Security-server and CKM integration tests.

Change-Id: I6ed1a68c2b7644c390d5ad05fe1512fc67e4dc80

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 45ef3a5..bec6a0b 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -80,7 +80,8 @@ ENDIF(SMACK_ENABLE)
 
 ############################# Targets names ###################################
 
-# No target defined so far
+SET(TARGET_CKM_TESTS "ckm-tests")
+SET(COMMON_TARGET_TEST "tests-common")
 
 ############################# subdirectories ##################################
 

diff --git a/tests/ckm/CMakeLists.txt b/tests/ckm/CMakeLists.txt
index fcd0884..c5975d7 100644 (file)
--- a/tests/ckm/CMakeLists.txt
+++ b/tests/ckm/CMakeLists.txt
@@ -24,13 +24,13 @@ INCLUDE(FindPkgConfig)
 PKG_CHECK_MODULES(CKM_DEP
     libsmack
     key-manager
+    security-server
+    dbus-1
     vconf
     REQUIRED)
 
 # Targets definition
 
-SET(TARGET_CKM_TESTS "ckm-tests")
-
 SET(CKM_SOURCES
     ${PROJECT_SOURCE_DIR}/tests/ckm/access_provider2.cpp
     ${PROJECT_SOURCE_DIR}/tests/ckm/main.cpp
@@ -39,6 +39,8 @@ SET(CKM_SOURCES
     ${PROJECT_SOURCE_DIR}/tests/ckm/async-api.cpp
     ${PROJECT_SOURCE_DIR}/tests/ckm/ckm-common.cpp
     ${PROJECT_SOURCE_DIR}/tests/ckm/cc-mode.cpp
+    ${PROJECT_SOURCE_DIR}/tests/ckm/password-integration.cpp
+    ${PROJECT_SOURCE_DIR}/tests/ckm/clean-env.cpp
 )
 
 INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
@@ -47,7 +49,7 @@ INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/tests/ckm/ )
 
 ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
 
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} tests-common)
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
 
 # Installation
 

diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp
index baa8e5d..e29e0a7 100644 (file)
--- a/tests/ckm/capi-access_control.cpp
+++ b/tests/ckm/capi-access_control.cpp
@@ -148,7 +148,7 @@ void allow_access_negative(const char* alias, const char* accessor, ckmc_access_
 {
     // data removal should revoke this access
     int ret = ckmc_allow_access(alias, accessor, rights);
-    RUNNER_ASSERT_MSG_BT(expectedCode == ret, "Trying to allow access returned: " << ret << ", while expected: " << expectedCode);
+    RUNNER_ASSERT_MSG(expectedCode == ret, "Trying to allow access returned: " << ret << ", while expected: " << expectedCode);
 }
 
 void deny_access(const char* alias, const char* accessor)
@@ -160,7 +160,7 @@ void deny_access(const char* alias, const char* accessor)
 void deny_access_negative(const char* alias, const char* accessor, int expectedCode)
 {
     int ret = ckmc_deny_access(alias, accessor);
-    RUNNER_ASSERT_MSG_BT(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode);
+    RUNNER_ASSERT_MSG(expectedCode == ret, "Denying access failed. Error: " << ret << ", while expected: " << expectedCode);
 }
 
 void allow_access_by_adm(const char* alias, const char* accessor, ckmc_access_right_e rights)
@@ -566,7 +566,7 @@ RUNNER_TEST(T3031_manager_test_decrypt_from_another_label)
         check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
 
         // remove the DKEK key - so that on read it must be added again
-        RUNNER_ASSERT_MSG_BT(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+        RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
                              "Error=" << temp);
 
         // on this read, DKEK key will be added again

diff --git a/tests/ckm/clean-env.cpp b/tests/ckm/clean-env.cpp
new file mode 100644 (file)
index 0000000..156c104
--- /dev/null
+++ b/tests/ckm/clean-env.cpp
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file    security_server_tests_clean_env.cpp
+ * @author  Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief   Functions to prepare clean env for tests.
+ *
+ */
+
+#include <ftw.h>
+#include <unistd.h>
+
+#include <ckm/ckm-control.h>
+
+#include <dbus_access.h>
+#include <clean-env.h>
+
+int restart_security_server() {
+    DBusAccess dbusAccess("/org/freedesktop/systemd1/unit/security_2dserver_2eservice");
+
+    dbusAccess.restart();
+
+    return 0;
+}
+
+static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
+                               int tflag, struct FTW *ftwbuf)
+{
+    if (tflag == FTW_F)
+        unlink(fpath);
+    else if (tflag == FTW_DP && ftwbuf->level != 0)
+        rmdir(fpath);
+
+    return 0;
+}
+
+/**
+ * This function should be called at the begining of every SS test, so all the tests
+ * are independent of each other.
+ */
+int reset_security_server()
+{
+    const char* path = "/opt/data/security-server/";
+    const int max_descriptors = 10; //max number of open file descriptors by nftw function
+
+    // Clear /opt/data/security-server/ directory
+    if (access(path, F_OK) == 0) {
+        if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
+            return 1;
+        }
+        sync();
+    }
+
+    restart_security_server();
+    auto control = CKM::Control::create();
+
+    if (!!control) {
+        control->lockUserKey(5000);
+        control->removeUserData(5000);
+        control->unlockUserKey(5000, "");
+    }
+
+    return 0;
+}
+

diff --git a/tests/ckm/clean-env.h b/tests/ckm/clean-env.h
new file mode 100644 (file)
index 0000000..a15f455
--- /dev/null
+++ b/tests/ckm/clean-env.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ */
+/*
+ * @file    security_server_tests_clean_env.cpp
+ * @author  Zbigniew Jasinski (z.jasinski@samsung.com)
+ * @version 1.0
+ * @brief   Functions to prepare clean env for tests.
+ *
+ */
+#pragma once
+
+#include <ftw.h>
+#include <unistd.h>
+
+#include <ckm/ckm-control.h>
+
+#include <dbus_access.h>
+
+int restart_security_server();
+int reset_security_server();
+

diff --git a/tests/ckm/main.cpp b/tests/ckm/main.cpp
index ea39738..0734f69 100644 (file)
--- a/tests/ckm/main.cpp
+++ b/tests/ckm/main.cpp
@@ -248,23 +248,23 @@ RUNNER_TEST(T1014_save_with_label)
     CharPtr top_label = get_label();
     std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
 
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
 
     // lookup by name
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
         "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         key->getDER() == key_name->getDER(),
         "Key value has been changed by service");
 
     // lookup by full address
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
         "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         key->getDER() == key_full_addr->getDER(),
         "Key value has been changed by service");
 }
@@ -622,10 +622,10 @@ RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
     ap.allowAPI("key-manager::api-storage", "rw");
     ap.applyAndSwithToUser(USER_APP, GROUP_APP);
 
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
 }
@@ -824,7 +824,7 @@ RUNNER_TEST(T12103_saveKey_foreign_label)
 
     int ret;
     auto manager = CKM::Manager::create();
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
         "Error=" << CKM::ErrorToString(ret));
 }
@@ -920,7 +920,7 @@ RUNNER_TEST(T12106_saveCertificate_foreign_label)
 
     int temp;
     auto manager = CKM::Manager::create();
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
 }
@@ -958,7 +958,7 @@ RUNNER_TEST(T12109_saveData_foreign_label)
 
     int temp;
     auto manager = CKM::Manager::create();
-    RUNNER_ASSERT_MSG_BT(
+    RUNNER_ASSERT_MSG(
         CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
         "Error=" << CKM::ErrorToString(temp));
 }

diff --git a/tests/ckm/password-integration.cpp b/tests/ckm/password-integration.cpp
new file mode 100644 (file)
index 0000000..18324d3
--- /dev/null
+++ b/tests/ckm/password-integration.cpp
@@ -0,0 +1,265 @@
+/*
+ *  Copyright (c) 2000 - 2014 Samsung Electronics Co.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ *
+ * @file       password-integration.cpp
+ * @author     Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version    1.0
+ */
+#include <vector>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/log/log.h>
+
+#include <tests_common.h>
+
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <security-server.h>
+
+#include <access_provider2.h>
+#include <clean-env.h>
+
+CKM::Alias CKM_ALIAS1 = "ALIAS1";
+CKM::Alias CKM_ALIAS2 = "ALIAS2";
+
+CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
+
+const char * PASSWORD1 = "LongPassword1";
+const char * PASSWORD2 = "LongerPassword2";
+
+static const int USER_APP = 5000;
+
+const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
+
+void dropPrivileges() {
+    static const std::string LABEL1 = "TestLabel1";
+    static const int GROUP_APP = 5000;
+
+    AccessProvider ap(LABEL1);
+    ap.allowAPI("key-manager::api-storage", "rw");
+    ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4010_INIT)
+{
+    reset_security_server();
+    unsigned int attempt, max_attempt, expire_sec;
+
+    int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4011_ADD_DATA)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+    RUNNER_ASSERT_MSG_BT(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4012_CLOSE_CKM_DB)
+{
+    auto ctl = CKM::Control::create();
+
+    int ret = ctl->lockUserKey(USER_APP);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4013_GET_DATA)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    CKM::RawBuffer buffer;
+
+    // CKM will automaticly unlock with empty password
+    int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+    unsigned int attempt, max_attempt, expire_sec;
+
+    usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+    int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4015_GET_DATA)
+{
+    dropPrivileges();
+    auto mgr = CKM::Manager::create();
+
+    CKM::RawBuffer buffer;
+    int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+    RUNNER_ASSERT_MSG_BT(buffer == BIN_DATA1, "Data mismatch");
+}
+
+RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4020_INIT)
+{
+    reset_security_server();
+
+    int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4021_ADD_DATA)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+    RUNNER_ASSERT_MSG_BT(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4022_CLOSE_CKM_DB)
+{
+    unsigned int attempt, max, expire;
+
+    auto ctl = CKM::Control::create();
+
+    int ret = ctl->lockUserKey(USER_APP);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+    usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+    // login with current password to get rid of invalid "NULL" DKEK
+    ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+
+    ret = ctl->lockUserKey(USER_APP);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    CKM::RawBuffer buffer;
+    int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+    RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+    unsigned int attempt, max, expire;
+
+    usleep(PASSWORD_RETRY_TIMEOUT_US);
+    int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
+}
+
+RUNNER_CHILD_TEST(T4025_GET_DATA)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    CKM::RawBuffer buffer;
+    int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+    RUNNER_ASSERT_MSG_BT(buffer == BIN_DATA1, "Data missmatch");
+}
+
+RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4030_INIT)
+{
+    reset_security_server();
+
+    int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4031_ADD_DATA)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+    RUNNER_ASSERT_MSG_BT(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4032_CLOSE_CKM_DB)
+{
+    unsigned int attempt, max, expire;
+
+    auto ctl = CKM::Control::create();
+
+    int ret = ctl->lockUserKey(USER_APP);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+    usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+    // login with current password to get rid of invalid "NULL" DKEK
+    ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+
+    ret = ctl->lockUserKey(USER_APP);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    CKM::RawBuffer buffer;
+    int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+    RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+    usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+    int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
+    RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+}
+
+RUNNER_CHILD_TEST(T4035_GET_DATA)
+{
+    dropPrivileges();
+
+    auto mgr = CKM::Manager::create();
+
+    CKM::RawBuffer buffer;
+    int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+    RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+    RUNNER_ASSERT_MSG_BT(buffer == BIN_DATA1, "Data mismatch");
+}
+
+

diff --git a/tests/common/CMakeLists.txt b/tests/common/CMakeLists.txt
index 67b1fbe..6efff90 100644 (file)
--- a/tests/common/CMakeLists.txt
+++ b/tests/common/CMakeLists.txt
@@ -1,5 +1,4 @@
 INCLUDE(FindPkgConfig)
-SET(COMMON_TARGET_TEST "tests-common")
 
 #dependencies
 PKG_CHECK_MODULES(COMMON_TARGET_DEP