From c2843c3345f70313d5c070caa7a514cff98b2577 Mon Sep 17 00:00:00 2001
From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Wed, 21 Jan 2015 14:22:18 +0100
Subject: [PATCH] Replace deprecated cert chain API with new one

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Old cert chain API is deprecated
[Cause] N/A
[Solution] Use new API

[Verification] Run tests

Change-Id: Ie1f6197af0afbebfc39e9661c010f176e718f7d3
---
 tests/ckm/async-api.cpp | 70 ++++++++++++++++++++++++++++++++++----------
 tests/ckm/main.cpp      | 78 +++++++++++++++++++++++++++----------------------
 2 files changed, 98 insertions(+), 50 deletions(-)

diff --git a/tests/ckm/async-api.cpp b/tests/ckm/async-api.cpp
index 02aef83..9ee9a36 100644
--- a/tests/ckm/async-api.cpp
+++ b/tests/ckm/async-api.cpp
@@ -47,6 +47,8 @@ using namespace std;
 namespace {
 
 const char* TEST_LABEL = "test_label";
+const CertificateShPtrVector EMPTY_CERT_VECTOR;
+const AliasVector EMPTY_ALIAS_VECTOR;
 
 class MyObserver: public ManagerAsync::Observer
 {
@@ -390,11 +392,15 @@ void test_check_cert_chain(F&& func, size_t expected, Args... args)
 
 typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
                                            const CertificateShPtr&,
-                                           const CertificateShPtrVector&);
+                                           const CertificateShPtrVector&,
+                                           const CertificateShPtrVector&,
+                                           bool);
 
 typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
                                            const CertificateShPtr&,
-                                           const AliasVector&);
+                                           const AliasVector&,
+                                           const AliasVector&,
+                                           bool);
 } // namespace anonymous
 
 
@@ -886,17 +892,29 @@ RUNNER_CHILD_TEST(TA1410_get_certificate_chain_invalid_param)
 
     CertificateShPtr cert = certs[0];
     CertificateShPtrVector certv = { certs[1] };
-    test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain, cert, certv);
+    test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
+                                   cert,
+                                   certv,
+                                   EMPTY_CERT_VECTOR,
+                                   true);
     test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
                                      CertificateShPtr(),
-                                     certv);
+                                     certv,
+                                     EMPTY_CERT_VECTOR,
+                                     true);
 
     Alias alias = "alias";
     AliasVector aliasv = { alias };
-    test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain, cert, aliasv);
+    test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
+                                   cert,
+                                   aliasv,
+                                   EMPTY_ALIAS_VECTOR,
+                                   true);
     test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
                                      CertificateShPtr(),
-                                     aliasv);
+                                     aliasv,
+                                     EMPTY_ALIAS_VECTOR,
+                                     true);
 }
 
 RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative)
@@ -909,21 +927,29 @@ RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative)
     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
                                 CKM_API_ERROR_VERIFICATION_FAILED,
                                 cert,
-                                CertificateShPtrVector());
+                                EMPTY_CERT_VECTOR,
+                                EMPTY_CERT_VECTOR,
+                                true);
     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
                                 CKM_API_ERROR_VERIFICATION_FAILED,
                                 cert,
-                                certv);
+                                certv,
+                                EMPTY_CERT_VECTOR,
+                                true);
     AliasVector aliasv = { dbc.alias("alias") };
     test_positive(&ManagerAsync::saveCertificate, aliasv[0], certs[0], Policy());
     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
                                 CKM_API_ERROR_VERIFICATION_FAILED,
                                 cert,
-                                AliasVector());
+                                EMPTY_ALIAS_VECTOR,
+                                EMPTY_ALIAS_VECTOR,
+                                true);
     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
                                 CKM_API_ERROR_VERIFICATION_FAILED,
                                 cert,
-                                aliasv);
+                                aliasv,
+                                EMPTY_ALIAS_VECTOR,
+                                true);
 }
 
 RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive)
@@ -933,11 +959,21 @@ RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive)
     DBCleanup dbc;
     CertificateShPtr cert = certs[0];
     CertificateShPtrVector certv = { certs[1] };
-    test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain, 3, cert, certv);
+    test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
+                                        3,
+                                        cert,
+                                        certv,
+                                        EMPTY_CERT_VECTOR,
+                                        true);
 
     AliasVector aliasv = { dbc.alias("alias") };
     test_positive(&ManagerAsync::saveCertificate, aliasv[0], certs[1], Policy());
-    test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain, 3, cert, aliasv);
+    test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
+                                        3,
+                                        cert,
+                                        aliasv,
+                                        EMPTY_ALIAS_VECTOR,
+                                        true);
 }
 
 
@@ -1133,8 +1169,8 @@ RUNNER_CHILD_TEST(TA1660_verify_signature_positive)
 // ocspCheck
 RUNNER_CHILD_TEST(TA1710_ocsp_check_invalid_param)
 {
-    test_no_observer(&ManagerAsync::ocspCheck, CertificateShPtrVector());
-    test_invalid_param(&ManagerAsync::ocspCheck, CertificateShPtrVector());
+    test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
+    test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
 }
 
 RUNNER_CHILD_TEST(TA1720_ocsp_check_negative)
@@ -1157,7 +1193,11 @@ RUNNER_CHILD_TEST(TA1750_ocsp_check_positive)
     DBCleanup dbc;
     CertificateShPtr cert = certs[0];
     CertificateShPtrVector certv = { certs[1] };
-    auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain, cert, certv);
+    auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
+                                           cert,
+                                           certv,
+                                           EMPTY_CERT_VECTOR,
+                                           true);
 
     auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
     RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
diff --git a/tests/ckm/main.cpp b/tests/ckm/main.cpp
index 325cc19..4241c25 100644
--- a/tests/ckm/main.cpp
+++ b/tests/ckm/main.cpp
@@ -20,9 +20,14 @@
 
 #include <dpl/log/log.h>
 
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-static const int USER_TEST = 5001;
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
 
 /*
  *  How to numerate tests:
@@ -1320,17 +1325,20 @@ RUNNER_TEST(T1312_get_chain)
     RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
     RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert,
+                                       EMPTY_CERT_VECTOR,
+                                       EMPTY_CERT_VECTOR,
+                                       true,
+                                       certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+                         "Error=" << CKM::ErrorToString(tmp));
 
     RUNNER_ASSERT_MSG(
         0 == certChain.size(),
         "Wrong size of certificate chain.");
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
 
     RUNNER_ASSERT_MSG(
         3 == certChain.size(),
@@ -1424,9 +1432,9 @@ RUNNER_TEST(T1313_get_chain_with_alias)
     RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
     RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+                         "Error=" << CKM::ErrorToString(tmp));
 
     RUNNER_ASSERT_MSG(
         0 == certChain.size(),
@@ -1438,11 +1446,10 @@ RUNNER_TEST(T1313_get_chain_with_alias)
 
     aliasVector.push_back(full_address);
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
 
-    RUNNER_ASSERT_MSG(
+    RUNNER_ASSERT_MSG_BT(
         3 == certChain.size(),
         "Wrong size of certificate chain.");
 }
@@ -1533,19 +1540,18 @@ RUNNER_TEST(T1314_ocsp_check)
     RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
     RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+                         "Error=" << CKM::ErrorToString(tmp));
 
     RUNNER_ASSERT_MSG(
         0 == certChain.size(),
         "Wrong size of certificate chain.");
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
 
-    RUNNER_ASSERT_MSG(
+    RUNNER_ASSERT_MSG_BT(
         3 == certChain.size(),
         "Wrong size of certificate chain.");
 
@@ -3485,8 +3491,6 @@ RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
         "Error=" << CKM::ErrorToString(temp));
 }
 
-// MJK TODO: to be uncommented once custom CA root can be provided to the CKM
-/*
 RUNNER_TEST(T1810_verify_get_certificate_chain)
 {
     // this certificate has been signed using PKCS chain
@@ -3512,9 +3516,13 @@ RUNNER_TEST(T1810_verify_get_certificate_chain)
 
     RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert,
+                                       EMPTY_ALIAS_VECTOR,
+                                       EMPTY_ALIAS_VECTOR,
+                                       true,
+                                       certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+                         "Error=" << CKM::ErrorToString(tmp));
 
     RUNNER_ASSERT_MSG(
         0 == certChain.size(),
@@ -3522,14 +3530,14 @@ RUNNER_TEST(T1810_verify_get_certificate_chain)
 
     aliasVector.push_back(alias_PKCS_exportable);
 
-    RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
-        "Error=" << CKM::ErrorToString(tmp));
+    tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
 
-    RUNNER_ASSERT_MSG(
-        3 == certChain.size(),
-        "Wrong size of certificate chain.");
-}*/
+    // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
+    RUNNER_ASSERT_MSG_BT(
+        4 == certChain.size(),
+        "Wrong size of certificate chain: " << certChain.size());
+}
 
 RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
 {
-- 
2.7.4