CKM: Add tests for incomplete PKCS12

[Problem] No tests for incomplete PKCS12.
[Solution] Tests updated.

[Verification] Run ckm-tests --group=T310_CKMC_CAPI_PKCS12

Change-Id: Iab547a2143df35c1a3bc4d88677d12669526e472

diff --git a/src/ckm/unprivileged/capi-testcases.cpp b/src/ckm/unprivileged/capi-testcases.cpp
index 229ec19..e693a50 100644 (file)
--- a/src/ckm/unprivileged/capi-testcases.cpp
+++ b/src/ckm/unprivileged/capi-testcases.cpp
@@ -2036,6 +2036,7 @@ namespace
 {
 CKM::Alias alias_PKCS_exportable = "/System CAPI-test-PKCS-export";
 CKM::Alias alias_PKCS_not_exportable = "/System CAPI-test-PKCS-no-export";
+CKM::Alias alias_PKCS_key_not_exportable = "/System CAPI-test-PKCS-no-key-export";
 }
 
 RUNNER_TEST(T3101_CAPI_PKCS12_init)
@@ -2085,6 +2086,11 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
        RUNNER_ASSERT_MSG(
                        CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
                        CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
+                       CKMCReadableError(temp));
+       RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
+                       CKMCReadableError(temp));
 
        // try to lookup key
        ckmc_key_s *key_lookup = NULL;
@@ -2097,6 +2103,10 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
                        CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
                        CKMCReadableError(temp));
        ckmc_key_free(key_lookup);
+       key_lookup = NULL;
+       RUNNER_ASSERT_MSG(CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), "", &key_lookup)),
+                       CKMCReadableError(temp));
+       ckmc_key_free(key_lookup);
 
        // try to lookup certificate
        ckmc_cert_s *cert_lookup = NULL;
@@ -2109,6 +2119,11 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
                        CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
                        CKMCReadableError(temp));
        ckmc_cert_free(cert_lookup);
+       cert_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
+                       CKMCReadableError(temp));
+       ckmc_cert_free(cert_lookup);
 }
 
 RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
@@ -2130,6 +2145,25 @@ RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
        ckmc_pkcs12_free(pkcs);
        pkcs = NULL;
 
+       // success - partially exportable
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_key_not_exportable.c_str(), NULL, NULL, &pkcs)),
+                       CKMCReadableError(temp));
+
+       RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+       RUNNER_ASSERT_MSG(NULL == pkcs->priv_key, "there should be no private key in PKCS12");
+       RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+       size_t cntr = 0;
+       ckmc_cert_list_s *iter = pkcs->ca_chain;
+       do {
+               cntr++;
+               iter = iter->next;
+       } while (iter);
+       RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+       ckmc_pkcs12_free(pkcs);
+
+
        // success - exportable
        RUNNER_ASSERT_MSG(
                        CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
@@ -2138,8 +2172,8 @@ RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
        RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
        RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
        RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
-       size_t cntr = 0;
-       ckmc_cert_list_s *iter = pkcs->ca_chain;
+       cntr = 0;
+       iter = pkcs->ca_chain;
        do {
                cntr ++;
                iter = iter->next;
@@ -2190,6 +2224,9 @@ RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
        RUNNER_ASSERT_MSG(
                        CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
                        CKMCReadableError(tmp));
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_key_not_exportable.c_str())),
+                       CKMCReadableError(tmp));
 
        // expect lookup fails due to unknown alias
        // try to lookup key
@@ -2203,6 +2240,11 @@ RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
                        CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
                        CKMCReadableError(tmp));
        ckmc_key_free(key_lookup);
+       key_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), NULL, &key_lookup)),
+                       CKMCReadableError(tmp));
+       ckmc_key_free(key_lookup);
 
        // try to lookup certificate
        ckmc_cert_s *cert_lookup = NULL;
@@ -2215,6 +2257,11 @@ RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
                        CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
                        CKMCReadableError(tmp));
        ckmc_cert_free(cert_lookup);
+       cert_lookup = NULL;
+       RUNNER_ASSERT_MSG(
+                       CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
+                       CKMCReadableError(tmp));
+       ckmc_cert_free(cert_lookup);
 }
 
 RUNNER_TEST(T3109_CAPI_PKCS12_deinit)