projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CKM: Make TA2000 and TA2010 independent
[platform/core/test/security-tests.git] / src / ckm / async-api.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Contact: Bumjin Im <bj.im@samsung.com>
5  *
6  *  Licensed under the Apache License, Version 2.0 (the "License");
7  *  you may not use this file except in compliance with the License.
8  *  You may obtain a copy of the License at
9  *
10  *      http://www.apache.org/licenses/LICENSE-2.0
11  *
12  *  Unless required by applicable law or agreed to in writing, software
13  *  distributed under the License is distributed on an "AS IS" BASIS,
14  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  *  See the License for the specific language governing permissions and
16  *  limitations under the License
17  */
18 /*
19  * @file       async-api.cpp
20  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
21  * @version    1.0
22  */
23
24 #include <mutex>
25 #include <utility>
26 #include <condition_variable>
27 #include <cassert>
28
29 #include <ckmc/ckmc-type.h>
30 #include <ckm/ckm-manager-async.h>
31 #include <ckm/ckm-manager.h>
32 #include <ckm/ckm-control.h>
33 #include <ckm/ckm-raw-buffer.h>
34
35 #include <fstream>
36
37 #include <dpl/test/test_runner.h>
38 #include <dpl/test/test_runner_child.h>
39 #include <dpl/log/log.h>
40
41 #include <tests_common.h>
42 #include <test-certs.h>
43 #include <ckm-common.h>
44
45 using namespace CKM;
46 using namespace std;
47 using namespace TestData;
48
49 namespace {
50
51 const char* TEST_LABEL = "test_label";
52 const CertificateShPtrVector EMPTY_CERT_VECTOR;
53 const AliasVector EMPTY_ALIAS_VECTOR;
54
55 class MyObserver: public ManagerAsync::Observer
56 {
57 public:
58     MyObserver() :
59             m_finished(false), m_error(0)
60     {
61     }
62
63     void ReceivedError(int error)
64     {
65         LogError("Received error: " << error);
66         m_finished = true;
67         m_error = error;
68         m_cv.notify_one();
69     }
70
71     void ReceivedSaveKey() { Succeeded(); }
72     void ReceivedSaveCertificate() { Succeeded(); }
73     void ReceivedSaveData() { Succeeded(); }
74     void ReceivedSavePKCS12() { Succeeded(); }
75
76     void ReceivedRemovedAlias() { Succeeded(); }
77
78     void ReceivedKey(Key &&) { Succeeded(); }
79     void ReceivedCertificate(Certificate &&) { Succeeded(); }
80     void ReceivedData(RawBuffer &&) { Succeeded(); }
81     void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
82
83     void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
84     void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
85     void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
86
87     void ReceivedCreateKeyPairRSA() { Succeeded(); }
88     void ReceivedCreateKeyPairDSA() { Succeeded(); }
89     void ReceivedCreateKeyPairECDSA() { Succeeded(); }
90
91     void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
92             { m_certChain = move(chain); Succeeded(); }
93
94     void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
95     void ReceivedVerifySignature() { Succeeded(); }
96
97     void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
98
99     void ReceivedSetPermission() { Succeeded(); }
100
101     void WaitForResponse()
102     {
103         unique_lock < mutex > lock(m_mutex);
104
105         m_cv.wait(lock, [this] {return m_finished;});
106     }
107
108     bool m_finished;
109     int m_error;
110     AliasVector m_aliases;
111     CertificateShPtrVector m_certChain;
112     PKCS12ShPtr m_pkcs;
113     RawBuffer m_signed;
114     int m_ocspStatus;
115
116 protected:
117     void Succeeded()
118     {
119         LogDebug("Succeeded");
120         m_finished = true;
121         m_cv.notify_one();
122     }
123
124     mutex m_mutex;
125     condition_variable m_cv;
126 };
127
128 typedef shared_ptr<MyObserver> MyObserverPtr;
129
130 const char* TEST_PASS = "test-pass";
131
132 enum Type {
133     RSA,
134     DSA,
135     ECDSA
136 };
137
138 struct KeyPair
139 {
140     KeyPair(const std::string& prv_pem, const std::string& pub_pem) {
141         RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
142         prv = Key::create(buffer_prv);
143         assert(prv);
144
145         RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
146         pub = Key::create(buffer_pub);
147         assert(pub);
148     }
149
150     KeyShPtr prv;
151     KeyShPtr pub;
152 };
153
154 typedef map<Type, vector<KeyPair> > KeyMap;
155
156
157 KeyMap initializeKeys()
158 {
159     KeyMap km;
160
161     km[RSA].emplace_back(
162             "-----BEGIN RSA PRIVATE KEY-----\n"
163             "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
164             "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
165             "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
166             "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
167             "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
168             "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
169             "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
170             "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
171             "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
172             "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
173             "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
174             "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
175             "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
176             "-----END RSA PRIVATE KEY-----",
177
178             "-----BEGIN PUBLIC KEY-----\n"
179             "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
180             "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
181             "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
182             "3Op0tEjy0jpmzeyNiQIDAQAB\n"
183             "-----END PUBLIC KEY-----"
184     );
185     km[DSA].emplace_back(
186             "-----BEGIN DSA PRIVATE KEY-----\n"
187             "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
188             "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
189             "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
190             "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
191             "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
192             "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
193             "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
194             "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
195             "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
196             "yAKPlW7WQzgV5jLLNUW7\n"
197             "-----END DSA PRIVATE KEY-----",
198
199             "-----BEGIN DSA PRIVATE KEY-----\n"
200             "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
201             "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
202             "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
203             "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
204             "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
205             "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
206             "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
207             "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
208             "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
209             "yAKPlW7WQzgV5jLLNUW7\n"
210             "-----END DSA PRIVATE KEY-----"
211     );
212     km[ECDSA].emplace_back(
213             "-----BEGIN EC PRIVATE KEY-----\n"
214             "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
215             "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
216             "sQ==\n"
217             "-----END EC PRIVATE KEY-----",
218
219             "-----BEGIN PUBLIC KEY-----\n"
220             "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
221             "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
222             "-----END PUBLIC KEY-----"
223     );
224     return km;
225 }
226
227 KeyMap keys = initializeKeys();
228 typedef vector<CertificateShPtr> CertVector;
229
230 const RawBuffer raw_buffer(const char* buffer)
231 {
232     return RawBuffer(buffer, buffer + strlen(buffer));
233 }
234
235 const RawBuffer test_buffer = raw_buffer("test_string");
236
237 template <typename F, typename... Args>
238 void test_negative(F&& func, int expected, Args... args)
239 {
240     MyObserverPtr obs = make_shared<MyObserver>();
241     ManagerAsync mgr;
242
243     (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
244     obs->WaitForResponse();
245
246     RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
247     RUNNER_ASSERT_MSG(
248             obs->m_error == expected,
249             "Expected " << expected << "/" << ErrorToString(expected) <<
250             " got: " << obs->m_error << "/" << ErrorToString(obs->m_error));
251 }
252
253 template <typename F, typename... Args>
254 void test_invalid_param(F&& func, Args... args)
255 {
256     test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
257 }
258
259 template <typename F, typename... Args>
260 void test_no_observer(F&& func, Args... args)
261 {
262     ManagerAsync::ObserverPtr obs;
263     ManagerAsync mgr;
264
265     try {
266         (mgr.*func)(obs, args...);
267         RUNNER_ASSERT_MSG(false, "function() should have thrown an exception");
268     } catch (const invalid_argument& e) {
269         RUNNER_ASSERT(true);
270     } catch (...) {
271         RUNNER_ASSERT_MSG(false, "Unexpected exception");
272     }
273 }
274
275 template <typename F, typename... Args>
276 MyObserverPtr test_positive(F&& func, Args... args)
277 {
278     MyObserverPtr obs = make_shared<MyObserver>();
279     ManagerAsync mgr;
280
281     (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
282     obs->WaitForResponse();
283
284     RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
285     RUNNER_ASSERT_MSG(obs->m_error == 0,
286                          "Request failed " << obs->m_error << "/" << ErrorToString(obs->m_error));
287     return obs;
288 }
289
290 template <typename F, typename... Args>
291 void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
292 {
293     auto obs = test_positive(move(func), args...);
294     RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
295 }
296
297 template <typename F, typename... Args>
298 void test_check_cert_chain(F&& func, size_t expected, Args... args)
299 {
300     auto obs = test_positive(move(func), args...);
301     RUNNER_ASSERT_MSG(
302             obs->m_certChain.size() == expected,
303             "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
304 }
305
306 typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
307                                            const CertificateShPtr&,
308                                            const CertificateShPtrVector&,
309                                            const CertificateShPtrVector&,
310                                            bool);
311
312 typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
313                                            const CertificateShPtr&,
314                                            const AliasVector&,
315                                            const AliasVector&,
316                                            bool);
317
318 class CKMAsyncAPIEnv
319 {
320 public:
321     void init(const std::string &) {
322         int temp;
323         ControlShPtr control = Control::create();
324
325         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
326                           "Error=" << CKM::ErrorToString(temp));
327         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)),
328                           "Error=" << CKM::ErrorToString(temp));
329
330         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
331                           "Error=" << ErrorToString(temp));
332         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)),
333                           "Error=" << ErrorToString(temp));
334     }
335     void finish() {
336         int temp;
337         ControlShPtr control = Control::create();
338         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(APP_UID)),
339                           "Error=" << ErrorToString(temp));
340         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
341                          "Error=" << ErrorToString(temp));
342
343         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
344                           "Error=" << ErrorToString(temp));
345         RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
346                           "Error=" << ErrorToString(temp));
347     }
348 };
349
350 CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
351 CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
352
353 CKM::PKCS12ShPtr loadPkcs()
354 {
355     std::ifstream is("/usr/share/ckm-test/pkcs.p12");
356     std::istreambuf_iterator<char> begin(is), end;
357     std::vector<char> buff(begin, end);
358
359     CKM::RawBuffer buffer(buff.size());
360     memcpy(buffer.data(), buff.data(), buff.size());
361
362     auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
363     RUNNER_ASSERT_MSG(
364         NULL != pkcs.get(),
365         "Error in PKCS12::create()");
366
367     auto cert = pkcs->getCertificate();
368     RUNNER_ASSERT_MSG(
369         NULL != cert.get(),
370         "Error in PKCS12::getCertificate()");
371
372     auto key = pkcs->getKey();
373     RUNNER_ASSERT_MSG(
374         NULL != key.get(),
375         "Error in PKCS12::getKey()");
376
377     auto caVector = pkcs->getCaCertificateShPtrVector();
378     RUNNER_ASSERT_MSG(
379         2 == caVector.size(),
380         "Wrong size of vector");
381
382     return pkcs;
383 }
384
385 } // namespace anonymous
386
387
388 RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
389
390 // saveKey
391 RUNNER_CHILD_TEST(TA0010_save_key_invalid_param, CKMAsyncAPIEnv)
392 {
393     switch_to_storage_user(TEST_LABEL);
394
395     test_no_observer(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
396     test_invalid_param(&ManagerAsync::saveKey, "", keys[RSA][0].prv, Policy());
397     test_invalid_param(&ManagerAsync::saveKey, "alias", KeyShPtr(), Policy());
398 }
399
400 RUNNER_CHILD_TEST(TA0020_save_key_already_exists, CKMAsyncAPIEnv)
401 {
402     switch_to_storage_user(TEST_LABEL);
403
404     DBCleanup dbc;
405     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
406     test_negative(&ManagerAsync::saveKey,
407                   CKM_API_ERROR_DB_ALIAS_EXISTS,
408                   dbc.alias("alias"),
409                   keys[RSA][0].prv,
410                   Policy());
411 }
412
413 RUNNER_CHILD_TEST(TA0050_save_key_positive, CKMAsyncAPIEnv)
414 {
415     switch_to_storage_user(TEST_LABEL);
416
417     DBCleanup dbc;
418     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
419 }
420
421
422 // saveCertificate
423 RUNNER_CHILD_TEST(TA0110_save_cert_invalid_param, CKMAsyncAPIEnv)
424 {
425     switch_to_storage_user(TEST_LABEL);
426
427     CertificateShPtr cert = Certificate::create(test_buffer, DataFormat::FORM_PEM);
428     test_no_observer(&ManagerAsync::saveCertificate, "", cert, Policy());
429     test_invalid_param(&ManagerAsync::saveCertificate, "", cert, Policy());
430     test_invalid_param(&ManagerAsync::saveCertificate, "alias", CertificateShPtr(), Policy());
431 }
432
433 RUNNER_CHILD_TEST(TA0120_save_cert_already_exists, CKMAsyncAPIEnv)
434 {
435     switch_to_storage_user(TEST_LABEL);
436
437     DBCleanup dbc;
438     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
439     test_negative(&ManagerAsync::saveCertificate,
440                   CKM_API_ERROR_DB_ALIAS_EXISTS,
441                   dbc.alias("alias"),
442                   getTestCertificate(MBANK),
443                   Policy());
444 }
445
446 RUNNER_CHILD_TEST(TA0150_save_cert_positive, CKMAsyncAPIEnv)
447 {
448     switch_to_storage_user(TEST_LABEL);
449
450     DBCleanup dbc;
451     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
452 }
453
454
455 // saveData
456 RUNNER_CHILD_TEST(TA0210_save_data_invalid_param, CKMAsyncAPIEnv)
457 {
458     switch_to_storage_user(TEST_LABEL);
459
460     test_no_observer(&ManagerAsync::saveData, "", test_buffer, Policy());
461     test_invalid_param(&ManagerAsync::saveData, "", test_buffer, Policy());
462     test_invalid_param(&ManagerAsync::saveData, "alias", RawBuffer(), Policy());
463 }
464
465 RUNNER_CHILD_TEST(TA0220_save_data_already_exists, CKMAsyncAPIEnv)
466 {
467     switch_to_storage_user(TEST_LABEL);
468
469     DBCleanup dbc;
470     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
471     test_negative(&ManagerAsync::saveData,
472                   CKM_API_ERROR_DB_ALIAS_EXISTS,
473                   dbc.alias("alias"),
474                   test_buffer,
475                   Policy());
476 }
477
478 RUNNER_CHILD_TEST(TA0250_save_data_positive, CKMAsyncAPIEnv)
479 {
480     switch_to_storage_user(TEST_LABEL);
481
482     DBCleanup dbc;
483     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
484 }
485
486
487 // removeKey
488 RUNNER_CHILD_TEST(TA0310_remove_alias_invalid_param, CKMAsyncAPIEnv)
489 {
490     switch_to_storage_user(TEST_LABEL);
491
492     test_no_observer(&ManagerAsync::removeAlias, "alias");
493     test_invalid_param(&ManagerAsync::removeAlias, "");
494 }
495
496 RUNNER_CHILD_TEST(TA0330_remove_alias_unknown_alias, CKMAsyncAPIEnv)
497 {
498     switch_to_storage_user(TEST_LABEL);
499
500     test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias");
501 }
502
503 RUNNER_CHILD_TEST(TA0350_remove_key_positive, CKMAsyncAPIEnv)
504 {
505     switch_to_storage_user(TEST_LABEL);
506
507     DBCleanup dbc;
508     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy());
509     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
510 }
511
512
513 RUNNER_CHILD_TEST(TA0450_remove_cert_positive, CKMAsyncAPIEnv)
514 {
515     switch_to_storage_user(TEST_LABEL);
516
517     DBCleanup dbc;
518     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy());
519     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
520 }
521
522
523 RUNNER_CHILD_TEST(TA0550_remove_data_positive, CKMAsyncAPIEnv)
524 {
525     switch_to_storage_user(TEST_LABEL);
526
527     DBCleanup dbc;
528     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
529     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias"));
530 }
531
532
533 // getKey
534 RUNNER_CHILD_TEST(TA0610_get_key_invalid_param, CKMAsyncAPIEnv)
535 {
536     switch_to_storage_user(TEST_LABEL);
537
538     test_no_observer(&ManagerAsync::getKey, "alias", "");
539     test_invalid_param(&ManagerAsync::getKey, "", "");
540 }
541
542 RUNNER_CHILD_TEST(TA0630_get_key_unknown_alias, CKMAsyncAPIEnv)
543 {
544     switch_to_storage_user(TEST_LABEL);
545
546     test_negative(&ManagerAsync::getKey, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
547 }
548
549 RUNNER_CHILD_TEST(TA0640_get_key_wrong_password, CKMAsyncAPIEnv)
550 {
551     switch_to_storage_user(TEST_LABEL);
552
553     DBCleanup dbc;
554     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
555     test_negative(&ManagerAsync::getKey,
556                   CKM_API_ERROR_AUTHENTICATION_FAILED,
557                   dbc.alias("alias"),
558                   "wrong-password");
559 }
560
561 RUNNER_CHILD_TEST(TA0650_get_key_positive, CKMAsyncAPIEnv)
562 {
563     switch_to_storage_user(TEST_LABEL);
564
565     DBCleanup dbc;
566     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
567     test_positive(&ManagerAsync::getKey, dbc.alias("alias"), "password");
568 }
569
570
571 // getCertificate
572 RUNNER_CHILD_TEST(TA0710_get_cert_invalid_param, CKMAsyncAPIEnv)
573 {
574     switch_to_storage_user(TEST_LABEL);
575
576     test_no_observer(&ManagerAsync::getCertificate, "alias", "");
577     test_invalid_param(&ManagerAsync::getCertificate, "", "");
578 }
579
580 RUNNER_CHILD_TEST(TA0730_get_cert_unknown_alias, CKMAsyncAPIEnv)
581 {
582     switch_to_storage_user(TEST_LABEL);
583
584     test_negative(&ManagerAsync::getCertificate,
585                   CKM_API_ERROR_DB_ALIAS_UNKNOWN,
586                   "non-existing-alias",
587                   "");
588 }
589
590 RUNNER_CHILD_TEST(TA0740_get_cert_wrong_password, CKMAsyncAPIEnv)
591 {
592     switch_to_storage_user(TEST_LABEL);
593
594     DBCleanup dbc;
595     test_positive(&ManagerAsync::saveCertificate,
596                   dbc.alias("alias"),
597                   getTestCertificate(MBANK),
598                   Policy("password"));
599     test_negative(&ManagerAsync::getCertificate,
600                   CKM_API_ERROR_AUTHENTICATION_FAILED,
601                   dbc.alias("alias"),
602                   "wrong-password");
603 }
604
605 RUNNER_CHILD_TEST(TA0750_get_cert_positive, CKMAsyncAPIEnv)
606 {
607     switch_to_storage_user(TEST_LABEL);
608
609     DBCleanup dbc;
610     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias"), getTestCertificate(MBANK), Policy("password"));
611     test_positive(&ManagerAsync::getCertificate, dbc.alias("alias"), "password");
612 }
613
614
615 // getData
616 RUNNER_CHILD_TEST(TA0810_get_data_invalid_param, CKMAsyncAPIEnv)
617 {
618     switch_to_storage_user(TEST_LABEL);
619
620     test_no_observer(&ManagerAsync::getData, "alias", "");
621     test_invalid_param(&ManagerAsync::getData, "", "");
622 }
623
624 RUNNER_CHILD_TEST(TA0830_get_data_unknown_alias, CKMAsyncAPIEnv)
625 {
626     switch_to_storage_user(TEST_LABEL);
627
628     test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "non-existing-alias", "");
629 }
630
631 RUNNER_CHILD_TEST(TA0840_get_data_wrong_password, CKMAsyncAPIEnv)
632 {
633     switch_to_storage_user(TEST_LABEL);
634
635     DBCleanup dbc;
636     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
637     test_negative(&ManagerAsync::getData,
638                   CKM_API_ERROR_AUTHENTICATION_FAILED,
639                   dbc.alias("alias"),
640                   "wrong-password");
641 }
642
643 RUNNER_CHILD_TEST(TA0850_get_data_positive, CKMAsyncAPIEnv)
644 {
645     switch_to_storage_user(TEST_LABEL);
646
647     DBCleanup dbc;
648     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy("password"));
649     test_positive(&ManagerAsync::getData, dbc.alias("alias"), "password");
650 }
651
652
653 // getKeyAliasVector
654 RUNNER_CHILD_TEST(TA0910_get_key_alias_vector_invalid_param, CKMAsyncAPIEnv)
655 {
656     switch_to_storage_user(TEST_LABEL);
657
658     test_no_observer(&ManagerAsync::getKeyAliasVector);
659 }
660
661 RUNNER_CHILD_TEST(TA0950_get_key_alias_vector_positive, CKMAsyncAPIEnv)
662 {
663     switch_to_storage_user(TEST_LABEL);
664
665     DBCleanup dbc;
666     test_positive(&ManagerAsync::saveKey, dbc.alias("alias1"), keys[RSA][0].prv, Policy());
667     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
668
669     test_positive(&ManagerAsync::saveKey, dbc.alias("alias2"), keys[DSA][0].prv, Policy());
670     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
671                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
672
673     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
674     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
675 }
676
677
678 // getCertificateAliasVector
679 RUNNER_CHILD_TEST(TA1010_get_cert_alias_vector_invalid_param, CKMAsyncAPIEnv)
680 {
681     switch_to_storage_user(TEST_LABEL);
682
683     test_no_observer(&ManagerAsync::getCertificateAliasVector);
684 }
685
686 RUNNER_CHILD_TEST(TA1050_get_cert_alias_vector_positive, CKMAsyncAPIEnv)
687 {
688     switch_to_storage_user(TEST_LABEL);
689
690     DBCleanup dbc;
691     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias1"), getTestCertificate(MBANK), Policy());
692     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
693
694     test_positive(&ManagerAsync::saveCertificate, dbc.alias("alias2"), getTestCertificate(SYMANTEC), Policy());
695     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
696                                                                    aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
697
698     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
699     test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
700 }
701
702
703 // getDataAliasVector
704 RUNNER_CHILD_TEST(TA1110_get_data_alias_vector_invalid_param, CKMAsyncAPIEnv)
705 {
706     switch_to_storage_user(TEST_LABEL);
707
708     test_no_observer(&ManagerAsync::getDataAliasVector);
709 }
710
711 RUNNER_CHILD_TEST(TA1150_get_data_alias_vector_positive, CKMAsyncAPIEnv)
712 {
713     switch_to_storage_user(TEST_LABEL);
714
715     DBCleanup dbc;
716     test_positive(&ManagerAsync::saveData, dbc.alias("alias1"), test_buffer, Policy());
717     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")) });
718
719     test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
720     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias1")),
721                                                             aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
722
723     test_positive(&ManagerAsync::removeAlias, dbc.alias("alias1"));
724     test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias2")) });
725 }
726
727
728 // createKeyPairRSA
729 RUNNER_CHILD_TEST(TA1210_create_key_pair_rsa_invalid_param, CKMAsyncAPIEnv)
730 {
731     switch_to_storage_user(TEST_LABEL);
732
733     test_no_observer(&ManagerAsync::createKeyPairRSA,
734                      1024,
735                      "alias_prv",
736                      "alias_pub",
737                      Policy(),
738                      Policy());
739 }
740
741 RUNNER_CHILD_TEST(TA1220_create_key_pair_rsa_already_exists, CKMAsyncAPIEnv)
742 {
743     switch_to_storage_user(TEST_LABEL);
744
745     DBCleanup dbc;
746     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy());
747     test_negative(&ManagerAsync::createKeyPairRSA,
748                   CKM_API_ERROR_DB_ALIAS_EXISTS,
749                   1024,
750                   dbc.alias("alias_prv"),
751                   dbc.alias("alias_pub"),
752                   Policy(),
753                   Policy());
754 }
755
756 RUNNER_CHILD_TEST(TA1250_create_key_pair_rsa_positive, CKMAsyncAPIEnv)
757 {
758     switch_to_storage_user(TEST_LABEL);
759
760     DBCleanup dbc;
761     test_positive(&ManagerAsync::createKeyPairRSA,
762                   1024,
763                   dbc.alias("alias_prv"),
764                   dbc.alias("alias_pub"),
765                   Policy(),
766                   Policy());
767
768     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
769                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
770 }
771
772 // createKeyPairDSA
773 RUNNER_CHILD_TEST(TA1270_create_key_pair_dsa_invalid_param, CKMAsyncAPIEnv)
774 {
775     switch_to_storage_user(TEST_LABEL);
776
777     test_no_observer(&ManagerAsync::createKeyPairDSA,
778                      1024,
779                      "alias_prv",
780                      "alias_pub",
781                      Policy(),
782                      Policy());
783 }
784
785 RUNNER_CHILD_TEST(TA1280_create_key_pair_dsa_already_exists, CKMAsyncAPIEnv)
786 {
787     switch_to_storage_user(TEST_LABEL);
788
789     DBCleanup dbc;
790     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[DSA][0].prv, Policy());
791     test_negative(&ManagerAsync::createKeyPairDSA,
792                   CKM_API_ERROR_DB_ALIAS_EXISTS,
793                   1024,
794                   dbc.alias("alias_prv"),
795                   dbc.alias("alias_pub"),
796                   Policy(),
797                   Policy());
798 }
799
800 RUNNER_CHILD_TEST(TA1290_create_key_pair_dsa_positive, CKMAsyncAPIEnv)
801 {
802     switch_to_storage_user(TEST_LABEL);
803
804     DBCleanup dbc;
805     test_positive(&ManagerAsync::createKeyPairDSA,
806                   1024,
807                   dbc.alias("alias_prv"),
808                   dbc.alias("alias_pub"),
809                   Policy(),
810                   Policy());
811
812     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
813                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
814 }
815
816 // createKeyPairECDSA
817 RUNNER_CHILD_TEST(TA1310_create_key_pair_ecdsa_invalid_param, CKMAsyncAPIEnv)
818 {
819     switch_to_storage_user(TEST_LABEL);
820
821     test_no_observer(&ManagerAsync::createKeyPairECDSA,
822                      ElipticCurve::prime192v1,
823                      "alias_prv",
824                      "alias_pub",
825                      Policy(),
826                      Policy());
827 }
828
829 RUNNER_CHILD_TEST(TA1320_create_key_pair_ecdsa_already_exists, CKMAsyncAPIEnv)
830 {
831     switch_to_storage_user(TEST_LABEL);
832
833     DBCleanup dbc;
834     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[ECDSA][0].prv, Policy());
835     test_negative(&ManagerAsync::createKeyPairECDSA,
836                   CKM_API_ERROR_DB_ALIAS_EXISTS,
837                   ElipticCurve::prime192v1,
838                   dbc.alias("alias_prv"),
839                   dbc.alias("alias_pub"),
840                   Policy(),
841                   Policy());
842 }
843
844 RUNNER_CHILD_TEST(TA1350_create_key_pair_ecdsa_positive, CKMAsyncAPIEnv)
845 {
846     switch_to_storage_user(TEST_LABEL);
847
848     DBCleanup dbc;
849     test_positive(&ManagerAsync::createKeyPairECDSA,
850                   ElipticCurve::prime192v1,
851                   dbc.alias("alias_prv"),
852                   dbc.alias("alias_pub"),
853                   Policy(),
854                   Policy());
855
856     test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, dbc.alias("alias_prv")),
857                                                            aliasWithLabel(TEST_LABEL, dbc.alias("alias_pub")) });
858 }
859
860
861 // getCertificateChain
862 RUNNER_CHILD_TEST(TA1410_get_certificate_chain_invalid_param, CKMAsyncAPIEnv)
863 {
864     switch_to_storage_user(TEST_LABEL);
865
866     CertificateShPtr cert = getTestCertificate(MBANK);
867     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
868     test_no_observer<certChainFn1>(&ManagerAsync::getCertificateChain,
869                                    cert,
870                                    certv,
871                                    EMPTY_CERT_VECTOR,
872                                    true);
873     test_invalid_param<certChainFn1>(&ManagerAsync::getCertificateChain,
874                                      CertificateShPtr(),
875                                      certv,
876                                      EMPTY_CERT_VECTOR,
877                                      true);
878
879     Alias alias = "alias";
880     AliasVector aliasv = { alias };
881     test_no_observer<certChainFn2>(&ManagerAsync::getCertificateChain,
882                                    cert,
883                                    aliasv,
884                                    EMPTY_ALIAS_VECTOR,
885                                    true);
886     test_invalid_param<certChainFn2>(&ManagerAsync::getCertificateChain,
887                                      CertificateShPtr(),
888                                      aliasv,
889                                      EMPTY_ALIAS_VECTOR,
890                                      true);
891 }
892
893 RUNNER_CHILD_TEST(TA1420_get_certificate_chain_negative, CKMAsyncAPIEnv)
894 {
895     switch_to_storage_user(TEST_LABEL);
896
897     DBCleanup dbc;
898     CertificateShPtr cert = getTestCertificate(MBANK);
899     CertificateShPtrVector certv = { getTestCertificate(MBANK) };
900     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
901                                 CKM_API_ERROR_VERIFICATION_FAILED,
902                                 cert,
903                                 EMPTY_CERT_VECTOR,
904                                 EMPTY_CERT_VECTOR,
905                                 true);
906     test_negative<certChainFn1>(&ManagerAsync::getCertificateChain,
907                                 CKM_API_ERROR_VERIFICATION_FAILED,
908                                 cert,
909                                 certv,
910                                 EMPTY_CERT_VECTOR,
911                                 true);
912     AliasVector aliasv = { dbc.alias("alias") };
913     test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(MBANK), Policy());
914     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
915                                 CKM_API_ERROR_VERIFICATION_FAILED,
916                                 cert,
917                                 EMPTY_ALIAS_VECTOR,
918                                 EMPTY_ALIAS_VECTOR,
919                                 true);
920     test_negative<certChainFn2>(&ManagerAsync::getCertificateChain,
921                                 CKM_API_ERROR_VERIFICATION_FAILED,
922                                 cert,
923                                 aliasv,
924                                 EMPTY_ALIAS_VECTOR,
925                                 true);
926 }
927
928 RUNNER_CHILD_TEST(TA1450_get_certificate_chain_positive, CKMAsyncAPIEnv)
929 {
930     switch_to_storage_user(TEST_LABEL);
931
932     DBCleanup dbc;
933     CertificateShPtr cert = getTestCertificate(MBANK);
934     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
935     test_check_cert_chain<certChainFn1>(&ManagerAsync::getCertificateChain,
936                                         3,
937                                         cert,
938                                         certv,
939                                         EMPTY_CERT_VECTOR,
940                                         true);
941
942     AliasVector aliasv = { dbc.alias("alias") };
943     test_positive(&ManagerAsync::saveCertificate, aliasv[0], getTestCertificate(SYMANTEC), Policy());
944     test_check_cert_chain<certChainFn2>(&ManagerAsync::getCertificateChain,
945                                         3,
946                                         cert,
947                                         aliasv,
948                                         EMPTY_ALIAS_VECTOR,
949                                         true);
950 }
951
952
953 // createSignature
954 RUNNER_CHILD_TEST(TA1510_create_signature_invalid_param, CKMAsyncAPIEnv)
955 {
956     switch_to_storage_user(TEST_LABEL);
957
958     test_no_observer(&ManagerAsync::createSignature,
959                      "alias",
960                      "",
961                      test_buffer,
962                      HashAlgorithm::SHA1,
963                      RSAPaddingAlgorithm::PKCS1);
964     test_invalid_param(&ManagerAsync::createSignature,
965                        "",
966                        "",
967                        test_buffer,
968                        HashAlgorithm::SHA1,
969                        RSAPaddingAlgorithm::PKCS1);
970     test_invalid_param(&ManagerAsync::createSignature,
971                        "alias",
972                        "",
973                        RawBuffer(),
974                        HashAlgorithm::SHA1,
975                        RSAPaddingAlgorithm::PKCS1);
976 }
977
978 RUNNER_CHILD_TEST(TA1520_create_signature_invalid_password, CKMAsyncAPIEnv)
979 {
980     switch_to_storage_user(TEST_LABEL);
981
982     DBCleanup dbc;
983     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
984     test_negative(&ManagerAsync::createSignature,
985                   CKM_API_ERROR_INPUT_PARAM,
986                   dbc.alias("alias"),
987                   "wrong-password",
988                   RawBuffer(),
989                   HashAlgorithm::SHA1,
990                   RSAPaddingAlgorithm::PKCS1);
991 }
992
993 RUNNER_CHILD_TEST(TA1550_create_signature_positive, CKMAsyncAPIEnv)
994 {
995     switch_to_storage_user(TEST_LABEL);
996
997     DBCleanup dbc;
998     test_positive(&ManagerAsync::saveKey, dbc.alias("alias"), keys[RSA][0].prv, Policy("password"));
999     test_positive(&ManagerAsync::createSignature,
1000                   dbc.alias("alias"),
1001                   "password",
1002                   test_buffer,
1003                   HashAlgorithm::SHA1,
1004                   RSAPaddingAlgorithm::PKCS1);
1005 }
1006
1007
1008 // verifySignature
1009 RUNNER_CHILD_TEST(TA1610_verify_signature_invalid_param, CKMAsyncAPIEnv)
1010 {
1011     switch_to_storage_user(TEST_LABEL);
1012
1013     test_no_observer(&ManagerAsync::verifySignature,
1014                      "",
1015                      "",
1016                      RawBuffer(),
1017                      RawBuffer(),
1018                      HashAlgorithm::SHA1,
1019                      RSAPaddingAlgorithm::PKCS1);
1020     test_invalid_param(&ManagerAsync::verifySignature,
1021                        "",
1022                        "",
1023                        test_buffer,
1024                        test_buffer,
1025                        HashAlgorithm::SHA1,
1026                        RSAPaddingAlgorithm::PKCS1);
1027 }
1028
1029 RUNNER_CHILD_TEST(TA1620_verify_signature_invalid_password, CKMAsyncAPIEnv)
1030 {
1031     switch_to_storage_user(TEST_LABEL);
1032
1033     DBCleanup dbc;
1034     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
1035     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
1036     auto obs = test_positive(&ManagerAsync::createSignature,
1037                              dbc.alias("alias_prv"),
1038                              "pass1",
1039                              test_buffer,
1040                              HashAlgorithm::SHA1,
1041                              RSAPaddingAlgorithm::PKCS1);
1042
1043     test_negative(&ManagerAsync::verifySignature,
1044                   CKM_API_ERROR_AUTHENTICATION_FAILED,
1045                   dbc.alias("alias_pub"),
1046                   "wrong-password",
1047                   test_buffer,
1048                   obs->m_signed,
1049                   HashAlgorithm::SHA1,
1050                   RSAPaddingAlgorithm::PKCS1);
1051 }
1052
1053 RUNNER_CHILD_TEST(TA1630_verify_signature_invalid_message, CKMAsyncAPIEnv)
1054 {
1055     switch_to_storage_user(TEST_LABEL);
1056
1057     DBCleanup dbc;
1058     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
1059     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
1060
1061     auto obs = test_positive(&ManagerAsync::createSignature,
1062                              dbc.alias("alias_prv"),
1063                              "",
1064                              test_buffer,
1065                              HashAlgorithm::SHA1,
1066                              RSAPaddingAlgorithm::PKCS1);
1067
1068     test_negative(&ManagerAsync::verifySignature,
1069                   CKM_API_ERROR_VERIFICATION_FAILED,
1070                   dbc.alias("alias_pub"),
1071                   "",
1072                   raw_buffer("invalid-unsigned-mesage"),
1073                   obs->m_signed,
1074                   HashAlgorithm::SHA1,
1075                   RSAPaddingAlgorithm::PKCS1);
1076 }
1077
1078 RUNNER_CHILD_TEST(TA1640_verify_signature_invalid_signature, CKMAsyncAPIEnv)
1079 {
1080     switch_to_storage_user(TEST_LABEL);
1081
1082     DBCleanup dbc;
1083     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy(""));
1084
1085     test_negative(&ManagerAsync::verifySignature,
1086                   CKM_API_ERROR_VERIFICATION_FAILED,
1087                   dbc.alias("alias_pub"),
1088                   "",
1089                   test_buffer,
1090                   raw_buffer("invalid-signature"),
1091                   HashAlgorithm::SHA1,
1092                   RSAPaddingAlgorithm::PKCS1);
1093 }
1094
1095 RUNNER_CHILD_TEST(TA1650_verify_signature_wrong_key, CKMAsyncAPIEnv)
1096 {
1097     switch_to_storage_user(TEST_LABEL);
1098
1099     DBCleanup dbc;
1100     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy(""));
1101     auto obs = test_positive(&ManagerAsync::createSignature,
1102                              dbc.alias("alias_prv"),
1103                              "",
1104                              test_buffer,
1105                              HashAlgorithm::SHA1,
1106                              RSAPaddingAlgorithm::PKCS1);
1107
1108     test_negative(&ManagerAsync::verifySignature,
1109                   CKM_API_ERROR_SERVER_ERROR,
1110                   dbc.alias("alias_prv"),
1111                   "",
1112                   test_buffer,
1113                   obs->m_signed,
1114                   HashAlgorithm::SHA1,
1115                   RSAPaddingAlgorithm::PKCS1);
1116 }
1117
1118 RUNNER_CHILD_TEST(TA1660_verify_signature_positive, CKMAsyncAPIEnv)
1119 {
1120     switch_to_storage_user(TEST_LABEL);
1121
1122     DBCleanup dbc;
1123     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_prv"), keys[RSA][0].prv, Policy("pass1"));
1124     test_positive(&ManagerAsync::saveKey, dbc.alias("alias_pub"), keys[RSA][0].pub, Policy("pass2"));
1125     auto obs = test_positive(&ManagerAsync::createSignature,
1126                              dbc.alias("alias_prv"),
1127                              "pass1",
1128                              test_buffer,
1129                              HashAlgorithm::SHA1,
1130                              RSAPaddingAlgorithm::PKCS1);
1131
1132     test_positive(&ManagerAsync::verifySignature,
1133                   dbc.alias("alias_pub"),
1134                   "pass2",
1135                   test_buffer,
1136                   obs->m_signed,
1137                   HashAlgorithm::SHA1,
1138                   RSAPaddingAlgorithm::PKCS1);
1139 }
1140
1141
1142 // ocspCheck
1143 RUNNER_CHILD_TEST(TA1710_ocsp_check_invalid_param, CKMAsyncAPIEnv)
1144 {
1145     test_no_observer(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
1146     test_invalid_param(&ManagerAsync::ocspCheck, EMPTY_CERT_VECTOR);
1147 }
1148
1149 RUNNER_CHILD_TEST(TA1720_ocsp_check_negative, CKMAsyncAPIEnv)
1150 {
1151     switch_to_storage_ocsp_user(TEST_LABEL);
1152
1153     DBCleanup dbc;
1154     CertificateShPtrVector certv = { getTestCertificate(MBANK), getTestCertificate(MBANK) };
1155
1156     auto obs = test_positive(&ManagerAsync::ocspCheck, certv);
1157     RUNNER_ASSERT_MSG(obs->m_ocspStatus != CKM_API_OCSP_STATUS_GOOD,
1158                          "Verification should fail. Got: " << obs->m_ocspStatus);
1159 }
1160
1161 RUNNER_CHILD_TEST(TA1750_ocsp_check_positive, CKMAsyncAPIEnv)
1162 {
1163     switch_to_storage_ocsp_user(TEST_LABEL);
1164
1165     DBCleanup dbc;
1166     CertificateShPtr cert = getTestCertificate(MBANK);
1167     CertificateShPtrVector certv = { getTestCertificate(SYMANTEC) };
1168     auto obs = test_positive<certChainFn1>(&ManagerAsync::getCertificateChain,
1169                                            cert,
1170                                            certv,
1171                                            EMPTY_CERT_VECTOR,
1172                                            true);
1173
1174     auto obs2 = test_positive(&ManagerAsync::ocspCheck, obs->m_certChain);
1175     RUNNER_ASSERT_MSG(obs2->m_ocspStatus == CKM_API_OCSP_STATUS_GOOD,
1176                          "Verification failed. Error: " << obs->m_ocspStatus);
1177 }
1178
1179 // setPermission
1180 RUNNER_CHILD_TEST(TA1810_allow_access_invalid_param, CKMAsyncAPIEnv)
1181 {
1182     switch_to_storage_user(TEST_LABEL);
1183
1184     test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
1185     test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
1186     test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
1187 }
1188
1189 RUNNER_TEST(TA1820_allow_access, CKMAsyncAPIEnv)
1190 {
1191     DBCleanup dbc;
1192     CharPtr top_label = get_label();
1193     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
1194     test_positive(&ManagerAsync::saveData, dbc.alias("alias2"), test_buffer, Policy());
1195     test_positive(&ManagerAsync::saveData, dbc.alias("alias3"), test_buffer, Policy());
1196     test_positive(&ManagerAsync::setPermission,
1197                   dbc.alias("alias2"),
1198                   TEST_LABEL,
1199                   CKM::Permission::READ);
1200     test_positive(&ManagerAsync::setPermission,
1201                   dbc.alias("alias3"),
1202                   TEST_LABEL,
1203                   CKM::Permission::READ | CKM::Permission::REMOVE);
1204
1205     {
1206         ScopedLabel label(TEST_LABEL);
1207
1208         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"), "");
1209         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias"));
1210
1211         // test from allowed label, but without properly addressing alias (coming from default label)
1212         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.alias("alias2"), "");
1213
1214         // now test with appropriate addressing
1215         std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.alias("alias2"));
1216         test_positive(&ManagerAsync::getData, full_alias2_address, "");
1217         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
1218
1219         std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.alias("alias3"));
1220         test_positive(&ManagerAsync::getData, full_alias3_address, "");
1221         test_positive(&ManagerAsync::removeAlias, full_alias3_address);
1222     }
1223 }
1224
1225 // denyAccess
1226 RUNNER_CHILD_TEST(TA1910_deny_access_invalid_param, CKMAsyncAPIEnv)
1227 {
1228     switch_to_storage_user(TEST_LABEL);
1229
1230     test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
1231     test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
1232     test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
1233 }
1234
1235 RUNNER_TEST(TA1920_deny_access, CKMAsyncAPIEnv)
1236 {
1237     DBCleanup dbc;
1238     CharPtr top_label = get_label();
1239     test_positive(&ManagerAsync::saveData, dbc.alias("alias"), test_buffer, Policy());
1240     test_positive(&ManagerAsync::setPermission,
1241                   dbc.alias("alias"),
1242                   TEST_LABEL,
1243                   CKM::Permission::READ | CKM::Permission::REMOVE);
1244     test_positive(&ManagerAsync::setPermission, dbc.alias("alias"), TEST_LABEL, CKM::Permission::NONE);
1245
1246     {
1247         ScopedLabel label(TEST_LABEL);
1248
1249         std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.alias("alias"));
1250         test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
1251         test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
1252     }
1253 }
1254
1255 RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, CKMAsyncAPIEnv)
1256 {
1257     DBCleanup dbc;
1258     auto pkcs = loadPkcs();
1259
1260     // save to the CKM
1261     CKM::Policy exportable;
1262     CKM::Policy notExportable(CKM::Password(), false);
1263
1264     test_positive(&ManagerAsync::savePKCS12,
1265                   dbc.alias(alias_PKCS_exportable.c_str()),
1266                   pkcs,
1267                   exportable,
1268                   exportable);
1269     test_negative(&ManagerAsync::savePKCS12,
1270                   CKM_API_ERROR_DB_ALIAS_EXISTS,
1271                   dbc.alias(alias_PKCS_exportable.c_str()),
1272                   pkcs,
1273                   exportable,
1274                   exportable);
1275
1276     test_positive(&ManagerAsync::savePKCS12,
1277                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1278                   pkcs,
1279                   notExportable,
1280                   notExportable);
1281     test_negative(&ManagerAsync::savePKCS12,
1282                   CKM_API_ERROR_DB_ALIAS_EXISTS,
1283                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1284                   pkcs,
1285                   notExportable,
1286                   notExportable);
1287 }
1288
1289 RUNNER_TEST(TA2010_PKCS_get, CKMAsyncAPIEnv)
1290 {
1291     DBCleanup dbc;
1292
1293     auto pkcs = loadPkcs();
1294
1295     // save to the CKM
1296     CKM::Policy exportable;
1297     CKM::Policy notExportable(CKM::Password(), false);
1298
1299     test_positive(&ManagerAsync::savePKCS12,
1300                   dbc.alias(alias_PKCS_exportable.c_str()),
1301                   pkcs,
1302                   exportable,
1303                   exportable);
1304     test_positive(&ManagerAsync::savePKCS12,
1305                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1306                   pkcs,
1307                   notExportable,
1308                   notExportable);
1309
1310     // fail - no entry
1311     test_negative(&ManagerAsync::getPKCS12,
1312                   CKM_API_ERROR_DB_ALIAS_UNKNOWN,
1313                   "i-do-not-exist",
1314                   CKM::Password(),
1315                   CKM::Password());
1316
1317
1318     // fail - not exportable
1319     test_negative(&ManagerAsync::getPKCS12,
1320                   CKM_API_ERROR_NOT_EXPORTABLE,
1321                   dbc.alias(alias_PKCS_not_exportable.c_str()),
1322                   CKM::Password(),
1323                   CKM::Password());
1324
1325     // success - exportable
1326     auto obs = test_positive(&ManagerAsync::getPKCS12,
1327                              dbc.alias(alias_PKCS_exportable.c_str()),
1328                              CKM::Password(),
1329                              CKM::Password());
1330
1331     auto cert = obs->m_pkcs->getCertificate();
1332     RUNNER_ASSERT_MSG(
1333         NULL != cert.get(),
1334         "Error in PKCS12::getCertificate()");
1335
1336     auto key = obs->m_pkcs->getKey();
1337     RUNNER_ASSERT_MSG(
1338         NULL != key.get(),
1339         "Error in PKCS12::getKey()");
1340
1341     auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
1342     RUNNER_ASSERT_MSG(
1343         2 == caVector.size(),
1344         "Wrong size of vector");
1345 }
Domain: Security / Uncategorized;