<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
<filesystem path="/usr/bin/ckm-privileged-tests" exec_label="System::Privileged" />
+ <filesystem path="/usr/bin/nether-tests" exec_label="System::Privileged" />
+ <filesystem path="/usr/bin/libteec-tests" exec_label="System::Privileged" />
+ <filesystem path="/usr/bin/yaca-test" exec_label="System::Privileged" />
</assign>
<request>
<domain name="_" />
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(key-manager)
+BuildRequires: key-manager-initial-values
+BuildRequires: util-linux
BuildRequires: pkgconfig(yaca)
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: cynara-devel
BuildRequires: libcynara-creds-dbus-devel
BuildRequires: libcynara-creds-gdbus-devel
+BuildRequires: libcynara-creds-sd-bus-devel
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: boost-devel
BuildRequires: pkgconfig(vconf)
BuildRequires: pkgconfig(libgum) >= 1.0.5
BuildRequires: pkgconfig(security-privilege-manager)
+BuildRequires: pkgconfig(libsystemd)
Requires: perf
Requires: gdb
Requires: diffutils
%global ckm_test_dir %{?TZ_SYS_SHARE:%TZ_SYS_SHARE/ckm-test/}%{!?TZ_SYS_SHARE:/usr/share/ckm-test/}
%global ckm_rw_data_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm/}%{!?TZ_SYS_DATA:/opt/data/ckm/}
+%global tz_backend_enabled %{?tz_backend:%tz_backend}%{!?tz_backend:OFF}
%description
Security tests repository - for tests that can't be kept together with code.
%prep
%setup -q
-cp %{SOURCE1} .
%build
export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib"
cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
+%if %{tz_backend_enabled} == ON
+ -DTZ_BACKEND="ON" \
+%endif
-DDPL_LOG="ON" \
-DDPL_WITH_DLOG="ON" \
-DVERSION=%{version} \
%install
%make_install
ln -sf /etc/smack/test_smack_rules %{buildroot}/etc/smack/test_smack_rules_lnk
+cp -a %{SOURCE1} %{buildroot}%{_datadir}/
%post
# Reload dbus daemon to apply newly installed configuration
echo "security-tests postinst done ..."
%files
-%manifest %{name}.manifest
+%manifest %{_datadir}/%{name}.manifest
%defattr(-, root, root, -)
/usr/bin/security-tests.sh
/usr/bin/security-tests-all.sh
%attr(755, security_test_user,users) %{TZ_SYS_HOME}/security_test_user/apps_rw/*
/usr/bin/cynara-test
/usr/bin/ckm-tests
-/usr/bin/ckm-privileged-tests
-/usr/bin/ckm-tests-on-onlycap.sh
-/usr/bin/ckm-integration-tests
+%caps(cap_mac_admin=ep) /usr/bin/ckm-privileged-tests
+%caps(cap_mac_admin=ep) /usr/bin/ckm-integration-tests
/usr/bin/yaca-test
%{ckm_test_dir}/*
/etc/security-tests
, m_privileges(std::move(priv))
{
std::stringstream ss;
- ss << "User::App::" << m_pkgId;
+ ss << "User::Pkg::" << m_pkgId;
m_smackLabel = ss.str();
}
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(),
"simple-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->unlockUserKey(ps.GetUid(), "test-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->lockUserKey(ps.GetUid())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->resetUserPassword(ps.GetUid(), "something")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = control->removeUserData(ps.GetUid())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(G01T02_ControlPositive) {
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID,
"simple-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_UID, "something")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_UID, "test-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->lockUserKey(USER_UID)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_UID, "something")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(USER_UID)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(G01T03_ProcessIdentificationBySecurityManager) {
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(G02T02_StoragePositive) {
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
}
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData(dataAlias, rawBuffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getData(dataAlias, CKM::Password(), output)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(rawBuffer == output, "Data mismatch.");
}
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(G02T05_StorageNegative) {
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, rawBuffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->getData(alias, CKM::Password(), output)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/*
* @file change-smack.cpp
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
#include <sys/smack.h>
#include <tests_common.h>
#include <process-settings/change-smack.h>
+#include <scoped_process_label.h>
namespace ProcessSettings {
{}
void ChangeSmack::Apply() {
- char *my_label = nullptr;
-
- RUNNER_ASSERT(-1 != smack_new_label_from_self(&my_label));
-
- if (my_label)
- m_originalLabel = my_label;
-
- free(my_label);
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_policy.GetSmackLabel().c_str()),
- "Error in smack_set_label_for_self(" << m_policy.GetSmackLabel() << ")");
+ m_processLabel.reset(new ScopedProcessLabel(m_policy.GetSmackLabel()));
}
void ChangeSmack::Revoke() {
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_originalLabel.c_str()),
- "Error in smack_set_label_for_self(" << m_originalLabel << ")");
+ m_processLabel.reset();
}
ChangeSmack::~ChangeSmack() {}
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/*
* @file change-smack.h
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
#pragma once
#include <string>
+#include <memory>
#include <process-settings/policy.h>
+class ScopedProcessLabel;
+
namespace ProcessSettings {
class ChangeSmack {
virtual ~ChangeSmack();
private:
const Policy &m_policy;
- std::string m_originalLabel;
+ std::unique_ptr<ScopedProcessLabel> m_processLabel;
};
} // namespace ProcessSettings
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(m_uid, "DummyPassword")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(m_uid)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
UnlockCkm::~UnlockCkm() {}
-# Copyright (c) 2013-2018 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2013-2019 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
ADD_DEFINITIONS("-DCKM_TEST_DIR=\"${CKM_TEST_DIR}\"")
ADD_DEFINITIONS("-DCKM_RW_DATA_DIR=\"${CKM_RW_DATA_DIR}\"")
+OPTION("TZ_BACKEND" OFF)
+IF(TZ_BACKEND)
+ ADD_DEFINITIONS("-DTZ_BACKEND")
+ENDIF(TZ_BACKEND)
+
PKG_CHECK_MODULES(CKM_TEST_COMMON_DEP
REQUIRED
openssl
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <string>
#include <fstream>
#include <sys/smack.h>
+#include <ckm/ckm-type.h>
#include <ckmc/ckmc-type.h>
#include <ckm-common.h>
#include <tests_common.h>
#include <ckmc/ckmc-manager.h>
#include <fcntl.h>
#include <unistd.h>
+#include <unordered_map>
const std::string SMACK_USER_APP_PREFIX = "User::Pkg::";
const char *SYSTEM_LABEL = ckmc_owner_id_system;
default: return "Error not defined";
}
}
-
-const char * CKMErrorToString(int error) {
- switch (error) {
- ERRORDESCRIBE(CKM_API_SUCCESS);
- ERRORDESCRIBE(CKM_API_ERROR_SOCKET);
- ERRORDESCRIBE(CKM_API_ERROR_BAD_REQUEST);
- ERRORDESCRIBE(CKM_API_ERROR_BAD_RESPONSE);
- ERRORDESCRIBE(CKM_API_ERROR_SEND_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_RECV_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_INPUT_PARAM);
- ERRORDESCRIBE(CKM_API_ERROR_BUFFER_TOO_SMALL);
- ERRORDESCRIBE(CKM_API_ERROR_OUT_OF_MEMORY);
- ERRORDESCRIBE(CKM_API_ERROR_ACCESS_DENIED);
- ERRORDESCRIBE(CKM_API_ERROR_SERVER_ERROR);
- ERRORDESCRIBE(CKM_API_ERROR_DB_LOCKED);
- ERRORDESCRIBE(CKM_API_ERROR_DB_ERROR);
- ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_EXISTS);
- ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_UNKNOWN);
- ERRORDESCRIBE(CKM_API_ERROR_VERIFICATION_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_INVALID_FORMAT);
- ERRORDESCRIBE(CKM_API_ERROR_FILE_ACCESS_DENIED);
- ERRORDESCRIBE(CKM_API_ERROR_NOT_EXPORTABLE);
- ERRORDESCRIBE(CKM_API_ERROR_FILE_SYSTEM);
- ERRORDESCRIBE(CKM_API_ERROR_NOT_SUPPORTED);
- ERRORDESCRIBE(CKM_API_ERROR_UNKNOWN);
- default: return "Error not defined";
- }
-}
#undef ERRORDESCRIBE
std::string CKMCReadableError(int error) {
return output;
}
-void save_data(const char* alias, const char *data, int expected_err)
-{
- save_data(alias, data, strlen(data), expected_err);
-}
-
-void save_data(const char* alias, const char *data, size_t len, int expected_err = CKMC_ERROR_NONE)
+void save_data(const char* alias, const char *data, size_t len, const char* password,
+ int expected_err, bool exportable)
{
RUNNER_ASSERT(alias);
RUNNER_ASSERT(data);
buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
buffer.size = len;
ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = true;
-
+ policy.password = const_cast<char*>(password);
+ policy.extractable = exportable;
int ret = ckmc_save_data(alias, buffer, policy);
RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
- << CKMCErrorToString(ret) << " while expected: "
- << CKMCErrorToString(expected_err));
+ << CKMCErrorToString(ret) << " while expected: "
+ << CKMCErrorToString(expected_err));
+}
+void save_data(const char* alias, const char *data, int expected_err, bool exportable)
+{
+ save_data(alias, data, strlen(data), nullptr, expected_err, exportable);
+}
+
+void save_data(const char* alias, const char *data, size_t len, int expected_err, bool exportable)
+{
+ save_data(alias, data, len, nullptr, expected_err, exportable);
}
ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
int ret;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
void remove_user_data(uid_t user_id)
RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
}
+void check_alias_info_list_helper(const CKM::AliasPwdVector& expected, const CKM::AliasPwdVector& actual,
+ const std::string userSmackLabel)
+{
+ std::string errorLogMsg;
+ std::unordered_map<std::string, bool> aliasPwdMap;
+
+ RUNNER_ASSERT_MSG(expected.size() == actual.size(), "Aliases item count differs, expected: " <<
+ expected.size() << " actual: " << actual.size());
+
+ for (const auto &it : actual)
+ {
+ aliasPwdMap[std::get<0>(it)] = std::get<1>(it);
+ }
+
+
+ for (const auto &it : expected)
+ {
+ auto aliasPwd = aliasPwdMap.find(userSmackLabel + std::get<0>(it));
+ if (aliasPwd != aliasPwdMap.end()) {
+ if (aliasPwd->second != std::get<1>(it)) {
+ errorLogMsg += "Alias: " + std::get<0>(it) + " has wrong encryption status: "
+ + std::to_string(std::get<1>(it)) + "\n";
+ }
+ }
+ else {
+ errorLogMsg += "Expected alias: " + std::get<0>(it) + " not found.\n";
+ }
+ }
+
+ if (!errorLogMsg.empty()) {
+ for (const auto &it : actual)
+ {
+ errorLogMsg += "Actual alias: " + std::get<0>(it) + " status: "
+ + std::to_string(std::get<1>(it)) + "\n";
+ }
+ RUNNER_FAIL_MSG("Actual list of aliases differ from expected list.\n" + errorLogMsg);
+ }
+}
+
+void check_alias_info_list(const CKM::AliasPwdVector& expected, const std::string& userSmackLabel)
+{
+ ckmc_alias_info_list_s *aliasInfoList = NULL;
+ int ret = ckmc_get_data_alias_info_list(&aliasInfoList);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get the list of data aliases. " << ret << " / "
+ << CKMCErrorToString(ret));
+
+ CKM::AliasPwdVector actual;
+ ckmc_alias_info_list_s *plist = aliasInfoList;
+ char* alias;
+ bool isPasswordProtected;
+ unsigned int it = 0;
+ while (plist)
+ {
+ ret = ckmc_alias_info_get_alias(plist->info, &alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias. " << ret << " / "
+ << CKMCErrorToString(ret));
+ ret = ckmc_alias_info_is_password_protected(plist->info, &isPasswordProtected);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get password protection status" << ret << " / "
+ << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it);
+ actual.push_back(std::make_pair(alias, isPasswordProtected));
+ plist = plist->next;
+ it++;
+ }
+ ckmc_alias_info_list_all_free(aliasInfoList);
+ check_alias_info_list_helper(expected, actual, userSmackLabel);
+}
+
size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
{
ckmc_alias_list_s *aliasList = NULL;
{
return RawBufferPtr(buffer, ckmc_buffer_free);
}
+
+CKM::Policy generate_ckm_policy(int iterator_nr) {
+ if (iterator_nr % 2) { // policy with password and with / without extractable flag
+ return CKM::Policy(CKM::Password("test_pwd"), iterator_nr % 4);
+ }
+ return CKM::Policy();
+}
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
// support for error printing
const char * CKMCErrorToString(int error);
-const char * CKMErrorToString(int error);
std::string CKMCReadableError(int error);
// RUNNER_ASSERT wrappers
std::string aliasWithLabelFromSelf(const char *alias);
-void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
-void save_data(const char* alias, const char *data, size_t len, int expected_err);
+void save_data(const char* alias, const char *data, size_t len, const char* password,
+ int expected_err = CKMC_ERROR_NONE, bool exportable = true);
+void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE,
+ bool exportable = true);
+void save_data(const char* alias, const char *data, size_t len,
+ int expected_err = CKMC_ERROR_NONE, bool exportable = true);
class ScopedSaveData
{
public:
ckmc_raw_buffer_s prepare_message_buffer(const char * input);
void check_alias_list(const CKM::AliasVector& expected);
+void check_alias_info_list_helper(const CKM::AliasPwdVector& expected, const CKM::AliasPwdVector& actual,
+ const std::string userSmackLabel = "");
+void check_alias_info_list(const CKM::AliasPwdVector& expected,
+ const std::string& userSmackLabel = "");
typedef enum {
ALIAS_KEY,
ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd);
void validate_AES_key(ckmc_key_s *analyzed);
void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second); // true if equal
+CKM::Policy generate_ckm_policy(int iterator_nr); // generates policy based on given number
// Test env class for database cleanup. Pass database uids to cleanup before and after test
template <uid_t ...Args>
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2013-2019 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# @file CMakeLists.txt
# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
# @brief
#
+
+INCLUDE(GNUInstallDirs)
+
+SET(EIV_TEST_XML_FILENAME "encrypted_initial_values.xml")
+SET(EIV_TEST_XML ${CMAKE_CURRENT_SOURCE_DIR}/${EIV_TEST_XML_FILENAME})
+SET(EIV_KEY_TO_BE_IMPORTED "KeyOne16BytesLen")
+SET(EIV_PLAIN_MESSAGE "ShortTestMessage")
+SET(EIV_MESSAGE_ENCRYPTION_IV "abcdefghijklmnop")
+
+# encrypt ShortTestMessage using the imported key and 'abcdefghijklmnop' IV
+EXECUTE_PROCESS(
+ COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/aes_128_cbc_encrypt.sh ${EIV_KEY_TO_BE_IMPORTED} ${EIV_MESSAGE_ENCRYPTION_IV}
+ OUTPUT_VARIABLE EIV_ENCRYPTED_MESSAGE_HEX
+ ERROR_VARIABLE EIV_ENCRYPTION_STDERR
+ RESULT_VARIABLE EIV_ENCRYPTION_RESULT
+)
+
+IF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0")
+ MESSAGE(FATAL_ERROR "Encryption failed: ${EIV_ENCRYPTION_STDERR}")
+ENDIF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0")
+
+# prepare initial values xml target
+ADD_CUSTOM_COMMAND(OUTPUT ${EIV_TEST_XML}
+ COMMAND echo -n ${EIV_KEY_TO_BE_IMPORTED} > /tmp/key
+ COMMAND echo -n THIS/STRING/MUST/BE/REPLACED/IN/REAL/DEVICE= | base64 --decode > /tmp/encryption_key
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/key -k /tmp/encryption_key -n TEI_0 -t Key -s AES -b hardware -x ${EIV_TEST_XML}
+ COMMENT "Generating encrypted initial values test xml"
+ VERBATIM
+)
+
+ADD_CUSTOM_TARGET(TARGET_EIV_TEST_XML DEPENDS ${EIV_TEST_XML})
+
+INSTALL(FILES ${EIV_TEST_XML} DESTINATION ${CKM_TEST_DIR})
+
+# ckm-tests
PKG_CHECK_MODULES(CKM_DEP
REQUIRED
libsmack
ADD_EXECUTABLE(${TARGET_CKM_PRIVILEGED_TESTS} ${CKM_SOURCES})
+ADD_DEPENDENCIES(${TARGET_CKM_PRIVILEGED_TESTS} TARGET_EIV_TEST_XML)
+
TARGET_LINK_LIBRARIES(${TARGET_CKM_PRIVILEGED_TESTS}
${TARGET_CKM_TEST_COMMON}
${CKM_DEP_LIBRARIES}
${COMMON_TARGET_TEST}
)
-INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin)
-INSTALL(FILES ckm-tests-on-onlycap.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE
+TARGET_COMPILE_DEFINITIONS(${TARGET_CKM_PRIVILEGED_TESTS}
+ PRIVATE EIV_PLAIN_MESSAGE="${EIV_PLAIN_MESSAGE}"
+ PRIVATE EIV_ENCRYPTED_MESSAGE_HEX="${EIV_ENCRYPTED_MESSAGE_HEX}"
+ PRIVATE EIV_MESSAGE_ENCRYPTION_IV="${EIV_MESSAGE_ENCRYPTION_IV}"
+ PRIVATE EIV_TEST_XML_FILENAME="${EIV_TEST_XML_FILENAME}"
)
+
+INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin)
/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/*
* @file access_provider.cpp
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
* @brief Common functions and macros used in security-tests package.
*/
#include <access_provider2.h>
#include <tests_common.h>
#include <ckm-common.h>
+#include <scoped_process_label.h>
namespace {
applyAndSwithToUser(uid, gid);
}
+AccessProvider::~AccessProvider()
+{
+
+}
+
void AccessProvider::allowAPI(const std::string &api, const std::string &rule) {
m_smackAccess.add(m_mySubject, api, rule);
}
{
RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context");
- // get calling label
- char* my_label = NULL;
- RUNNER_ASSERT(smack_new_label_from_self(&my_label) > 0);
- if(my_label)
- {
- m_origLabel = std::string(my_label);
- free(my_label);
- }
- RUNNER_ASSERT(m_origLabel.size() > 0);
-
RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
"Error in smack_revoke_subject(" << m_mySubject << ")");
apply();
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_mySubject.c_str()),
- "Error in smack_set_label_for_self.");
+
+ m_processLabel.reset(new ScopedProcessLabel(m_mySubject));
m_origUid = getuid();
m_origGid = getgid();
RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid.");
RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
"Error in smack_revoke_subject(" << m_mySubject << ")");
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_origLabel.c_str()),
- "Error in smack_set_label_for_self.");
+ m_processLabel.reset();
m_inSwitchContext = false;
}
}
/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#define _ACCESS_FOR_DUMMIES_H_
#include <string>
+#include <memory>
#include <smack_access.h>
+class ScopedProcessLabel;
+
class AccessProvider {
public:
explicit AccessProvider(const std::string &ownerId);
AccessProvider(const std::string &ownerId, int uid, int gid);
- virtual ~AccessProvider() {}
+ virtual ~AccessProvider();
AccessProvider(const AccessProvider &second) = delete;
AccessProvider& operator=(const AccessProvider &second) = delete;
std::string m_mySubject;
uid_t m_origUid;
gid_t m_origGid;
- std::string m_origLabel;
+ std::unique_ptr<ScopedProcessLabel> m_processLabel;
bool m_inSwitchContext;
};
--- /dev/null
+#!/bin/bash -e
+
+if [ "$#" -ne 2 ]
+then
+ echo "$0 requires 2 arguments: key and IV"
+ exit 1
+fi
+
+KEY_HEX=`echo -n $1 | hexdump -e '/1 "%02x"'`
+IV_HEX=`echo -n $2 | hexdump -e '/1 "%02x"'`
+
+# encrypt | convert to hex
+echo -n 'ShortTestMessage' | openssl enc -aes-128-cbc -K $KEY_HEX -iv $IV_HEX | hexdump -e '/1 "%02x"'
\ No newline at end of file
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Bumjin Im <bj.im@samsung.com>
*
RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
RUNNER_ASSERT_MSG(
obs->m_error == expected,
- "Expected " << expected << "/" << CKMErrorToString(expected) <<
- " got: " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+ "Expected " << expected << "/" << APICodeToString(expected) <<
+ " got: " << obs->m_error << "/" << APICodeToString(obs->m_error));
}
template <typename F, typename... Args>
RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
RUNNER_ASSERT_MSG(obs->m_error == 0,
- "Request failed " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+ "Request failed " << obs->m_error << "/" << APICodeToString(obs->m_error));
return obs;
}
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
+#include <scoped_process_label.h>
using namespace CKM;
using namespace std;
MdppState::MdppState()
{
- ScopedLabel sl(USER_LABEL);
+ ScopedProcessLabel spl(USER_LABEL);
m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
}
MdppState::~MdppState()
{
- ScopedLabel sl(USER_LABEL);
+ ScopedProcessLabel spl(USER_LABEL);
if (!m_original)
vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
else {
void MdppState::set(const char* const value)
{
- ScopedLabel sl(USER_LABEL);
+ ScopedProcessLabel spl(USER_LABEL);
if (value)
{
int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
rsa_pub_alias,
Policy(Password(), true),
Policy(Password(), true))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
ecdsa_pub_alias,
Policy(Password(), true),
Policy(Password(), true))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyAES(
aes_length,
aes_alias,
Policy(Password(), true))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << APICodeToString(temp));
}
void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
int temp;
RUNNER_ASSERT_MSG(
expected == (temp = manager->getKey(alias, Password(), key)),
- "Expected: " << expected << "/" << CKMErrorToString(expected) << " got: " << temp << "/" <<
- CKMErrorToString(temp));
+ "Expected: " << expected << "/" << APICodeToString(expected) << " got: " << temp << "/" <<
+ APICodeToString(temp));
}
void read_keys(int expected)
auto control = Control::create();
int ret;
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << APICodeToString(ret));
}
void restart_ckm(const char* const mdpp_setting)
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
"central-key-manager.service"
};
-void changeLabel(const char *label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret,
- "Error in smack_set_label_for_self(" << label << "). Error: " << ret);
-}
-
-} // namespace anonymous
-
-ScopedLabel::ScopedLabel(const char *label) : m_original_label(getLabel())
-{
- changeLabel(label);
-}
-
-ScopedLabel::~ScopedLabel()
-{
- /*
- * Let it throw. If we can't restore label then remaining tests results will be
- * unreliable anyway.
- */
- changeLabel(m_original_label.c_str());
}
void start_service(ServiceIdx idx)
#pragma once
#include <string>
+#include <dpl/test/test_runner.h>
+
+#define RUNNER_TEST_DUMMY(Proc, ...) \
+ void Proc(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
+
+#ifdef TZ_BACKEND
+#define RUNNER_TEST_TZ_BACKEND(...) RUNNER_TEST(__VA_ARGS__)
+#else
+#define RUNNER_TEST_TZ_BACKEND(...) RUNNER_TEST_DUMMY(__VA_ARGS__)
+#endif
// service lifecycle management
enum ServiceIdx {
void start_service(ServiceIdx idx);
void stop_service(ServiceIdx idx);
-
-// changes process label upon construction and restores it upon destruction
-class ScopedLabel
-{
-public:
- ScopedLabel(const char* label);
- ~ScopedLabel();
-
-private:
- std::string m_original_label;
-};
+++ /dev/null
-#!/bin/sh
-
-# Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file ckm-tests-on-onlycap.sh
-# @author Kyungwook Tak (k.tak@samsung.com)
-# @brief Run ckm-tests on onlycap environment
-#
-
-# save old label and onlycap
-OLD_LABEL=`cat /proc/self/attr/current`
-OLD_ONLYCAP=`cat /sys/fs/smackfs/onlycap`
-
-# make sure we're in onlycap so original state can be restored later
-# (assume that OLD_LABEL is allowed to change the label)
-echo "System::Privileged" > /proc/self/attr/current || exit
-
-# push test app lables to onlycap label list
-echo "System::Privileged \
- User::Pkg::test_label \
- User::Pkg::test_label_2 \
- User::Pkg::test_label_3 \
- User::Pkg::test_label_4 \
- User::Pkg::test_label_5 \
- System" > /sys/fs/smackfs/onlycap || exit
-
-# set capability for changing smack label of self and add/remove smack rules
-setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests || exit
-
-# run test
-ckm-privileged-tests "${@}" # propagate all arguments
-
-# restore old onlycap
-echo -n $OLD_ONLYCAP > /sys/fs/smackfs/onlycap
-
-# restore old label
-# (assume that System::Privileged is allowed to do it with $OLD_ONLYCAP)
-echo $OLD_LABEL > /proc/self/attr/current
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co.
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* @file system-db.cpp
* @author Maciej Karpiuk (m.karpiuk2@samsung.com)
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
#include <dpl/test/test_runner.h>
#include <ckm-common.h>
#include <ckm-privileged-common.h>
#include <ckm/ckm-control.h>
+#include <ckm/ckm-manager.h>
#include <ckmc/ckmc-manager.h>
#include <access_provider2.h>
#include <fstream>
const uid_t GROUP_APP = 5070;
const char* APP_PASS = "user-pass";
-const char *XML_DEVICE_KEY = "device_key.xml";
-
const char *XML_1_okay = "XML_1_okay.xml";
std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
-// encrypted
-std::string XML_1_EXPECTED_KEY_3_RSA_PRV = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
-std::string XML_1_EXPECTED_KEY_3_RSA_PUB = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
-std::string XML_1_EXPECTED_ASCII_DATA = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
-std::string XML_1_EXPECTED_BIG_DATA = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
const char *XML_2_okay = "XML_2_okay.xml";
std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
return std::string(CKM_TEST_DIR) + std::string(file);
}
-std::string format_dest_key_path(const char *file)
-{
- return std::string(CKM_RW_DATA_DIR) + std::string(file);
-}
-
std::string format_dest_path(const char *file)
{
return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
}
+int hexToBin(char h) {
+ if (h >= '0' && h <= '9')
+ return h - '0';
+ if (h >= 'a' && h <= 'f')
+ return h - 'a' + 10;
+ if (h >= 'A' && h <= 'F')
+ return h - 'A' + 10;
+ RUNNER_ASSERT_MSG(false, "Input out of scope");
+}
+
+CKM::RawBuffer hexToBin(std::string &hex) {
+ CKM::RawBuffer output;
+ output.resize(hex.size()/2);
+ for (size_t i=0; i<output.size(); ++i) {
+ output[i] = hexToBin(hex[i*2])*16 +
+ hexToBin(hex[i*2 + 1]);
+ }
+ return output;
+}
RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
// restart the key-manager
// check XML file doesn't exist
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
ckmc_buffer_free(signature);
}
-RUNNER_TEST(T6050_ENCRYPTED_KEY)
+RUNNER_TEST(T6999_deinit)
{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // [test0]
- // check if encrypted private key is present
- // check if public key is present
- // [test1]
- // extract the private, encrypted key
- // extract the public key
- // create signature using the public key
- // verify signature using the decrypted private key
-
- // [test0]
- check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
-
+ remove_user_data(0);
+}
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature = NULL;
+RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values, RemoveDataEnv<0>)
+{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
- NULL,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
+ std::string messageHex = EIV_ENCRYPTED_MESSAGE_HEX;
+ std::string iv = EIV_MESSAGE_ENCRYPTION_IV;
- // invalid password
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
- NULL,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
+ copy_file(format_src_path(EIV_TEST_XML_FILENAME), format_dest_path(EIV_TEST_XML_FILENAME));
+ restart_key_manager();
- ckmc_buffer_free(signature);
-}
+ CKM::CryptoAlgorithm algo;
+ CKM::RawBuffer messageBin = hexToBin(messageHex);
+ CKM::RawBuffer ivBin(iv.begin(), iv.end());
+ CKM::RawBuffer decrypted;
-RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // [test0]
- // extract data
- // check if data matches the expected size and content
-
- // [test0]
- ckmc_raw_buffer_s *testData1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
- CKMCReadableError(temp));
- size_t expected_len = 15;
- RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
- RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
- ckmc_buffer_free(testData1);
-}
+ algo.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::AES_CBC);
+ algo.setParam(CKM::ParamName::ED_IV, ivBin);
-RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA)
-{
- // [prepare]
- // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
- // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // [test0]
- // extract data
- // check if data matches the expected size
-
- // [test0]
- ckmc_raw_buffer_s *testData1;
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
- ckmc_buffer_free(testData1);
+ auto mgr = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKM::APICodeToString(temp));
+ RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match");
}
-RUNNER_TEST(T6999_deinit)
-{
- remove_user_data(0);
-}
+/* TODO
+ * - RW/RO location support (files removal, flag handling)
+ * - item overwrite
+ * - backend attribute support
+ * - independent tests
+ * - different formats (also encrypted)
+ * - complex tests using ckm-initial-values tool
+ */
/*
- * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKMErrorToString(status1));
+ "Certificate should be in database already. Error=" << CKM::APICodeToString(status1));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKMErrorToString(status2));
+ "Certificate should be in database already. Error=" << CKM::APICodeToString(status2));
}
}
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKMErrorToString(status1));
+ "Could not put certificate in datbase. Error=" << CKM::APICodeToString(status1));
CKM::AliasVector av;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
(current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_CHILD_TEST(T1704_data_test)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
0 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 0");
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_CHILD_TEST(T17102_prep_data_01)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(T17103_prep_data_02)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(T17104_prep_data_03)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(T17105_prep_data_04)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T17106_remove_application)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_CHILD_TEST(T17107_check_data_01)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
0 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 0");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
1 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 1");
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_CHILD_TEST(T17110_check_data_03)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
0 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 0");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
1 == (temp = av.size()),
"Vector size: " << temp << ". Expected: 1");
const char* TEST_ALIAS = "test-alias";
const char* INVALID_LABEL = "coco-jumbo";
+const char* TEST_PASSWORD = "ckm-password";
std::string TEST_SYSTEM_ALIAS = sharedDatabase(TEST_ALIAS);
std::string TEST_SYSTEM_ALIAS_2 = sharedDatabase("test-alias-2");
save_data(aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS).c_str(), TEST_DATA);
check_read(TEST_ALIAS, SYSTEM_LABEL, TEST_DATA);
}
+
+RUNNER_TEST(T5046_CLIENT_GET_ALIAS_STATUS_NO_PASSWORD, RemoveDataEnv<0>)
+{
+ // [prepare]
+ // start as system service
+ // add data A to the system DB
+ // add data B to the system DB
+ // [test]
+ // system service list alias status - expect both items to have no password protection
+
+ // [prepare]
+ save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA);
+
+ // [test]
+ CKM::AliasPwdVector aliasPwdVector;
+ aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS.c_str(), false));
+ aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS_2.c_str(), false));
+
+ check_alias_info_list(aliasPwdVector);
+}
+
+RUNNER_TEST(T5047_CLIENT_GET_ALIAS_STATUS_PASSWORD_PROTECTED, RemoveDataEnv<0>)
+{
+ // [prepare]
+ // start as system service
+ // add data A to the system DB
+ // add data B with password protection to the system DB
+ // add data C with password protection to the system DB
+ // [test]
+ // system service list alias status - expect: first alias - no password protection, second, third -
+ // protected with password
+
+ // [prepare]
+ save_data(TEST_SYSTEM_ALIAS.c_str(), TEST_DATA);
+ save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
+ save_data((TEST_SYSTEM_ALIAS_2 + "1").c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD);
+
+ // [test]
+ CKM::AliasPwdVector aliasPwdVector;
+ aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS.c_str(), false));
+ aliasPwdVector.push_back(std::make_pair(TEST_SYSTEM_ALIAS_2.c_str(), true));
+ aliasPwdVector.push_back(std::make_pair((TEST_SYSTEM_ALIAS_2 + "1").c_str(),true));
+
+ check_alias_info_list(aliasPwdVector);
+}
<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd">
- <!-- if EncryptionKey present, the content is an AES key encrypted using device key.
- The format is Base64(encrypt(AES_key_binary))
- i.e.:
- * RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
- * encode base64: openssl enc -base64 -in encryption_AES_key.encrypted -->
- <EncryptionKey>
- QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp
- UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s
- CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj
- bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss
- Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC
- ZVOanzc0euaenw1q9b+yEQ==
- </EncryptionKey>
+<InitialValues version="2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd">
<Key name="test-key1" type="RSA_PUB" password="123">
<PEM>
-----BEGIN PUBLIC KEY-----
<Permission accessor="test_label"/>
<Permission accessor="test_label_2"/>
</Key>
- <!-- key below is encrypted using AES-CBC algorithm.
- The key used is decrypted <EncryptionKey> provided above.
- Encryption:
- * encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in data -out data.enc
- -->
- <Key name="test-encryption-prv" type="RSA_PRV" exportable="true">
- <EncryptedDER IV="X1RoaXNJc0lWRm9yQUVTXw==">
- BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
- 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
- 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
- tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
- +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
- xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
- FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
- vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
- 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
- Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
- wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
- j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
- bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
- </EncryptedDER>
- </Key>
- <Key name="test-encryption-pub" type="RSA_PUB" exportable="true">
- <PEM>
- -----BEGIN PUBLIC KEY-----
- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
- JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
- CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
- 3Op0tEjy0jpmzeyNiQIDAQAB
- -----END PUBLIC KEY-----
- </PEM>
- </Key>
- <Cert name="test-encryption-certificate" exportable="true">
- <!-- Note IV differs between items -->
- <EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
- pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
- /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
- l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
- XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
- /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
- osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
- 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
- TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
- ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
- oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
- ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
- tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
- kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
- DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
- LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
- XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
- 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
- a+r+N4lsYPKJbX2ywUvDHg==
- </EncryptedDER>
- </Cert>
- <Data name="test-ascii-data-encryption" exportable="true">
- <!-- this below decrypts to ASCII: "My secret data" -->
- <EncryptedASCII IV="X19hbm90aGVyX0lWXzJfXw==">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
- </Data>
- <Data name="test-binary-data-encryption" exportable="true">
- <!-- this below decrypts to small PNG image -->
- <EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
- weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC
- Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF
- oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf
- kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk
- KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy
- iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8
- gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju
- yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC
- Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps
- ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod
- v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW
- NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti
- udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0
- FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx
- IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h
- ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx
- asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0
- +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA
- Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI
- Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK
- XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT
- gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg
- g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8
- DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4
- T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q
- MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0
- CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz
- traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c
- q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP
- ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n
- Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t
- gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3
- 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW
- YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx
- pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys
- nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9
- pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI
- 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY
- hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp
- VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka
- lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP
- 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32
- LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk
- UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2
- rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/
- sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY
- 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1
- H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv
- e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt
- ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW
- MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP
- zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J
- 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un
- TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb
- aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS
- eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09
- +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ
- 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo
- p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO
- fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT
- mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ
- ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA
- YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3
- aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC
- jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK
- vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T
- INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA
- wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3
- Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf
- ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR
- 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu
- Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm
- q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O
- eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ
- USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx
- qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk
- p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL
- 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS
- orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY
- BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL
- YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5
- ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm
- HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h
- TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9
- jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ
- ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B
- Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU
- V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5
- RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc
- Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc
- Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh
- PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1
- zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV
- e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt
- eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz
- zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c
- 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw
- eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV
- HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu
- by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT
- n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50
- mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL
- PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe
- xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg
- wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0
- ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp
- EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr
- d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb
- 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi
- F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7
- HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM
- yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC
- Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV
- lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw
- xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm
- LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi
- eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A
- CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb
- U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB
- +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw
- IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx
- 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe
- FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD
- yYRBt5UqwGovABM08jYkuA==
- </EncryptedBinary>
- </Data>
</InitialValues>
<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
+<InitialValues version="2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
<Key name="test2-key1" type="RSA_PUB" password="123">
<PEM>
-----BEGIN PUBLIC KEY-----
<?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
+<InitialValues version="2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
<Key name="test3-key1" type="RSA_PUB" password="123">
<Permission accessor="test_label"/>
<PEM>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<DeviceKey version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="sw_key.xsd ">
- <RSAPrivateKey>
- <DERBase64>
- MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
- 1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
- S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
- OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
- DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
- yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
- MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
- koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
- IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
- HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
- mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
- l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
- u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
- 4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
- Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
- IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
- hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
- 38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
- 2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
- XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
- ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
- n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
- upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
- RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
- tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
- </DERBase64>
- </RSAPrivateKey>
-</DeviceKey>
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Bumjin Im <bj.im@samsung.com>
*
RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
RUNNER_ASSERT_MSG(
obs->m_error == expected,
- "Expected " << expected << "/" << CKMErrorToString(expected) <<
- " got: " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+ "Expected " << expected << "/" << APICodeToString(expected) <<
+ " got: " << obs->m_error << "/" << APICodeToString(obs->m_error));
}
template <typename F, typename... Args>
RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
RUNNER_ASSERT_MSG(obs->m_error == 0,
- "Request failed " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+ "Request failed " << obs->m_error << "/" << APICodeToString(obs->m_error));
return obs;
}
RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
{
+#ifdef TZ_BACKEND
+ const size_t BIG_SIZE = 100000;
+#else
const size_t BIG_SIZE = 5000000;
+#endif
std::vector<char> big_data(BIG_SIZE);
std::ifstream is("/dev/urandom", std::ifstream::binary);
/*
- * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+const std::string KEY_PEM = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
} // namespace anonymous
/*
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T0012_Control)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T0013_Control)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T0014_Control)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T0015_Control)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T0016_Control_negative_wrong_password)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
key->getDER() == key2->getDER(),
"Key value has been changed by service");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
cert->getDER() == cert2->getDER(),
"Data has been modified in key manager");
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
// lookup by name
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
key->getDER() == key_name->getDER(),
"Key value has been changed by service");
// lookup by full address
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
key->getDER() == key_full_addr->getDER(),
"Key value has been changed by service");
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1021_save_keys_get_alias)
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
labelAliasVector.size() == (current_aliases_num+3),
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
labelAliasVector.size() == (current_aliases_num+3),
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
+}
+
+RUNNER_TEST(T1024_app_user_save_keys_get_alias_pwd)
+{
+ remove_user_data(USER_APP);
+
+ int exitCode;
+ const int aliasNameCount = 10;
+ auto manager = CKM::Manager::create();
+
+ CKM::AliasPwdVector expected;
+ CKM::RawBuffer buffer(KEY_PEM.begin(), KEY_PEM.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ std::string currentAlias;
+
+ size_t beforeSaveAliasCount = count_aliases(ALIAS_KEY);
+ // make aliases with & without: password protection, exportable flag
+ for (int it = 0; it < aliasNameCount; ++it)
+ {
+ CKM::Policy policy = generate_ckm_policy(it);
+ currentAlias = "T1024_appkey" + std::to_string(it);
+ expected.push_back(std::make_pair(currentAlias, !policy.password.empty()));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (exitCode = manager->saveKey(currentAlias, key, policy)),
+ "Error=" << CKM::APICodeToString(exitCode));
+ }
+
+ CKM::AliasPwdVector actual;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (exitCode = manager->getKeyAliasPwdVector(actual)),
+ "Error=" << CKM::APICodeToString(exitCode));
+ RUNNER_ASSERT_MSG(
+ actual.size() == (beforeSaveAliasCount + aliasNameCount),
+ "Wrong aliases count: " << actual.size() << " Expected: "
+ << (beforeSaveAliasCount + aliasNameCount));
+ check_alias_info_list_helper(expected, actual, "/User ");
+
+ remove_user_data(USER_APP);
+}
+
+RUNNER_TEST(T1025_app_user_save_certificates_get_alias_pwd)
+{
+ remove_user_data(USER_APP);
+
+ int exitCode;
+ const int aliasNameCount = 10;
+ auto manager = CKM::Manager::create();
+
+ CKM::AliasPwdVector expected;
+ auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ std::string currentAlias;
+
+ size_t beforeSaveAliasCount = count_aliases(ALIAS_CERT);
+ for (int it = 0; it < aliasNameCount; ++it)
+ {
+ CKM::Policy policy = generate_ckm_policy(it);
+ currentAlias = "T1025_appcert" + std::to_string(it);
+ expected.push_back(std::make_pair(currentAlias, !policy.password.empty()));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (exitCode = manager->saveCertificate(currentAlias, cert, policy)),
+ "Error=" << CKM::APICodeToString(exitCode));
+ }
+
+ CKM::AliasPwdVector actual;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (exitCode = manager->getCertificateAliasPwdVector(actual)),
+ "Error=" << CKM::APICodeToString(exitCode));
+ RUNNER_ASSERT_MSG(
+ actual.size() == (beforeSaveAliasCount + aliasNameCount),
+ "Wrong aliases count: " << actual.size() << " Expected: "
+ << (beforeSaveAliasCount + aliasNameCount));
+ check_alias_info_list_helper(expected, actual, "/User ");
+
+ remove_user_data(USER_APP);
+}
+
+RUNNER_TEST(T1026_app_user_save_data_get_alias_pwd)
+{
+ remove_user_data(USER_APP);
+
+ int exitCode;
+ const int aliasNameCount = 10;
+ auto manager = CKM::Manager::create();
+
+ CKM::AliasPwdVector expected;
+ std::string binData = "My bin data";
+ CKM::RawBuffer buffer(binData.begin(), binData.end());
+ std::string currentAlias;
+
+ size_t beforeSaveAliasCount = count_aliases(ALIAS_DATA);
+ for (int it = 0; it < aliasNameCount; ++it)
+ {
+ CKM::Policy policy = generate_ckm_policy(it);
+ currentAlias = "T1026_appdata" + std::to_string(it);
+ expected.push_back(std::make_pair(currentAlias, !policy.password.empty()));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (exitCode = manager->saveData(currentAlias, buffer, policy)),
+ "Error=" << CKM::APICodeToString(exitCode));
+ }
+
+ CKM::AliasPwdVector actual;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (exitCode = manager->getDataAliasPwdVector(actual)),
+ "Error=" << CKM::APICodeToString(exitCode));
+ RUNNER_ASSERT_MSG(
+ actual.size() == (beforeSaveAliasCount + aliasNameCount),
+ "Wrong aliases count: " << actual.size() << " Expected: "
+ << (beforeSaveAliasCount + aliasNameCount));
+ check_alias_info_list_helper(expected, actual, "/User ");
+
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1029_deinit)
size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
labelAliasVector.size() == (current_aliases_num+3),
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
labelAliasVector.size() == (current_aliases_num-2),
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1035_getData_wrong_password)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer1,
"Data corrupted");
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1036_deinit)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1041_create_RSA_key)
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
(current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1043_create_DSA_key)
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
(current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
int current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
(current_aliases_num+1) == (temp = av.size()),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
CKM::Policy p2;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1112_CreateKeyPairDSA)
CKM::Policy p2;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1113_CreateKeyPairECDSA)
CKM::Policy p2;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1114_deinit)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
/*
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12103_saveKey_foreign_label)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12104_saveKey_empty_key)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12105_saveCertificate_empty_alias)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12106_saveCertificate_foreign_label)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12107_saveCertificate_empty_cert)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12108_saveData_empty_alias)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12109_saveData_foreign_label)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12110_saveData_empty_data)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
/*
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12113_getData_alias_not_exist)
CKM::Alias alias("some alias");
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
/*
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12115_RSA_key_too_short)
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12116_DSA_key_too_short)
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12117_AES_key_too_short)
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
/*
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T12120_deinit)
true,
certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
aliasVector.push_back(alias);
tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
int status;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
}
int status;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed");
}
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1413_DSA_key_create_verify)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1415_RSA_key_create_verify_negative)
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
memcpy((void*)signature.data(), "BROKEN", 6);
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1416_DSA_key_create_verify_negative)
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
memcpy((void*)signature.data(), "BROKEN", 6);
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1417_RSA_cert_create_verify_signature)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1418_DSA_cert_create_verify_signature)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1420_deinit)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
// Prepare ECDSA Key Pair
std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
memcpy((void*)signature.data(), "BROKEN", 6);
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad)
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg)
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
int temp;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
// try to lookup key
CKM::KeyShPtr key_lookup;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
// try to lookup certificate
CKM::CertificateShPtr cert_lookup;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_TEST(T1806_get_PKCS)
// fail - no entry
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
// fail - not exportable
RUNNER_ASSERT_MSG(
CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
// success - exportable
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
auto cert = pkcs->getCertificate();
RUNNER_ASSERT_MSG(
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
hash,
padd,
signature)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
signature,
hash,
padd)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1810_verify_get_certificate_chain)
true,
certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
aliasVector.push_back(alias_PKCS_exportable);
tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
// 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
RUNNER_ASSERT_MSG(
// remove the whole PKCS12 bundles
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
// expect lookup fails due to unknown alias
// try to lookup key
CKM::KeyShPtr key_lookup;
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
// try to lookup certificate
CKM::CertificateShPtr cert_lookup;
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_TEST(T1812_get_pkcs12_password_tests)
int temp;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
CKM::CertificateShPtr cert;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
CKM::CertificateShPtrVector certChain;
CKM::AliasVector certVect;
RUNNER_ASSERT_MSG(
CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST(T1813_deinit)
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
- "Error=" << CKMErrorToString(temp));
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
- "Could not put certificate in datbase. Error=" << CKMErrorToString(status1));
+ "Could not put certificate in datbase. Error=" << CKM::APICodeToString(status1));
}
RUNNER_TEST(T1903_lock_database)
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKMErrorToString(tmp));
+ "Error=" << CKM::APICodeToString(tmp));
}
RUNNER_TEST(T1904_get_data_from_locked_database)
RUNNER_ASSERT_MSG(
CKM_API_ERROR_DB_LOCKED == status1,
- "Could not get key from locked database. Error=" << CKMErrorToString(status1));
+ "Could not get key from locked database. Error=" << CKM::APICodeToString(status1));
}
RUNNER_TEST(T1905_deinit)
cynara-creds-socket
cynara-creds-dbus
cynara-creds-gdbus
+ cynara-creds-sd-bus
security-manager
+ security-privilege-manager
REQUIRED
)
${PROJECT_SOURCE_DIR}/src/common/sm_user_request.cpp
${PROJECT_SOURCE_DIR}/src/common/sm_policy_request.cpp
${PROJECT_SOURCE_DIR}/src/common/tzplatform.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/privilege_manager.cpp
+ ${PROJECT_SOURCE_DIR}/src/common/scoped_process_label.cpp
)
#system and local includes
/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <tests_common.h>
#include <access_provider.h>
+#include <scoped_process_label.h>
namespace SecurityServer {
RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_myLabel.c_str()),
"Error in smack_revoke_subject(" << m_myLabel << ")");
apply();
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(m_myLabel.c_str()),
- "Error in smack_set_label_for_self.");
+ ScopedProcessLabel spl(m_myLabel, false);
RUNNER_ASSERT_MSG(0 == setgid(gid),
"Error in setgid.");
RUNNER_ASSERT_MSG(0 == setuid(uid),
/*
- * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
UNSET,
UNTRUSTED,
LICENSED,
+ PRIVACY,
};
Privilege(std::string systemPrivilege, Type type = UNSET, std::string license = std::string())
bool isUnset() const { return m_type == UNSET; }
bool isUntrusted() const { return m_type == UNTRUSTED; }
bool isLicensed() const { return m_type == LICENSED; }
+ bool isPrivacy() const { return m_type == PRIVACY; }
int getType() const { return m_type; }
app_defined_privilege_type getSMType () const {
/*
- * Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <cynara-creds-dbus.h>
#include <cynara-creds-socket.h>
#include <cynara-creds-gdbus.h>
+#include <cynara-creds-sd-bus.h>
#include "cynara_helpers_creds.h"
return pid;
}
+char *sdBusGetClient(SdBusConnectionPtr connection, const char *uniqueName,
+ cynara_client_creds method, int expectedResult) {
+ char *buff = nullptr;
+ auto ret = cynara_creds_sd_bus_get_client(connection.get(), uniqueName, method, &buff);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_sd_bus_get_client failed, ret = " << ret
+ << "; expected = " << expectedResult);
+ return buff;
+}
+
+char *sdBusGetUser(SdBusConnectionPtr connection, const char *uniqueName, cynara_user_creds method,
+ int expectedResult) {
+ char *buff = nullptr;
+ auto ret = cynara_creds_sd_bus_get_user(connection.get(), uniqueName, method, &buff);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_creds_sd_bus_get_user failed, ret = " << ret
+ << "; expected = " << expectedResult);
+ return buff;
+}
+
+pid_t sdBusGetPid(SdBusConnectionPtr connection, const char *uniqueName, int expectedResult) {
+ pid_t pid = -1;
+ auto ret = cynara_creds_sd_bus_get_pid(connection.get(), uniqueName, &pid);
+ RUNNER_ASSERT_MSG(ret == expectedResult, "cynara_creds_sd_bus_get_pid failed, ret = " << ret
+ << "; expected = " << expectedResult);
+ return pid;
+}
+
} //namespace CynaraHelperCredentials
/*
- * Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
pid_t gdbusGetPid(GDBusConnectionPtr connection, const char *uniqueName);
+char *sdBusGetClient(SdBusConnectionPtr connection, const char *uniqueName,
+ cynara_client_creds method, int expectedResult);
+
+char *sdBusGetUser(SdBusConnectionPtr connection, const char *uniqueName, cynara_user_creds method,
+ int expectedResult);
+
+pid_t sdBusGetPid(SdBusConnectionPtr connection, const char *uniqueName, int expectedResult);
+
} // namespace CynaraHelperCredentials
#endif // CYNARA_TEST_HELPERS_H_
/*
- * Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <functional>
#include <gio/gio.h>
#include <memory>
+#include <systemd/sd-bus.h>
typedef std::function<void(DBusConnection *)> DBusConnectionCloseAndUnref;
typedef std::function<void(GDBusConnection *)> GDBusConnectionCloseAndUnref;
+typedef std::function<void(sd_bus *)> SdBusConnectionUnref;
typedef std::unique_ptr<DBusConnection, DBusConnectionCloseAndUnref> DBusConnectionPtr;
typedef std::unique_ptr<GDBusConnection, GDBusConnectionCloseAndUnref> GDBusConnectionPtr;
+typedef std::unique_ptr<sd_bus, SdBusConnectionUnref> SdBusConnectionPtr;
#endif // CYNARA_TEST_HELPERS_DBUS_H_
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <sys/types.h>
+#include <vector>
+
+#include <app_def_privilege.h>
+#include <app_install_helper.h>
+#include <privilege_manager.h>
+#include <memory.h>
+#include <dpl/test/safe_cleanup.h>
+
+class PkgPrivacyPrivileges {
+public:
+ PkgPrivacyPrivileges(const AppInstallHelper &app)
+ : m_pkgId(app.getPkgId()),
+ m_uid(app.getUID()),
+ m_creatorPid(getpid()),
+ m_shouldUnsetPrivacy(false)
+ {
+ std::vector<std::string> privacyPrivileges;
+ for (const Privilege &privilege : app.getPrivileges())
+ if (privilege.isPrivacy())
+ privacyPrivileges.push_back(privilege.getName());
+
+ if (!privacyPrivileges.empty()) {
+ PrivilegeManager::setPrivacyPrivileges(
+ app.getUID(), app.getPkgId(), app.getVersion(), privacyPrivileges);
+ m_shouldUnsetPrivacy = true;
+ }
+ }
+
+ PkgPrivacyPrivileges(const PkgPrivacyPrivileges &) = delete;
+ PkgPrivacyPrivileges(PkgPrivacyPrivileges &&other)
+ : m_pkgId(std::move(other.m_pkgId)),
+ m_uid(other.m_uid),
+ m_shouldUnsetPrivacy(other.m_shouldUnsetPrivacy)
+ {
+ other.m_uid = 0;
+ other.m_shouldUnsetPrivacy = false;
+ other.m_creatorPid = -1;
+ }
+
+ PkgPrivacyPrivileges& operator=(const PkgPrivacyPrivileges &) = delete;
+
+ virtual ~PkgPrivacyPrivileges() {
+ if (m_creatorPid == getpid())
+ {
+ SafeCleanup::run([this]{ unsetPrivacy(); });
+ }
+ }
+
+ void unsetPrivacy() {
+ if (!m_shouldUnsetPrivacy)
+ return;
+ PrivilegeManager::unsetPrivacyPrivileges(m_uid, m_pkgId);
+ m_shouldUnsetPrivacy = false;
+ }
+
+protected:
+ std::string m_pkgId;
+ uid_t m_uid;
+ pid_t m_creatorPid;
+ bool m_shouldUnsetPrivacy;
+};
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <new>
+#include <glib.h>
+#include <gmodule.h>
+
+#include "dpl/test/test_runner.h"
+#include "privilege_manager.h"
+
+namespace PrivilegeManager {
+
+void setPrivacyPrivileges(const uid_t uid, const std::string &pkgId,
+ const std::string &tizenVersion, const std::vector<std::string> &privileges,
+ const privilege_manager_package_type_e &type)
+{
+ GList *list = nullptr;
+
+ for (const std::string &privilege : privileges) {
+ gchar *str = g_strdup(privilege.c_str());
+ if (str == nullptr) {
+ g_list_free_full(list, g_free);
+ throw std::bad_alloc();
+ }
+
+ GList *listNew = g_list_append(list, str);
+ if (listNew == nullptr) {
+ g_list_free_full(list, g_free);
+ throw std::bad_alloc();
+ }
+
+ list = listNew;
+ }
+
+ int ret = privilege_package_info_set_privacy_privilege(uid, pkgId.c_str(),
+ type, tizenVersion.empty() ? "4.0" : tizenVersion.c_str(), list);
+ g_list_free_full(list, g_free);
+
+ RUNNER_ASSERT_MSG(ret == PRVMGR_ERR_NONE,
+ "privilege_package_info_set_privacy_privilege failed: " << ret);
+}
+
+void unsetPrivacyPrivileges(const uid_t uid, const std::string &pkgId)
+{
+ int ret = privilege_package_info_unset_package_privilege_info(
+ uid, pkgId.c_str());
+
+ RUNNER_ASSERT_MSG(ret == PRVMGR_ERR_NONE,
+ "privilege_package_info_unset_privacy_privilege failed: " << ret);
+}
+
+} // namespace PrivilegeManager
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#pragma once
-#include <sys/smack.h>
+#include <string>
+#include <vector>
+#include <privilege_package_info.h>
-class ScopedProcessLabel {
-public:
- ScopedProcessLabel() {
- smack_new_label_from_self(&label);
- }
+namespace PrivilegeManager {
- ~ScopedProcessLabel() {
- smack_set_label_for_self(label);
- free(label);
- }
+void setPrivacyPrivileges(const uid_t uid, const std::string &pkgId,
+ const std::string &tizenVersion, const std::vector<std::string> &privileges,
+ const privilege_manager_package_type_e &type = PRVMGR_PACKAGE_TYPE_CORE);
-private:
- char *label;
-};
+void unsetPrivacyPrivileges(const uid_t uid, const std::string &pkgId);
+
+} // namespace PrivilegeManager
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file scoped_process_label.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#include <scoped_process_label.h>
+
+#include <stdlib.h>
+#include <sys/smack.h>
+
+#include <utility>
+#include <memory>
+#include <fstream>
+
+#include <dpl/test/test_runner.h>
+
+namespace {
+
+const std::string& getOnlycapPath()
+{
+ static std::string onlycapPath;
+
+ if (onlycapPath.empty()) {
+ const char* smackfs = smack_smackfs_path();
+ if (smackfs != nullptr) {
+ onlycapPath.assign(smackfs);
+ onlycapPath.append("/onlycap");
+ }
+ }
+ return onlycapPath;
+}
+
+const char* SEPARATORS = " ";
+
+OnlycapSet smackGetOnlycap()
+{
+ std::ifstream ifs(getOnlycapPath());
+
+ RUNNER_ASSERT_MSG(ifs, "Opening " << getOnlycapPath() << " failed.");
+
+ std::string onlycap((std::istreambuf_iterator<char>(ifs)), std::istreambuf_iterator<char>());
+ ifs.close();
+
+ OnlycapSet onlycapSet;
+
+ size_t first = 0;
+ size_t last = 0;
+ while (last != std::string::npos) {
+ first = onlycap.find_first_not_of(SEPARATORS, last);
+ if (first == std::string::npos)
+ break;
+
+ last = onlycap.find_first_of(SEPARATORS, first + 1);
+ onlycapSet.insert(onlycap.substr(first, last - first));
+ }
+ return onlycapSet;
+}
+
+void smackSetOnlycap(const OnlycapSet& onlycapSet)
+{
+ if (onlycapSet.empty()) {
+ int ret = smack_set_onlycap(NULL, 0);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_onlycap():" << ret);
+ return;
+ }
+
+ const char* labels[onlycapSet.size()];
+ size_t i = 0;
+ for (const auto& label : onlycapSet) {
+ labels[i] = label.c_str();
+ i++;
+ }
+
+ int ret = smack_set_onlycap(labels, i);
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_onlycap():" << ret);
+}
+
+void smackSetLabelForSelf(const std::string& label)
+{
+ int ret = smack_set_label_for_self(label.c_str());
+ RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self('" << label << "'): " << ret);
+}
+
+} // namespace anonymous
+
+ScopedProcessLabel::ScopedProcessLabel(std::string label, bool restore) :
+ m_label(std::move(label))
+{
+ if (restore) {
+ // store the current process label
+ char* originalLabel = NULL;
+ ssize_t size = smack_new_label_from_self(&originalLabel);
+ RUNNER_ASSERT_MSG(size > 0 || originalLabel != nullptr,
+ "Error in smack_new_label_from_self():" << size);
+
+ std::unique_ptr<char, decltype(&free)> originalLabelPtr(originalLabel, free);
+ m_originalLabel.assign(originalLabel, size);
+
+ m_originalOnlycap = smackGetOnlycap();
+
+ // add new label to onlycap so that it's able to restore the label
+ if (!m_originalOnlycap.empty()
+ && m_originalOnlycap.find(m_label) == m_originalOnlycap.end()) {
+ OnlycapSet newOnlycap = m_originalOnlycap;
+ newOnlycap.insert(m_label);
+ smackSetOnlycap(newOnlycap);
+ } else {
+ m_originalLabel.clear();
+ m_originalOnlycap.clear();
+ }
+ }
+ smackSetLabelForSelf(m_label);
+}
+
+ScopedProcessLabel::~ScopedProcessLabel()
+{
+ // it has to be restored
+ if (!m_originalLabel.empty()) {
+ try {
+ smackSetLabelForSelf(m_originalLabel);
+ smackSetOnlycap(m_originalOnlycap);
+ } catch (const DPL::Test::TestException& e) {
+ RUNNER_ERROR_MSG("Test exception occurred: " << e.GetMessage());
+ } catch (const std::exception& e) {
+ RUNNER_ERROR_MSG("Std exception occurred: " << e.what());
+ } catch (...) {
+ RUNNER_ERROR_MSG("Unknown exception occurred.");
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file scoped_process_label.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#pragma once
+
+#include <string>
+#include <unordered_set>
+
+#include <dpl/noncopyable.h>
+
+typedef std::unordered_set<std::string> OnlycapSet;
+
+class ScopedProcessLabel: public DPL::Noncopyable
+{
+public:
+ // if restore == true the original label will be restored
+ explicit ScopedProcessLabel(std::string label, bool restore = true);
+ ~ScopedProcessLabel();
+
+private:
+ std::string m_label;
+ std::string m_originalLabel;
+ OnlycapSet m_originalOnlycap;
+};
* limitations under the License.
*/
+#include <unistd.h>
+#include <sys/types.h>
+
#include <sm_api.h>
#include <dpl/test/test_runner.h>
void install(const InstallRequest &request, lib_retcode expectedResult)
{
- int result = security_manager_app_install(request.get());
+ uid_t uid = getuid();
+ std::string dbPath = uid == 0 ? "/opt/dbspace/" : "/opt/dbspace/user/" + std::to_string(uid) + "/";
+
+ std::ostringstream command;
+ command << "/usr/bin/sqlite3 "
+ << dbPath << ".pkgmgr_parser.db "
+ << " \"insert into package_info (package, package_type, package_api_version,"
+ << " install_location, mainapp_id, root_path, installed_storage)"
+ << " values ('" << request.getPkgId() << "', 'tpk', '" << request.getAppTizenVersion()
+ << "', 'auto', '" << request.getPkgId() << "', '/opt/usr/globallapps/"
+ << request.getPkgId() << "', 'installed_internal')\"";
+ int result = system(command.str().c_str());
+ RUNNER_ASSERT_MSG(result == 0, "failed to set package_info: " << result);
+
+ result = security_manager_app_install(request.get());
+ RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ "installing app returned wrong value."
+ << " InstallRequest: [ " << request << "];"
+ << " Result: " << result << ";"
+ << " Expected result: " << expectedResult);
+
+ command = std::ostringstream();
+ command << "/usr/bin/sqlite3 "
+ << dbPath << ".pkgmgr_parser.db "
+ << " \"delete from package_info where package='" << request.getPkgId() << "'\"";
+ result = system(command.str().c_str());
+ RUNNER_ASSERT_MSG(result == 0, "failed to unset package_info: " << result);
+}
+
+void update(const InstallRequest &request, lib_retcode expectedResult)
+{
+ int result = security_manager_app_update(request.get());
RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
"installing app returned wrong value."
<< " InstallRequest: [ " << request << "];"
<< " Expected result: " << expectedResult);
}
+void cleanupApp(const std::string &appId, uid_t uid, pid_t pid, lib_retcode expectedResult)
+{
+ int result = security_manager_cleanup_app(appId.c_str(), uid, pid);
+ RUNNER_ASSERT_MSG((lib_retcode)result == expectedResult,
+ "cleanup app returned wrong value."
+ << " App id: " << appId << ";"
+ << " user id: " << uid << ";"
+ << " process id: " << pid << ";"
+ << " Result: " << result << ";"
+ << " Expected result: " << expectedResult);
+}
+
void addUser(const UserRequest &request, lib_retcode expectedResult)
{
int result = security_manager_user_add(request.get());
namespace Api {
void install(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void update(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void uninstall(const InstallRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
std::string getPkgId(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void setProcessLabel(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void setProcessGroups(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void dropProcessPrivileges(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void prepareApp(const std::string &appId, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+void cleanupApp(const std::string &appId, uid_t uid, pid_t pid, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void addUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void deleteUser(const UserRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void sendPolicy(const PolicyRequest &request, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void setAuthorId(std::string authorId, lib_retcode expectedResult= SECURITY_MANAGER_SUCCESS);
void setInstallType(const enum app_install_type &type, lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
void setHybrid(lib_retcode expectedResult = SECURITY_MANAGER_SUCCESS);
+ std::string getPkgId() const { return m_pkgId; }
std::string getAppTizenVersion() const { return m_tizenVer; }
app_inst_req *get() { return m_req; }
const app_inst_req *get() const { return m_req; }
m_offline(offline),
m_creatorPid(getpid())
{};
- // TODO - copy constructor should be deleted
- TemporaryTestUser(const TemporaryTestUser &) = default;
+ TemporaryTestUser(const TemporaryTestUser &) = delete;
TemporaryTestUser(TemporaryTestUser &&other);
TemporaryTestUser& operator=(const TemporaryTestUser &) = delete;
~TemporaryTestUser();
/*
- * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return 1;
}
-void setLabelForSelf(const int line, const char *label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self(): " << ret << ", line: " << line);
-}
-
/*
* Add a new group to the current process groups.
*/
"Child process exited abnormally" <<
": ret=" << ret << ", errno=" << errno << ", status=" << status);
}
-// changes process label
-void change_label(const char* label)
-{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
-}
pid_t runInChild(const std::function<void(void)> &process) {
pid_t pid = fork();
/*
- * Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
bool smack_check(void);
int drop_root_privileges(uid_t appUid = APP_UID, gid_t appGid = APP_GID);
-void setLabelForSelf(const int line, const char *label);
void add_process_group(const char* group_name);
void remove_process_group(const char* group_name);
std::string formatCstr(const char *cstr);
void symlinkSafe(const std::string &targetPath, const std::string &linkPath);
void removeDir(const std::string &path);
void waitPid(pid_t pid);
-void change_label(const char* label);
pid_t runInChild(const std::function<void(void)> &process);
void runInChildParentWait(const std::function<void(void)> &process);
-# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2014-2018 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cynara-client-async
cynara-creds-dbus
cynara-creds-gdbus
+ cynara-creds-sd-bus
cynara-creds-self
cynara-creds-socket
+ cynara-monitor
cynara-plugin
dbus-1
glib-2.0
+ libsystemd
)
FIND_PACKAGE (Threads)
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_cynara_mask.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_env.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_file_operations.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/common/cynara_test_monitor.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/plugins/plugins.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/cynara-test.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_async.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_db.cpp
${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_helpers.cpp
+ ${PROJECT_SOURCE_DIR}/src/cynara-tests/test_cases_monitor.cpp
)
#header directories
<< "response = " << response);
}
+void Agent::cancelWaiting(int expectedResult) {
+ int ret = cynara_agent_cancel_waiting(m_agent);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_agent_cancel_waiting returned wrong value: "
+ << ret << " != " << expectedResult << ".");
+}
+
} // namespace CynaraTestAgent
void getRequest(AgentRequest &request, int expectedResult = CYNARA_API_SUCCESS);
void putResponse(const AgentResponse &response, int expectedResult = CYNARA_API_SUCCESS);
+ void cancelWaiting(int expectedResult = CYNARA_API_SUCCESS);
private:
struct cynara_agent *m_agent;
{
cynara_finish(m_cynara);
}
+void Client::check(const char *client, const char *session, const char *user,
+ const char *privilege, int expectedResult)
+{
+ int ret = cynara_check(m_cynara, client, session, user, privilege);
+ RUNNER_ASSERT_MSG(ret == expectedResult,
+ "cynara_check returned wrong value: "
+ << ret << " != " << expectedResult << "."
+ << " client: " << formatCstr(client) << ","
+ << " session: " << formatCstr(session) << ","
+ << " user: " << formatCstr(user) << ","
+ << " privilege: " << formatCstr(privilege));
+}
void Client::check(const std::string &client, const std::string &session,
const std::string &user, const std::string &privilege,
int expectedResult)
{
- int ret = cynara_check(m_cynara, client.c_str(), session.c_str(), user.c_str(), privilege.c_str());
- RUNNER_ASSERT_MSG(ret == expectedResult,
- "cynara_check returned wrong value: "
- << ret << " != " << expectedResult << "."
- << " client: " << formatCstr(client.c_str()) << ","
- << " session: " << formatCstr(session.c_str()) << ","
- << " user: " << formatCstr(user.c_str()) << ","
- << " privilege: " << formatCstr(privilege.c_str()));
+ check(client.c_str(), session.c_str(), user.c_str(), privilege.c_str(), expectedResult);
}
} //namespace CynaraTestClient
Client();
virtual ~Client();
+ void check(const char *client, const char *session, const char *user, const char *privilege,
+ int expectedResult = CYNARA_API_ACCESS_ALLOWED);
void check(const std::string &client, const std::string &session,
const std::string &user, const std::string &privilege,
int expectedResult = CYNARA_API_ACCESS_ALLOWED);
-
private:
struct cynara *m_cynara;
};
#include <cynara_test_env.h>
+#include <sys/mount.h>
+
using namespace FileOperations;
CynaraTestEnv::CynaraTestEnv()
{
m_saveDir = TMP_DIR + "/" + testName;
m_dbSaveDir = m_saveDir + "/db";
- m_pluginsSaveDir = m_saveDir + "/plugins";
m_defaultDir = "/etc/security-tests/db_patterns/default";
+ m_pluginsToInstallDir = "/opt/plugins_to_install";
CynaraMask mask;
removeDirFiles(m_dbSaveDir);
removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
removeDirIfExists(m_saveDir);
makeDir(m_saveDir);
+ makeDir(m_pluginsToInstallDir);
+
+ int res = mount(m_pluginsToInstallDir.c_str(), CynaraTestConsts::SERVICE_PLUGINS_DIR.c_str(), NULL, MS_BIND, NULL);
+ RUNNER_ASSERT_ERRNO_MSG(res == 0, "Bind mount failed");
+
m_dbPresent = dirExists(CynaraTestConsts::DB_DIR);
if (m_dbPresent) {
makeDir(m_dbSaveDir);
copyCynaraFiles(CynaraTestConsts::DB_DIR, m_dbSaveDir);
}
- makeDir(m_pluginsSaveDir);
- copyCynaraFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR, m_pluginsSaveDir);
unmaskedLoadDefaultDatabase();
}
else
removeDirIfExists(CynaraTestConsts::DB_DIR);
- removeDirFiles(CynaraTestConsts::SERVICE_PLUGINS_DIR);
- copyCynaraFiles(m_pluginsSaveDir, CynaraTestConsts::SERVICE_PLUGINS_DIR);
+ int res = umount(CynaraTestConsts::SERVICE_PLUGINS_DIR.c_str());
+ RUNNER_ASSERT_ERRNO_MSG(res == 0, "Unmounting failed");
removeDirFiles(m_dbSaveDir);
removeDirIfExists(m_dbSaveDir);
- removeDirFiles(m_pluginsSaveDir);
- removeDirIfExists(m_pluginsSaveDir);
removeDirIfExists(m_saveDir);
+ removeDirFiles(m_pluginsToInstallDir);
+ removeDirIfExists(m_pluginsToInstallDir);
}
void CynaraTestEnv::unmaskedLoadDefaultDatabase()
void unmaskedLoadDefaultDatabase();
std::string m_saveDir;
std::string m_dbSaveDir;
- std::string m_pluginsSaveDir;
std::string m_defaultDir;
+ std::string m_pluginsToInstallDir;
bool m_dbPresent;
};
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara_test_monitor.h>
+
+#include <tests_common.h>
+
+namespace CynaraTestMonitor {
+
+MonitorEntries::MonitorEntries(cynara_monitor_entry **entries)
+ : m_entries(entries)
+{
+}
+
+MonitorEntries::~MonitorEntries()
+{
+ cynara_monitor_entries_free(m_entries);
+}
+
+size_t MonitorEntries::count()
+{
+ size_t count = 0;
+
+ while (m_entries[count]) {
+ ++count;
+ }
+
+ return count;
+}
+
+const MonitorEntries& MonitorEntries::operator=(cynara_monitor_entry **other)
+{
+ m_entries = other;
+
+ return *this;
+}
+
+const cynara_monitor_entry* MonitorEntries::operator[](size_t i) const
+{
+ return m_entries[i];
+}
+
+Monitor::Monitor(size_t entries)
+ : m_monitor(nullptr)
+{
+ int ret;
+ struct cynara_monitor_configuration *cfg = nullptr;
+
+ if (entries > 0) {
+ ret = cynara_monitor_configuration_create(&cfg);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_monitor_configuration_create failed. "
+ "ret: " << ret);
+ RUNNER_ASSERT_MSG(cfg != nullptr, "cynara_monitor_configuration struct "
+ "was not initialized");
+
+ ret = cynara_monitor_configuration_set_buffer_size(cfg, entries);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_monitor_configuration_set_buffer_size failed. "
+ "ret: " << ret);
+ }
+
+ ret = cynara_monitor_initialize(&m_monitor, cfg);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_monitor_initialize failed. ret: " << ret);
+ RUNNER_ASSERT_MSG(m_monitor != nullptr, "cynara_monitor struct was not initialized");
+}
+
+Monitor::~Monitor()
+{
+ cynara_monitor_finish(m_monitor);
+}
+
+cynara_monitor_entry** Monitor::get()
+{
+ struct cynara_monitor_entry **entries;
+ int ret = cynara_monitor_entries_get(m_monitor, &entries);
+ RUNNER_ASSERT_MSG(ret == CYNARA_API_SUCCESS,
+ "cynara_monitor_entries_get failed. ret: " << ret);
+ RUNNER_ASSERT_MSG(entries != nullptr, "cynara_monitor_entry table was not initialized");
+
+ return entries;
+}
+
+void Monitor::flush()
+{
+ cynara_monitor_entries_flush(m_monitor);
+}
+
+} //namespace CynaraTestMonitor
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CYNARA_TEST_MONITOR_H
+#define CYNARA_TEST_MONITOR_H
+
+#include <cynara-monitor.h>
+
+namespace CynaraTestMonitor {
+
+class MonitorEntries
+{
+public:
+ MonitorEntries(cynara_monitor_entry **entries = NULL);
+ MonitorEntries(const MonitorEntries& that) = delete;
+ virtual ~MonitorEntries();
+
+ const MonitorEntries& operator=(const MonitorEntries &other) = delete;
+ const MonitorEntries& operator=(cynara_monitor_entry **other);
+ const cynara_monitor_entry* operator[](size_t i) const;
+
+ size_t count();
+
+private:
+ cynara_monitor_entry **m_entries;
+};
+
+class Monitor
+{
+public:
+ Monitor(size_t entries = 0);
+ Monitor(const Monitor &that) = delete;
+ virtual ~Monitor();
+
+ const Monitor& operator=(const Monitor &other) = delete;
+
+ cynara_monitor_entry** get();
+ void flush();
+
+private:
+ cynara_monitor *m_monitor;
+};
+
+} //namespace CynaraTestMonitor
+
+#endif // CYNARA_TEST_MONITOR_H
client.process(CYNARA_API_SUCCESS, Client::TimeoutExpectation::EXPECT_NO_TIMEOUT, 2);
}
+void tcag16_agent_cancel_waiting_func()
+{
+ Agent agent;
+ AgentRequest request;
+
+ auto testTimeLimit = std::chrono::seconds(2);
+ auto cancelRequest = [&agent]() {
+ agent.cancelWaiting();
+ };
+ auto hangOnGetRequest = [&agent, &request]() {
+ agent.getRequest(request, CYNARA_API_INTERRUPTED);
+ };
+
+ Timeout::callAndWait(testTimeLimit, Timeout::ExpectMode::TIMEOUT,
+ cancelRequest, hangOnGetRequest);
+}
+
RUNNER_TEST_GROUP_INIT(cynara_agent_tests)
RUN_CYNARA_TEST(tcag01_set_agent_type_policy_without_plugin)
RUN_CYNARA_TEST(tcag13_create_many_requests)
RUN_CYNARA_TEST(tcag14_client_disconnects)
RUN_CYNARA_TEST(tcag15_agent_disconnects)
+RUN_CYNARA_TEST(tcag16_agent_cancel_waiting)
/*
- * Copyright (c) 2015-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <dbus/dbus.h>
#include <glib-object.h>
#include <gio/gio.h>
+#include <systemd/sd-bus.h>
#include <tests_common.h>
#include <access_provider.h>
#include <cynara-creds-gdbus.h>
#include <cynara-creds-self.h>
+#include <scoped_process_label.h>
class ProcessCredentials {
public:
}, "tccgd06");
}
+
+SdBusConnectionPtr createSdBusConnection(const std::string &requestedName) {
+ sd_bus *bus = NULL;
+
+ int r = sd_bus_default_system(&bus);
+ RUNNER_ASSERT_MSG(r >= 0, "Failed to connect do system bus: %s" << strerror(-r));
+
+ if (requestedName.empty() == false) {
+ r = sd_bus_request_name(bus, requestedName.c_str(), SD_BUS_NAME_REPLACE_EXISTING);
+ RUNNER_ASSERT_MSG(r >= 0, "Error in sd_bus_request_name");
+ }
+
+ SdBusConnectionPtr ret(bus, [] (sd_bus *busConnection) {
+ sd_bus_unref(busConnection);
+ });
+
+ return ret;
+}
+
+typedef std::function<void(SdBusConnectionPtr conn, pid_t pid, const std::string &requestedName,
+ const ProcessCredentials &peerCredentials)> SdBusAssertionFn;
+
+void sdBusTestTemplate(SdBusAssertionFn assertion) {
+ std::string requestedName = "tests.dbus.cynara";
+ const ProcessCredentials peerCredentials;
+
+ SynchronizationPipe pipe;
+ pid_t pid = runInChild(std::bind(dbusServer, std::ref(pipe), std::cref(requestedName),
+ std::cref(peerCredentials)));
+
+ pipe.claimParentEp();
+ pipe.wait();
+
+ auto conn = createSdBusConnection("");
+ assertion(std::move(conn), pid, requestedName, peerCredentials);
+ pipe.post();
+}
+
+
+RUNNER_TEST_GROUP_INIT(cynara_creds_sd_bus)
+
+void testSdBusClientPid(cynara_client_creds method = CLIENT_METHOD_PID) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t pid,
+ const std::string &requestedName,
+ const ProcessCredentials &) {
+ CStringPtr clientPidStr(CynaraHelperCredentials::sdBusGetClient(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ pid_t clientPid = std::stoi(clientPidStr.get());
+ RUNNER_ASSERT_MSG(pid == clientPid, "PIDs don't match ret = " << clientPid
+ << "; expected = " << pid);
+ });
+}
+
+void testSdBusClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr label(CynaraHelperCredentials::sdBusGetClient(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ RUNNER_ASSERT_MSG(peerCredentials.label() == label.get(),
+ "Labels don't match ret = " << label.get()
+ << "; expected = " << peerCredentials.label());
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd01_sd_bus_credentials_client_pid)
+{
+ testSdBusClientPid();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccsd02_sd_bus_credentials_client_smack)
+{
+ testSdBusClientSmack();
+}
+
+RUNNER_MULTIPROCESS_TEST_SMACK(tccsd03_sd_bus_credentials_client_default)
+{
+ auto method = getClientDefaultMethod();
+ switch(method) {
+ case CLIENT_METHOD_SMACK:
+ testSdBusClientSmack(CLIENT_METHOD_DEFAULT);
+ break;
+ case CLIENT_METHOD_PID:
+ testSdBusClientPid(CLIENT_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_client_method returned unexpected value "
+ << method);
+ }
+}
+
+void testSdBusUserUid(cynara_user_creds method = USER_METHOD_UID) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr uidStr(CynaraHelperCredentials::sdBusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ uid_t uid = std::stoul(uidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.uid() == uid, "UIDs don't match ret = " << uid
+ << "; expected = "<< peerCredentials.uid());
+ });
+}
+
+void testSdBusUserGid(cynara_user_creds method = USER_METHOD_GID) {
+ sdBusTestTemplate([method] (SdBusConnectionPtr conn, pid_t,
+ const std::string &requestedName,
+ const ProcessCredentials &peerCredentials) {
+ CStringPtr gidStr(CynaraHelperCredentials::sdBusGetUser(std::move(conn),
+ requestedName.c_str(), method, CYNARA_API_SUCCESS));
+ gid_t gid = std::stoul(gidStr.get());
+ RUNNER_ASSERT_MSG(peerCredentials.gid() == gid, "GIDs don't match ret = " << gid
+ << "; expected = "<< peerCredentials.gid());
+ });
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd04_sd_bus_credentials_user_uid)
+{
+ testSdBusUserUid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd05_sd_bus_credentials_user_gid)
+{
+ testSdBusUserGid();
+}
+
+RUNNER_MULTIPROCESS_TEST(tccsd06_sd_bus_credentials_user_default)
+{
+ auto method = getUserDefaultMethod();
+ switch(method) {
+ case USER_METHOD_UID:
+ testSdBusUserUid(USER_METHOD_DEFAULT);
+ break;
+ case USER_METHOD_GID:
+ testSdBusUserGid(USER_METHOD_DEFAULT);
+ break;
+ default:
+ RUNNER_FAIL_MSG("cynara_creds_get_default_user_method returned unexpected value "
+ << method);
+ }
+}
+
+RUNNER_TEST_SMACK(tccd07_sd_bus_credentials_pid) {
+ sdBusTestTemplate([] (SdBusConnectionPtr conn, pid_t expectedPid,
+ const std::string &requestedName, const ProcessCredentials &) {
+ auto helperPid = CynaraHelperCredentials::sdBusGetPid(std::move(conn),
+ requestedName.c_str(), CYNARA_API_SUCCESS);
+ RUNNER_ASSERT_MSG(helperPid == expectedPid, "PIDs don't match ret = " << helperPid
+ << "; expected = " << expectedPid);
+ });
+}
+
+
RUNNER_TEST_GROUP_INIT(cynara_creds_self)
void testCredsClientSelf(cynara_client_creds method, const std::string &expected) {
void testSelfClientSmack(cynara_client_creds method = CLIENT_METHOD_SMACK) {
std::string label = "test-label";
- change_label(label.c_str());
+ ScopedProcessLabel spl(label, false);
testCredsClientSelf(method, label);
}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file test_cases_monitor.cpp
+ * @author Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
+ * @version 1.0
+ * @brief Tests for libcynara-monitor
+ */
+
+#include <cynara-error.h>
+#include <cynara-client.h>
+#include <cynara-monitor.h>
+
+#include <dpl/test/test_runner.h>
+#include <cynara_test_commons.h>
+#include <cynara_test_client.h>
+#include <cynara_test_monitor.h>
+#include <timeout.h>
+
+using namespace CynaraTestClient;
+using namespace CynaraTestMonitor;
+
+namespace {
+
+inline void assertResult(int ret, int expectedResult)
+{
+ RUNNER_ASSERT_MSG(ret == expectedResult,"Expected result: " << expectedResult
+ << ", got: " << ret);
+}
+
+void clientChecks(size_t num, size_t start = 0)
+{
+ Client cynaraClient;
+
+ for (size_t i = 0; i < num; ++i) {
+ std::string index = std::to_string(i + start);
+ std::string client = "client" + index;
+ std::string session = "session" + index;
+ std::string user = "user" + index;
+ std::string privilege = "privilege" + index;
+
+ cynaraClient.check(client.c_str(), session.c_str(), user.c_str(),
+ privilege.c_str(), CYNARA_API_ACCESS_DENIED);
+ }
+}
+
+bool validateEntries(const MonitorEntries &entries, size_t num, size_t start = 0)
+{
+ for (size_t i = 0; i < num; ++i) {
+ std::string index = std::to_string(i + start);
+ std::string client = "client" + index;
+ std::string user = "user" + index;
+ std::string privilege = "privilege" + index;
+
+ if (client != std::string(cynara_monitor_entry_get_client(entries[i])) ||
+ user != std::string(cynara_monitor_entry_get_user(entries[i])) ||
+ privilege != std::string(cynara_monitor_entry_get_privilege(entries[i]))) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+} // namespace
+
+void tcm01_config_invalid_param_func()
+{
+ int ret = cynara_monitor_configuration_create(nullptr);
+ assertResult(ret, CYNARA_API_INVALID_PARAM);
+}
+
+void tcm02_config_buffer_oversize_func()
+{
+ int ret;
+ struct cynara_monitor_configuration *cfg;
+
+ ret = cynara_monitor_configuration_create(&cfg);
+ assertResult(ret, CYNARA_API_SUCCESS);
+
+ ret = cynara_monitor_configuration_set_buffer_size(cfg, CYNARA_MAX_MONITOR_BUFFER_SIZE);
+ assertResult(ret, CYNARA_API_SUCCESS);
+
+ ret = cynara_monitor_configuration_set_buffer_size(cfg, CYNARA_MAX_MONITOR_BUFFER_SIZE + 1);
+ assertResult(ret, CYNARA_API_INVALID_PARAM);
+}
+
+void tcm03_init_invalid_param_func()
+{
+ int ret = cynara_monitor_initialize(nullptr, nullptr);
+ assertResult(ret, CYNARA_API_INVALID_PARAM);
+}
+
+void tcm04_entries_get_flush_no_entries_func()
+{
+ auto timeLimit = std::chrono::milliseconds(10);
+ Monitor monitor(100);
+ MonitorEntries entries;
+
+ auto getMonitorEntries = [&monitor, &entries]() {
+ entries = monitor.get();
+ };
+
+ auto flush = [&monitor]() {
+ monitor.flush();
+ };
+
+ Timeout::callAndWait(timeLimit, Timeout::ExpectMode::TIMEOUT,
+ flush, getMonitorEntries);
+
+ // TODO: system's cynara checks might increase this number
+ if (entries.count() != 0)
+ RUNNER_IGNORED_MSG("no entries should've been returned");
+}
+
+void tcm05_entries_get_no_flush_func()
+{
+ auto timeLimit = std::chrono::milliseconds(10);
+ Monitor monitor(100);
+ MonitorEntries entries;
+
+ auto getMonitorEntries = [&monitor, &entries]() {
+ entries = monitor.get();
+ };
+
+ auto client = [&monitor]() {
+ clientChecks(100);
+ };
+
+ Timeout::callAndWait(timeLimit, Timeout::ExpectMode::TIMEOUT,
+ client, getMonitorEntries);
+
+ RUNNER_ASSERT_MSG(entries.count() == 100, "100 entries should've been returned");
+
+ // TODO: system's cynara checks might cause the entries to differ
+ if (!validateEntries(entries, 100))
+ RUNNER_IGNORED_MSG("Entries received from monitor are not as expected");
+}
+
+void tcm06_entries_get_flush_func()
+{
+ auto getLimit = std::chrono::milliseconds(10);
+ Monitor monitor(200);
+ MonitorEntries entries;
+
+ auto getMonitorEntries = [&monitor, &entries]() {
+ entries = monitor.get();
+ };
+
+ auto clientAndFlush = [&monitor]() {
+ clientChecks(10);
+ monitor.flush();
+ };
+
+ Timeout::callAndWait(getLimit, Timeout::ExpectMode::TIMEOUT,
+ clientAndFlush, getMonitorEntries);
+
+ // TODO: system's cynara checks might increase this number
+ if (entries.count() != 10)
+ RUNNER_IGNORED_MSG("10 entries should've been returned");
+
+ // TODO: system's cynara checks might cause the entries to differ
+ if (!validateEntries(entries, 10))
+ RUNNER_IGNORED_MSG("Entries received from monitor are not as expected");
+}
+
+void tcm07_entries_get_two_func()
+{
+ auto get1Limit = std::chrono::milliseconds(10);
+ Monitor monitor1(200);
+ Monitor monitor2(100);
+ MonitorEntries entries1;
+ MonitorEntries entries2;
+
+ auto getMonitor1Entries = [&monitor1, &entries1]() {
+ entries1 = monitor1.get();
+ };
+
+ auto clientAndGetMonitor2Entries = [&monitor2, &entries2]() {
+ auto get2Limit = std::chrono::milliseconds(10);
+
+ clientChecks(100);
+
+ auto getMonitor2Entries = [&monitor2, &entries2]() {
+ entries2 = monitor2.get();
+ };
+
+ auto client = []() {
+ clientChecks(100, 100);
+ };
+
+ Timeout::callAndWait(get2Limit, Timeout::ExpectMode::TIMEOUT,
+ client, getMonitor2Entries);
+ };
+
+ Timeout::callAndWait(get1Limit, Timeout::ExpectMode::TIMEOUT,
+ clientAndGetMonitor2Entries, getMonitor1Entries);
+
+ RUNNER_ASSERT_MSG(entries1.count() == 200, "200 entries should've been returned by the first monitor");
+ RUNNER_ASSERT_MSG(entries2.count() == 100, "100 entries should've been returned by the second monitor");
+
+ // TODO: system's cynara checks might cause the entries to differ
+ if (!validateEntries(entries1, 200))
+ RUNNER_IGNORED_MSG("Entries received from the first monitor are not as expected");
+ if (!validateEntries(entries2, 100, 100))
+ RUNNER_IGNORED_MSG("Entries received from the second monitor are not as expected");
+}
+
+RUNNER_TEST_GROUP_INIT(cynara_monitor_tests)
+
+RUN_CYNARA_TEST(tcm01_config_invalid_param)
+RUN_CYNARA_TEST(tcm02_config_buffer_oversize)
+RUN_CYNARA_TEST(tcm03_init_invalid_param)
+RUN_CYNARA_TEST(tcm04_entries_get_flush_no_entries)
+RUN_CYNARA_TEST(tcm05_entries_get_no_flush)
+RUN_CYNARA_TEST(tcm06_entries_get_flush)
+RUN_CYNARA_TEST(tcm07_entries_get_two)
#define DPL_TEST_CASE_H
#include <string>
+#include <set>
+#include <memory>
#include <dpl/test/performance_result.h>
PerformanceResultPtr m_performance;
};
-typedef TestCase* TestCasePtr;
+typedef std::shared_ptr<TestCase> TestCasePtr;
+typedef std::list<TestCasePtr> TestCaseSet;
} // namespace Test
} // namespace DPL
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_group.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ * @brief Base/default class describing a group of tests
+ */
+
+#ifndef DPL_TEST_GROUP_H
+#define DPL_TEST_GROUP_H
+
+#include <string>
+#include <functional>
+
+#include <dpl/test/test_case.h>
+
+namespace DPL {
+namespace Test {
+
+class TestGroup
+{
+public:
+ TestGroup() {}
+
+ virtual ~TestGroup()
+ {
+ }
+
+ const TestCaseSet& GetTests() const
+ {
+ return m_tests;
+ }
+
+ void RemoveIf(const std::function<bool(const TestCasePtr)>& predFn)
+ {
+ m_tests.remove_if(predFn);
+ }
+
+ void Add(TestCase* test)
+ {
+ m_tests.emplace_back(test);
+ }
+
+ virtual void Init() {};
+ virtual void Finish() {};
+
+private:
+ std::string m_name;
+ TestCaseSet m_tests;
+};
+
+typedef TestGroup* TestGroupPtr;
+
+} // namespace Test
+} // namespace DPL
+
+#endif // DPL_TEST_CASE_H
#include <exception>
#include <functional>
#include <iostream>
-#include <list>
#include <map>
#include <queue>
#include <set>
#include <sstream>
#include <string>
#include <vector>
+#include <memory>
#include <dpl/atomic.h>
#include <dpl/availability.h>
#include <dpl/gdbbacktrace.h>
#include <dpl/singleton.h>
#include <dpl/test/performance_result.h>
-#include <dpl/test/test_case.h>
+#include <dpl/test/test_group.h>
#include <dpl/test/test_case_extended.h>
#include <dpl/test/test_exception.h>
#include <dpl/test/test_failed.h>
~TestRunner();
private:
- typedef std::list<TestCasePtr> TestCaseList;
- typedef std::map<std::string, TestCaseList> TestCaseGroupMap;
- typedef std::set<TestCasePtr> TestCaseSet;
+ typedef std::map<std::string, TestGroup*> TestCaseGroupMap;
TestCaseGroupMap m_testGroups;
- TestCaseSet m_testCaseSet;
TestCasePtr m_currentTestCase;
-
- std::string m_currentGroup;
+ TestGroupPtr m_currentGroup;
// Terminate without any logs.
// Some test requires to call fork function.
void CollectResult(const std::string& id, const TestResult &result);
public:
- void InitGroup(const char* name);
- void RegisterTest(TestCasePtr testCase);
+ void InitGroup(const char* name, TestGroup* group = nullptr);
+ void RegisterTest(TestCase* testCase);
int ExecTestRunner(int argc, char *argv[]);
typedef std::vector<std::string> ArgsList;
int ExecTestRunner(ArgsList args);
} // Test
} // namespace DPL
+#define RUNNER_TEST_GROUP_INIT_ENV(GroupName, GroupEnv) \
+ static int Static##GroupName##Init() \
+ { \
+ DPL::Test::TestRunnerSingleton::Instance().InitGroup(#GroupName, new GroupEnv); \
+ return 0; \
+ } \
+ const int DPL_UNUSED Static##GroupName##InitVar = \
+ Static##GroupName##Init();
+
#define RUNNER_TEST_GROUP_INIT(GroupName) \
static int Static##GroupName##Init() \
{ \
* @brief Source file containing ConsoleCollector class definition
*/
+#include <cstdio>
+
#include <fstream>
#include <sstream>
void ConsoleCollector::CollectCurrentTestGroupName(const std::string& name)
{
printf("Starting group %s\n", name.c_str());
+ fflush(stdout);
m_currentGroup = name;
}
PrintStats(group.first, group.second);
}
PrintStats("All tests together", m_stats);
+ fflush(stdout);
}
void ConsoleCollector::CollectResult(const std::string& id, const TestResult &result)
default:
Assert(false && "Bad status");
}
+ fflush(stdout);
m_stats.AddTest(result.GetFailStatus());
m_groupsStats[m_currentGroup].AddTest(result.GetFailStatus());
}
return TestResult::FailStatus::NONE;
}
-void TestRunner::RegisterTest(TestCasePtr testCase)
+void TestRunner::RegisterTest(TestCase* testCase)
{
- m_testGroups[m_currentGroup].push_back(testCase);
- m_testCaseSet.insert(testCase);
+ m_currentGroup->Add(testCase);
}
-void TestRunner::InitGroup(const char* name)
+void TestRunner::InitGroup(const char* name, TestGroup* group)
{
- m_currentGroup = name;
+ if (group == nullptr)
+ group = new TestGroup();
+
+ m_testGroups[name] = group;
+ m_currentGroup = group;
}
void TestRunner::normalizeXMLTag(std::string& str, const std::string& testcase)
std::string testsuite;
if(!m_testGroups.empty())
{
- for(TestCaseGroupMap::const_iterator cit = m_testGroups.begin(); cit != m_testGroups.end(); ++cit)
+ for(auto cit = m_testGroups.begin(); cit != m_testGroups.end(); ++cit)
{
- if(!cit->second.empty())
+ const TestCaseSet& tl = cit->second->GetTests();
+ if(!tl.empty())
{
- for(TestCaseList::const_iterator cj = cit->second.begin(); cj != cit->second.end(); ++cj)
+ for(auto cj = tl.begin(); cj != tl.end(); ++cj)
{
std::string name = (*cj)->GetName();
std::string::size_type st = name.find('_');
bool TestRunner::filterByXML(std::map<std::string, bool> & casesMap)
{
for (auto &group : m_testGroups) {
- TestCaseList newList;
- for (auto &tc : group.second)
- {
- if (casesMap.find(tc->GetName()) != casesMap.end()) {
- casesMap[tc->GetName()] = true;
- newList.push_back(tc);
- }
- }
- group.second = newList;
+ group.second->RemoveIf([&](const TestCasePtr test){
+ return (casesMap.find(test->GetName()) == casesMap.end());
+ });
}
for (auto &cs : casesMap)
{
unsigned count = 0;
for (auto &group : m_testGroups) {
- count += group.second.size();
+ count += group.second->GetTests().size();
}
fprintf(stderr, "%sFound %d testcases...%s\n", GREEN_BEGIN, count, GREEN_END);
fprintf(stderr, "%s%s%s\n", GREEN_BEGIN, "Running tests...", GREEN_END);
for (auto &group : m_testGroups) {
- TestCaseList list = group.second;
- if (!list.empty()) {
+ const TestCaseSet& set = group.second->GetTests();
+ if (!set.empty()) {
+ group.second->Init();
+
for (auto &collector : m_collectors) {
collector.second->CollectCurrentTestGroupName(group.first);
}
- list.sort([](const TestCasePtr &a, const TestCasePtr &b) { return (*a < *b); });
- for (TestCaseList::const_iterator iterator = list.begin();
- iterator != list.end();
+ for (TestCaseSet::const_iterator iterator = set.begin();
+ iterator != set.end();
++iterator)
{
TestCasePtr test = *iterator;
return;
}
}
+ group.second->Finish();
}
}
TestRunner::~TestRunner()
{
- for(auto &t : m_testCaseSet)
- delete t;
+ for(auto &g : m_testGroups)
+ delete g.second;
}
void TestRunner::CollectResult(const std::string& id, const TestResult& result)
if (arg.find(startCmd) == 0) {
arg.erase(0, startCmd.length());
for (auto &group : m_testGroups) {
- for (auto &tc : group.second) {
+ for (auto &tc : group.second->GetTests()) {
if (tc->GetName() == arg) {
m_startTestId = arg;
break;
return 0;
} else if (arg.find(groupId) == 0) {
arg.erase(0, groupId.length());
- TestCaseGroupMap::iterator found = m_testGroups.find(arg);
- if (found != m_testGroups.end()) {
- std::string name = found->first;
- TestCaseList newList = found->second;
- m_testGroups.clear();
- m_testGroups[name] = newList;
- } else {
+ for (auto it = m_testGroups.begin(); it != m_testGroups.end();) {
+ if (it->first == arg)
+ it++;
+ else
+ it = m_testGroups.erase(it);
+ }
+
+ if (m_testGroups.empty()) {
fprintf(stderr, "Group %s not found\n", arg.c_str());
InvalidArgs();
Usage();
return 0;
} else if (arg.find(listInGroup) == 0) {
arg.erase(0, listInGroup.length());
- for (auto &test : m_testGroups[arg]) {
+ auto it = m_testGroups.find(arg);
+ if (it == m_testGroups.end()) {
+ fprintf(stderr, "Group %s not found\n", arg.c_str());
+ InvalidArgs();
+ Usage();
+ return -1;
+ }
+ for (auto &test : it->second->GetTests()) {
printf("ID:%s\n", test->GetName().c_str());
}
return 0;
pcrecpp::RE re(arg.c_str());
for (auto &group : m_testGroups) {
- TestCaseList newList;
- for (auto &tc : group.second)
- {
- if (re.PartialMatch(tc->GetName())) {
- newList.push_back(tc);
- }
- }
- group.second = newList;
+ group.second->RemoveIf([&](const TestCasePtr& test){
+ return !re.PartialMatch(test->GetName());
+ });
}
} else if (arg.find(test) == 0) {
arg.erase(0, test.length());
pcrecpp::RE re(arg.c_str());
for (auto &group : m_testGroups) {
- TestCaseList newList;
- for (auto &tc : group.second)
- {
- if (re.FullMatch(tc->GetName())) {
- newList.push_back(tc);
- }
- }
- group.second = newList;
+ group.second->RemoveIf([&](const TestCasePtr& test){
+ return !re.FullMatch(test->GetName());
+ });
}
} else if(arg.find(onlyFromXML) == 0) {
arg.erase(0, onlyFromXML.length());
if(justList)
{
for (auto &group : m_testGroups) {
- for (auto &tc : group.second) {
+ for (auto &tc : group.second->GetTests()) {
printf("ID:%s:%s\n", group.first.c_str(), tc->GetName().c_str());
}
}
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_credentials.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_dyntransition.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_nss.cpp
+ ${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_paths.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_privacy_manager.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_private_sharing.cpp
${PROJECT_SOURCE_DIR}/src/security-manager-tests/test_cases_public_sharing.cpp
/*
- * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <app-runtime.h>
#include <sys/smack.h>
#include <privilege_info.h>
+#include <scoped_process_label.h>
#include <cynara_test_client.h>
#include <dpl/test/test_runner.h>
const std::string &testPath, int accessType) {
auto fun = [&](){
int oppositeAccessType = getOppositeAccessType(accessType);
- change_label(label.c_str());
+ ScopedProcessLabel spl(label, false);
RUNNER_ASSERT_ERRNO_MSG(0 == drop_root_privileges(uid, gid),
"drop_root_privileges failed.");
/*
- * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <message_pipe.h>
#include <policy_configuration.h>
#include <scoped_installer.h>
-#include <scoped_label.h>
#include <service_manager.h>
#include <sm_api.h>
#include <sm_commons.h>
#include <tests_common.h>
#include <tzplatform.h>
#include <uds.h>
+#include <scoped_process_label.h>
using namespace SecurityManagerTest;
RUNNER_TEST(security_manager_02_app_install_uninstall_full)
{
- PolicyConfiguration policy;
- PolicyConfiguration::PrivGroupMap privGroupMap = policy.getPrivGroupMap();
-
- RUNNER_ASSERT_MSG(privGroupMap.size() >= 4, "Failed to get policy of a suitable size");
-
- privileges_t allowedPrivs;
- privileges_t someDeniedPrivs;
-
- int counter = 0;
- for (auto const &it: privGroupMap) {
- if (counter < 2)
- allowedPrivs.push_back(it.first);
- else if (counter < 4)
- someDeniedPrivs.push_back(it.first);
- else
- break;
- ++counter;
- }
+ privileges_t defaultPrivs = {
+ "http://tizen.org/privilege/internal/device/audio",
+ "http://tizen.org/privilege/internal/device/display",
+ "http://tizen.org/privilege/internal/device/video"
+ };
+ privileges_t allowedPrivs = {
+ "http://tizen.org/privilege/camera",
+ "http://tizen.org/privilege/mediastorage"
+ };
+ privileges_t someDeniedPrivs = {
+ "http://tizen.org/privilege/internet",
+ "http://tizen.org/privilege/externalstorage"
+ };
+
+ privileges_t defaultAllowedPrivs = defaultPrivs;
+ defaultAllowedPrivs.insert(defaultAllowedPrivs.end(), allowedPrivs.begin(), allowedPrivs.end());
AppInstallHelper app("sm_test_02");
app.createPrivateDir();
ScopedInstaller appInstall(app);
check_app_after_install(app.getAppId(), app.getPkgId(),
- app.getPrivilegesNames(), someDeniedPrivs);
+ defaultAllowedPrivs, someDeniedPrivs);
check_path(app.getPrivateDir(), generatePathRWLabel(app.getPkgId()));
check_path(app.getPrivateRODir(), generatePathROLabel(app.getPkgId()), false);
}
};
- std::vector<TemporaryTestUser> users = {
- {"sm_test_09_user_name_0", GUM_USERTYPE_NORMAL, false},
- {"sm_test_09_user_name_1", GUM_USERTYPE_NORMAL, false}
+ auto update = [](const TemporaryTestUser& user,
+ const char *pkgId,
+ const char *appId,
+ const char *version,
+ const char *author,
+ bool isHybrid,
+ enum lib_retcode expected,
+ bool uninstall = true)
+ {
+ InstallRequest request;
+ request.setAppId(appId);
+ request.setPkgId(pkgId);
+ request.setAppTizenVersion(version);
+ request.setAuthorId(author);
+ request.setUid(user.getUid());
+ if (isHybrid)
+ request.setHybrid();
+ Api::update(request, expected);
+
+ if(expected == SECURITY_MANAGER_SUCCESS && uninstall) {
+ Api::uninstall(request);
+ }
+ };
+
+ std::array<TemporaryTestUser, 2> users{
+ TemporaryTestUser{"sm_test_09_user_name_0", GUM_USERTYPE_NORMAL, false},
+ TemporaryTestUser{"sm_test_09_user_name_1", GUM_USERTYPE_NORMAL, false}
};
for(auto& gu : users)
install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS, false);
// uid_1, pkg_0, app_0, version_0, author_0, not hybrid -> ok (different uid)
install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS);
- // uid_0, pkg_0, app_0, version_0, author_0, hybrid -> fail (different hybrid setting)
+ // uid_0, pkg_0, app_0, version_0, author_0, hybrid -> ok for update (different hybrid setting)
install(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
- // uid_0, pkg_0, app_1, version_0, author_0, hybrid -> fail (different hybrid setting)
- install(users[0], pkgId[0], appId[1], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
- // uid_1, pkg_0, app_0, version_0, author_0, hybrid -> fail (different hybrid setting)
- install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ update(users[0], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_SUCCESS, false);
+ // uid_0, pkg_0, app_1, version_0, author_0, hybrid -> ok (new app id)
+ install(users[0], pkgId[0], appId[1], version[0], author[0], hybrid[1], SECURITY_MANAGER_SUCCESS, false);
+ // uid_1, pkg_0, app_0, version_0, author_0, hybrid -> ok (different hybrid setting)
+ install(users[1], pkgId[0], appId[0], version[0], author[0], hybrid[1], SECURITY_MANAGER_SUCCESS, false);
// uid_1, pkg_0, app_0, version_0, author_1, not hybrid -> fail (author of app_0 must be the same)
install(users[1], pkgId[0], appId[0], version[0], author[1], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
- // uid_1, pkg_0, app_0, version_1, author_0, not hybrid -> ok (version upgrade)
- install(users[1], pkgId[0], appId[0], version[1], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS);
+ // uid_1, pkg_0, app_0, version_1, author_0, not hybrid -> ok (version upgrade and different hybrid setting)
+ install(users[1], pkgId[0], appId[0], version[1], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ update(users[1], pkgId[0], appId[0], version[1], author[0], hybrid[0], SECURITY_MANAGER_SUCCESS);
// uid_1, pkg_1, app_0, version_0, author_0, not hybrid -> fail (pkg of app_0 must be the same)
install(users[1], pkgId[1], appId[0], version[0], author[0], hybrid[0], SECURITY_MANAGER_ERROR_INPUT_PARAM);
// uid_0, pkg_0, app_0, version_0, author_0, not hybrid -> ok (the same app again)
*/
RUNNER_CHILD_TEST(security_manager_25e_unprivileged_install_type_global)
{
+ RUNNER_IGNORED_MSG("This test is turned off because multiuser feature is not supported by platform correctly");
+
TemporaryTestUser testUser("sm_test_25e_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
AppInstallHelper app("sm_test_25e");
- change_label("_");
+ ScopedProcessLabel spl("_", false);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
"drop_root_privileges failed");
RUNNER_CHILD_TEST(security_manager_25f_unprivileged_install_type_preloaded)
{
+ RUNNER_IGNORED_MSG("This test is turned off because multiuser feature is not supported by platform correctly");
+
TemporaryTestUser testUser("sm_test_25f_user_name", GUM_USERTYPE_NORMAL);
testUser.create();
AppInstallHelper app("sm_test_25f");
- change_label("_");
+ ScopedProcessLabel spl("_", false);
RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(testUser.getUid(), testUser.getGid()) == 0,
"drop_root_privileges failed");
InstallRequest invalidReq;
Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
}
-
RUNNER_CHILD_TEST(security_manager_25g_local_user_set_install_type_local)
{
std::vector<std::string> allowedPrivs = {
invalidReq.setPkgId(app.getPkgId());
invalidReq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
invalidReq.setInstallType(SM_APP_INSTALL_GLOBAL);
- Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
RUNNER_CHILD_TEST(security_manager_25i_local_path_preloaded_install)
invalidReq.setPkgId(app.getPkgId());
invalidReq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
invalidReq.setInstallType(SM_APP_INSTALL_PRELOADED);
- Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::install(invalidReq, (lib_retcode)SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
RUNNER_CHILD_TEST(security_manager_25j_global_path_local_install)
invalidReq.addPath(appGlobal.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
invalidReq.setInstallType(SM_APP_INSTALL_LOCAL);
- Api::install(invalidReq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::install(invalidReq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
+RUNNER_CHILD_TEST(security_manager_26_hybrid_pkg_uninstall_artifacts_check)
+{
+ TemporaryTestUser testUser("sm_test_26_user_name", GUM_USERTYPE_NORMAL);
+ testUser.create();
+
+ const std::vector<std::string> allowedPrivs = {
+ "http://tizen.org/privilege/wifidirect",
+ "http://tizen.org/privilege/telephony"
+ };
+
+ AppInstallHelper app1("sm_test_26_1", "sm_test_26", testUser.getUid());
+ app1.addPrivileges(allowedPrivs);
+ app1.setHybrid();
+
+ AppInstallHelper app2("sm_test_26_2", "sm_test_26", testUser.getUid());
+ app2.addPrivileges(allowedPrivs);
+ app2.setHybrid();
+
+ {
+ ScopedInstaller appInstall1(app1);
+ ScopedInstaller appInstall2(app2);
+ check_app_permissions(app1.getAppId(), app1.getPkgId(), testUser.getUidString(),
+ allowedPrivs, {}, app1.getIsHybrid());
+ check_app_permissions(app2.getAppId(), app2.getPkgId(), testUser.getUidString(),
+ allowedPrivs, {}, app2.getIsHybrid());
+
+ }
+ check_app_permissions(app1.getAppId(), app1.getPkgId(), testUser.getUidString(),
+ {}, allowedPrivs, app1.getIsHybrid());
+ check_app_permissions(app2.getAppId(), app2.getPkgId(), testUser.getUidString(),
+ {}, allowedPrivs, app2.getIsHybrid());
+}
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <vector>
#include <app_install_helper.h>
+#include <pkg_privacy_privileges.h>
#include <scoped_installer.h>
#include <sm_api.h>
#include <sm_commons.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
-const std::vector<std::string> TEST_PRIVACY_PRIVILEGES = {
- "http://tizen.org/privilege/callhistory.read",
- "http://tizen.org/privilege/account.read",
- "http://tizen.org/privilege/healthinfo" };
+const PrivilegeVector TEST_PRIVACY_PRIVILEGES = {
+ Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY) };
using namespace SecurityManagerTest;
RUNNER_ASSERT_MSG(isAskuserDisabled() || expectedPolicyCount > 0,
"Application won't be installed with any privacy privileges, fix test");
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app("sm_test_ap2", tmpUser.getUid());
app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
pid_t pid = fork();
app.setInstallType(SM_APP_INSTALL_GLOBAL);
app.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller appInstall(app);
pid_t pid = fork();
AppInstallHelper app2("sm_test_ap3_2", tmpUser.getUid());
app2.addPrivileges(TEST_PRIVACY_PRIVILEGES);
+ PkgPrivacyPrivileges setupPrivacyPrivs1(app1);
ScopedInstaller appInstall1(app1);
+
+ PkgPrivacyPrivileges setupPrivacyPrivs2(app2);
ScopedInstaller appInstall2(app2);
pid_t pid = fork();
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <app_install_helper.h>
+#include <dpl/test/test_runner.h>
+#include <scoped_installer.h>
+#include <temp_test_user.h>
+#include <label_generator.h>
+#include <sm_commons.h>
+
+using namespace SecurityManagerTest;
+
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PATHS)
+
+static void checkPaths(const AppInstallHelper &app, AppInstallHelper::RootType type) {
+ check_path(app.getPrivateDir(0, type), generatePathRWLabel(app.getPkgId()));
+ check_path(app.getPrivateRODir(0, type), generatePathROLabel(app.getPkgId()), false);
+ check_path(app.getPublicDir(type), getPublicPathLabel());
+}
+
+RUNNER_TEST(security_manager_101_paths_global_extended)
+{
+ AppInstallHelper app("sm_test_101");
+ app.createPrivateDir(0, AppInstallHelper::RootType::EXTENDED);
+ app.createPrivateRODir(0, AppInstallHelper::RootType::EXTENDED);
+ app.createPublicDir(AppInstallHelper::RootType::EXTENDED);
+
+ ScopedInstaller install(app);
+
+ checkPaths(app, AppInstallHelper::RootType::EXTENDED);
+}
+
+RUNNER_TEST(security_manager_102_paths_local_extended)
+{
+ TemporaryTestUser user("sm_test_102", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("sm_test_102", user.getUid());
+ app.createPrivateDir(0, AppInstallHelper::RootType::EXTENDED);
+ app.createPrivateRODir(0, AppInstallHelper::RootType::EXTENDED);
+ app.createPublicDir(AppInstallHelper::RootType::EXTENDED);
+
+ ScopedInstaller install(app);
+
+ checkPaths(app, AppInstallHelper::RootType::EXTENDED);
+}
+
+RUNNER_TEST(security_manager_103_paths_global_skel)
+{
+ AppInstallHelper app("sm_test_103");
+ app.createPrivateDir(0, AppInstallHelper::RootType::SKEL);
+ app.createPrivateRODir(0, AppInstallHelper::RootType::SKEL);
+ app.createPublicDir(AppInstallHelper::RootType::SKEL);
+
+ ScopedInstaller install(app);
+
+ check_path(app.getPrivateDir(0, AppInstallHelper::RootType::SKEL), generatePathRWLabel(app.getPkgId()));
+ // Below doesn't work, because /etc/skel/apps_rw has transmute and label "User::Home", to which "System::Privileged" has a 't' access
+ //check_path(app.getPrivateRODir(0, AppInstallHelper::RootType::SKEL), generatePathROLabel(app.getPkgId()), false);
+ check_path(app.getPublicDir(AppInstallHelper::RootType::SKEL), getPublicPathLabel());
+}
+
+RUNNER_TEST(security_manager_104_paths_local_skel)
+{
+ TemporaryTestUser user("sm_test_104", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("sm_test_104", user.getUid());
+ app.createPrivateDir(0, AppInstallHelper::RootType::SKEL);
+
+ InstallRequest req;
+ req.setAppId(app.getAppId());
+ req.setPkgId(app.getPkgId());
+ req.setUid(app.getUID());
+ req.addPath(app.getPrivateDir(0, AppInstallHelper::RootType::SKEL), SECURITY_MANAGER_PATH_RW);
+ Api::install(req, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
+}
+
#include <string>
#include <memory>
#include <mutex>
+#include <fstream>
#include <dpl/test/test_runner_child.h>
#include <dpl/test/test_runner.h>
const std::string APP_TEST_USER = "app_test_user";
+const std::string EXTERNAL_STORAGE_PRIVILEGE = "http://tizen.org/privilege/externalstorage";
+const std::string MEDIA_STORAGE_PRIVILEGE = "http://tizen.org/privilege/mediastorage";
+
+const std::string ACCESS_DENIED_DIR_PATH = "/usr/share/security-manager/dummy";
+const std::string EXTERNAL_STORAGE_DIR_PATH = "/opt/media";
+const std::string MEDIA_STORAGE_RW_DIR_PATH = "/opt/usr/media";
+const std::string MEDIA_STORAGE_RO_DIR_PATH = "/opt/usr/home/app_test_user/media";
+
typedef std::unique_ptr<_cap_struct, decltype(&cap_free)> CapPtr;
std::string thread_errors;
return ret;
}
+ino_t getFileInode(const std::string &path)
+{
+ struct stat st;
+ if (stat(path.c_str(), &st) != 0)
+ return 0;
+
+ return st.st_ino;
+}
+
+std::string getTextFileContents(const std::string &path)
+{
+ std::ifstream in(path.c_str());
+ if (in.fail())
+ return std::string();
+ std::stringstream ss;
+ ss << in.rdbuf();
+ return ss.str();
+}
+
+bool isPathBound(const std::string &what, const std::string &where, pid_t pid = 1)
+{
+ std::string mountinfoPath = std::string("/proc/") + std::to_string(pid) + "/mountinfo";
+ std::string mountinfo = getTextFileContents(mountinfoPath);
+ std::string line = what + " " + where;
+
+ return std::string::npos != mountinfo.find(line);
+}
+
} // anonymous namespace
RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PREPARE_APP)
exit(0);
} else {
waitPid(pid);
+ Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_101_create_namespace_test)
+{
+ TemporaryTestUser tmpUser(APP_TEST_USER, GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ AppInstallHelper app("app101", tmpUser.getUid());
+ ScopedInstaller appInstall(app);
+
+ SynchronizationPipe synchPipe;
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ synchPipe.claimParentEp();
+ RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
+
+ Api::prepareApp(app.getAppId().c_str());
+ synchPipe.post();
+ synchPipe.wait();
+
+ exit(0);
+ } else {
+ synchPipe.claimChildEp();
+ synchPipe.wait();
+
+ std::string appBindPath = std::string("/var/run/user/") + std::to_string(tmpUser.getUid())
+ + "/apps/" + app.generateAppLabel() + "/" + std::to_string(pid);
+ std::string appProcPath = std::string("/proc/") + std::to_string(pid) + "/ns/mnt";
+ std::string launcherProcPath = std::string("/proc/") + std::to_string(getpid()) + "/ns/mnt";
+
+ ino_t appBindInode = getFileInode(appBindPath);
+ ino_t appProcInode = getFileInode(appProcPath);
+ ino_t launcherProcInode = getFileInode(launcherProcPath);
+
+ RUNNER_ASSERT_ERRNO_MSG(appBindInode != 0, "get inode failed");
+ RUNNER_ASSERT_ERRNO_MSG(appProcInode != 0, "get inode failed");
+ RUNNER_ASSERT_ERRNO_MSG(launcherProcInode != 0, "get inode failed");
+
+ RUNNER_ASSERT_ERRNO_MSG(launcherProcInode != appProcInode, "create mount namespace failed");
+ RUNNER_ASSERT_ERRNO_MSG(appBindInode == appProcInode, "bind namespace failed");
+
+ synchPipe.post();
+ waitPid(pid);
+ Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_102_check_propagation_test)
+{
+ TemporaryTestUser tmpUser(APP_TEST_USER, GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ AppInstallHelper app("app102", tmpUser.getUid());
+ ScopedInstaller appInstall(app);
+
+ SynchronizationPipe synchPipe;
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ synchPipe.claimParentEp();
+ RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
+
+ Api::prepareApp(app.getAppId().c_str());
+ synchPipe.post();
+ synchPipe.wait();
+
+ exit(0);
+ } else {
+ synchPipe.claimChildEp();
+ synchPipe.wait();
+
+ bool result = isPathBound(ACCESS_DENIED_DIR_PATH, EXTERNAL_STORAGE_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RW_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
+
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, EXTERNAL_STORAGE_DIR_PATH);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RW_DIR_PATH);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+
+ synchPipe.post();
+ waitPid(pid);
+ Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_103_policy_change_test)
+{
+ TemporaryTestUser tmpUser(APP_TEST_USER, GUM_USERTYPE_NORMAL, false);
+ tmpUser.create();
+
+ AppInstallHelper app("app103", tmpUser.getUid());
+ app.addPrivilege(EXTERNAL_STORAGE_PRIVILEGE);
+ app.addPrivilege(MEDIA_STORAGE_PRIVILEGE);
+ ScopedInstaller appInstall(app);
+
+ SynchronizationPipe synchPipe;
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid >= 0, "Fork failed");
+ if (pid == 0) {
+ synchPipe.claimParentEp();
+ RUNNER_ASSERT_ERRNO_MSG(setLauncherSecurityAttributes(tmpUser) == 0, "launcher failed");
+
+ Api::prepareApp(app.getAppId().c_str());
+ synchPipe.post();
+ synchPipe.wait();
+
+ exit(0);
+ } else {
+ synchPipe.claimChildEp();
+ synchPipe.wait();
+
+ bool result = isPathBound(ACCESS_DENIED_DIR_PATH, EXTERNAL_STORAGE_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RW_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+
+ PolicyRequest policyRequest;
+ PolicyEntry policyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), EXTERNAL_STORAGE_PRIVILEGE);
+ policyEntry.setLevel("Deny");
+ policyRequest.addEntry(policyEntry);
+
+ policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), MEDIA_STORAGE_PRIVILEGE);
+ policyEntry.setLevel("Deny");
+ policyRequest.addEntry(policyEntry);
+ Api::sendPolicy(policyRequest);
+
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, EXTERNAL_STORAGE_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RW_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == true, "path is not bound");
+
+ policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), EXTERNAL_STORAGE_PRIVILEGE);
+ policyEntry.setLevel("Allow");
+ policyRequest.addEntry(policyEntry);
+
+ policyEntry = PolicyEntry(app.getAppId(), std::to_string(tmpUser.getUid()), MEDIA_STORAGE_PRIVILEGE);
+ policyEntry.setLevel("Allow");
+ policyRequest.addEntry(policyEntry);
+ Api::sendPolicy(policyRequest);
+
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, EXTERNAL_STORAGE_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RW_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+ result = isPathBound(ACCESS_DENIED_DIR_PATH, MEDIA_STORAGE_RO_DIR_PATH, pid);
+ RUNNER_ASSERT_ERRNO_MSG(result == false, "path is bound");
+
+ synchPipe.post();
+ waitPid(pid);
+ Api::cleanupApp(app.getAppId().c_str(), tmpUser.getUid(), pid);
}
}
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <cynara_test_admin.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
+#include <pkg_privacy_privileges.h>
#include <policy_configuration.h>
#include <scoped_installer.h>
#include <sm_api.h>
}
};
-const std::vector<Privileges> TEST_PRIVACY_PRIVILEGES = {
+const PrivilegeVector TEST_PRIVACY_PRIVILEGES[] = {
{
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/callhistory.read", // privacy-related privileges start here
- "http://tizen.org/privilege/account.read",
- "http://tizen.org/privilege/healthinfo"
+ Privilege("http://tizen.org/privilege/telephony"),
+ Privilege("http://tizen.org/privilege/led"),
+ Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/account.read", Privilege::PRIVACY),
+ Privilege("http://tizen.org/privilege/healthinfo", Privilege::PRIVACY),
},
{
- "http://tizen.org/privilege/telephony",
- "http://tizen.org/privilege/led",
- "http://tizen.org/privilege/callhistory.read" // privacy-related privileges start here
+ Privilege("http://tizen.org/privilege/telephony"),
+ Privilege("http://tizen.org/privilege/led"),
+ Privilege("http://tizen.org/privilege/callhistory.read", Privilege::PRIVACY),
}
};
PolicyEntry filter (app.getAppId(), user.getUidString(), SECURITY_MANAGER_ANY);
std::vector<PolicyEntry> policyEntries;
{
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller installer(app);
unsigned int privacyNum = countPrivacyPrivileges(app.getPrivileges());
if (isHybrid)
app1.setHybrid();
app1.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]);
+ PkgPrivacyPrivileges setupPrivacyPrivs1(app1);
ScopedInstaller installer1(app1);
AppInstallHelper app2("sm_test_19_app_id_2", pkgId, user.getUid());
if (isHybrid)
app2.setHybrid();
app2.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]);
+ PkgPrivacyPrivileges setupPrivacyPrivs2(app2);
ScopedInstaller installer2(app2);
int privacyCount1, privacyCount2;
AppInstallHelper app("sm_test_20", user.getUid());
app.addPrivileges(TEST_PRIVACY_PRIVILEGES[0]);
+ PkgPrivacyPrivileges setupPrivacyPrivs(app);
ScopedInstaller installer(app);
CynaraTestAdmin::Admin admin;
}
}
}
+
+RUNNER_CHILD_TEST(security_manager_21_fetch_app_manifest_invalid_params)
+{
+ int ret = security_manager_get_app_manifest_policy(nullptr, 0, nullptr, nullptr);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_INPUT_PARAM, "Expected invalid input param, returned " << ret);
+}
+
+
+RUNNER_CHILD_TEST(security_manager_22_fetch_app_manifest_no_app)
+{
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy("not_existing_app_id", 0, &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT, "Expected no such object error, returned " << ret);
+}
+
+RUNNER_CHILD_TEST(security_manager_23_fetch_app_manifest_invalid_user)
+{
+ TemporaryTestUser user("sm_test_23_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_23_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivileges(TEST_PRIVACY_PRIVILEGES[1]);
+ ScopedInstaller appInstall(app);
+
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs);
+ // Should security-manager check if user exists?
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs);
+}
+
+static void check_privileges_from_manifest(const AppInstallHelper &aih, char **privileges, size_t nPrivs)
+{
+ std::vector<std::string> aihPrivs = aih.getPrivilegesNames();
+ RUNNER_ASSERT_MSG(nPrivs == aihPrivs.size(), "Expected privileges number: " << aihPrivs.size() << ", got " << nPrivs);
+ for (size_t i = 0; i < nPrivs; ++i) {
+ RUNNER_ASSERT_MSG(std::find(aihPrivs.begin(), aihPrivs.end(), std::string(privileges[i])) != aihPrivs.end(),
+ "Privilege " << privileges[i] << " not found");
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_24_fetch_app_manifest_global_app)
+{
+ TemporaryTestUser user("sm_test_24_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_24_fetch");
+ app.setInstallType(SM_APP_INSTALL_GLOBAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ char **privileges;
+ size_t nPrivs = 0;
+
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+
+ // since app is installed globally, also for our temporary user the returned list should be the same
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+}
+
+RUNNER_CHILD_TEST(security_manager_25_fetch_app_manifest_local_app)
+{
+ TemporaryTestUser user("sm_test_25_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_25_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ char **privileges;
+ size_t nPrivs = 0;
+
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+
+ // since app is installed locally, if we ask for other user (ie. root), we should get empty list of privileges
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), 0, &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ RUNNER_ASSERT_MSG(nPrivs == 0, "Expected empty set of privileges, returned " << nPrivs);
+}
+
+RUNNER_CHILD_TEST(security_manager_26_fetch_app_manifest_both_apps)
+{
+ TemporaryTestUser user("sm_test_26_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper appGlobal("security_manager_26_fetch");
+ appGlobal.setInstallType(SM_APP_INSTALL_GLOBAL);
+ appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ appGlobal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ appGlobal.addPrivilege(std::string("http://tizen.org/privielge/contacts.read"));
+ ScopedInstaller appGlobalInstall(appGlobal);
+
+ AppInstallHelper appLocal("security_manager_26_fetch", user.getUid());
+ appLocal.setInstallType(SM_APP_INSTALL_LOCAL);
+ appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ appLocal.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appLocalInstall(appLocal);
+
+
+ char **privileges;
+ size_t nPrivs = 0;
+
+ int ret = security_manager_get_app_manifest_policy(appLocal.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(appLocal, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(appGlobal.getAppId().c_str(), 0, &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected succes, returned " << ret);
+ check_privileges_from_manifest(appGlobal, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+}
+
+RUNNER_CHILD_TEST(security_manager_27_fetch_app_manifest_app_context_local_positive)
+{
+ TemporaryTestUser user("sm_test_27_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_27_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_28_fetch_app_manifest_app_context_global_positive)
+{
+ TemporaryTestUser user("sm_test_28_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_28_fetch");
+ app.setInstallType(SM_APP_INSTALL_GLOBAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_29_fetch_app_manifest_app_context_local_different_uid)
+{
+ TemporaryTestUser user("sm_test_29_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ TemporaryTestUser user1("sm_test_29_fetch_username_1", GUM_USERTYPE_NORMAL);
+ user1.create();
+
+ AppInstallHelper app("security_manager_29_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ AppInstallHelper app1("security_manager_29_fetch", user1.getUid());
+ app1.setInstallType(SM_APP_INSTALL_LOCAL);
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ ScopedInstaller appInstall1(app1);
+
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user1.getUid(), user1.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected auth failed, returned " << ret);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app1.getAppId().c_str(), user1.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app1, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_30_fetch_app_manifest_app_context_local_different_label)
+{
+ TemporaryTestUser user("sm_test_30_fetch_username", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("security_manager_30_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ AppInstallHelper app1("security_manager_30_fetch_1", user.getUid());
+ app1.setInstallType(SM_APP_INSTALL_LOCAL);
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ ScopedInstaller appInstall1(app1);
+
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "Expected auth failed, returned " << ret);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app1.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app1, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
+
+RUNNER_CHILD_TEST(security_manager_31_fetch_app_manifest_app_context_local_different_label_with_privilege)
+{
+ TemporaryTestUser user("sm_test_31_fetch_username", GUM_USERTYPE_ADMIN);
+ user.create();
+
+ AppInstallHelper app("security_manager_31_fetch", user.getUid());
+ app.setInstallType(SM_APP_INSTALL_LOCAL);
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ ScopedInstaller appInstall(app);
+
+ AppInstallHelper app1("security_manager_31_fetch_1", user.getUid());
+ app1.setInstallType(SM_APP_INSTALL_LOCAL);
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/calendar.write"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/contacts.read"));
+ app1.addPrivilege(std::string("http://tizen.org/privilege/internal/usermanagement"));
+ ScopedInstaller appInstall1(app1);
+
+
+ pid_t pid = fork();
+ RUNNER_ASSERT_ERRNO_MSG(pid != -1, "Fork failed");
+ if (pid != 0) { //parent process
+ waitPid(pid);
+ } else { //child process
+ Api::setProcessLabel(app1.getAppId());
+ RUNNER_ASSERT_ERRNO_MSG(
+ drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+ char **privileges;
+ size_t nPrivs = 0;
+ int ret = security_manager_get_app_manifest_policy(app.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+
+ nPrivs = 0;
+ ret = security_manager_get_app_manifest_policy(app1.getAppId().c_str(), user.getUid(), &privileges, &nPrivs);
+ RUNNER_ASSERT_MSG(ret == SECURITY_MANAGER_SUCCESS, "Expected success, returned " << ret);
+ check_privileges_from_manifest(app1, privileges, nPrivs);
+ security_manager_privileges_free(privileges, nPrivs);
+ exit(0);
+ }
+}
using namespace SecurityManagerTest;
-RUNNER_TEST_GROUP_INIT(SECURIT_MANAGER_PRIVATE_SHARING)
+RUNNER_TEST_GROUP_INIT(SECURITY_MANAGER_PRIVATE_SHARING)
/*
* Check if request is rejected when incomplete
sharedRORequest.setPkgId(nonSharedApp.getPkgId());
sharedRORequest.addPath(sharedApp.getSharedRODir(), SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO);
sharedRORequest.setUid(nonSharedApp.getUID());
- Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::registerPaths(sharedRORequest, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
}
preq.setInstallType(SM_APP_INSTALL_LOCAL);
preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_SERVER_ERROR);
+ // Not sure why this shouldn't be invalid param
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_UNKNOWN);
}
RUNNER_TEST(security_manager_58_path_req_empty_paths)
Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
}
+RUNNER_TEST(security_manager_59a_path_req_as_root_positive_realpath_check)
+{
+ TemporaryTestUser user("sm_test_59a_user_name", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("sm_test_59a", user.getUid());
+ ScopedInstaller appInstall(app);
+
+ app.createPrivateDir();
+ PathsRequest preq;
+ preq.setPkgId(app.getPkgId());
+ preq.setUid(user.getUid());
+ std::string privPath = "/opt/.././" + app.getPrivateDir();
+ size_t pos = privPath.find_last_of("/");
+ std::string lastElem = privPath.substr(pos + 1);
+
+ preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+}
+
RUNNER_CHILD_TEST(security_manager_60_path_req_as_user_positive)
{
TemporaryTestUser user("sm_test_60_user_name", GUM_USERTYPE_NORMAL, false);
Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
}
+RUNNER_CHILD_TEST(security_manager_60a_path_req_as_user_positive_realpath_check)
+{
+ TemporaryTestUser user("sm_test_60a_user_name", GUM_USERTYPE_NORMAL);
+ user.create();
+
+ AppInstallHelper app("sm_test_60a", user.getUid());
+ ScopedInstaller appInstall(app);
+
+ RUNNER_ASSERT_ERRNO_MSG(drop_root_privileges(user.getUid(), user.getGid()) == 0,
+ "drop_root_privileges failed");
+
+ app.createPrivateDir();
+ PathsRequest preq;
+ preq.setPkgId(app.getPkgId());
+ preq.setUid(user.getUid());
+ std::string privPath = "/opt/.././" + app.getPrivateDir();
+ size_t pos = privPath.find_last_of("/");
+ std::string lastElem = privPath.substr(pos + 1);
+
+ preq.addPath(privPath + "/../" + lastElem, SECURITY_MANAGER_PATH_RW);
+
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_SUCCESS);
+}
+
RUNNER_CHILD_TEST(security_manager_61_path_req_different_user)
{
TemporaryTestUser user1("sm_test_61_1_user_name", GUM_USERTYPE_NORMAL, false);
preq.setUid(uid);
preq.addPath(path, SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::registerPaths(preq, (lib_retcode)SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
RUNNER_TEST(security_manager_62_path_req_path_outside)
preq.setInstallType(SM_APP_INSTALL_GLOBAL);
preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::registerPaths(preq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
RUNNER_CHILD_TEST(security_manager_63b_path_req_preloaded_as_user)
preq.setInstallType(SM_APP_INSTALL_PRELOADED);
preq.addPath(app.getPrivateDir(), SECURITY_MANAGER_PATH_RW);
- Api::registerPaths(preq, SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED);
+ Api::registerPaths(preq, SECURITY_MANAGER_ERROR_NOT_PATH_OWNER);
}
RUNNER_TEST(security_manager_64a_path_req_as_local_as_root)
{
# 'text' - console output
# 'summary' - used for summary view
- security-tests.sh "$1" --output=text --output=summary "$ign"
+ security-tests.sh "$1" --output=text --output=summary $ign
addSummary
}
#!/bin/sh
#####################################################################
-# Copyright (c) 2012-2018 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2012 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
echo "========================================================================="
echo "KEY MANAGER UNPRIVILEGED TESTS"
echo
- ARGS="${@:2}"
- su - owner -c "ckm-tests $ARGS"
+ su - owner -c "ckm-tests ${@:2}"
echo "========================================================================="
echo "KEY MANAGER PRIVILEGED TESTS"
echo
- ckm-tests-on-onlycap.sh $ARGS
+ ckm-privileged-tests "${@:2}"
;;
"yaca")
echo "========================================================================="
projects / platform / core / test / security-tests.git / commitdiff