#include <condition_variable>
#include <cassert>
+#include <ckmc/ckmc-type.h>
#include <ckm/ckm-manager-async.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
typedef map<Type, vector<KeyPair> > KeyMap;
+std::string format_full_label_alias(const std::string &label, const std::string &alias)
+{
+ std::stringstream ss;
+ ss << label << std::string(ckmc_label_name_separator) << alias;
+ return ss.str();
+}
+
KeyMap initializeKeys()
{
DBCleanup dbc;
test_positive(&ManagerAsync::saveKey, dbc.key("alias1"), keys[RSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { Alias(dbc.key("alias1")) });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.key("alias1"))) });
test_positive(&ManagerAsync::saveKey, dbc.key("alias2"), keys[DSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { Alias(dbc.key("alias1")),
- Alias(dbc.key("alias2")) });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.key("alias1"))),
+ format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.key("alias2"))) });
test_positive(&ManagerAsync::removeKey, dbc.key("alias1"));
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { Alias(dbc.key("alias2")) });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.key("alias2"))) });
}
DBCleanup dbc;
test_positive(&ManagerAsync::saveCertificate, dbc.cert("alias1"), certs[0], Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { Alias(dbc.cert("alias1")) });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.cert("alias1"))) });
test_positive(&ManagerAsync::saveCertificate, dbc.cert("alias2"), certs[1], Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { Alias(dbc.cert("alias1")),
- Alias(dbc.cert("alias2")) });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.cert("alias1"))),
+ format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.cert("alias2"))) });
test_positive(&ManagerAsync::removeCertificate, dbc.cert("alias1"));
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { Alias(dbc.cert("alias2")) });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.cert("alias2"))) });
}
DBCleanup dbc;
test_positive(&ManagerAsync::saveData, dbc.data("alias1"), test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { Alias(dbc.data("alias1")) });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias1"))) });
test_positive(&ManagerAsync::saveData, dbc.data("alias2"), test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { Alias(dbc.data("alias1")),
- Alias(dbc.data("alias2")) });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias1"))),
+ format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias2"))) });
test_positive(&ManagerAsync::removeData, dbc.data("alias1"));
- test_check_aliases(&ManagerAsync::getDataAliasVector, { Alias(dbc.data("alias2")) });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias2"))) });
}
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { Alias(dbc.data("alias_prv")),
- Alias(dbc.data("alias_pub")) });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias_prv"))),
+ format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias_pub"))) });
}
// createKeyPairDSA
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { Alias(dbc.data("alias_prv")),
- Alias(dbc.data("alias_pub")) });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias_prv"))),
+ format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias_pub"))) });
}
// createKeyPairECDSA
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { Alias(dbc.data("alias_prv")),
- Alias(dbc.data("alias_pub")) });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias_prv"))),
+ format_full_label_alias(std::string(TEST_LABEL), Alias(dbc.data("alias_pub"))) });
}
RUNNER_TEST(TA1820_allow_access)
{
DBCleanup dbc;
+ CharPtr top_label = get_label();
test_positive(&ManagerAsync::saveData, dbc.data("alias"), test_buffer, Policy());
test_positive(&ManagerAsync::saveData, dbc.data("alias2"), test_buffer, Policy());
test_positive(&ManagerAsync::saveData, dbc.data("alias3"), test_buffer, Policy());
{
ScopedLabel label(TEST_LABEL);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_ACCESS_DENIED, dbc.data("alias"), "");
- test_negative(&ManagerAsync::removeData, CKM_API_ERROR_ACCESS_DENIED, dbc.data("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.data("alias"), "");
+ test_negative(&ManagerAsync::removeData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.data("alias"));
+
+ // test from allowed label, but without properly addressing alias (coming from default label)
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, dbc.data("alias2"), "");
- test_positive(&ManagerAsync::getData, dbc.data("alias2"), "");
- test_negative(&ManagerAsync::removeData, CKM_API_ERROR_ACCESS_DENIED, dbc.data("alias2"));
+ // now test with appropriate addressing
+ std::string full_alias2_address = aliasWithLabel(top_label.get(), dbc.data("alias2"));
+ test_positive(&ManagerAsync::getData, full_alias2_address, "");
+ test_negative(&ManagerAsync::removeData, CKM_API_ERROR_ACCESS_DENIED, full_alias2_address);
- test_positive(&ManagerAsync::getData, dbc.data("alias3"), "");
- test_positive(&ManagerAsync::removeData, dbc.data("alias3"));
+ std::string full_alias3_address = aliasWithLabel(top_label.get(), dbc.data("alias3"));
+ test_positive(&ManagerAsync::getData, full_alias3_address, "");
+ test_positive(&ManagerAsync::removeData, full_alias3_address);
}
}
RUNNER_TEST(TA1920_deny_access)
{
DBCleanup dbc;
+ CharPtr top_label = get_label();
test_positive(&ManagerAsync::saveData, dbc.data("alias"), test_buffer, Policy());
test_positive(&ManagerAsync::allowAccess,
dbc.data("alias"),
{
ScopedLabel label(TEST_LABEL);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_ACCESS_DENIED, dbc.data("alias"), "");
- test_negative(&ManagerAsync::removeData, CKM_API_ERROR_ACCESS_DENIED, dbc.data("alias"));
+ std::string full_alias_address = aliasWithLabel(top_label.get(), dbc.data("alias"));
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address, "");
+ test_negative(&ManagerAsync::removeData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, full_alias_address);
}
}
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
-void save_data(const char* alias)
+void save_data(const char* alias, const char *data)
{
ckmc_raw_buffer_s buffer;
- buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(TEST_DATA));
- buffer.size = strlen(TEST_DATA);
+ buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
+ buffer.size = strlen(data);
ckmc_policy_s policy;
policy.password = NULL;
policy.extractable = true;
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Saving data failed. Error: " << ret);
}
+void save_data(const char* alias)
+{
+ save_data(alias, TEST_DATA);
+}
+
void check_remove_allowed(const char* alias)
{
int ret = ckmc_remove_data(alias);
"App with different label shouldn't have rights to remove this data. Error: " << ret);
}
-void check_read_allowed(const char* alias)
+void check_remove_not_visible(const char* alias)
{
- // try to read previously saved data
+ int ret = ckmc_remove_data(alias);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "App with different label shouldn't have rights to see this data. Error: " << ret);
+}
+
+void check_read(const char* alias, const char *label, const char *test_data, int expected_code = CKMC_ERROR_NONE)
+{
+ std::stringstream valid_address;
+ if(label != NULL)
+ valid_address << label << ckmc_label_name_separator;
+ valid_address << alias;
+
ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(alias, NULL, &buffer);
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == ret, "Getting data failed. Error: " << ret);
+ int ret = ckmc_get_data(valid_address.str().c_str(), NULL, &buffer);
+ RUNNER_ASSERT_MSG(expected_code == ret, "Getting data failed. Expected code: " << expected_code << ", while result code: " << ret);
- // compare data with expected
- RUNNER_ASSERT_MSG(
- buffer->size == strlen(TEST_DATA),
- "Extracted data length do not match expected data length (encrypted?).");
+ if(expected_code == CKMC_ERROR_NONE)
+ {
+ // compare data with expected
+ RUNNER_ASSERT_MSG(
+ buffer->size == strlen(test_data),
+ "Extracted data length do not match expected data length (encrypted?).");
- RUNNER_ASSERT_MSG(
- memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), TEST_DATA, buffer->size) == 0,
- "Extracted data do not match expected data (encrypted?).");
- ckmc_buffer_free(buffer);
+ RUNNER_ASSERT_MSG(
+ memcmp(const_cast<const char*>(reinterpret_cast<char*>(buffer->data)), test_data, buffer->size) == 0,
+ "Extracted data do not match expected data (encrypted?).");
+
+ ckmc_buffer_free(buffer);
+ }
+}
+
+void check_read_allowed(const char* alias, const char *data)
+{
+ // try to read previously saved data - label taken implicitly
+ check_read(alias, 0, data);
+}
+void check_read_allowed(const char* alias)
+{
+ check_read_allowed(alias, TEST_DATA);
}
void check_read_denied(const char* alias)
{
- // try to read previously saved data
- ckmc_raw_buffer_s* buffer = NULL;
- int ret = ckmc_get_data(alias, NULL, &buffer);
- RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
- "App with different label shouldn't have rights to read this data. Error: "
- << ret);
- ckmc_buffer_free(buffer);
+ // try to read previously saved data - label taken implicitly
+ {
+ ckmc_raw_buffer_s* buffer = NULL;
+ int ret = ckmc_get_data(alias, NULL, &buffer);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
+ "App with different label shouldn't have rights to read this data. Error: " << ret);
+ ckmc_buffer_free(buffer);
+ }
+}
+
+void check_read_not_visible(const char* alias)
+{
+ // try to read previously saved data - label taken implicitly
+ {
+ ckmc_raw_buffer_s* buffer = NULL;
+ int ret = ckmc_get_data(alias, NULL, &buffer);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret,
+ "App with different label shouldn't have rights to see this data. Error: " << ret);
+ ckmc_buffer_free(buffer);
+ }
}
void allow_access(const char* alias, const char* accessor, ckmc_access_right_e rights)
{
save_data(alias);
}
+ ScopedSaveData(const char* alias, const char *data) : m_alias(alias)
+ {
+ save_data(alias, data);
+ }
~ScopedSaveData()
{
"Trying to allow myself returned: " << ret);
}
+// verifies that alias can not contain ":" character
+RUNNER_CHILD_TEST(T3007_manager_check_alias_valid)
+{
+ switch_to_storage_user(TEST_LABEL);
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ // insert colon in the middle
+ std::string test_alias_playground = std::string(TEST_ALIAS);
+ test_alias_playground.insert(test_alias_playground.size()/2, 1, ':');
+ check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // prepend a colon
+ test_alias_playground = std::string(TEST_ALIAS);
+ test_alias_playground.insert(0, 1, ':');
+ check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // append a colon
+ test_alias_playground = std::string(TEST_ALIAS);
+ test_alias_playground.push_back(':');
+ check_read(test_alias_playground.c_str(), 0, TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // control: expect success
+ check_read(TEST_ALIAS, 0, TEST_DATA);
+ check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+}
+
+// verifies that label can contain single ":" character and can not contain ckmc_label_alias_separator sequence
+RUNNER_CHILD_TEST(T3008_manager_check_label_valid)
+{
+ switch_to_storage_user(TEST_LABEL);
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ const char insertion = ckmc_label_name_separator[0];
+
+ // insert part of the separator in the middle
+ std::string test_label_playground = std::string(TEST_LABEL);
+ test_label_playground.insert(test_label_playground.size()/2, 1, insertion);
+ check_read(TEST_ALIAS, test_label_playground.c_str(), TEST_DATA, CKMC_ERROR_INVALID_PARAMETER);
+
+ // control: expect success
+ check_read(TEST_ALIAS, TEST_LABEL, TEST_DATA);
+}
+
// tries to access other application data without permission
RUNNER_TEST(T3020_manager_access_not_allowed)
{
+ CharPtr top_label = get_label();
+
ScopedSaveData ssd(TEST_ALIAS);
{
ScopedLabel sl(TEST_LABEL2);
- check_read_denied(TEST_ALIAS);
-
- check_remove_denied(TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_read_not_visible(TEST_ALIAS_adr.c_str());
+ check_remove_not_visible(TEST_ALIAS_adr.c_str());
}
}
// tries to access other application data with permission
RUNNER_TEST(T3021_manager_access_allowed)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
{
ScopedLabel sl(TEST_LABEL2);
- check_read_allowed(TEST_ALIAS);
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
// tries to read other application data with permission for read/remove
RUNNER_TEST(T3022_manager_access_allowed_with_remove)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
- check_read_allowed(TEST_ALIAS);
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission for reading only
RUNNER_TEST(T3023_manager_access_allowed_remove_denied)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
-
- check_read_allowed(TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3025_manager_remove_allowed)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_allowed(TEST_ALIAS);
+ check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
-// tries to access other application data after allow funciton was called twice with different
+// tries to access other application data after allow function was called twice with different
// rights
RUNNER_TEST(T3026_manager_double_allow)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
// access should be overwritten
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
-
- check_read_allowed(TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
}
}
// tries to access application data with permission and after permission has been revoked
RUNNER_TEST(T3027_manager_allow_deny)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+
allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
-
- check_read_allowed(TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
}
deny_access(TEST_ALIAS, TEST_LABEL2);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
+ check_remove_not_visible(TEST_ALIAS_adr.c_str());
+ check_read_not_visible(TEST_ALIAS_adr.c_str());
+ }
+}
+
+RUNNER_TEST(T3028_manager_access_by_label)
+{
+ CharPtr top_label = get_label();
+ const char *additional_data = "label-2-data";
+ ScopedSaveData ssd(TEST_ALIAS);
+
+ allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+ {
+ ScopedLabel sl(TEST_LABEL2);
+ ScopedSaveData ssd(TEST_ALIAS, additional_data);
+ allow_access(TEST_ALIAS, top_label.get(), CKMC_AR_READ);
+
+ // test if accessing valid alias (of label2 domain)
+ check_read_allowed(TEST_ALIAS, additional_data);
+
+ // this has to be done here - in the scope, otherwise
+ // scope destructor will remove the TEST_LABEL2::TEST_ALIAS
+ {
+ ScopedLabel sl(top_label.get());
- check_read_denied(TEST_ALIAS);
+ // test if can access label2 alias from label1 domain - should succeed
+ check_read_allowed(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str(), additional_data);
+ }
}
+
+ // test if accessing valid alias (of label1 domain)
+ check_read_allowed(TEST_ALIAS);
+
+ // access should not be possible - already left the LABEL2 scope, object should be removed
+ check_read_not_visible(aliasWithLabel(TEST_LABEL2, TEST_ALIAS).c_str());
}
// tries to use admin API as a user
RUNNER_CHILD_TEST(T3110_control_allow_access_as_user)
{
- RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
switch_to_storage_user(TEST_LABEL);
int ret = ckmc_allow_access_by_adm(USER_ROOT, "owner", "alias", "accessor", CKMC_AR_READ);
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
// tries to use admin API as a user
RUNNER_CHILD_TEST(T3111_control_allow_access_as_user)
{
- RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
switch_to_storage_user(TEST_LABEL);
int ret = ckmc_deny_access_by_adm(USER_ROOT, "owner", "alias", "accessor");
RUNNER_ASSERT_MSG(CKMC_ERROR_PERMISSION_DENIED == ret,
// tries to read other application data with permission
RUNNER_TEST(T3121_control_access_allowed)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
{
ScopedLabel sl(TEST_LABEL2);
- check_read_allowed(TEST_ALIAS);
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
// tries to read other application data with permission to read/remove
RUNNER_TEST(T3122_control_access_allowed_with_remove)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
- check_read_allowed(TEST_ALIAS);
+ check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission to read
RUNNER_TEST(T3122_control_access_allowed_remove_denied)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
+ check_remove_denied(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
// tries to remove other application data with permission
RUNNER_TEST(T3125_control_remove_allowed)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ_REMOVE);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_allowed(TEST_ALIAS);
+ check_remove_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
}
}
// rights
RUNNER_TEST(T3126_control_double_allow)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
// access should be overwritten
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
-
- check_read_allowed(TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
}
}
// tries to access other application data with permission and after permission has been revoked
RUNNER_TEST(T3127_control_allow_deny)
{
+ CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
+ std::string TEST_ALIAS_adr = aliasWithLabel(top_label.get(), TEST_ALIAS);
+
allow_access_by_adm(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
-
- check_read_allowed(TEST_ALIAS);
+ check_remove_denied(TEST_ALIAS_adr.c_str());
+ check_read_allowed(TEST_ALIAS_adr.c_str());
}
CharPtr label = get_label();
deny_access_by_adm(TEST_ALIAS, TEST_LABEL2);
{
ScopedLabel sl(TEST_LABEL2);
- check_remove_denied(TEST_ALIAS);
-
- check_read_denied(TEST_ALIAS);
+ check_remove_not_visible(TEST_ALIAS_adr.c_str());
+ check_read_not_visible(TEST_ALIAS_adr.c_str());
}
}
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
+#include <ckm-common.h>
#include <access_provider2.h>
#include <ckm/ckm-manager.h>
"Wrong size of certificate chain.");
}
-RUNNER_TEST(T3073_CAPI_deinit)
+RUNNER_TEST(T3073_CAPI_get_chain_with_alias)
+{
+ std::string ee =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ ckmc_cert_s c_cert;
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
+ c_cert.cert_size = ee.size();
+ c_cert.data_format = CKMC_FORM_PEM;
+
+ // save untrusted certificate
+ ckmc_cert_s c_cert1;
+ c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
+ c_cert1.cert_size = im.size();
+ c_cert1.data_format = CKMC_FORM_PEM;
+ ckmc_policy_s test_policy;
+ test_policy.password = NULL;
+ test_policy.extractable = 1;
+
+ const char *untrusted_alias = "untrusted_certificate";
+ int tmp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_save_cert(untrusted_alias, c_cert1, test_policy)),
+ "Error=" << tmp);
+
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), untrusted_alias);
+
+ // check if exists (access with full path)
+ ckmc_cert_s *c_cert_tmp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_get_cert(full_address.c_str(), NULL, &c_cert_tmp)),
+ "Error=" << tmp);
+ ckmc_cert_free(c_cert_tmp);
+
+ // get cert chain using alias in full "label alias" form
+ ckmc_alias_list_s *untrustedcerts = (ckmc_alias_list_s *)malloc(sizeof(ckmc_alias_list_s));
+ untrustedcerts->alias = strdup(full_address.c_str());
+ untrustedcerts->next = NULL;
+ ckmc_cert_list_s *cert_chain_list;
+
+ tmp = ckmc_get_cert_chain_with_alias(&c_cert, untrustedcerts, &cert_chain_list);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == tmp, "Error=" << tmp << "/" << CKM::ErrorToString(tmp));
+ ckmc_alias_list_free(untrustedcerts);
+
+
+ int cnt = 0;
+ ckmc_cert_list_s *current;
+ ckmc_cert_list_s *next = cert_chain_list;
+ do{
+ current = next;
+ next = current->next;
+ cnt ++;
+ }while(next != NULL);
+ RUNNER_ASSERT_MSG(cnt == 3, "Wrong size of certificate chain.");
+
+ ckmc_cert_list_s *cert_chain_list2 = NULL;
+ ckmc_alias_list_s *untrustedcerts2 = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (tmp = ckmc_get_cert_chain_with_alias(&c_cert, untrustedcerts2, &cert_chain_list2)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ cert_chain_list2 == NULL,
+ "Wrong size of certificate chain.");
+}
+
+RUNNER_TEST(T3074_CAPI_deinit)
{
int temp;
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- "Error=" << temp);
+ "Error=" << temp << " while CKMC_ERROR_VERIFICATION_FAILED: " << CKMC_ERROR_VERIFICATION_FAILED);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
*/
#include <sys/smack.h>
+#include <ckmc/ckmc-type.h>
#include <ckm-common.h>
#include <tests_common.h>
#include <access_provider2.h>
return CharPtr(my_label, free);
}
+std::string aliasWithLabel(const char *label, const char *alias)
+{
+ if(label)
+ {
+ std::stringstream ss;
+ ss << label << std::string(ckmc_label_name_separator) << alias;
+ return ss.str();
+ }
+ return std::string(alias);
+}
+
// changes process label
void change_label(const char* label)
{
// returns process label
CharPtr get_label();
+std::string aliasWithLabel(const char *label, const char *alias);
+
// changes process label
void change_label(const char* label);
#include <tests_common.h>
#include <access_provider2.h>
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-password.h>
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
CKM::RawBuffer buffer(binData.begin(), binData.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_TEST(T1033_remove_bin_data)
std::string binData2 = "My bin data2";
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeData(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->removeData("data1")),
"Error=" << CKM::ErrorToString(temp));
CKM_API_SUCCESS == (temp = manager->removeData("data3")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 1,
- "Wrong size of list: " << aliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == 1,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
auto key = std::make_shared<WrongKeyImpl>(buffer);
CKM::Alias alias = "damaged-rsa";
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
"Error=" << CKM::ErrorToString(ret));
}
int temp;
auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
}
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
CKM::Alias alias("imcert");
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
int tmp;
auto manager = CKM::Manager::create();
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(alias);
+ aliasVector.push_back(full_address);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
RUNNER_ASSERT_MSG(
key->getDER() == key2->getDER(),
"Key value has been changed by service");
+
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeKey(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
"Error=" << CKM::ErrorToString(temp));
"Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
CKM::AliasVector av;
-
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
"Error=" << CKM::ErrorToString(temp));