projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix tests: ignore those that are not supported on Tizen 3.0 (labeled sockets).
[platform/core/test/security-tests.git] / src / ckm / async-api.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Contact: Bumjin Im <bj.im@samsung.com>
5  *
6  *  Licensed under the Apache License, Version 2.0 (the "License");
7  *  you may not use this file except in compliance with the License.
8  *  You may obtain a copy of the License at
9  *
10  *      http://www.apache.org/licenses/LICENSE-2.0
11  *
12  *  Unless required by applicable law or agreed to in writing, software
13  *  distributed under the License is distributed on an "AS IS" BASIS,
14  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  *  See the License for the specific language governing permissions and
16  *  limitations under the License
17  */
18 /*
19  * @file       async-api.cpp
20  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
21  * @version    1.0
22  */
23
24 #include <mutex>
25 #include <utility>
26 #include <condition_variable>
27 #include <cassert>
28
29 #include <ckmc/ckmc-type.h>
30 #include <ckm/ckm-manager-async.h>
31 #include <ckm/ckm-manager.h>
32 #include <ckm/ckm-control.h>
33 #include <ckm/ckm-raw-buffer.h>
34
35 #include <fstream>
36
37 #include <dpl/test/test_runner.h>
38 #include <dpl/test/test_runner_child.h>
39 #include <dpl/log/log.h>
40
41 #include <tests_common.h>
42 #include <test-certs.h>
43 #include <ckm-common.h>
44
45 using namespace CKM;
46 using namespace std;
47 using namespace TestData;
48
49 namespace {
50
51 const char* TEST_LABEL = "test_label";
52 const CertificateShPtrVector EMPTY_CERT_VECTOR;
53 const AliasVector EMPTY_ALIAS_VECTOR;
54
55 class MyObserver: public ManagerAsync::Observer
56 {
57 public:
58     MyObserver() :
59             m_finished(false), m_error(0)
60     {
61     }
62
63     void ReceivedError(int error)
64     {
65         LogError("Received error: " << error);
66         m_finished = true;
67         m_error = error;
68         m_cv.notify_one();
69     }
70
71     void ReceivedSaveKey() { Succeeded(); }
72     void ReceivedSaveCertificate() { Succeeded(); }
73     void ReceivedSaveData() { Succeeded(); }
74     void ReceivedSavePKCS12() { Succeeded(); }
75
76     void ReceivedRemovedAlias() { Succeeded(); }
77
78     void ReceivedKey(Key &&) { Succeeded(); }
79     void ReceivedCertificate(Certificate &&) { Succeeded(); }
80     void ReceivedData(RawBuffer &&) { Succeeded(); }
81     void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
82
83     void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
84     void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
85     void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
86
87     void ReceivedCreateKeyPairRSA() { Succeeded(); }
88     void ReceivedCreateKeyPairDSA() { Succeeded(); }
89     void ReceivedCreateKeyPairECDSA() { Succeeded(); }
90
91     void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
92             { m_certChain = move(chain); Succeeded(); }
93
94     void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
95     void ReceivedVerifySignature() { Succeeded(); }
96
97     void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
98
99     void ReceivedSetPermission() { Succeeded(); }
100
101     void WaitForResponse()
102     {
103         unique_lock < mutex > lock(m_mutex);
104
105         m_cv.wait(lock, [this] {return m_finished;});
106     }
107
108     bool m_finished;
109     int m_error;
110     AliasVector m_aliases;
111     CertificateShPtrVector m_certChain;
112     PKCS12ShPtr m_pkcs;
113     RawBuffer m_signed;
114     int m_ocspStatus;
115
116 protected:
117     void Succeeded()
118     {
119         LogDebug("Succeeded");
120         m_finished = true;
121         m_cv.notify_one();
122     }
123
124     mutex m_mutex;
125     condition_variable m_cv;
126 };
127
128 typedef shared_ptr<MyObserver> MyObserverPtr;
129
130 const char* TEST_PASS = "test-pass";
131
132 enum Type {
133     RSA,
134     DSA,
135     ECDSA
136 };
137
138 struct KeyPair
139 {
140     KeyPair(const std::string& prv_pem, const std::string& pub_pem) {
141         RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
142         prv = Key::create(buffer_prv);
143         assert(prv);
144
145         RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
146         pub = Key::create(buffer_pub);
147         assert(pub);
148     }
149
150     KeyShPtr prv;
151     KeyShPtr pub;
152 };
153
154 typedef map<Type, vector<KeyPair> > KeyMap;
155
156
157 KeyMap initializeKeys()
158 {
159     KeyMap km;
160
161     km[RSA].emplace_back(
162             "-----BEGIN RSA PRIVATE KEY-----\n"
163             "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
164             "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
165             "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
166             "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
167             "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
168             "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
169             "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
170             "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
171             "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
172             "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
173             "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
174             "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
175             "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
176             "-----END RSA PRIVATE KEY-----",
177
178             "-----BEGIN PUBLIC KEY-----\n"
179             "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
180             "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
181             "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
182             "3Op0tEjy0jpmzeyNiQIDAQAB\n"
183             "-----END PUBLIC KEY-----"
184     );
185     km[DSA].emplace_back(
186             "-----BEGIN DSA PRIVATE KEY-----\n"
187             "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
188             "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
189             "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
190             "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
191             "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
192             "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
193             "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
194             "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
195             "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
196             "yAKPlW7WQzgV5jLLNUW7\n"
197             "-----END DSA PRIVATE KEY-----",
198
199             "-----BEGIN DSA PRIVATE KEY-----\n"
200             "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
201             "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
202             "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
203             "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
204             "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
205             "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
206             "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
207             "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
208             "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
209             "yAKPlW7WQzgV5jLLNUW7\n"
210             "-----END DSA PRIVATE KEY-----"
211     );
212     km[ECDSA].emplace_back(
213             "-----BEGIN EC PRIVATE KEY-----\n"
214             "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
215             "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
216             "sQ==\n"
217             "-----END EC PRIVATE KEY-----",
218
219             "-----BEGIN PUBLIC KEY-----\n"
220             "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
221             "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
222             "-----END PUBLIC KEY-----"
223     );
224     return km;
225 }
226
227 KeyMap keys = initializeKeys();
228 typedef vector<CertificateShPtr> CertVector;
229
230 const RawBuffer raw_buffer(const char* buffer)
231 {
232     return RawBuffer(buffer, buffer + strlen(buffer));
233 }
234
235 const RawBuffer test_buffer = raw_buffer("test_string");
236
237 template <typename F, typename... Args>
238 void test_negative(F&& func, int expected, Args... args)
239 {
240     MyObserverPtr obs = make_shared<MyObserver>();
241     ManagerAsync mgr;
242
243     (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
244     obs->WaitForResponse();
245
246     RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
247     RUNNER_ASSERT_MSG(
248             obs->m_error == expected,
249             "Expected " << expected << "/" << ErrorToString(expected) <<
250             " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
251 }
252
253 template <typename F, typename... Args>
254 void test_invalid_param(F&& func, Args... args)
255 {
256     test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
257 }
258
259 template <typename F, typename... Args>
260 void test_no_observer(F&& func, Args... args)
261 {
262     ManagerAsync::ObserverPtr obs;
263     ManagerAsync mgr;
264
265     try {
266         (mgr.*func)(obs, args...);
267         RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
268     } catch (const invalid_argument& e) {
269         RUNNER_ASSERT(true);
270     } catch (...) {
271         RUNNER_ASSERT_MSG(false, "Unexpected exception");
272     }
273 }
274
275 template <typename F, typename... Args>
276 MyObserverPtr test_positive(F&& func, Args... args)
277 {
278     MyObserverPtr obs = make_shared<MyObserver>();
279     ManagerAsync mgr;
280
281     (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
282     obs->WaitForResponse();
283
284     RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
285     RUNNER_ASSERT_MSG(obs->m_error == 0,
286                          "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
287     return obs;
288 }
289
290 template <typename F, typename... Args>
291 void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
292 {
293     auto obs = test_positive(move(func), args...);
294     RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
295 }
296
297 template <typename F, typename... Args>
298 void test_check_cert_chain(F&& func, size_t expected, Args... args)
299 {
300     auto obs = test_positive(move(func), args...);
301     RUNNER_ASSERT_MSG(
302             obs->m_certChain.size() == expected,
303             "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
304 }
305
306 typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
307                                            const CertificateShPtr&,
308                                            const CertificateShPtrVector&,
309                                            const CertificateShPtrVector&,
310                                            bool);
311
312 typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
313                                            const CertificateShPtr&,
314                                            const AliasVector&,
315                                            const AliasVector&,
316                                            bool);
317
318 class CKMAsyncAPIEnv
319 {
320 public:
321     void init(const std::string &) {
322         reset_user_data(0, TEST_PASS);
323         reset_user_data(APP_UID, TEST_PASS);
324     }
325     void finish() {
326         remove_user_data(APP_UID);
327         remove_user_data(0);
328     }
329 };
330
331 CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
332 CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
333
334 CKM::PKCS12ShPtr loadPkcs()
335 {
336     std::ifstream is("/usr/share/ckm-test/pkcs.p12");
337     std::istreambuf_iterator<char> begin(is), end;
338     std::vector<char> buff(begin, end);
339
340     CKM::RawBuffer buffer(buff.size());
341     memcpy(buffer.data(), buff.data(), buff.size());
342
343     auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
344     RUNNER_ASSERT_MSG(
345         NULL != pkcs.get(),
346         "Error in PKCS12::create()");
347
348     auto cert = pkcs->getCertificate();
349     RUNNER_ASSERT_MSG(
350         NULL != cert.get(),
351         "Error in PKCS12::getCertificate()");
352
353     auto key = pkcs->getKey();
354     RUNNER_ASSERT_MSG(
355         NULL != key.get(),
356         "Error in PKCS12::getKey()");
357
358     auto caVector = pkcs->getCaCertificateShPtrVector();
359     RUNNER_ASSERT_MSG(
360         2 == caVector.size(),
361         "Wrong size of vector");
362
363     return pkcs;
364 }
365
366 } // namespace anonymous
367
368
369 RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
370
371 // saveKey
372 RUNNER_CHILD_TEST(TA0010_save_key_invalid_param, CKMAsyncAPIEnv)
373 {
374     switch_to_storage_user(TEST_LABEL);
375
376     test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
377     test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
378     test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
379 }
380
381 RUNNER_CHILD_TEST(TA0020_save_key_already_exists, CKMAsyncAPIEnv)
382 {
383     switch_to_storage_user(TEST_LABEL);
384
385     DBCleanup dbc;
386     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
387     test_negative(&ManagerAsync::saveKey,
388                   CKM_API_ERROR_DB_ALIAS_EXISTS,
389                   dbc.alias("alias"),
390                   keys[RSA][0].prv,
391                   Policy());
392 }
393
394 RUNNER_CHILD_TEST(TA0050_save_key_positive, CKMAsyncAPIEnv)
395 {
396     switch_to_storage_user(TEST_LABEL);
397
398     DBCleanup dbc;
399     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
400 }
401
402
403 // saveCertificate
404 RUNNER_CHILD_TEST(TA0110_save_cert_invalid_param, CKMAsyncAPIEnv)
405 {
406     switch_to_storage_user(TEST_LABEL);
407
408     CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
409     test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
410     test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
411     test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
412 }
413
414 RUNNER_CHILD_TEST(TA0120_save_cert_already_exists, CKMAsyncAPIEnv)
415 {
416     switch_to_storage_user(TEST_LABEL);
417
418     DBCleanup dbc;
419     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
420     test_negative(&ManagerAsync::saveCertificate,
421                   CKM_API_ERROR_DB_ALIAS_EXISTS,
422                   dbc.alias("alias"),
423                   getTestCertificate(MBANK),
424                   Policy());
425 }
426
427 RUNNER_CHILD_TEST(TA0150_save_cert_positive, CKMAsyncAPIEnv)
428 {
429     switch_to_storage_user(TEST_LABEL);
430
431     DBCleanup dbc;
432     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
433 }
434
435
436 // saveData
437 RUNNER_CHILD_TEST(TA0210_save_data_invalid_param, CKMAsyncAPIEnv)
438 {
439     switch_to_storage_user(TEST_LABEL);
440
441     test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
442     test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
443     test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
444 }
445
446 RUNNER_CHILD_TEST(TA0220_save_data_already_exists, CKMAsyncAPIEnv)
447 {
448     switch_to_storage_user(TEST_LABEL);
449
450     DBCleanup dbc;
451     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
452     test_negative(&ManagerAsync::saveData,
453                   CKM_API_ERROR_DB_ALIAS_EXISTS,
454                   dbc.alias("alias"),
455                   test_buffer,
456                   Policy());
457 }
458
459 RUNNER_CHILD_TEST(TA0250_save_data_positive, CKMAsyncAPIEnv)
460 {
461     switch_to_storage_user(TEST_LABEL);
462
463     DBCleanup dbc;
464     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
465 }
466
467
468 // removeKey
469 RUNNER_CHILD_TEST(TA0310_remove_alias_invalid_param, CKMAsyncAPIEnv)
470 {
471     switch_to_storage_user(TEST_LABEL);
472
473     test_no_observer(&ManagerAsync::removeAlias, "alias");
474     test_invalid_param(&ManagerAsync::removeAlias, "");
475 }
476
477 RUNNER_CHILD_TEST(TA0330_remove_alias_unknown_alias, CKMAsyncAPIEnv)
478 {
479     switch_to_storage_user(TEST_LABEL);
480
481     test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
482 }
483
484 RUNNER_CHILD_TEST(TA0350_remove_key_positive, CKMAsyncAPIEnv)
485 {
486     switch_to_storage_user(TEST_LABEL);
487
488     DBCleanup dbc;
489     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
490     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
491 }
492
493
494 RUNNER_CHILD_TEST(TA0450_remove_cert_positive, CKMAsyncAPIEnv)
495 {
496     switch_to_storage_user(TEST_LABEL);
497
498     DBCleanup dbc;
499     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
500     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
501 }
502
503
504 RUNNER_CHILD_TEST(TA0550_remove_data_positive, CKMAsyncAPIEnv)
505 {
506     switch_to_storage_user(TEST_LABEL);
507
508     DBCleanup dbc;
509     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
510     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
511 }
512
513
514 // getKey
515 RUNNER_CHILD_TEST(TA0610_get_key_invalid_param, CKMAsyncAPIEnv)
516 {
517     switch_to_storage_user(TEST_LABEL);
518
519     test_no_observer(&ManagerAsync::getKey, "alias", "");
520     test_invalid_param(&ManagerAsync::getKey, "", "");
521 }
522
523 RUNNER_CHILD_TEST(TA0630_get_key_unknown_alias, CKMAsyncAPIEnv)
524 {
525     switch_to_storage_user(TEST_LABEL);
526
527     test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
528 }
529
530 RUNNER_CHILD_TEST(TA0640_get_key_wrong_password, CKMAsyncAPIEnv)
531 {
532     switch_to_storage_user(TEST_LABEL);
533
534     DBCleanup dbc;
535     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
536     test_negative(&ManagerAsync::getKey,
537                   CKM_API_ERROR_AUTHENTICATION_FAILED,
538                   dbc.alias("alias"),
539                   "wrong-password");
540 }
541
542 RUNNER_CHILD_TEST(TA0650_get_key_positive, CKMAsyncAPIEnv)
543 {
544     switch_to_storage_user(TEST_LABEL);
545
546     DBCleanup dbc;
547     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
548     test_positive(&ManagerAsync::getKey, dbc.alias("alias"), "password");
549 }
550
551
552 // getCertificate
553 RUNNER_CHILD_TEST(TA0710_get_cert_invalid_param, CKMAsyncAPIEnv)
554 {
555     switch_to_storage_user(TEST_LABEL);
556
557     test_no_observer(&ManagerAsync::getCertificate, "alias", "");
558     test_invalid_param(&ManagerAsync::getCertificate, "", "");
559 }
560
561 RUNNER_CHILD_TEST(TA0730_get_cert_unknown_alias, CKMAsyncAPIEnv)
562 {
563     switch_to_storage_user(TEST_LABEL);
564
565     test_negative(&ManagerAsync::getCertificate,
566                   CKM_API_ERROR_DB_ALIAS_UNKNOWN,
567                   "non-existing-alias",
568                   "");
569 }
570
571 RUNNER_CHILD_TEST(TA0740_get_cert_wrong_password, CKMAsyncAPIEnv)
572 {
573     switch_to_storage_user(TEST_LABEL);
574
575     DBCleanup dbc;
576     test_positive(&ManagerAsync::saveCertificate,
577                   dbc.alias("alias"),
578                   getTestCertificate(MBANK),
579                   Policy("password"));
580     test_negative(&ManagerAsync::getCertificate,
581                   CKM_API_ERROR_AUTHENTICATION_FAILED,
582                   dbc.alias("alias"),
583                   "wrong-password");
584 }
585
586 RUNNER_CHILD_TEST(TA0750_get_cert_positive, CKMAsyncAPIEnv)
587 {
588     switch_to_storage_user(TEST_LABEL);
589
590     DBCleanup dbc;
591     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy("password"));
592     test_positive(&ManagerAsync::getCertificate, dbc.alias("alias"), "password");
593 }
594
595
596 // getData
597 RUNNER_CHILD_TEST(TA0810_get_data_invalid_param, CKMAsyncAPIEnv)
598 {
599     switch_to_storage_user(TEST_LABEL);
600
601     test_no_observer(&ManagerAsync::getData, "alias", "");
602     test_invalid_param(&ManagerAsync::getData, "", "");
603 }
604
605 RUNNER_CHILD_TEST(TA0830_get_data_unknown_alias, CKMAsyncAPIEnv)
606 {
607     switch_to_storage_user(TEST_LABEL);
608
609     test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
610 }
611
612 RUNNER_CHILD_TEST(TA0840_get_data_wrong_password, CKMAsyncAPIEnv)
613 {
614     switch_to_storage_user(TEST_LABEL);
615
616     DBCleanup dbc;
617     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
618     test_negative(&ManagerAsync::getData,
619                   CKM_API_ERROR_AUTHENTICATION_FAILED,
620                   dbc.alias("alias"),
621                   "wrong-password");
622 }
623
624 RUNNER_CHILD_TEST(TA0850_get_data_positive, CKMAsyncAPIEnv)
625 {
626     switch_to_storage_user(TEST_LABEL);
627
628     DBCleanup dbc;
629     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
630     test_positive(&ManagerAsync::getData, dbc.alias("alias"), "password");
631 }
632
633
634 // getKeyAliasVector
635 RUNNER_CHILD_TEST(TA0910_get_key_alias_vector_invalid_param, CKMAsyncAPIEnv)
636 {
637     switch_to_storage_user(TEST_LABEL);
638
639     test_no_observer(&ManagerAsync::getKeyAliasVector);
640 }
641
642 RUNNER_CHILD_TEST(TA0950_get_key_alias_vector_positive, CKMAsyncAPIEnv)
643 {
644     switch_to_storage_user(TEST_LABEL);
645
646     DBCleanup dbc;
647     test_positive(&ManagerAsync::saveKey, dbc.alias("alias1"), keys[RSA][0].prv, Policy());
648     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
649
650     test_positive(&ManagerAsync::saveKey, dbc.alias("alias2"), keys[DSA][0].prv, Policy());
651     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
652                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
653
654     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
655     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
656 }
657
658
659 // getCertificateAliasVector
660 RUNNER_CHILD_TEST(TA1010_get_cert_alias_vector_invalid_param, CKMAsyncAPIEnv)
661 {
662     switch_to_storage_user(TEST_LABEL);
663
664     test_no_observer(&ManagerAsync::getCertificateAliasVector);
665 }
666
667 RUNNER_CHILD_TEST(TA1050_get_cert_alias_vector_positive, CKMAsyncAPIEnv)
668 {
669     switch_to_storage_user(TEST_LABEL);
670
671     DBCleanup dbc;
672     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias1"), getTestCertificate(MBANK), Policy());
673     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
674
675     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias2"), getTestCertificate(SYMANTEC), Policy());
676     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
677                                                                    aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
678
679     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
680     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
681 }
682
683
684 // getDataAliasVector
685 RUNNER_CHILD_TEST(TA1110_get_data_alias_vector_invalid_param, CKMAsyncAPIEnv)
686 {
687     switch_to_storage_user(TEST_LABEL);
688
689     test_no_observer(&ManagerAsync::getDataAliasVector);
690 }
691
692 RUNNER_CHILD_TEST(TA1150_get_data_alias_vector_positive, CKMAsyncAPIEnv)
693 {
694     switch_to_storage_user(TEST_LABEL);
695
696     DBCleanup dbc;
697     test_positive(&ManagerAsync::saveData, dbc.alias("alias1"), test_buffer, Policy());
698     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
699
700     test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
701     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
702                                                             aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
703
704     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
705     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
706 }
707
708
709 // createKeyPairRSA
710 RUNNER_CHILD_TEST(TA1210_create_key_pair_rsa_invalid_param, CKMAsyncAPIEnv)
711 {
712     switch_to_storage_user(TEST_LABEL);
713
714     test_no_observer(&ManagerAsync::createKeyPairRSA,
715                      1024,
716                      "alias_prv",
717                      "alias_pub",
718                      Policy(),
719                      Policy());
720 }
721
722 RUNNER_CHILD_TEST(TA1220_create_key_pair_rsa_already_exists, CKMAsyncAPIEnv)
723 {
724     switch_to_storage_user(TEST_LABEL);
725
726     DBCleanup dbc;
727     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy());
728     test_negative(&ManagerAsync::createKeyPairRSA,
729                   CKM_API_ERROR_DB_ALIAS_EXISTS,
730                   1024,
731                   dbc.alias("alias_prv"),
732                   dbc.alias("alias_pub"),
733                   Policy(),
734                   Policy());
735 }
736
737 RUNNER_CHILD_TEST(TA1250_create_key_pair_rsa_positive, CKMAsyncAPIEnv)
738 {
739     switch_to_storage_user(TEST_LABEL);
740
741     DBCleanup dbc;
742     test_positive(&ManagerAsync::createKeyPairRSA,
743                   1024,
744                   dbc.alias("alias_prv"),
745                   dbc.alias("alias_pub"),
746                   Policy(),
747                   Policy());
748
749     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
750                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
751 }
752
753 // createKeyPairDSA
754 RUNNER_CHILD_TEST(TA1270_create_key_pair_dsa_invalid_param, CKMAsyncAPIEnv)
755 {
756     switch_to_storage_user(TEST_LABEL);
757
758     test_no_observer(&ManagerAsync::createKeyPairDSA,
759                      1024,
760                      "alias_prv",
761                      "alias_pub",
762                      Policy(),
763                      Policy());
764 }
765
766 RUNNER_CHILD_TEST(TA1280_create_key_pair_dsa_already_exists, CKMAsyncAPIEnv)
767 {
768     switch_to_storage_user(TEST_LABEL);
769
770     DBCleanup dbc;
771     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[DSA][0].prv, Policy());
772     test_negative(&ManagerAsync::createKeyPairDSA,
773                   CKM_API_ERROR_DB_ALIAS_EXISTS,
774                   1024,
775                   dbc.alias("alias_prv"),
776                   dbc.alias("alias_pub"),
777                   Policy(),
778                   Policy());
779 }
780
781 RUNNER_CHILD_TEST(TA1290_create_key_pair_dsa_positive, CKMAsyncAPIEnv)
782 {
783     switch_to_storage_user(TEST_LABEL);
784
785     DBCleanup dbc;
786     test_positive(&ManagerAsync::createKeyPairDSA,
787                   1024,
788                   dbc.alias("alias_prv"),
789                   dbc.alias("alias_pub"),
790                   Policy(),
791                   Policy());
792
793     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
794                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
795 }
796
797 // createKeyPairECDSA
798 RUNNER_CHILD_TEST(TA1310_create_key_pair_ecdsa_invalid_param, CKMAsyncAPIEnv)
799 {
800     switch_to_storage_user(TEST_LABEL);
801
802     test_no_observer(&ManagerAsync::createKeyPairECDSA,
803                      ElipticCurve::prime192v1,
804                      "alias_prv",
805                      "alias_pub",
806                      Policy(),
807                      Policy());
808 }
809
810 RUNNER_CHILD_TEST(TA1320_create_key_pair_ecdsa_already_exists, CKMAsyncAPIEnv)
811 {
812     switch_to_storage_user(TEST_LABEL);
813
814     DBCleanup dbc;
815     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[ECDSA][0].prv, Policy());
816     test_negative(&ManagerAsync::createKeyPairECDSA,
817                   CKM_API_ERROR_DB_ALIAS_EXISTS,
818                   ElipticCurve::prime192v1,
819                   dbc.alias("alias_prv"),
820                   dbc.alias("alias_pub"),
821                   Policy(),
822                   Policy());
823 }
824
825 RUNNER_CHILD_TEST(TA1350_create_key_pair_ecdsa_positive, CKMAsyncAPIEnv)
826 {
827     switch_to_storage_user(TEST_LABEL);
828
829     DBCleanup dbc;
830     test_positive(&ManagerAsync::createKeyPairECDSA,
831                   ElipticCurve::prime192v1,
832                   dbc.alias("alias_prv"),
833                   dbc.alias("alias_pub"),
834                   Policy(),
835                   Policy());
836
837     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
838                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
839 }
840
841
842 // getCertificateChain
843 RUNNER_CHILD_TEST(TA1410_get_certificate_chain_invalid_param, CKMAsyncAPIEnv)
844 {
845     switch_to_storage_user(TEST_LABEL);
846
847     CertificateShPtr cert = getTestCertificate(MBANK);
848     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
849     test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
850                                    cert,
851                                    certv,
852                                    EMPTY_CERT_VECTOR,
853                                    true);
854     test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
855                                      CertificateShPtr(),
856                                      certv,
857                                      EMPTY_CERT_VECTOR,
858                                      true);
859
860     Alias alias = "alias";
861     AliasVector aliasv = { alias };
862     test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
863                                    cert,
864                                    aliasv,
865                                    EMPTY_ALIAS_VECTOR,
866                                    true);
867     test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
868                                      CertificateShPtr(),
869                                      aliasv,
870                                      EMPTY_ALIAS_VECTOR,
871                                      true);
872 }
873
874 RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative, CKMAsyncAPIEnv)
875 {
876     switch_to_storage_user(TEST_LABEL);
877
878     DBCleanup dbc;
879     CertificateShPtr cert = getTestCertificate(MBANK);
880     CertificateShPtrVector certv = { getTestCertificate(MBANK) };
881     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
882                                 CKM_API_ERROR_VERIFICATION_FAILED,
883                                 cert,
884                                 EMPTY_CERT_VECTOR,
885                                 EMPTY_CERT_VECTOR,
886                                 true);
887     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
888                                 CKM_API_ERROR_VERIFICATION_FAILED,
889                                 cert,
890                                 certv,
891                                 EMPTY_CERT_VECTOR,
892                                 true);
893     AliasVector aliasv = { dbc.alias("alias") };
894     test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
895     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
896                                 CKM_API_ERROR_VERIFICATION_FAILED,
897                                 cert,
898                                 EMPTY_ALIAS_VECTOR,
899                                 EMPTY_ALIAS_VECTOR,
900                                 true);
901     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
902                                 CKM_API_ERROR_VERIFICATION_FAILED,
903                                 cert,
904                                 aliasv,
905                                 EMPTY_ALIAS_VECTOR,
906                                 true);
907 }
908
909 RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive, CKMAsyncAPIEnv)
910 {
911     switch_to_storage_user(TEST_LABEL);
912
913     DBCleanup dbc;
914     CertificateShPtr cert = getTestCertificate(MBANK);
915     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
916     test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
917                                         3,
918                                         cert,
919                                         certv,
920                                         EMPTY_CERT_VECTOR,
921                                         true);
922
923     AliasVector aliasv = { dbc.alias("alias") };
924     test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
925     test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
926                                         3,
927                                         cert,
928                                         aliasv,
929                                         EMPTY_ALIAS_VECTOR,
930                                         true);
931 }
932
933
934 // createSignature
935 RUNNER_CHILD_TEST(TA1510_create_signature_invalid_param, CKMAsyncAPIEnv)
936 {
937     switch_to_storage_user(TEST_LABEL);
938
939     test_no_observer(&ManagerAsync::createSignature,
940                      "alias",
941                      "",
942                      test_buffer,
943                      HashAlgorithm::SHA1,
944                      RSAPaddingAlgorithm::PKCS1);
945     test_invalid_param(&ManagerAsync::createSignature,
946                        "",
947                        "",
948                        test_buffer,
949                        HashAlgorithm::SHA1,
950                        RSAPaddingAlgorithm::PKCS1);
951     test_invalid_param(&ManagerAsync::createSignature,
952                        "alias",
953                        "",
954                        RawBuffer(),
955                        HashAlgorithm::SHA1,
956                        RSAPaddingAlgorithm::PKCS1);
957 }
958
959 RUNNER_CHILD_TEST(TA1520_create_signature_invalid_password, CKMAsyncAPIEnv)
960 {
961     switch_to_storage_user(TEST_LABEL);
962
963     DBCleanup dbc;
964     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
965     test_negative(&ManagerAsync::createSignature,
966                   CKM_API_ERROR_INPUT_PARAM,
967                   dbc.alias("alias"),
968                   "wrong-password",
969                   RawBuffer(),
970                   HashAlgorithm::SHA1,
971                   RSAPaddingAlgorithm::PKCS1);
972 }
973
974 RUNNER_CHILD_TEST(TA1550_create_signature_positive, CKMAsyncAPIEnv)
975 {
976     switch_to_storage_user(TEST_LABEL);
977
978     DBCleanup dbc;
979     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
980     test_positive(&ManagerAsync::createSignature,
981                   dbc.alias("alias"),
982                   "password",
983                   test_buffer,
984                   HashAlgorithm::SHA1,
985                   RSAPaddingAlgorithm::PKCS1);
986 }
987
988
989 // verifySignature
990 RUNNER_CHILD_TEST(TA1610_verify_signature_invalid_param, CKMAsyncAPIEnv)
991 {
992     switch_to_storage_user(TEST_LABEL);
993
994     test_no_observer(&ManagerAsync::verifySignature,
995                      "",
996                      "",
997                      RawBuffer(),
998                      RawBuffer(),
999                      HashAlgorithm::SHA1,
1000                      RSAPaddingAlgorithm::PKCS1);
1001     test_invalid_param(&ManagerAsync::verifySignature,
1002                        "",
1003                        "",
1004                        test_buffer,
1005                        test_buffer,
1006                        HashAlgorithm::SHA1,
1007                        RSAPaddingAlgorithm::PKCS1);
1008 }
1009
1010 RUNNER_CHILD_TEST(TA1620_verify_signature_invalid_password, CKMAsyncAPIEnv)
1011 {
1012     switch_to_storage_user(TEST_LABEL);
1013
1014     DBCleanup dbc;
1015     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
1016     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
1017     auto obs = test_positive(&ManagerAsync::createSignature,
1018                              dbc.alias("alias_prv"),
1019                              "pass1",
1020                              test_buffer,
1021                              HashAlgorithm::SHA1,
1022                              RSAPaddingAlgorithm::PKCS1);
1023
1024     test_negative(&ManagerAsync::verifySignature,
1025                   CKM_API_ERROR_AUTHENTICATION_FAILED,
1026                   dbc.alias("alias_pub"),
1027                   "wrong-password",
1028                   test_buffer,
1029                   obs->m_signed,
1030                   HashAlgorithm::SHA1,
1031                   RSAPaddingAlgorithm::PKCS1);
1032 }
1033
1034 RUNNER_CHILD_TEST(TA1630_verify_signature_invalid_message, CKMAsyncAPIEnv)
1035 {
1036     switch_to_storage_user(TEST_LABEL);
1037
1038     DBCleanup dbc;
1039     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
1040     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
1041
1042     auto obs = test_positive(&ManagerAsync::createSignature,
1043                              dbc.alias("alias_prv"),
1044                              "",
1045                              test_buffer,
1046                              HashAlgorithm::SHA1,
1047                              RSAPaddingAlgorithm::PKCS1);
1048
1049     test_negative(&ManagerAsync::verifySignature,
1050                   CKM_API_ERROR_VERIFICATION_FAILED,
1051                   dbc.alias("alias_pub"),
1052                   "",
1053                   raw_buffer("invalid-unsigned-mesage"),
1054                   obs->m_signed,
1055                   HashAlgorithm::SHA1,
1056                   RSAPaddingAlgorithm::PKCS1);
1057 }
1058
1059 RUNNER_CHILD_TEST(TA1640_verify_signature_invalid_signature, CKMAsyncAPIEnv)
1060 {
1061     switch_to_storage_user(TEST_LABEL);
1062
1063     DBCleanup dbc;
1064     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
1065
1066     test_negative(&ManagerAsync::verifySignature,
1067                   CKM_API_ERROR_VERIFICATION_FAILED,
1068                   dbc.alias("alias_pub"),
1069                   "",
1070                   test_buffer,
1071                   raw_buffer("invalid-signature"),
1072                   HashAlgorithm::SHA1,
1073                   RSAPaddingAlgorithm::PKCS1);
1074 }
1075
1076 RUNNER_CHILD_TEST(TA1650_verify_signature_wrong_key, CKMAsyncAPIEnv)
1077 {
1078     switch_to_storage_user(TEST_LABEL);
1079
1080     DBCleanup dbc;
1081     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
1082     auto obs = test_positive(&ManagerAsync::createSignature,
1083                              dbc.alias("alias_prv"),
1084                              "",
1085                              test_buffer,
1086                              HashAlgorithm::SHA1,
1087                              RSAPaddingAlgorithm::PKCS1);
1088
1089     test_negative(&ManagerAsync::verifySignature,
1090                   CKM_API_ERROR_SERVER_ERROR,
1091                   dbc.alias("alias_prv"),
1092                   "",
1093                   test_buffer,
1094                   obs->m_signed,
1095                   HashAlgorithm::SHA1,
1096                   RSAPaddingAlgorithm::PKCS1);
1097 }
1098
1099 RUNNER_CHILD_TEST(TA1660_verify_signature_positive, CKMAsyncAPIEnv)
1100 {
1101     switch_to_storage_user(TEST_LABEL);
1102
1103     DBCleanup dbc;
1104     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
1105     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
1106     auto obs = test_positive(&ManagerAsync::createSignature,
1107                              dbc.alias("alias_prv"),
1108                              "pass1",
1109                              test_buffer,
1110                              HashAlgorithm::SHA1,
1111                              RSAPaddingAlgorithm::PKCS1);
1112
1113     test_positive(&ManagerAsync::verifySignature,
1114                   dbc.alias("alias_pub"),
1115                   "pass2",
1116                   test_buffer,
1117                   obs->m_signed,
1118                   HashAlgorithm::SHA1,
1119                   RSAPaddingAlgorithm::PKCS1);
1120 }
1121
1122
1123 // ocspCheck
1124 RUNNER_CHILD_TEST(TA1710_ocsp_check_invalid_param, CKMAsyncAPIEnv)
1125 {
1126     test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
1127     test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
1128 }
1129
1130 RUNNER_CHILD_TEST(TA1720_ocsp_check_negative, CKMAsyncAPIEnv)
1131 {
1132     switch_to_storage_ocsp_user(TEST_LABEL);
1133
1134     DBCleanup dbc;
1135     CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
1136
1137     auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
1138     RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
1139                          "Verification should fail. Got: " << obs->m_ocspStatus);
1140 }
1141
1142 RUNNER_CHILD_TEST(TA1750_ocsp_check_positive, CKMAsyncAPIEnv)
1143 {
1144     switch_to_storage_ocsp_user(TEST_LABEL);
1145
1146     DBCleanup dbc;
1147     CertificateShPtr cert = getTestCertificate(MBANK);
1148     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
1149     auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
1150                                            cert,
1151                                            certv,
1152                                            EMPTY_CERT_VECTOR,
1153                                            true);
1154
1155     auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
1156     RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
1157                          "Verification failed. Error: " << obs->m_ocspStatus);
1158 }
1159
1160 // setPermission
1161 RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param, CKMAsyncAPIEnv)
1162 {
1163     switch_to_storage_user(TEST_LABEL);
1164
1165     test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
1166     test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
1167     test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
1168 }
1169
1170 RUNNER_TEST(TA1820_allow_access, CKMAsyncAPIEnv)
1171 {
1172     DBCleanup dbc;
1173     CharPtr top_label = get_label();
1174     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
1175     test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
1176     test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
1177     test_positive(&ManagerAsync::setPermission,
1178                   dbc.alias("alias2"),
1179                   TEST_LABEL,
1180                   CKM::Permission::READ);
1181     test_positive(&ManagerAsync::setPermission,
1182                   dbc.alias("alias3"),
1183                   TEST_LABEL,
1184                   CKM::Permission::READ | CKM::Permission::REMOVE);
1185
1186     {
1187         ScopedLabel label(TEST_LABEL);
1188
1189         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
1190         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
1191
1192         // test from allowed label, but without properly addressing alias (coming from default label)
1193         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
1194
1195         // now test with appropriate addressing
1196         std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
1197         test_positive(&ManagerAsync::getData, full_alias2_address, "");
1198         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
1199
1200         std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
1201         test_positive(&ManagerAsync::getData, full_alias3_address, "");
1202         test_positive(&ManagerAsync::removeAlias, full_alias3_address);
1203     }
1204 }
1205
1206 // denyAccess
1207 RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param, CKMAsyncAPIEnv)
1208 {
1209     switch_to_storage_user(TEST_LABEL);
1210
1211     test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
1212     test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
1213     test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
1214 }
1215
1216 RUNNER_TEST(TA1920_deny_access, CKMAsyncAPIEnv)
1217 {
1218     DBCleanup dbc;
1219     CharPtr top_label = get_label();
1220     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
1221     test_positive(&ManagerAsync::setPermission,
1222                   dbc.alias("alias"),
1223                   TEST_LABEL,
1224                   CKM::Permission::READ | CKM::Permission::REMOVE);
1225     test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
1226
1227     {
1228         ScopedLabel label(TEST_LABEL);
1229
1230         std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
1231         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
1232         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
1233     }
1234 }
1235
1236 RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, CKMAsyncAPIEnv)
1237 {
1238     DBCleanup dbc;
1239     auto pkcs = loadPkcs();
1240
1241     // save to the CKM
1242     CKM::Policy exportable;
1243     CKM::Policy notExportable(CKM::Password(), false);
1244
1245     test_positive(&ManagerAsync::savePKCS12,
1246                   dbc.alias(alias_PKCS_exportable.c_str()),
1247                   pkcs,
1248                   exportable,
1249                   exportable);
1250     test_negative(&ManagerAsync::savePKCS12,
1251                   CKM_API_ERROR_DB_ALIAS_EXISTS,
1252                   dbc.alias(alias_PKCS_exportable.c_str()),
1253                   pkcs,
1254                   exportable,
1255                   exportable);
1256
1257     test_positive(&ManagerAsync::savePKCS12,
1258                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1259                   pkcs,
1260                   notExportable,
1261                   notExportable);
1262     test_negative(&ManagerAsync::savePKCS12,
1263                   CKM_API_ERROR_DB_ALIAS_EXISTS,
1264                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1265                   pkcs,
1266                   notExportable,
1267                   notExportable);
1268 }
1269
1270 RUNNER_TEST(TA2010_PKCS_get, CKMAsyncAPIEnv)
1271 {
1272     DBCleanup dbc;
1273
1274     auto pkcs = loadPkcs();
1275
1276     // save to the CKM
1277     CKM::Policy exportable;
1278     CKM::Policy notExportable(CKM::Password(), false);
1279
1280     test_positive(&ManagerAsync::savePKCS12,
1281                   dbc.alias(alias_PKCS_exportable.c_str()),
1282                   pkcs,
1283                   exportable,
1284                   exportable);
1285     test_positive(&ManagerAsync::savePKCS12,
1286                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1287                   pkcs,
1288                   notExportable,
1289                   notExportable);
1290
1291     // fail - no entry
1292     test_negative(&ManagerAsync::getPKCS12,
1293                   CKM_API_ERROR_DB_ALIAS_UNKNOWN,
1294                   "i-do-not-exist",
1295                   CKM::Password(),
1296                   CKM::Password());
1297
1298
1299     // fail - not exportable
1300     test_negative(&ManagerAsync::getPKCS12,
1301                   CKM_API_ERROR_NOT_EXPORTABLE,
1302                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1303                   CKM::Password(),
1304                   CKM::Password());
1305
1306     // success - exportable
1307     auto obs = test_positive(&ManagerAsync::getPKCS12,
1308                              dbc.alias(alias_PKCS_exportable.c_str()),
1309                              CKM::Password(),
1310                              CKM::Password());
1311
1312     auto cert = obs->m_pkcs->getCertificate();
1313     RUNNER_ASSERT_MSG(
1314         NULL != cert.get(),
1315         "Error in PKCS12::getCertificate()");
1316
1317     auto key = obs->m_pkcs->getKey();
1318     RUNNER_ASSERT_MSG(
1319         NULL != key.get(),
1320         "Error in PKCS12::getKey()");
1321
1322     auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
1323     RUNNER_ASSERT_MSG(
1324         2 == caVector.size(),
1325         "Wrong size of vector");
1326 }
Domain: Security / Uncategorized;