From 12a97812a4fbfed4bca6e1d73b4eb42b06eb359c Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 31 Aug 2016 15:31:25 +0200 Subject: [PATCH] CKM: Add tests for incomplete PKCS12 [Problem] No tests for incomplete PKCS12. [Solution] Tests updated. [Verification] Run ckm-tests --group=T310_CKMC_CAPI_PKCS12 Change-Id: Iab547a2143df35c1a3bc4d88677d12669526e472 --- src/ckm/unprivileged/capi-testcases.cpp | 51 +++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/src/ckm/unprivileged/capi-testcases.cpp b/src/ckm/unprivileged/capi-testcases.cpp index 229ec19..e693a50 100644 --- a/src/ckm/unprivileged/capi-testcases.cpp +++ b/src/ckm/unprivileged/capi-testcases.cpp @@ -2036,6 +2036,7 @@ namespace { CKM::Alias alias_PKCS_exportable = "/System CAPI-test-PKCS-export"; CKM::Alias alias_PKCS_not_exportable = "/System CAPI-test-PKCS-no-export"; +CKM::Alias alias_PKCS_key_not_exportable = "/System CAPI-test-PKCS-no-key-export"; } RUNNER_TEST(T3101_CAPI_PKCS12_init) @@ -2085,6 +2086,11 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) RUNNER_ASSERT_MSG( CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)), CKMCReadableError(temp)); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)), + CKMCReadableError(temp)); // try to lookup key ckmc_key_s *key_lookup = NULL; @@ -2097,6 +2103,10 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)), CKMCReadableError(temp)); ckmc_key_free(key_lookup); + key_lookup = NULL; + RUNNER_ASSERT_MSG(CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), "", &key_lookup)), + CKMCReadableError(temp)); + ckmc_key_free(key_lookup); // try to lookup certificate ckmc_cert_s *cert_lookup = NULL; @@ -2109,6 +2119,11 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)), CKMCReadableError(temp)); ckmc_cert_free(cert_lookup); + cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)), + CKMCReadableError(temp)); + ckmc_cert_free(cert_lookup); } RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS) @@ -2130,6 +2145,25 @@ RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS) ckmc_pkcs12_free(pkcs); pkcs = NULL; + // success - partially exportable + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_key_not_exportable.c_str(), NULL, NULL, &pkcs)), + CKMCReadableError(temp)); + + RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12"); + RUNNER_ASSERT_MSG(NULL == pkcs->priv_key, "there should be no private key in PKCS12"); + RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12"); + size_t cntr = 0; + ckmc_cert_list_s *iter = pkcs->ca_chain; + do { + cntr++; + iter = iter->next; + } while (iter); + RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12"); + + ckmc_pkcs12_free(pkcs); + + // success - exportable RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)), @@ -2138,8 +2172,8 @@ RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS) RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12"); RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12"); RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12"); - size_t cntr = 0; - ckmc_cert_list_s *iter = pkcs->ca_chain; + cntr = 0; + iter = pkcs->ca_chain; do { cntr ++; iter = iter->next; @@ -2190,6 +2224,9 @@ RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs) RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())), CKMCReadableError(tmp)); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_key_not_exportable.c_str())), + CKMCReadableError(tmp)); // expect lookup fails due to unknown alias // try to lookup key @@ -2203,6 +2240,11 @@ RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs) CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)), CKMCReadableError(tmp)); ckmc_key_free(key_lookup); + key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), NULL, &key_lookup)), + CKMCReadableError(tmp)); + ckmc_key_free(key_lookup); // try to lookup certificate ckmc_cert_s *cert_lookup = NULL; @@ -2215,6 +2257,11 @@ RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs) CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)), CKMCReadableError(tmp)); ckmc_cert_free(cert_lookup); + cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)), + CKMCReadableError(tmp)); + ckmc_cert_free(cert_lookup); } RUNNER_TEST(T3109_CAPI_PKCS12_deinit) -- 2.7.4