projects / platform / core / test / security-tests.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CKM: Get rid of early expiring certificates
[platform/core/test/security-tests.git] / src / ckm / unprivileged / main.cpp
diff --git a/src/ckm/unprivileged/main.cpp b/src/ckm/unprivileged/main.cpp
index 15e0a80..5d939ee 100644 (file)
--- a/src/ckm/unprivileged/main.cpp
+++ b/src/ckm/unprivileged/main.cpp
@@ -223,7 +223,7 @@ RUNNER_TEST(T1012_certificate)
     int temp;
     auto manager = CKM::Manager::create();
 
-    auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+    auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
     CKM::CertificateShPtr cert2;
     CKM::Alias alias = "myCert";
 
@@ -486,7 +486,7 @@ RUNNER_TEST(T1025_app_user_save_certificates_get_alias_pwd)
     auto manager = CKM::Manager::create();
 
     CKM::AliasPwdVector expected;
-    auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+    auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
     std::string currentAlias;
 
     size_t beforeSaveAliasCount = count_aliases(ALIAS_CERT);
@@ -919,7 +919,7 @@ RUNNER_TEST(T12105_saveCertificate_empty_alias)
 {
     ScopedDBUnlock unlock(USER_APP, APP_PASS);
 
-    auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+    auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
     CKM::Alias alias; //alias is not initialized
 
     int temp;
@@ -933,7 +933,7 @@ RUNNER_TEST(T12106_saveCertificate_foreign_label)
 {
     ScopedDBUnlock unlock(USER_APP, APP_PASS);
 
-    auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+    auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
     CKM::Alias alias = "iamsomebodyelse alias";
 
     int temp;
@@ -1294,11 +1294,13 @@ RUNNER_TEST(T13122_get_chain_empty_cert)
 
 RUNNER_TEST(T13129_get_chain)
 {
-    auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
-    auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+    auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+    auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+    auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
 
     CKM::CertificateShPtrVector certVector = {cert1};
     CKM::CertificateShPtrVector certChain;
+    CKM::CertificateShPtrVector trusted = {root};
 
     int tmp;
     auto manager = CKM::Manager::create();
@@ -1308,7 +1310,7 @@ RUNNER_TEST(T13129_get_chain)
 
     tmp = manager->getCertificateChain(cert,
                                        EMPTY_CERT_VECTOR,
-                                       EMPTY_CERT_VECTOR,
+                                       trusted,
                                        true,
                                        certChain);
     RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
@@ -1318,7 +1320,7 @@ RUNNER_TEST(T13129_get_chain)
         0 == certChain.size(),
         "Wrong size of certificate chain.");
 
-    tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+    tmp = manager->getCertificateChain(cert, certVector, trusted, true, certChain);
     RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
 
     RUNNER_ASSERT_MSG(
@@ -1328,12 +1330,11 @@ RUNNER_TEST(T13129_get_chain)
 
 RUNNER_TEST(T1313_get_chain_with_alias)
 {
-    auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
-    auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+    auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+    auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+    auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
 
     CKM::CertificateShPtrVector certChain;
-    CKM::AliasVector aliasVector;
-    CKM::Alias alias = "imcert";
 
     int tmp;
     auto manager = CKM::Manager::create();
@@ -1341,7 +1342,7 @@ RUNNER_TEST(T1313_get_chain_with_alias)
     RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
     RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
 
-    tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+    tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, EMPTY_ALIAS_VECTOR, true, certChain);
     RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
                          "Error=" << CKM::APICodeToString(tmp));
 
@@ -1349,13 +1350,17 @@ RUNNER_TEST(T1313_get_chain_with_alias)
         0 == certChain.size(),
         "Wrong size of certificate chain.");
 
+    CKM::AliasVector aliasVector = { "imcert" };
     RUNNER_ASSERT_MSG(
-        CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
+        CKM_API_SUCCESS == (tmp = manager->saveCertificate(aliasVector[0], cert1, CKM::Policy())),
         "Error=" << CKM::APICodeToString(tmp));
 
-    aliasVector.push_back(alias);
+    CKM::AliasVector trustedAliasVector = { "rootcert" };
+    RUNNER_ASSERT_MSG(
+        CKM_API_SUCCESS == (tmp = manager->saveCertificate(trustedAliasVector[0], root, CKM::Policy())),
+        "Error=" << CKM::APICodeToString(tmp));
 
-    tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+    tmp = manager->getCertificateChain(cert, aliasVector, trustedAliasVector, true, certChain);
     RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
 
     RUNNER_ASSERT_MSG(
@@ -1365,30 +1370,20 @@ RUNNER_TEST(T1313_get_chain_with_alias)
 
 RUNNER_TEST(T13141_ocsp_check_valid_chain)
 {
-    auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
-    auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
-    CKM::CertificateShPtrVector certVector = {cert1};
+    auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+
     CKM::CertificateShPtrVector certChain;
 
     int tmp;
     auto manager = CKM::Manager::create();
 
     RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
-    RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
 
     tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
-    RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
-                         "Error=" << CKM::APICodeToString(tmp));
-
-    RUNNER_ASSERT_MSG(
-        0 == certChain.size(),
-        "Wrong size of certificate chain.");
-
-    tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
     RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
 
     RUNNER_ASSERT_MSG(
-        3 == certChain.size(),
+        2 == certChain.size(),
         "Wrong size of certificate chain.");
 
     int status;
@@ -1430,7 +1425,7 @@ RUNNER_TEST(T13143_ocsp_check_empty_ptrs)
 
 RUNNER_TEST(T13144_ocsp_check_root)
 {
-    auto root = TestData::getTestCertificate(TestData::THIRD_PARTY_ROOT_CA);
+    auto root = TestData::getTestCertificate(TestData::OCSP_ROOT_CA);
     CKM::CertificateShPtrVector certVector = {root};
 
     auto manager = CKM::Manager::create();
Domain: Security / Uncategorized;