckm/cc-mode.cpp @@ -57,8 +57,6 @@ const char* const UNSET = "Unset"; // Meaningless value for unset. const char* const USER_LABEL = "User"; const char* const CKM_LOCK = "/var/run/key-manager.pid"; -const char* const CC_PASSWD = "t200-special-password"; - // Wrapper for mdpp state that restores the original value upon destruction class MdppState { @@ -104,10 +102,10 @@ void MdppState::set(const char* const value) -Alias rsa_pri_alias("rsa-private-T2002"); -Alias rsa_pub_alias("rsa-public-T2002"); -Alias ecdsa_pri_alias("ecdsa-private-T2002"); -Alias ecdsa_pub_alias("ecdsa-public-T2002"); +Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002"); +Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002"); +Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002"); +Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002"); void save_keys() { @@ -175,7 +173,7 @@ RUNNER_TEST_GROUP_INIT(CKM_CC_MODE); RUNNER_TEST(TCC_0000_init) { - reset_user_data(0, CC_PASSWD); + remove_user_data(0); } // updatedCCMode should succeed regardless of mdpp setting @@ -208,7 +206,7 @@ RUNNER_TEST(TCC_0020_noListener) stop_service(LISTENER); MdppState mdpp; - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); mdpp.set(NULL); @@ -252,7 +250,7 @@ RUNNER_TEST(TCC_0030_noCallbackRegistered) { // restart listener without vconf callback stop_service(LISTENER); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); MdppState mdpp; mdpp.set(NULL); update_cc_mode(); @@ -278,7 +276,7 @@ RUNNER_TEST(TCC_0040_callbackRegistered) update_cc_mode(); start_service(LISTENER); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); @@ -312,7 +310,7 @@ RUNNER_TEST(TCC_0050_manualCkmDisabled) { restart_ckm(DISABLED); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); } @@ -322,7 +320,7 @@ RUNNER_TEST(TCC_0060_manualCkmEnabled) { restart_ckm(ENABLED); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); } @@ -332,7 +330,7 @@ RUNNER_TEST(TCC_0070_manualCkmEnforcing) { restart_ckm(ENFORCING); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); } @@ -342,7 +340,7 @@ RUNNER_TEST(TCC_0075_manualCkmReady) { restart_ckm(READY); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_SUCCESS); } @@ -352,7 +350,7 @@ RUNNER_TEST(TCC_0080_manualCkmWhatever) { restart_ckm("whatever"); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_SUCCESS); } @@ -362,7 +360,7 @@ RUNNER_TEST(TCC_0090_manualCkmUnset) { restart_ckm(NULL); - reset_user_data(0, CC_PASSWD); + remove_user_data(0); save_keys(); read_keys(CKM_API_SUCCESS); } diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp index 408a61d..46c0c6b 100644 --- a/src/ckm/ckm-common.cpp +++ b/src/ckm/ckm-common.cpp @@ -99,7 +99,7 @@ std::string aliasWithLabel(const char *label, const char *alias) void change_label(const char* label) { int ret = smack_set_label_for_self(label); - RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self. Error: " << ret); + RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<lockUserKey(user_id)), - "Error=" << CKM::ErrorToString(ret)); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)), - "Remove user data failed with error: " << CKM::ErrorToString(ret)); + control->lockUserKey(user_id); + control->removeUserData(user_id); } void reset_user_data(uid_t user_id, const char *passwd) @@ -372,3 +368,58 @@ void check_alias_list(const CKM::AliasVector& expected) RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list."); } + +size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count) +{ + ckmc_alias_list_s *aliasList = NULL; + int ec; + switch(type) + { + case ALIAS_KEY: + ec = ckmc_get_key_alias_list(&aliasList); + break; + + case ALIAS_CERT: + ec = ckmc_get_cert_alias_list(&aliasList); + break; + + case ALIAS_DATA: + ec = ckmc_get_data_alias_list(&aliasList); + break; + } + if(ec == CKMC_ERROR_DB_ALIAS_UNKNOWN) + return 0; + else if(ec==0) + { + ckmc_alias_list_s *plist = aliasList; + size_t return_count = 0; + while(plist) + { + plist = plist->next; + return_count ++; + } + ckmc_alias_list_all_free(aliasList); + + RUNNER_ASSERT_MSG( + return_count >= minimum_initial_element_count, + "Error: alias list failed, current element count: " << return_count << + " while expected minimal count of " << minimum_initial_element_count << + " elements"); + + return return_count; + } + else + { + // error - fail + RUNNER_ASSERT_MSG( + ec >= 0, + "Error: alias list failed, ec: " << CKMCErrorToString(ec)); + } + + return 0; +} + +std::string sharedDatabase(const CKM::Alias & alias) +{ + return aliasWithLabel(ckmc_label_shared_owner, alias.c_str()); +} diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h index 586c68d..41160c0 100644 --- a/src/ckm/ckm-common.h +++ b/src/ckm/ckm-common.h @@ -173,3 +173,11 @@ void reset_user_data(uid_t user_id, const char *passwd); ckmc_raw_buffer_s prepare_message_buffer(const char * input); void check_alias_list(const CKM::AliasVector& expected); + +typedef enum { + ALIAS_KEY, + ALIAS_CERT, + ALIAS_DATA +} alias_type_; +size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0); +std::string sharedDatabase(const CKM::Alias & alias); diff --git a/src/ckm/main.cpp b/src/ckm/main.cpp index 189edcc..92046b5 100644 --- a/src/ckm/main.cpp +++ b/src/ckm/main.cpp @@ -24,7 +24,13 @@ namespace { const int USER_APP = 5000; const int GROUP_APP = 5000; + +const int USER_APP_2 = 5020; +const int USER_APP_3 = 5030; + +const char * const APP_PASS = "user-pass"; const int USER_TEST = 5001; +const char* TEST_LABEL = "test_label"; const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; const CKM::AliasVector EMPTY_ALIAS_VECTOR; @@ -70,11 +76,11 @@ RUNNER_TEST(T0011_Control) auto control = CKM::Control::create(); control->removeUserData(0); - control->removeUserData(20); + control->removeUserData(USER_APP_2); control->removeUserData(USER_APP); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")), "Error=" << CKM::ErrorToString(temp)); } @@ -83,10 +89,10 @@ RUNNER_TEST(T0012_Control) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), "Error=" << CKM::ErrorToString(temp)); } @@ -95,7 +101,7 @@ RUNNER_TEST(T0013_Control) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")), "Error=" << CKM::ErrorToString(temp)); } @@ -104,31 +110,31 @@ RUNNER_TEST(T0014_Control) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(14)), + CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")), + CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")), + CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(14)), + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")), + CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(14)), + CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)), "Error=" << CKM::ErrorToString(temp)); } @@ -137,16 +143,16 @@ RUNNER_TEST(T0015_Control) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")), + CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(20)), + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(20)), + CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)), "Error=" << CKM::ErrorToString(temp)); } @@ -155,19 +161,19 @@ RUNNER_TEST(T0016_Control_negative_wrong_password) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")), + CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(20)), + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")), + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(20)), + CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)), "Error=" << CKM::ErrorToString(temp)); } @@ -175,14 +181,7 @@ RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS); RUNNER_TEST(T1010_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); + unlock_user_data(USER_APP, "user-pass"); } RUNNER_TEST(T1011_key) @@ -203,7 +202,7 @@ RUNNER_TEST(T1011_key) CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); auto key = CKM::Key::create(buffer, CKM::Password()); CKM::KeyShPtr key2; - CKM::Alias alias = "mykey"; + CKM::Alias alias = sharedDatabase("mykey"); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())), @@ -223,7 +222,7 @@ RUNNER_TEST(T1012_certificate) auto cert = TestData::getTestCertificate(TestData::GIAG2); CKM::CertificateShPtr cert2; - CKM::Alias alias = "myCert"; + CKM::Alias alias = sharedDatabase("myCert"); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), @@ -271,6 +270,10 @@ RUNNER_CHILD_TEST(T1013_user_app_save_key) RUNNER_TEST(T1014_save_with_label) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + int temp; auto manager = CKM::Manager::create(); @@ -314,21 +317,8 @@ RUNNER_TEST(T1014_save_with_label) RUNNER_TEST(T1015_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); + remove_user_data(USER_APP); } RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS); @@ -338,9 +328,6 @@ RUNNER_TEST(T1020_init) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), "Error=" << CKM::ErrorToString(temp)); } @@ -364,21 +351,22 @@ RUNNER_TEST(T1021_save_keys_get_alias) auto key = CKM::Key::create(buffer, CKM::Password()); CKM::AliasVector labelAliasVector; + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())), + CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())), + CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))), + CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - labelAliasVector.size() == 3, - "Wrong size of list: " << labelAliasVector.size() << " Expected: 3"); + labelAliasVector.size() == (current_aliases_num+3), + "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); } RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias) @@ -404,6 +392,7 @@ RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias) auto key = CKM::Key::create(buffer, CKM::Password()); CKM::AliasVector labelAliasVector; + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); @@ -417,8 +406,8 @@ RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias) CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - labelAliasVector.size() == 3, - "Wrong size of list: " << labelAliasVector.size() << " Expected: 3"); + labelAliasVector.size() == (current_aliases_num+3), + "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); } RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag) @@ -458,35 +447,15 @@ RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag) RUNNER_TEST(T1029_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); + remove_user_data(USER_APP); } RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST); - RUNNER_TEST(T1030_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); + reset_user_data(USER_APP, APP_PASS); } RUNNER_TEST(T1031_save_get_bin_data) @@ -504,35 +473,36 @@ RUNNER_TEST(T1031_save_get_bin_data) CKM::AliasVector labelAliasVector; + size_t current_aliases_num = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())), + CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer2, CKM::Policy())), + CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer3, CKM::Policy(CKM::Password(), true))), + CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))), + CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - labelAliasVector.size() == 3, - "Wrong size of list: " << labelAliasVector.size() << " Expected: 3"); + labelAliasVector.size() == (current_aliases_num+3), + "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); CKM::RawBuffer buffer; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)), + CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( buffer == buffer2, "Data corrupted"); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)), + CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)), "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp)); } @@ -541,6 +511,7 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data) ScopedAccessProvider ap("mylabel"); ap.allowAPI("key-manager::api-storage", "rw"); ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); int temp; auto manager = CKM::Manager::create(); @@ -551,6 +522,7 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data) CKM::AliasVector labelAliasVector; + size_t current_aliases_num = count_aliases(ALIAS_DATA); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); @@ -564,8 +536,8 @@ RUNNER_CHILD_TEST(T1032_app_user_save_bin_data) CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - labelAliasVector.size() == 3, - "Wrong size of list: " << labelAliasVector.size() << " Expected: 3"); + labelAliasVector.size() == (current_aliases_num+3), + "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3)); } RUNNER_TEST(T1033_remove_bin_data) @@ -578,80 +550,113 @@ RUNNER_TEST(T1033_remove_bin_data) CKM::AliasVector labelAliasVector; - std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1"); + size_t current_aliases_num = count_aliases(ALIAS_DATA); + std::string invalid_address = sharedDatabase("i-do-not-exist"); RUNNER_ASSERT_MSG( CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias("data1")), + CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias("data3")), + CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - labelAliasVector.size() == 1, - "Wrong size of list: " << labelAliasVector.size() << " Expected: 1"); + labelAliasVector.size() == (current_aliases_num-2), + "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2)); CKM::RawBuffer buffer; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password(), buffer)), + CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( buffer == buffer2, "Data corrupted"); RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("data3", CKM::Password(), buffer)), + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)), "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T1034_getData_wrong_password) +RUNNER_TEST(T1034_app_remove_bin_data) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int temp; auto manager = CKM::Manager::create(); - std::string binData1 = "My bin data4"; + std::string binData2 = "My bin data"; + CKM::RawBuffer buffer2(binData2.begin(), binData2.end()); - CKM::RawBuffer buffer1(binData1.begin(), binData1.end()); + CKM::AliasVector labelAliasVector; + size_t current_aliases_num = count_aliases(ALIAS_DATA); + std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1"); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")), + "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))), + CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")), "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + labelAliasVector.size() == (current_aliases_num-2), + "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2)); CKM::RawBuffer buffer; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)), + CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - buffer == buffer1, + buffer == buffer2, "Data corrupted"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)), + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)), "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T1035_deinit) +RUNNER_TEST(T1035_getData_wrong_password) { int temp; - auto control = CKM::Control::create(); + auto manager = CKM::Manager::create(); + + std::string binData1 = "My bin data4"; + + CKM::RawBuffer buffer1(binData1.begin(), binData1.end()); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), + CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))), "Error=" << CKM::ErrorToString(temp)); + + CKM::RawBuffer buffer; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), + CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); + buffer == buffer1, + "Data corrupted"); + RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)), + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)), "Error=" << CKM::ErrorToString(temp)); } +RUNNER_TEST(T1036_deinit) +{ + remove_user_data(0); + remove_user_data(USER_APP); +} + RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR); RUNNER_TEST(T1040_init) @@ -674,6 +679,7 @@ RUNNER_CHILD_TEST(T1041_create_rsa_key) ap.allowAPI("key-manager::api-storage", "rw"); ap.applyAndSwithToUser(USER_APP, GROUP_APP); + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); @@ -681,8 +687,8 @@ RUNNER_CHILD_TEST(T1041_create_rsa_key) CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - 2 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 2"); + (current_aliases_num+2) == static_cast(temp = av.size()), + "Vector size: " << temp << ". Expected: " << (current_aliases_num+2)); } RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label) @@ -713,6 +719,7 @@ RUNNER_CHILD_TEST(T1043_create_dsa_key) ap.allowAPI("key-manager::api-storage", "rw"); ap.applyAndSwithToUser(USER_APP, GROUP_APP); + size_t current_aliases_num = count_aliases(ALIAS_KEY); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())), "Error=" << CKM::ErrorToString(temp)); @@ -720,21 +727,13 @@ RUNNER_CHILD_TEST(T1043_create_dsa_key) CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - 2 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 2"); + (current_aliases_num+2) == static_cast(temp = av.size()), + "Vector size: " << temp << ". Expected: " << (current_aliases_num+2)); } RUNNER_TEST(T1049_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(USER_APP); } @@ -742,22 +741,15 @@ RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair); RUNNER_TEST(T1110_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); + unlock_user_data(USER_APP, "user-pass"); } RUNNER_TEST(T1111_CreateKeyPairRSA) { int temp; auto manager = CKM::Manager::create(); - CKM::Alias a1("rsa-test-1"); - CKM::Alias a2("rsa-test-2"); + CKM::Alias a1 = sharedDatabase("rsa-test-1"); + CKM::Alias a2 = sharedDatabase("rsa-test-2"); CKM::Policy p1; CKM::Policy p2; RUNNER_ASSERT_MSG( @@ -772,8 +764,8 @@ RUNNER_TEST(T1112_CreateKeyPairDSA) { int temp; auto manager = CKM::Manager::create(); - CKM::Alias a1("dsa-test-1"); - CKM::Alias a2("dsa-test-2"); + CKM::Alias a1 = sharedDatabase("dsa-test-1"); + CKM::Alias a2 = sharedDatabase("dsa-test-2"); CKM::Policy p1; CKM::Policy p2; RUNNER_ASSERT_MSG( @@ -788,8 +780,8 @@ RUNNER_TEST(T1113_CreateKeyPairECDSA) { int temp; auto manager = CKM::Manager::create(); - CKM::Alias a1("ecdsa-test-1"); - CKM::Alias a2("ecdsa-test-2"); + CKM::Alias a1 = sharedDatabase("ecdsa-test-1"); + CKM::Alias a2 = sharedDatabase("ecdsa-test-2"); CKM::Policy p1; CKM::Policy p2; RUNNER_ASSERT_MSG( @@ -799,33 +791,23 @@ RUNNER_TEST(T1113_CreateKeyPairECDSA) RUNNER_TEST(T1114_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); } RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS); RUNNER_TEST(T12100_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); + reset_user_data(USER_APP, APP_PASS); } RUNNER_TEST(T12101_key_exist) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int ret; auto manager = CKM::Manager::create(); @@ -857,6 +839,11 @@ RUNNER_TEST(T12101_key_exist) RUNNER_TEST(T12102_saveKey_empty_alias) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" @@ -881,6 +868,11 @@ RUNNER_TEST(T12102_saveKey_empty_alias) RUNNER_TEST(T12103_saveKey_foreign_label) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" @@ -904,6 +896,11 @@ RUNNER_TEST(T12103_saveKey_foreign_label) RUNNER_TEST(T12104_saveKey_empty_key) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + CKM::KeyShPtr key; //key is not initialized CKM::Alias alias = "empty-key"; @@ -916,6 +913,11 @@ RUNNER_TEST(T12104_saveKey_empty_key) RUNNER_TEST(T12105_saveCertificate_empty_alias) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + auto cert = TestData::getTestCertificate(TestData::GIAG2); CKM::Alias alias; //alias is not initialized @@ -928,6 +930,11 @@ RUNNER_TEST(T12105_saveCertificate_empty_alias) RUNNER_TEST(T12106_saveCertificate_foreign_label) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + auto cert = TestData::getTestCertificate(TestData::GIAG2); CKM::Alias alias = "iamsomebodyelse alias"; @@ -940,6 +947,11 @@ RUNNER_TEST(T12106_saveCertificate_foreign_label) RUNNER_TEST(T12107_saveCertificate_empty_cert) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + CKM::CertificateShPtr cert; //cert is not initialized CKM::Alias alias = "empty-cert"; @@ -952,6 +964,11 @@ RUNNER_TEST(T12107_saveCertificate_empty_cert) RUNNER_TEST(T12108_saveData_empty_alias) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + std::string testData = "test data test data test data"; CKM::RawBuffer buffer(testData.begin(), testData.end()); CKM::Alias alias; @@ -965,6 +982,11 @@ RUNNER_TEST(T12108_saveData_empty_alias) RUNNER_TEST(T12109_saveData_foreign_label) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + std::string testData = "test data test data test data"; CKM::RawBuffer buffer(testData.begin(), testData.end()); CKM::Alias alias = "iamsomebodyelse alias"; @@ -978,6 +1000,11 @@ RUNNER_TEST(T12109_saveData_foreign_label) RUNNER_TEST(T12110_saveData_empty_data) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + CKM::RawBuffer buffer; CKM::Alias alias = "empty-data"; @@ -994,6 +1021,11 @@ RUNNER_TEST(T12110_saveData_empty_data) RUNNER_TEST(T12111_getKey_alias_not_exist) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + CKM::KeyShPtr key; CKM::Alias alias = "this-alias-not-exist"; @@ -1006,6 +1038,11 @@ RUNNER_TEST(T12111_getKey_alias_not_exist) RUNNER_TEST(T12112_getCertificate_alias_not_exist) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + CKM::CertificateShPtr certificate; CKM::Alias alias = "this-alias-not-exist"; @@ -1018,6 +1055,11 @@ RUNNER_TEST(T12112_getCertificate_alias_not_exist) RUNNER_TEST(T12113_getData_alias_not_exist) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int temp; auto manager = CKM::Manager::create(); CKM::RawBuffer buffer; @@ -1032,6 +1074,11 @@ RUNNER_TEST(T12113_getData_alias_not_exist) */ RUNNER_TEST(T12114_rsa_key_damaged) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int ret; auto manager = CKM::Manager::create(); @@ -1059,6 +1106,11 @@ RUNNER_TEST(T12114_rsa_key_damaged) RUNNER_TEST(T12115_rsa_key_too_short) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int ret; auto manager = CKM::Manager::create(); @@ -1083,6 +1135,11 @@ RUNNER_TEST(T12115_rsa_key_too_short) RUNNER_TEST(T12116_dsa_key_too_short) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int ret; auto manager = CKM::Manager::create(); @@ -1115,6 +1172,11 @@ RUNNER_TEST(T12116_dsa_key_too_short) RUNNER_TEST(T12117_rsa_key_damaged_serviceTest) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + int ret; auto manager = CKM::Manager::create(); @@ -1157,6 +1219,11 @@ RUNNER_TEST(T12117_rsa_key_damaged_serviceTest) RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest) { + ScopedAccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, APP_PASS); + // fake the client - let the service detect the problem class WrongCertImpl : public CKM::Certificate { @@ -1198,26 +1265,14 @@ RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest) RUNNER_TEST(T12119_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(USER_APP); } RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS); RUNNER_TEST(T1311_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); RUNNER_ASSERT_MSG(time(0) > 1405343457, "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!"); @@ -1268,9 +1323,7 @@ RUNNER_TEST(T1313_get_chain_with_alias) CKM::CertificateShPtrVector certChain; CKM::AliasVector aliasVector; - CKM::Alias alias("imcert"); - CharPtr top_label = get_label(); - std::string full_address = aliasWithLabel(top_label.get(), alias.c_str()); + CKM::Alias alias = sharedDatabase("imcert"); int tmp; auto manager = CKM::Manager::create(); @@ -1290,7 +1343,7 @@ RUNNER_TEST(T1313_get_chain_with_alias) CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())), "Error=" << CKM::ErrorToString(tmp)); - aliasVector.push_back(full_address); + aliasVector.push_back(alias); tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); @@ -1340,26 +1393,14 @@ RUNNER_TEST(T1314_ocsp_check) RUNNER_TEST(T1315_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); } RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE); RUNNER_TEST(T1411_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); } RUNNER_TEST(T1412_rsa_key_create_verify) @@ -1410,8 +1451,8 @@ RUNNER_TEST(T1412_rsa_key_create_verify) std::string message = "message test"; - CKM::Alias aliasPub = "pub1"; - CKM::Alias aliasPrv = "prv1"; + CKM::Alias aliasPub = sharedDatabase("pub1"); + CKM::Alias aliasPrv = sharedDatabase("prv1"); CKM::Password password = "1234"; CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; @@ -1486,8 +1527,8 @@ RUNNER_TEST(T1413_dsa_key_create_verify) std::string message = "message test"; - CKM::Alias aliasPub = "pub2"; - CKM::Alias aliasPrv = "prv2"; + CKM::Alias aliasPub = sharedDatabase("pub2"); + CKM::Alias aliasPrv = sharedDatabase("prv2"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; CKM::RawBuffer signature; @@ -1547,8 +1588,8 @@ RUNNER_TEST(T1414_ec_key_create_verify) std::string message = "message test"; - CKM::Alias aliasPub = "ecpub2"; - CKM::Alias aliasPrv = "ecprv2"; + CKM::Alias aliasPub = sharedDatabase("ecpub2"); + CKM::Alias aliasPrv = sharedDatabase("ecprv2"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; CKM::RawBuffer signature; @@ -1609,8 +1650,8 @@ RUNNER_TEST(T1415_rsa_key_create_verify_negative) auto manager = CKM::Manager::create(); std::string message = "message asdfaslkdfjlksadjf test"; - CKM::Alias aliasPub = "pub1"; - CKM::Alias aliasPrv = "prv1"; + CKM::Alias aliasPub = sharedDatabase("pub1"); + CKM::Alias aliasPrv = sharedDatabase("prv1"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; @@ -1656,8 +1697,8 @@ RUNNER_TEST(T1416_dsa_key_create_verify_negative) auto manager = CKM::Manager::create(); std::string message = "message asdfaslkdfjlksadjf test"; - CKM::Alias aliasPub = "pub2"; - CKM::Alias aliasPrv = "prv2"; + CKM::Alias aliasPub = sharedDatabase("pub2"); + CKM::Alias aliasPrv = sharedDatabase("prv2"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; @@ -1739,8 +1780,8 @@ RUNNER_TEST(T1417_rsa_cert_create_verify_signature) std::string message = "message test"; - CKM::Alias aliasPub = "pub1-cert"; - CKM::Alias aliasPrv = "prv1-cert"; + CKM::Alias aliasPub = sharedDatabase("pub1-cert"); + CKM::Alias aliasPrv = sharedDatabase("prv1-cert"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; CKM::RawBuffer signature; @@ -1836,8 +1877,8 @@ RUNNER_TEST(T1418_dsa_cert_create_verify_signature) std::string message = "message test"; - CKM::Alias aliasPub = "pub2-cert"; - CKM::Alias aliasPrv = "prv2-cert"; + CKM::Alias aliasPub = sharedDatabase("pub2-cert"); + CKM::Alias aliasPrv = sharedDatabase("prv2-cert"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; CKM::RawBuffer signature; @@ -1927,8 +1968,8 @@ RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature) std::string message = "message test"; - CKM::Alias aliasPub = "pub3"; - CKM::Alias aliasPrv = "prv3"; + CKM::Alias aliasPub = sharedDatabase("pub3"); + CKM::Alias aliasPrv = sharedDatabase("prv3"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; CKM::RawBuffer signature; @@ -1985,15 +2026,7 @@ RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature) RUNNER_TEST(T1420_deinit) { - int temp; - auto control = CKM::Control::create(); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); } RUNNER_TEST_GROUP_INIT(T1418_signature_tests); @@ -2001,10 +2034,7 @@ RUNNER_TEST_GROUP_INIT(T1418_signature_tests); RUNNER_TEST(T14180_init) { int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); auto manager = CKM::Manager::create(); @@ -2050,8 +2080,8 @@ RUNNER_TEST(T14180_init) "zQIDAQAB\n" "-----END PUBLIC KEY-----\n"; - CKM::Alias aliasPub = "pub_nohash1"; - CKM::Alias aliasPrv = "prv_nohash1"; + CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); + CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); CKM::Password password = "1234"; auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end())); @@ -2081,8 +2111,8 @@ RUNNER_TEST(T14180_init) "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n" "-----END PUBLIC KEY-----\n"; - CKM::Alias aliasEcPub = "ecpub_nohash1"; - CKM::Alias aliasEcPrv = "ecprv_nohash1"; + CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1"); + CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1"); auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end())); auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end())); @@ -2107,8 +2137,8 @@ RUNNER_TEST(T14181_rsa_create_signatue_nohash) auto manager = CKM::Manager::create(); std::string message = "message asdfaslkdfjlksadjf test"; - CKM::Alias aliasPub = "pub_nohash1"; - CKM::Alias aliasPrv = "prv_nohash1"; + CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); + CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; @@ -2154,8 +2184,8 @@ RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad) auto manager = CKM::Manager::create(); std::string message = "message asdfaslkdfjlksadjf test"; - CKM::Alias aliasPub = "pub_nohash1"; - CKM::Alias aliasPrv = "prv_nohash1"; + CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); + CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE; @@ -2197,8 +2227,8 @@ RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - CKM::Alias aliasPub = "pub_nohash1"; - CKM::Alias aliasPrv = "prv_nohash1"; + CKM::Alias aliasPub = sharedDatabase("pub_nohash1"); + CKM::Alias aliasPrv = sharedDatabase("prv_nohash1"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; @@ -2223,8 +2253,8 @@ RUNNER_TEST(T14184_ec_create_signatue_nohash) std::string message = "message test"; - CKM::Alias aliasPub = "ecpub_nohash1"; - CKM::Alias aliasPrv = "ecprv_nohash1"; + CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1"); + CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1"); CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE; CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; CKM::RawBuffer signature; @@ -2272,13 +2302,13 @@ RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg) int msgSize = 1024*1024; char big_msg[msgSize]; for(int i =0; ilockUserKey(0)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(temp)); + remove_user_data(0); } @@ -2313,15 +2335,11 @@ RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS); RUNNER_CHILD_TEST(T1510_init_unlock_key) { - int tmp; ScopedAccessProvider ap("my-label"); ap.allowAPI("key-manager::api-control", "rw"); ap.applyAndSwithToUser(USER_TEST, GROUP_APP); - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")), - "Error=" << CKM::ErrorToString(tmp)); + unlock_user_data(USER_TEST, "strong-password"); } RUNNER_CHILD_TEST(T1511_insert_data) @@ -2364,11 +2382,11 @@ RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS); RUNNER_TEST(T1701_init_unlock_key) { - int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")), - "Error=" << CKM::ErrorToString(tmp)); + ScopedAccessProvider ap("t170-special-label"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP); + + unlock_user_data(USER_TEST+1, "t170-special-password"); } RUNNER_CHILD_TEST(T1702_insert_data) @@ -2381,6 +2399,7 @@ RUNNER_CHILD_TEST(T1702_insert_data) auto certee = TestData::getTestCertificate(TestData::MBANK); auto manager = CKM::Manager::create(); + size_t current_aliases_num = count_aliases(ALIAS_CERT); int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy()); RUNNER_ASSERT_MSG( @@ -2392,8 +2411,8 @@ RUNNER_CHILD_TEST(T1702_insert_data) CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - 1 == (temp = av.size()), - "Vector size: " << temp << ". Expected: 1"); + (current_aliases_num+1) == static_cast(temp = av.size()), + "Vector size: " << temp << ". Expected: " << (current_aliases_num+1)); } RUNNER_TEST(T1703_removeApplicationData) @@ -2425,15 +2444,7 @@ RUNNER_CHILD_TEST(T1704_data_test) RUNNER_TEST(T1705_deinit) { - int tmp; - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)), - "Error=" << CKM::ErrorToString(tmp)); + remove_user_data(USER_TEST+1); } RUNNER_TEST(T17101_init) @@ -2639,39 +2650,24 @@ RUNNER_CHILD_TEST(T17111_check_data_04) RUNNER_TEST(T17112_deinit) { - int tmp; - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)), - "Error=" << CKM::ErrorToString(tmp)); - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)), - "Error=" << CKM::ErrorToString(tmp)); + remove_user_data(USER_TEST+2); + remove_user_data(USER_TEST+3); } RUNNER_TEST_GROUP_INIT(T180_PKCS12); namespace { -CKM::Alias alias_PKCS_collision = "test-PKCS-collision"; -CKM::Alias alias_PKCS_exportable = "test-PKCS-export"; -CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export"; -CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy"; -CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong"; -const char *PKCS_PASSWD = "PKCS-pass"; +CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision"); +CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export"); +CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export"); +CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy"); +CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong"); } RUNNER_TEST(T1800_init) { - reset_user_data(0, PKCS_PASSWD); + remove_user_data(0); } RUNNER_TEST(T1801_parse_PKCS12) { @@ -2858,7 +2854,7 @@ RUNNER_TEST(T1806_get_PKCS) // fail - no entry RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)), + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)), "Error=" << CKM::ErrorToString(temp)); // fail - not exportable @@ -3114,7 +3110,7 @@ RUNNER_TEST(T1811_remove_bundle_with_chain_certificates) RUNNER_TEST(T1812_get_pkcs12_password_tests) { - CKM::Alias alias = "t1812alias1"; + CKM::Alias alias = sharedDatabase("t1812alias1"); auto manager = CKM::Manager::create(); std::ifstream is("/usr/share/ckm-test/pkcs.p12"); @@ -3183,24 +3179,21 @@ RUNNER_TEST(T1813_deinit) } RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS); - +namespace { +const char * const T190_PASSWD = "t190-special-password"; +} RUNNER_TEST(T1901_init_unlock_key) { - int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")), - "Error=" << CKM::ErrorToString(tmp)); + reset_user_data(USER_APP, T190_PASSWD); } RUNNER_TEST(T1902_get_data) { + ScopedAccessProvider ap(TEST_LABEL); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + ScopedDBUnlock unlock(USER_APP, T190_PASSWD); + auto manager = CKM::Manager::create(); CKM::KeyShPtr ptr; @@ -3216,12 +3209,16 @@ RUNNER_TEST(T1903_lock_database) int tmp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), + CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)), "Error=" << CKM::ErrorToString(tmp)); } RUNNER_TEST(T1904_get_data_from_locked_database) { + ScopedAccessProvider ap(TEST_LABEL); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + auto manager = CKM::Manager::create(); CKM::KeyShPtr ptr; @@ -3234,11 +3231,7 @@ RUNNER_TEST(T1904_get_data_from_locked_database) RUNNER_TEST(T1905_deinit) { - int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(tmp)); + remove_user_data(USER_APP); } int main(int argc, char *argv[]) diff --git a/src/ckm/system-db.cpp b/src/ckm/system-db.cpp index dd1b97a..6b705f0 100644 --- a/src/ckm/system-db.cpp +++ b/src/ckm/system-db.cpp @@ -68,7 +68,7 @@ RUNNER_TEST(T5010_CLIENT_APP_LOCKED_PRIVATE_DB) // add permission to the resource to a user app // [test] // switch to user app, leave DB locked - // try to access system DB item - expect fail + // try to access system DB item - expect success // [prepare] GarbageCollector gc; diff --git a/src/ckm/test-certs.cpp b/src/ckm/test-certs.cpp index 0c615e0..0cbea40 100644 --- a/src/ckm/test-certs.cpp +++ b/src/ckm/test-certs.cpp @@ -281,18 +281,18 @@ CertMap initializeTestCerts() cm[TestData::EQUIFAX] = std::make_pair(raw_base64, createCert(raw_base64)); } - // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015 + // GOOGLE_COM, *.google.com - signed by GIAG2, expires 21 Jul 2015 { std::string raw_base64 = std::string( "-----BEGIN CERTIFICATE-----\n" - "MIIGxTCCBa2gAwIBAgIIBIsVw6gw3hgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n" + "MIIGxTCCBa2gAwIBAgIIF4oWRtoEsZgwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n" "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n" - "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjExMTI0NzAyWhcNMTUwNTEyMDAwMDAw\n" + "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNDIyMTM0NzM5WhcNMTUwNzIxMDAwMDAw\n" "WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n" "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n\n" - "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmokK6sw/osw7yrkc\n" - "rSJZk5FAod6yrCptxyq7AssrJbcTCpuxGbG9Ip6/jR8QP4109kZxadoaZ/0ICOh5\n" - "bHx44qOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n" + "b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeI/HfDmnVdpQ4JNA\n" + "9z7aYLzV30SZp0EFfrC5iV4l4AVNRfnCjOdYrdx387n9mhVPghWVWDkb05JtRZqr\n" + "9vgwMqOCBF0wggRZMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAyYG\n" "A1UdEQSCAx0wggMZggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw\n" "ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt\n" "YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds\n" @@ -312,16 +312,16 @@ CertMap initializeTestCerts() "YmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTALBgNVHQ8EBAMC\n" "B4AwaAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2ds\n" "ZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29v\n" - "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBShZRhQFOqlCCt51oEJBD94sL7K4zAMBgNV\n" + "Z2xlLmNvbS9vY3NwMB0GA1UdDgQWBBTgUFAZJ8fMjqEj8KpwMspvje7cSzAMBgNV\n" "HRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1Ud\n" "IAQQMA4wDAYKKwYBBAHWeQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtp\n" - "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBOQBrolcUp\n" - "UFh/5O369pXbuxDZajpSKAjX4Zu6L5LxS9NQRuWqheWNsNcZMRzZ6dP6xpeqf522\n" - "zUjzUEzDCOaxCbccakucnXUvg3/m5qgYhxUmLdZjXZ53mTCy4tHbswQrwnxZH+t+\n" - "Y4rlJFr4bzPNPx7ucB7wRvxFGCjWXflK1JpgXmUcjFFu8/xrlqJdCwmrjEOJaVRq\n" - "urh11t2o4N/DjdboKWBdv+reuijPjzJTKmTbjuZU/bty6COIqtu8vWD39xRCK2y+\n" - "W6und7oGKIEvisrLIoHRRgBPfiFBxuzLbvOg/mGbz34pSuBJEzMxrAbkOnGWEQOm\n" - "B3KPgoV0lPFo\n" + "Lmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQA2YKaE9hJu\n" + "96a81VC53Qrk1JbhMeVRL+uLsidRNK2uBCzJs4zkKT8QTp2m0w792djprAMDuzKx\n" + "GUaVj9TyAX5b1ObcRh2cvom1bzakjWpr1sLW+71vPIeRK8XZvbkVpvgbUF5pQFda\n" + "xZmS49iTG4+8yH6jSnlC/GLSFBihIYmKhU4HSOvzhRBbMNc6ldfvyomE0DtGJXDs\n" + "qOQqfwpyUopGZIIiETLw3PQrdrXSxhoTaVdvL0V9+SGS4Dp7D+WsNl23a7nhxUv3\n" + "PSl6FTRcANKzXflSpdbu9BsuD78KQNnK2cl0mlcE8PETflMFjogi7OhEEQitwp3S\n" + "043LZ7LBy0m5\n" "-----END CERTIFICATE-----\n"); cm[TestData::GOOGLE_COM] = std::make_pair(raw_base64, createCert(raw_base64)); } diff --git a/src/ckm/test-certs.h b/src/ckm/test-certs.h index f920eaf..7f55b7d 100644 --- a/src/ckm/test-certs.h +++ b/src/ckm/test-certs.h @@ -39,7 +39,7 @@ enum certificateID { SYMANTEC, // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023 GEOTRUST, // GEOTRUST, GeoTrust Global CA - signed by EQUIFAX, expires 21 Aug 2018 EQUIFAX, // EQUIFAX (root CA), expires 22 Aug 2018 - GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 12 May 2015 + GOOGLE_COM, // GOOGLE_COM, *.google.com - signed by GIAG2, expires 21 Jul 2015 // footer - last element in the set NO_CERT diff --git a/src/common/tests_common.h b/src/common/tests_common.h index c03d37a..8e83ef5 100644 --- a/src/common/tests_common.h +++ b/src/common/tests_common.h @@ -34,8 +34,10 @@ #include #include -const uid_t APP_UID = 5000; -const gid_t APP_GID = 5000; +const uid_t APP_UID = 5000; +const gid_t APP_GID = 5000; +const uid_t APP_UID_2 = 5200; +const gid_t APP_GID_2 = 5200; const uid_t DB_ALARM_UID = 6001; const gid_t DB_ALARM_GID = 6001; const std::string TMP_DIR("/tmp"); -- 2.7.4