projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Introduce environment class for CKM async API tests
[platform/core/test/security-tests.git] / src / ckm / async-api.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Contact: Bumjin Im <bj.im@samsung.com>
5  *
6  *  Licensed under the Apache License, Version 2.0 (the "License");
7  *  you may not use this file except in compliance with the License.
8  *  You may obtain a copy of the License at
9  *
10  *      http://www.apache.org/licenses/LICENSE-2.0
11  *
12  *  Unless required by applicable law or agreed to in writing, software
13  *  distributed under the License is distributed on an "AS IS" BASIS,
14  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  *  See the License for the specific language governing permissions and
16  *  limitations under the License
17  */
18 /*
19  * @file       async-api.cpp
20  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
21  * @version    1.0
22  */
23
24 #include <mutex>
25 #include <utility>
26 #include <condition_variable>
27 #include <cassert>
28
29 #include <ckmc/ckmc-type.h>
30 #include <ckm/ckm-manager-async.h>
31 #include <ckm/ckm-manager.h>
32 #include <ckm/ckm-control.h>
33 #include <ckm/ckm-raw-buffer.h>
34
35 #include <fstream>
36
37 #include <dpl/test/test_runner.h>
38 #include <dpl/test/test_runner_child.h>
39 #include <dpl/log/log.h>
40
41 #include <tests_common.h>
42 #include <test-certs.h>
43 #include <ckm-common.h>
44
45 using namespace CKM;
46 using namespace std;
47 using namespace TestData;
48
49 namespace {
50
51 const char* TEST_LABEL = "test_label";
52 const CertificateShPtrVector EMPTY_CERT_VECTOR;
53 const AliasVector EMPTY_ALIAS_VECTOR;
54
55 class MyObserver: public ManagerAsync::Observer
56 {
57 public:
58     MyObserver() :
59             m_finished(false), m_error(0)
60     {
61     }
62
63     void ReceivedError(int error)
64     {
65         LogError("Received error: " << error);
66         m_finished = true;
67         m_error = error;
68         m_cv.notify_one();
69     }
70
71     void ReceivedSaveKey() { Succeeded(); }
72     void ReceivedSaveCertificate() { Succeeded(); }
73     void ReceivedSaveData() { Succeeded(); }
74     void ReceivedSavePKCS12() { Succeeded(); }
75
76     void ReceivedRemovedAlias() { Succeeded(); }
77
78     void ReceivedKey(Key &&) { Succeeded(); }
79     void ReceivedCertificate(Certificate &&) { Succeeded(); }
80     void ReceivedData(RawBuffer &&) { Succeeded(); }
81     void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
82
83     void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
84     void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
85     void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
86
87     void ReceivedCreateKeyPairRSA() { Succeeded(); }
88     void ReceivedCreateKeyPairDSA() { Succeeded(); }
89     void ReceivedCreateKeyPairECDSA() { Succeeded(); }
90
91     void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
92             { m_certChain = move(chain); Succeeded(); }
93
94     void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
95     void ReceivedVerifySignature() { Succeeded(); }
96
97     void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
98
99     void ReceivedSetPermission() { Succeeded(); }
100
101     void WaitForResponse()
102     {
103         unique_lock < mutex > lock(m_mutex);
104
105         m_cv.wait(lock, [this] {return m_finished;});
106     }
107
108     bool m_finished;
109     int m_error;
110     AliasVector m_aliases;
111     CertificateShPtrVector m_certChain;
112     PKCS12ShPtr m_pkcs;
113     RawBuffer m_signed;
114     int m_ocspStatus;
115
116 protected:
117     void Succeeded()
118     {
119         LogDebug("Succeeded");
120         m_finished = true;
121         m_cv.notify_one();
122     }
123
124     mutex m_mutex;
125     condition_variable m_cv;
126 };
127
128 typedef shared_ptr<MyObserver> MyObserverPtr;
129
130 const char* TEST_PASS = "test-pass";
131
132 enum Type {
133     RSA,
134     DSA,
135     ECDSA
136 };
137
138 struct KeyPair
139 {
140     KeyPair(const std::string& prv_pem, const std::string& pub_pem) {
141         RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
142         prv = Key::create(buffer_prv);
143         assert(prv);
144
145         RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
146         pub = Key::create(buffer_pub);
147         assert(pub);
148     }
149
150     KeyShPtr prv;
151     KeyShPtr pub;
152 };
153
154 typedef map<Type, vector<KeyPair> > KeyMap;
155
156
157 KeyMap initializeKeys()
158 {
159     KeyMap km;
160
161     km[RSA].emplace_back(
162             "-----BEGIN RSA PRIVATE KEY-----\n"
163             "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
164             "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
165             "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
166             "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
167             "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
168             "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
169             "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
170             "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
171             "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
172             "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
173             "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
174             "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
175             "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
176             "-----END RSA PRIVATE KEY-----",
177
178             "-----BEGIN PUBLIC KEY-----\n"
179             "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
180             "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
181             "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
182             "3Op0tEjy0jpmzeyNiQIDAQAB\n"
183             "-----END PUBLIC KEY-----"
184     );
185     km[DSA].emplace_back(
186             "-----BEGIN DSA PRIVATE KEY-----\n"
187             "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
188             "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
189             "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
190             "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
191             "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
192             "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
193             "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
194             "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
195             "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
196             "yAKPlW7WQzgV5jLLNUW7\n"
197             "-----END DSA PRIVATE KEY-----",
198
199             "-----BEGIN DSA PRIVATE KEY-----\n"
200             "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
201             "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
202             "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
203             "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
204             "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
205             "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
206             "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
207             "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
208             "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
209             "yAKPlW7WQzgV5jLLNUW7\n"
210             "-----END DSA PRIVATE KEY-----"
211     );
212     km[ECDSA].emplace_back(
213             "-----BEGIN EC PRIVATE KEY-----\n"
214             "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
215             "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
216             "sQ==\n"
217             "-----END EC PRIVATE KEY-----",
218
219             "-----BEGIN PUBLIC KEY-----\n"
220             "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
221             "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
222             "-----END PUBLIC KEY-----"
223     );
224     return km;
225 }
226
227 KeyMap keys = initializeKeys();
228 typedef vector<CertificateShPtr> CertVector;
229
230 const RawBuffer raw_buffer(const char* buffer)
231 {
232     return RawBuffer(buffer, buffer + strlen(buffer));
233 }
234
235 const RawBuffer test_buffer = raw_buffer("test_string");
236
237 template <typename F, typename... Args>
238 void test_negative(F&& func, int expected, Args... args)
239 {
240     MyObserverPtr obs = make_shared<MyObserver>();
241     ManagerAsync mgr;
242
243     (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
244     obs->WaitForResponse();
245
246     RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
247     RUNNER_ASSERT_MSG(
248             obs->m_error == expected,
249             "Expected " << expected << "/" << ErrorToString(expected) <<
250             " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
251 }
252
253 template <typename F, typename... Args>
254 void test_invalid_param(F&& func, Args... args)
255 {
256     test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
257 }
258
259 template <typename F, typename... Args>
260 void test_no_observer(F&& func, Args... args)
261 {
262     ManagerAsync::ObserverPtr obs;
263     ManagerAsync mgr;
264
265     try {
266         (mgr.*func)(obs, args...);
267         RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
268     } catch (const invalid_argument& e) {
269         RUNNER_ASSERT(true);
270     } catch (...) {
271         RUNNER_ASSERT_MSG(false, "Unexpected exception");
272     }
273 }
274
275 template <typename F, typename... Args>
276 MyObserverPtr test_positive(F&& func, Args... args)
277 {
278     MyObserverPtr obs = make_shared<MyObserver>();
279     ManagerAsync mgr;
280
281     (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
282     obs->WaitForResponse();
283
284     RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
285     RUNNER_ASSERT_MSG(obs->m_error == 0,
286                          "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
287     return obs;
288 }
289
290 template <typename F, typename... Args>
291 void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
292 {
293     auto obs = test_positive(move(func), args...);
294     RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
295 }
296
297 template <typename F, typename... Args>
298 void test_check_cert_chain(F&& func, size_t expected, Args... args)
299 {
300     auto obs = test_positive(move(func), args...);
301     RUNNER_ASSERT_MSG(
302             obs->m_certChain.size() == expected,
303             "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
304 }
305
306 typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
307                                            const CertificateShPtr&,
308                                            const CertificateShPtrVector&,
309                                            const CertificateShPtrVector&,
310                                            bool);
311
312 typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
313                                            const CertificateShPtr&,
314                                            const AliasVector&,
315                                            const AliasVector&,
316                                            bool);
317
318 class CKMAsyncAPIEnv
319 {
320 public:
321     void init(const std::string &) {
322         int temp;
323         ControlShPtr control = Control::create();
324
325         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
326                           "Error=" << CKM::ErrorToString(temp));
327         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)),
328                           "Error=" << CKM::ErrorToString(temp));
329
330         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
331                           "Error=" << ErrorToString(temp));
332         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)),
333                           "Error=" << ErrorToString(temp));
334     }
335     void finish() {
336         int temp;
337         ControlShPtr control = Control::create();
338         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)),
339                           "Error=" << ErrorToString(temp));
340         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
341                          "Error=" << ErrorToString(temp));
342
343         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
344                           "Error=" << ErrorToString(temp));
345         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
346                           "Error=" << ErrorToString(temp));
347     }
348 };
349
350 } // namespace anonymous
351
352
353 RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
354
355 // saveKey
356 RUNNER_CHILD_TEST(TA0010_save_key_invalid_param, CKMAsyncAPIEnv)
357 {
358     switch_to_storage_user(TEST_LABEL);
359
360     test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
361     test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
362     test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
363 }
364
365 RUNNER_CHILD_TEST(TA0020_save_key_already_exists, CKMAsyncAPIEnv)
366 {
367     switch_to_storage_user(TEST_LABEL);
368
369     DBCleanup dbc;
370     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
371     test_negative(&ManagerAsync::saveKey,
372                   CKM_API_ERROR_DB_ALIAS_EXISTS,
373                   dbc.alias("alias"),
374                   keys[RSA][0].prv,
375                   Policy());
376 }
377
378 RUNNER_CHILD_TEST(TA0050_save_key_positive, CKMAsyncAPIEnv)
379 {
380     switch_to_storage_user(TEST_LABEL);
381
382     DBCleanup dbc;
383     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
384 }
385
386
387 // saveCertificate
388 RUNNER_CHILD_TEST(TA0110_save_cert_invalid_param, CKMAsyncAPIEnv)
389 {
390     switch_to_storage_user(TEST_LABEL);
391
392     CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
393     test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
394     test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
395     test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
396 }
397
398 RUNNER_CHILD_TEST(TA0120_save_cert_already_exists, CKMAsyncAPIEnv)
399 {
400     switch_to_storage_user(TEST_LABEL);
401
402     DBCleanup dbc;
403     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
404     test_negative(&ManagerAsync::saveCertificate,
405                   CKM_API_ERROR_DB_ALIAS_EXISTS,
406                   dbc.alias("alias"),
407                   getTestCertificate(MBANK),
408                   Policy());
409 }
410
411 RUNNER_CHILD_TEST(TA0150_save_cert_positive, CKMAsyncAPIEnv)
412 {
413     switch_to_storage_user(TEST_LABEL);
414
415     DBCleanup dbc;
416     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
417 }
418
419
420 // saveData
421 RUNNER_CHILD_TEST(TA0210_save_data_invalid_param, CKMAsyncAPIEnv)
422 {
423     switch_to_storage_user(TEST_LABEL);
424
425     test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
426     test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
427     test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
428 }
429
430 RUNNER_CHILD_TEST(TA0220_save_data_already_exists, CKMAsyncAPIEnv)
431 {
432     switch_to_storage_user(TEST_LABEL);
433
434     DBCleanup dbc;
435     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
436     test_negative(&ManagerAsync::saveData,
437                   CKM_API_ERROR_DB_ALIAS_EXISTS,
438                   dbc.alias("alias"),
439                   test_buffer,
440                   Policy());
441 }
442
443 RUNNER_CHILD_TEST(TA0250_save_data_positive, CKMAsyncAPIEnv)
444 {
445     switch_to_storage_user(TEST_LABEL);
446
447     DBCleanup dbc;
448     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
449 }
450
451
452 // removeKey
453 RUNNER_CHILD_TEST(TA0310_remove_alias_invalid_param, CKMAsyncAPIEnv)
454 {
455     switch_to_storage_user(TEST_LABEL);
456
457     test_no_observer(&ManagerAsync::removeAlias, "alias");
458     test_invalid_param(&ManagerAsync::removeAlias, "");
459 }
460
461 RUNNER_CHILD_TEST(TA0330_remove_alias_unknown_alias, CKMAsyncAPIEnv)
462 {
463     switch_to_storage_user(TEST_LABEL);
464
465     test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
466 }
467
468 RUNNER_CHILD_TEST(TA0350_remove_key_positive, CKMAsyncAPIEnv)
469 {
470     switch_to_storage_user(TEST_LABEL);
471
472     DBCleanup dbc;
473     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
474     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
475 }
476
477
478 RUNNER_CHILD_TEST(TA0450_remove_cert_positive, CKMAsyncAPIEnv)
479 {
480     switch_to_storage_user(TEST_LABEL);
481
482     DBCleanup dbc;
483     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
484     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
485 }
486
487
488 RUNNER_CHILD_TEST(TA0550_remove_data_positive, CKMAsyncAPIEnv)
489 {
490     switch_to_storage_user(TEST_LABEL);
491
492     DBCleanup dbc;
493     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
494     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
495 }
496
497
498 // getKey
499 RUNNER_CHILD_TEST(TA0610_get_key_invalid_param, CKMAsyncAPIEnv)
500 {
501     switch_to_storage_user(TEST_LABEL);
502
503     test_no_observer(&ManagerAsync::getKey, "alias", "");
504     test_invalid_param(&ManagerAsync::getKey, "", "");
505 }
506
507 RUNNER_CHILD_TEST(TA0630_get_key_unknown_alias, CKMAsyncAPIEnv)
508 {
509     switch_to_storage_user(TEST_LABEL);
510
511     test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
512 }
513
514 RUNNER_CHILD_TEST(TA0640_get_key_wrong_password, CKMAsyncAPIEnv)
515 {
516     switch_to_storage_user(TEST_LABEL);
517
518     DBCleanup dbc;
519     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
520     test_negative(&ManagerAsync::getKey,
521                   CKM_API_ERROR_AUTHENTICATION_FAILED,
522                   dbc.alias("alias"),
523                   "wrong-password");
524 }
525
526 RUNNER_CHILD_TEST(TA0650_get_key_positive, CKMAsyncAPIEnv)
527 {
528     switch_to_storage_user(TEST_LABEL);
529
530     DBCleanup dbc;
531     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
532     test_positive(&ManagerAsync::getKey, dbc.alias("alias"), "password");
533 }
534
535
536 // getCertificate
537 RUNNER_CHILD_TEST(TA0710_get_cert_invalid_param, CKMAsyncAPIEnv)
538 {
539     switch_to_storage_user(TEST_LABEL);
540
541     test_no_observer(&ManagerAsync::getCertificate, "alias", "");
542     test_invalid_param(&ManagerAsync::getCertificate, "", "");
543 }
544
545 RUNNER_CHILD_TEST(TA0730_get_cert_unknown_alias, CKMAsyncAPIEnv)
546 {
547     switch_to_storage_user(TEST_LABEL);
548
549     test_negative(&ManagerAsync::getCertificate,
550                   CKM_API_ERROR_DB_ALIAS_UNKNOWN,
551                   "non-existing-alias",
552                   "");
553 }
554
555 RUNNER_CHILD_TEST(TA0740_get_cert_wrong_password, CKMAsyncAPIEnv)
556 {
557     switch_to_storage_user(TEST_LABEL);
558
559     DBCleanup dbc;
560     test_positive(&ManagerAsync::saveCertificate,
561                   dbc.alias("alias"),
562                   getTestCertificate(MBANK),
563                   Policy("password"));
564     test_negative(&ManagerAsync::getCertificate,
565                   CKM_API_ERROR_AUTHENTICATION_FAILED,
566                   dbc.alias("alias"),
567                   "wrong-password");
568 }
569
570 RUNNER_CHILD_TEST(TA0750_get_cert_positive, CKMAsyncAPIEnv)
571 {
572     switch_to_storage_user(TEST_LABEL);
573
574     DBCleanup dbc;
575     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy("password"));
576     test_positive(&ManagerAsync::getCertificate, dbc.alias("alias"), "password");
577 }
578
579
580 // getData
581 RUNNER_CHILD_TEST(TA0810_get_data_invalid_param, CKMAsyncAPIEnv)
582 {
583     switch_to_storage_user(TEST_LABEL);
584
585     test_no_observer(&ManagerAsync::getData, "alias", "");
586     test_invalid_param(&ManagerAsync::getData, "", "");
587 }
588
589 RUNNER_CHILD_TEST(TA0830_get_data_unknown_alias, CKMAsyncAPIEnv)
590 {
591     switch_to_storage_user(TEST_LABEL);
592
593     test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
594 }
595
596 RUNNER_CHILD_TEST(TA0840_get_data_wrong_password, CKMAsyncAPIEnv)
597 {
598     switch_to_storage_user(TEST_LABEL);
599
600     DBCleanup dbc;
601     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
602     test_negative(&ManagerAsync::getData,
603                   CKM_API_ERROR_AUTHENTICATION_FAILED,
604                   dbc.alias("alias"),
605                   "wrong-password");
606 }
607
608 RUNNER_CHILD_TEST(TA0850_get_data_positive, CKMAsyncAPIEnv)
609 {
610     switch_to_storage_user(TEST_LABEL);
611
612     DBCleanup dbc;
613     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
614     test_positive(&ManagerAsync::getData, dbc.alias("alias"), "password");
615 }
616
617
618 // getKeyAliasVector
619 RUNNER_CHILD_TEST(TA0910_get_key_alias_vector_invalid_param, CKMAsyncAPIEnv)
620 {
621     switch_to_storage_user(TEST_LABEL);
622
623     test_no_observer(&ManagerAsync::getKeyAliasVector);
624 }
625
626 RUNNER_CHILD_TEST(TA0950_get_key_alias_vector_positive, CKMAsyncAPIEnv)
627 {
628     switch_to_storage_user(TEST_LABEL);
629
630     DBCleanup dbc;
631     test_positive(&ManagerAsync::saveKey, dbc.alias("alias1"), keys[RSA][0].prv, Policy());
632     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
633
634     test_positive(&ManagerAsync::saveKey, dbc.alias("alias2"), keys[DSA][0].prv, Policy());
635     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
636                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
637
638     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
639     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
640 }
641
642
643 // getCertificateAliasVector
644 RUNNER_CHILD_TEST(TA1010_get_cert_alias_vector_invalid_param, CKMAsyncAPIEnv)
645 {
646     switch_to_storage_user(TEST_LABEL);
647
648     test_no_observer(&ManagerAsync::getCertificateAliasVector);
649 }
650
651 RUNNER_CHILD_TEST(TA1050_get_cert_alias_vector_positive, CKMAsyncAPIEnv)
652 {
653     switch_to_storage_user(TEST_LABEL);
654
655     DBCleanup dbc;
656     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias1"), getTestCertificate(MBANK), Policy());
657     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
658
659     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias2"), getTestCertificate(SYMANTEC), Policy());
660     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
661                                                                    aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
662
663     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
664     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
665 }
666
667
668 // getDataAliasVector
669 RUNNER_CHILD_TEST(TA1110_get_data_alias_vector_invalid_param, CKMAsyncAPIEnv)
670 {
671     switch_to_storage_user(TEST_LABEL);
672
673     test_no_observer(&ManagerAsync::getDataAliasVector);
674 }
675
676 RUNNER_CHILD_TEST(TA1150_get_data_alias_vector_positive, CKMAsyncAPIEnv)
677 {
678     switch_to_storage_user(TEST_LABEL);
679
680     DBCleanup dbc;
681     test_positive(&ManagerAsync::saveData, dbc.alias("alias1"), test_buffer, Policy());
682     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
683
684     test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
685     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
686                                                             aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
687
688     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
689     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
690 }
691
692
693 // createKeyPairRSA
694 RUNNER_CHILD_TEST(TA1210_create_key_pair_rsa_invalid_param, CKMAsyncAPIEnv)
695 {
696     switch_to_storage_user(TEST_LABEL);
697
698     test_no_observer(&ManagerAsync::createKeyPairRSA,
699                      1024,
700                      "alias_prv",
701                      "alias_pub",
702                      Policy(),
703                      Policy());
704 }
705
706 RUNNER_CHILD_TEST(TA1220_create_key_pair_rsa_already_exists, CKMAsyncAPIEnv)
707 {
708     switch_to_storage_user(TEST_LABEL);
709
710     DBCleanup dbc;
711     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy());
712     test_negative(&ManagerAsync::createKeyPairRSA,
713                   CKM_API_ERROR_DB_ALIAS_EXISTS,
714                   1024,
715                   dbc.alias("alias_prv"),
716                   dbc.alias("alias_pub"),
717                   Policy(),
718                   Policy());
719 }
720
721 RUNNER_CHILD_TEST(TA1250_create_key_pair_rsa_positive, CKMAsyncAPIEnv)
722 {
723     switch_to_storage_user(TEST_LABEL);
724
725     DBCleanup dbc;
726     test_positive(&ManagerAsync::createKeyPairRSA,
727                   1024,
728                   dbc.alias("alias_prv"),
729                   dbc.alias("alias_pub"),
730                   Policy(),
731                   Policy());
732
733     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
734                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
735 }
736
737 // createKeyPairDSA
738 RUNNER_CHILD_TEST(TA1270_create_key_pair_dsa_invalid_param, CKMAsyncAPIEnv)
739 {
740     switch_to_storage_user(TEST_LABEL);
741
742     test_no_observer(&ManagerAsync::createKeyPairDSA,
743                      1024,
744                      "alias_prv",
745                      "alias_pub",
746                      Policy(),
747                      Policy());
748 }
749
750 RUNNER_CHILD_TEST(TA1280_create_key_pair_dsa_already_exists, CKMAsyncAPIEnv)
751 {
752     switch_to_storage_user(TEST_LABEL);
753
754     DBCleanup dbc;
755     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[DSA][0].prv, Policy());
756     test_negative(&ManagerAsync::createKeyPairDSA,
757                   CKM_API_ERROR_DB_ALIAS_EXISTS,
758                   1024,
759                   dbc.alias("alias_prv"),
760                   dbc.alias("alias_pub"),
761                   Policy(),
762                   Policy());
763 }
764
765 RUNNER_CHILD_TEST(TA1290_create_key_pair_dsa_positive, CKMAsyncAPIEnv)
766 {
767     switch_to_storage_user(TEST_LABEL);
768
769     DBCleanup dbc;
770     test_positive(&ManagerAsync::createKeyPairDSA,
771                   1024,
772                   dbc.alias("alias_prv"),
773                   dbc.alias("alias_pub"),
774                   Policy(),
775                   Policy());
776
777     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
778                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
779 }
780
781 // createKeyPairECDSA
782 RUNNER_CHILD_TEST(TA1310_create_key_pair_ecdsa_invalid_param, CKMAsyncAPIEnv)
783 {
784     switch_to_storage_user(TEST_LABEL);
785
786     test_no_observer(&ManagerAsync::createKeyPairECDSA,
787                      ElipticCurve::prime192v1,
788                      "alias_prv",
789                      "alias_pub",
790                      Policy(),
791                      Policy());
792 }
793
794 RUNNER_CHILD_TEST(TA1320_create_key_pair_ecdsa_already_exists, CKMAsyncAPIEnv)
795 {
796     switch_to_storage_user(TEST_LABEL);
797
798     DBCleanup dbc;
799     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[ECDSA][0].prv, Policy());
800     test_negative(&ManagerAsync::createKeyPairECDSA,
801                   CKM_API_ERROR_DB_ALIAS_EXISTS,
802                   ElipticCurve::prime192v1,
803                   dbc.alias("alias_prv"),
804                   dbc.alias("alias_pub"),
805                   Policy(),
806                   Policy());
807 }
808
809 RUNNER_CHILD_TEST(TA1350_create_key_pair_ecdsa_positive, CKMAsyncAPIEnv)
810 {
811     switch_to_storage_user(TEST_LABEL);
812
813     DBCleanup dbc;
814     test_positive(&ManagerAsync::createKeyPairECDSA,
815                   ElipticCurve::prime192v1,
816                   dbc.alias("alias_prv"),
817                   dbc.alias("alias_pub"),
818                   Policy(),
819                   Policy());
820
821     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
822                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
823 }
824
825
826 // getCertificateChain
827 RUNNER_CHILD_TEST(TA1410_get_certificate_chain_invalid_param, CKMAsyncAPIEnv)
828 {
829     switch_to_storage_user(TEST_LABEL);
830
831     CertificateShPtr cert = getTestCertificate(MBANK);
832     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
833     test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
834                                    cert,
835                                    certv,
836                                    EMPTY_CERT_VECTOR,
837                                    true);
838     test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
839                                      CertificateShPtr(),
840                                      certv,
841                                      EMPTY_CERT_VECTOR,
842                                      true);
843
844     Alias alias = "alias";
845     AliasVector aliasv = { alias };
846     test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
847                                    cert,
848                                    aliasv,
849                                    EMPTY_ALIAS_VECTOR,
850                                    true);
851     test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
852                                      CertificateShPtr(),
853                                      aliasv,
854                                      EMPTY_ALIAS_VECTOR,
855                                      true);
856 }
857
858 RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative, CKMAsyncAPIEnv)
859 {
860     switch_to_storage_user(TEST_LABEL);
861
862     DBCleanup dbc;
863     CertificateShPtr cert = getTestCertificate(MBANK);
864     CertificateShPtrVector certv = { getTestCertificate(MBANK) };
865     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
866                                 CKM_API_ERROR_VERIFICATION_FAILED,
867                                 cert,
868                                 EMPTY_CERT_VECTOR,
869                                 EMPTY_CERT_VECTOR,
870                                 true);
871     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
872                                 CKM_API_ERROR_VERIFICATION_FAILED,
873                                 cert,
874                                 certv,
875                                 EMPTY_CERT_VECTOR,
876                                 true);
877     AliasVector aliasv = { dbc.alias("alias") };
878     test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
879     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
880                                 CKM_API_ERROR_VERIFICATION_FAILED,
881                                 cert,
882                                 EMPTY_ALIAS_VECTOR,
883                                 EMPTY_ALIAS_VECTOR,
884                                 true);
885     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
886                                 CKM_API_ERROR_VERIFICATION_FAILED,
887                                 cert,
888                                 aliasv,
889                                 EMPTY_ALIAS_VECTOR,
890                                 true);
891 }
892
893 RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive, CKMAsyncAPIEnv)
894 {
895     switch_to_storage_user(TEST_LABEL);
896
897     DBCleanup dbc;
898     CertificateShPtr cert = getTestCertificate(MBANK);
899     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
900     test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
901                                         3,
902                                         cert,
903                                         certv,
904                                         EMPTY_CERT_VECTOR,
905                                         true);
906
907     AliasVector aliasv = { dbc.alias("alias") };
908     test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
909     test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
910                                         3,
911                                         cert,
912                                         aliasv,
913                                         EMPTY_ALIAS_VECTOR,
914                                         true);
915 }
916
917
918 // createSignature
919 RUNNER_CHILD_TEST(TA1510_create_signature_invalid_param, CKMAsyncAPIEnv)
920 {
921     switch_to_storage_user(TEST_LABEL);
922
923     test_no_observer(&ManagerAsync::createSignature,
924                      "alias",
925                      "",
926                      test_buffer,
927                      HashAlgorithm::SHA1,
928                      RSAPaddingAlgorithm::PKCS1);
929     test_invalid_param(&ManagerAsync::createSignature,
930                        "",
931                        "",
932                        test_buffer,
933                        HashAlgorithm::SHA1,
934                        RSAPaddingAlgorithm::PKCS1);
935     test_invalid_param(&ManagerAsync::createSignature,
936                        "alias",
937                        "",
938                        RawBuffer(),
939                        HashAlgorithm::SHA1,
940                        RSAPaddingAlgorithm::PKCS1);
941 }
942
943 RUNNER_CHILD_TEST(TA1520_create_signature_invalid_password, CKMAsyncAPIEnv)
944 {
945     switch_to_storage_user(TEST_LABEL);
946
947     DBCleanup dbc;
948     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
949     test_negative(&ManagerAsync::createSignature,
950                   CKM_API_ERROR_INPUT_PARAM,
951                   dbc.alias("alias"),
952                   "wrong-password",
953                   RawBuffer(),
954                   HashAlgorithm::SHA1,
955                   RSAPaddingAlgorithm::PKCS1);
956 }
957
958 RUNNER_CHILD_TEST(TA1550_create_signature_positive, CKMAsyncAPIEnv)
959 {
960     switch_to_storage_user(TEST_LABEL);
961
962     DBCleanup dbc;
963     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
964     test_positive(&ManagerAsync::createSignature,
965                   dbc.alias("alias"),
966                   "password",
967                   test_buffer,
968                   HashAlgorithm::SHA1,
969                   RSAPaddingAlgorithm::PKCS1);
970 }
971
972
973 // verifySignature
974 RUNNER_CHILD_TEST(TA1610_verify_signature_invalid_param, CKMAsyncAPIEnv)
975 {
976     switch_to_storage_user(TEST_LABEL);
977
978     test_no_observer(&ManagerAsync::verifySignature,
979                      "",
980                      "",
981                      RawBuffer(),
982                      RawBuffer(),
983                      HashAlgorithm::SHA1,
984                      RSAPaddingAlgorithm::PKCS1);
985     test_invalid_param(&ManagerAsync::verifySignature,
986                        "",
987                        "",
988                        test_buffer,
989                        test_buffer,
990                        HashAlgorithm::SHA1,
991                        RSAPaddingAlgorithm::PKCS1);
992 }
993
994 RUNNER_CHILD_TEST(TA1620_verify_signature_invalid_password, CKMAsyncAPIEnv)
995 {
996     switch_to_storage_user(TEST_LABEL);
997
998     DBCleanup dbc;
999     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
1000     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
1001     auto obs = test_positive(&ManagerAsync::createSignature,
1002                              dbc.alias("alias_prv"),
1003                              "pass1",
1004                              test_buffer,
1005                              HashAlgorithm::SHA1,
1006                              RSAPaddingAlgorithm::PKCS1);
1007
1008     test_negative(&ManagerAsync::verifySignature,
1009                   CKM_API_ERROR_AUTHENTICATION_FAILED,
1010                   dbc.alias("alias_pub"),
1011                   "wrong-password",
1012                   test_buffer,
1013                   obs->m_signed,
1014                   HashAlgorithm::SHA1,
1015                   RSAPaddingAlgorithm::PKCS1);
1016 }
1017
1018 RUNNER_CHILD_TEST(TA1630_verify_signature_invalid_message, CKMAsyncAPIEnv)
1019 {
1020     switch_to_storage_user(TEST_LABEL);
1021
1022     DBCleanup dbc;
1023     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
1024     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
1025
1026     auto obs = test_positive(&ManagerAsync::createSignature,
1027                              dbc.alias("alias_prv"),
1028                              "",
1029                              test_buffer,
1030                              HashAlgorithm::SHA1,
1031                              RSAPaddingAlgorithm::PKCS1);
1032
1033     test_negative(&ManagerAsync::verifySignature,
1034                   CKM_API_ERROR_VERIFICATION_FAILED,
1035                   dbc.alias("alias_pub"),
1036                   "",
1037                   raw_buffer("invalid-unsigned-mesage"),
1038                   obs->m_signed,
1039                   HashAlgorithm::SHA1,
1040                   RSAPaddingAlgorithm::PKCS1);
1041 }
1042
1043 RUNNER_CHILD_TEST(TA1640_verify_signature_invalid_signature, CKMAsyncAPIEnv)
1044 {
1045     switch_to_storage_user(TEST_LABEL);
1046
1047     DBCleanup dbc;
1048     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
1049
1050     test_negative(&ManagerAsync::verifySignature,
1051                   CKM_API_ERROR_VERIFICATION_FAILED,
1052                   dbc.alias("alias_pub"),
1053                   "",
1054                   test_buffer,
1055                   raw_buffer("invalid-signature"),
1056                   HashAlgorithm::SHA1,
1057                   RSAPaddingAlgorithm::PKCS1);
1058 }
1059
1060 RUNNER_CHILD_TEST(TA1650_verify_signature_wrong_key, CKMAsyncAPIEnv)
1061 {
1062     switch_to_storage_user(TEST_LABEL);
1063
1064     DBCleanup dbc;
1065     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
1066     auto obs = test_positive(&ManagerAsync::createSignature,
1067                              dbc.alias("alias_prv"),
1068                              "",
1069                              test_buffer,
1070                              HashAlgorithm::SHA1,
1071                              RSAPaddingAlgorithm::PKCS1);
1072
1073     test_negative(&ManagerAsync::verifySignature,
1074                   CKM_API_ERROR_SERVER_ERROR,
1075                   dbc.alias("alias_prv"),
1076                   "",
1077                   test_buffer,
1078                   obs->m_signed,
1079                   HashAlgorithm::SHA1,
1080                   RSAPaddingAlgorithm::PKCS1);
1081 }
1082
1083 RUNNER_CHILD_TEST(TA1660_verify_signature_positive, CKMAsyncAPIEnv)
1084 {
1085     switch_to_storage_user(TEST_LABEL);
1086
1087     DBCleanup dbc;
1088     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
1089     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
1090     auto obs = test_positive(&ManagerAsync::createSignature,
1091                              dbc.alias("alias_prv"),
1092                              "pass1",
1093                              test_buffer,
1094                              HashAlgorithm::SHA1,
1095                              RSAPaddingAlgorithm::PKCS1);
1096
1097     test_positive(&ManagerAsync::verifySignature,
1098                   dbc.alias("alias_pub"),
1099                   "pass2",
1100                   test_buffer,
1101                   obs->m_signed,
1102                   HashAlgorithm::SHA1,
1103                   RSAPaddingAlgorithm::PKCS1);
1104 }
1105
1106
1107 // ocspCheck
1108 RUNNER_CHILD_TEST(TA1710_ocsp_check_invalid_param, CKMAsyncAPIEnv)
1109 {
1110     test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
1111     test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
1112 }
1113
1114 RUNNER_CHILD_TEST(TA1720_ocsp_check_negative, CKMAsyncAPIEnv)
1115 {
1116     switch_to_storage_ocsp_user(TEST_LABEL);
1117
1118     DBCleanup dbc;
1119     CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
1120
1121     auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
1122     RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
1123                          "Verification should fail. Got: " << obs->m_ocspStatus);
1124 }
1125
1126 RUNNER_CHILD_TEST(TA1750_ocsp_check_positive, CKMAsyncAPIEnv)
1127 {
1128     switch_to_storage_ocsp_user(TEST_LABEL);
1129
1130     DBCleanup dbc;
1131     CertificateShPtr cert = getTestCertificate(MBANK);
1132     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
1133     auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
1134                                            cert,
1135                                            certv,
1136                                            EMPTY_CERT_VECTOR,
1137                                            true);
1138
1139     auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
1140     RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
1141                          "Verification failed. Error: " << obs->m_ocspStatus);
1142 }
1143
1144 // setPermission
1145 RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param, CKMAsyncAPIEnv)
1146 {
1147     switch_to_storage_user(TEST_LABEL);
1148
1149     test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
1150     test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
1151     test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
1152 }
1153
1154 RUNNER_TEST(TA1820_allow_access, CKMAsyncAPIEnv)
1155 {
1156     DBCleanup dbc;
1157     CharPtr top_label = get_label();
1158     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
1159     test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
1160     test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
1161     test_positive(&ManagerAsync::setPermission,
1162                   dbc.alias("alias2"),
1163                   TEST_LABEL,
1164                   CKM::Permission::READ);
1165     test_positive(&ManagerAsync::setPermission,
1166                   dbc.alias("alias3"),
1167                   TEST_LABEL,
1168                   CKM::Permission::READ | CKM::Permission::REMOVE);
1169
1170     {
1171         ScopedLabel label(TEST_LABEL);
1172
1173         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
1174         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
1175
1176         // test from allowed label, but without properly addressing alias (coming from default label)
1177         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
1178
1179         // now test with appropriate addressing
1180         std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
1181         test_positive(&ManagerAsync::getData, full_alias2_address, "");
1182         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
1183
1184         std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
1185         test_positive(&ManagerAsync::getData, full_alias3_address, "");
1186         test_positive(&ManagerAsync::removeAlias, full_alias3_address);
1187     }
1188 }
1189
1190 // denyAccess
1191 RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param, CKMAsyncAPIEnv)
1192 {
1193     switch_to_storage_user(TEST_LABEL);
1194
1195     test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
1196     test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
1197     test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
1198 }
1199
1200 RUNNER_TEST(TA1920_deny_access, CKMAsyncAPIEnv)
1201 {
1202     DBCleanup dbc;
1203     CharPtr top_label = get_label();
1204     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
1205     test_positive(&ManagerAsync::setPermission,
1206                   dbc.alias("alias"),
1207                   TEST_LABEL,
1208                   CKM::Permission::READ | CKM::Permission::REMOVE);
1209     test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
1210
1211     {
1212         ScopedLabel label(TEST_LABEL);
1213
1214         std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
1215         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
1216         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
1217     }
1218 }
1219
1220 namespace
1221 {
1222 CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
1223 CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
1224 }
1225
1226 RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, CKMAsyncAPIEnv)
1227 {
1228     DBCleanup dbc;
1229     auto manager = CKM::Manager::create();
1230     std::ifstream is("/usr/share/ckm-test/pkcs.p12");
1231     std::istreambuf_iterator<char> begin(is), end;
1232     std::vector<char> buff(begin, end);
1233
1234     CKM::RawBuffer buffer(buff.size());
1235     memcpy(buffer.data(), buff.data(), buff.size());
1236
1237     auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
1238     RUNNER_ASSERT_MSG(
1239         NULL != pkcs.get(),
1240         "Error in PKCS12::create()");
1241
1242     auto cert = pkcs->getCertificate();
1243     RUNNER_ASSERT_MSG(
1244         NULL != cert.get(),
1245         "Error in PKCS12::getCertificate()");
1246
1247     auto key = pkcs->getKey();
1248     RUNNER_ASSERT_MSG(
1249         NULL != key.get(),
1250         "Error in PKCS12::getKey()");
1251
1252     auto caVector = pkcs->getCaCertificateShPtrVector();
1253     RUNNER_ASSERT_MSG(
1254         2 == caVector.size(),
1255         "Wrong size of vector");
1256
1257     // save to the CKM
1258     CKM::Policy exportable;
1259     CKM::Policy notExportable(CKM::Password(), false);
1260
1261     test_positive(&ManagerAsync::savePKCS12,
1262                   alias_PKCS_exportable,
1263                   pkcs,
1264                   exportable,
1265                   exportable);
1266     test_negative(&ManagerAsync::savePKCS12,
1267                   CKM_API_ERROR_DB_ALIAS_EXISTS,
1268                   alias_PKCS_exportable,
1269                   pkcs,
1270                   exportable,
1271                   exportable);
1272
1273     test_positive(&ManagerAsync::savePKCS12,
1274                   alias_PKCS_not_exportable,
1275                   pkcs,
1276                   notExportable,
1277                   notExportable);
1278     test_negative(&ManagerAsync::savePKCS12,
1279                   CKM_API_ERROR_DB_ALIAS_EXISTS,
1280                   alias_PKCS_not_exportable,
1281                   pkcs,
1282                   notExportable,
1283                   notExportable);
1284 }
1285
1286 RUNNER_TEST(TA2010_PKCS_get, CKMAsyncAPIEnv)
1287 {
1288     DBCleanup dbc;
1289     auto manager = CKM::Manager::create();
1290
1291     // fail - no entry
1292     test_negative(&ManagerAsync::getPKCS12,
1293                   CKM_API_ERROR_DB_ALIAS_UNKNOWN,
1294                   "i-do-not-exist",
1295                   CKM::Password(),
1296                   CKM::Password());
1297
1298
1299     // fail - not exportable
1300     test_negative(&ManagerAsync::getPKCS12,
1301                   CKM_API_ERROR_NOT_EXPORTABLE,
1302                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1303                   CKM::Password(),
1304                   CKM::Password());
1305
1306     // success - exportable
1307     auto obs = test_positive(&ManagerAsync::getPKCS12,
1308                              dbc.alias(alias_PKCS_exportable.c_str()),
1309                              CKM::Password(),
1310                              CKM::Password());
1311
1312     auto cert = obs->m_pkcs->getCertificate();
1313     RUNNER_ASSERT_MSG(
1314         NULL != cert.get(),
1315         "Error in PKCS12::getCertificate()");
1316
1317     auto key = obs->m_pkcs->getKey();
1318     RUNNER_ASSERT_MSG(
1319         NULL != key.get(),
1320         "Error in PKCS12::getKey()");
1321
1322     auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
1323     RUNNER_ASSERT_MSG(
1324         2 == caVector.size(),
1325         "Wrong size of vector");
1326 }
Domain: Security / Uncategorized;