CharPtr top_label = get_label();
std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
// lookup by name
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
"Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
key->getDER() == key_name->getDER(),
"Key value has been changed by service");
// lookup by full address
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
"Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
key->getDER() == key_full_addr->getDER(),
"Key value has been changed by service");
}
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
}
int ret;
auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
"Error=" << CKM::ErrorToString(ret));
}
int temp;
auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
}
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * @file password-integration.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <vector>
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+#include <dpl/log/log.h>
+
+#include <tests_common.h>
+
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+
+#include <security-server.h>
+
+#include <access_provider2.h>
+#include <clean-env.h>
+
+CKM::Alias CKM_ALIAS1 = "ALIAS1";
+CKM::Alias CKM_ALIAS2 = "ALIAS2";
+
+CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
+
+const char * PASSWORD1 = "LongPassword1";
+const char * PASSWORD2 = "LongerPassword2";
+
+static const int USER_APP = 5000;
+
+const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
+
+void dropPrivileges() {
+ static const std::string LABEL1 = "TestLabel1";
+ static const int GROUP_APP = 5000;
+
+ AccessProvider ap(LABEL1);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4010_INIT)
+{
+ reset_security_server();
+ unsigned int attempt, max_attempt, expire_sec;
+
+ int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4011_ADD_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+ RUNNER_ASSERT_MSG_BT(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4012_CLOSE_CKM_DB)
+{
+ auto ctl = CKM::Control::create();
+
+ int ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4013_GET_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+
+ // CKM will automaticly unlock with empty password
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+ unsigned int attempt, max_attempt, expire_sec;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4015_GET_DATA)
+{
+ dropPrivileges();
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG_BT(buffer == BIN_DATA1, "Data mismatch");
+}
+
+RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4020_INIT)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4021_ADD_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+ RUNNER_ASSERT_MSG_BT(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4022_CLOSE_CKM_DB)
+{
+ unsigned int attempt, max, expire;
+
+ auto ctl = CKM::Control::create();
+
+ int ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // login with current password to get rid of invalid "NULL" DKEK
+ ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+
+ ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+ unsigned int attempt, max, expire;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
+}
+
+RUNNER_CHILD_TEST(T4025_GET_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG_BT(buffer == BIN_DATA1, "Data missmatch");
+}
+
+RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
+
+RUNNER_TEST(T4030_INIT)
+{
+ reset_security_server();
+
+ int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "");
+}
+
+RUNNER_CHILD_TEST(T4031_ADD_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
+ RUNNER_ASSERT_MSG_BT(ret == CKM_API_SUCCESS, "");
+}
+
+RUNNER_TEST(T4032_CLOSE_CKM_DB)
+{
+ unsigned int attempt, max, expire;
+
+ auto ctl = CKM::Control::create();
+
+ int ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // login with current password to get rid of invalid "NULL" DKEK
+ ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+
+ ret = ctl->lockUserKey(USER_APP);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG_BT(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
+{
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
+}
+
+RUNNER_CHILD_TEST(T4035_GET_DATA)
+{
+ dropPrivileges();
+
+ auto mgr = CKM::Manager::create();
+
+ CKM::RawBuffer buffer;
+ int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
+ RUNNER_ASSERT_MSG_BT(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
+
+ RUNNER_ASSERT_MSG_BT(buffer == BIN_DATA1, "Data mismatch");
+}
+
+