############################# Targets names ###################################
+SET(TARGET_CKM_TEST_COMMON "ckm-test-common")
SET(TARGET_CKM_TESTS "ckm-tests")
+SET(TARGET_CKM_PRIVILEGED_TESTS "ckm-privileged-tests")
SET(TARGET_CKMI_TESTS "ckm-integration-tests")
SET(COMMON_TARGET_TEST "tests-common")
<filesystem path="/usr/bin/libsmack-test" exec_label="_" />
<filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
- <filesystem path="/usr/bin/ckm-tests" exec_label="System::Privileged" />
+ <filesystem path="/usr/bin/ckm-tests" exec_label="User" />
+ <filesystem path="/usr/bin/ckm-privileged-tests" exec_label="System::Privileged" />
</assign>
<request>
<domain name="_" />
/usr/apps/*
/usr/bin/cynara-test
/usr/bin/ckm-tests
+/usr/bin/ckm-privileged-tests
/usr/bin/ckm-tests-on-onlycap.sh
/usr/bin/ckm-integration-tests
%{ckm_test_dir}/*
ADD_DEFINITIONS("-DCKM_TEST_DIR=\"${CKM_TEST_DIR}\"")
ADD_DEFINITIONS("-DCKM_RW_DATA_DIR=\"${CKM_RW_DATA_DIR}\"")
-# Dependencies
-PKG_CHECK_MODULES(CKM_DEP
+PKG_CHECK_MODULES(CKM_TEST_COMMON_DEP
REQUIRED
- libsmack
key-manager
- dbus-1
- vconf)
-
-# Targets definition
+)
-SET(CKM_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/access_provider2.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/main.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-testcases.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-certificate-chains.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/capi-access_control.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/algo-params.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption-env.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption.cpp
+SET(CKM_TEST_COMMON_SRCS
+ ckm-common.cpp
+ test-certs.cpp
)
-INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(SYSTEM ${CKM_TEST_COMMON_DEP_INCLUDE_DIRS})
INCLUDE_DIRECTORIES(
+ .
${PROJECT_SOURCE_DIR}/src/common
- ${PROJECT_SOURCE_DIR}/src/ckm
)
-ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST})
-
-# Installation
+ADD_LIBRARY(${TARGET_CKM_TEST_COMMON} ${CKM_TEST_COMMON_SRCS})
-INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
-INSTALL(FILES ckm-tests-on-onlycap.sh
- DESTINATION bin
- PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TEST_COMMON}
+ ${CKM_TEST_COMMON_DEP_LIBRARIES}
+ ${COMMON_TARGET_TEST}
)
-INSTALL(FILES
- test1801.pkcs12
- pkcs.p12
- capi-t3096.p12
- XML_1_okay.xml
- XML_2_okay.xml
- XML_3_wrong.xml
- device_key.xml
- DESTINATION ${CKM_TEST_DIR}
- )
-
-# C compilation
+# C compilation test
SET(TARGET_C_COMPILATION_TEST "ckm-c-compilation-test")
-
-SET(C_COMPILATION_SOURCES
- ${PROJECT_SOURCE_DIR}/src/ckm/c-compilation.c
-)
-
-PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP
- REQUIRED
- key-manager)
-
+SET(C_COMPILATION_SOURCES c-compilation.c)
+PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP REQUIRED key-manager)
ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES})
-
TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES})
+
+INSTALL(DIRECTORY resource/ DESTINATION ${CKM_TEST_DIR})
+
+ADD_SUBDIRECTORY(privileged)
+ADD_SUBDIRECTORY(unprivileged)
#include <ckmc/ckmc-type.h>
#include <ckm-common.h>
#include <tests_common.h>
-#include <access_provider2.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-manager.h>
#include <ckmc/ckmc-control.h>
#include <ckmc/ckmc-manager.h>
-#include <service_manager.h>
#include <fcntl.h>
#include <unistd.h>
}
}
-const char* SERVICE[] = {
- "central-key-manager-listener.service",
- "central-key-manager.service" };
-
-void start_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.startService();
-}
-
-void stop_service(ServiceIdx idx)
-{
- ServiceManager sm(SERVICE[idx]);
- sm.stopService();
-}
-
std::string getLabel() {
int ret;
char* myLabel = NULL;
return std::string(alias);
}
-// changes process label
-void change_label(const char* label)
+std::string aliasWithLabelFromSelf(const char *alias)
{
- int ret = smack_set_label_for_self(label);
- RUNNER_ASSERT_MSG(0 == ret, "Error in smack_set_label_for_self("<<label<<"). Error: " << ret);
-}
+ std::ostringstream oss;
+ oss << getOwnerIdFromSelf() << ckmc_label_name_separator << alias;
-ScopedLabel::ScopedLabel(const char* label) : m_original_label(getLabel())
-{
- change_label(label);
-}
-
-ScopedLabel::~ScopedLabel()
-{
- /*
- * Let it throw. If we can't restore label then remaining tests results will be
- * unreliable anyway.
- */
- change_label(m_original_label.c_str());
+ return oss.str();
}
#define ERRORDESCRIBE(name) case name: return #name
return size;
}
-
-// service lifecycle management
-enum ServiceIdx {
- LISTENER,
- MANAGER
-};
-void start_service(ServiceIdx idx);
-void stop_service(ServiceIdx idx);
-
// scoped free
typedef std::unique_ptr<char, void (*)(void *)> CharPtr;
+std::string getLabel();
// returns process owner id
std::string getOwnerIdFromSelf();
std::string aliasWithLabel(const char *label, const char *alias);
-
-// changes process label
-void change_label(const char* label);
-
-// changes process label upon construction and restores it upon destruction
-class ScopedLabel
-{
-public:
- ScopedLabel(const char* label);
- ~ScopedLabel();
-
-private:
- std::string m_original_label;
-};
+std::string aliasWithLabelFromSelf(const char *alias);
void save_data(const char* alias, const char *data, int expected_err = CKMC_ERROR_NONE);
void save_data(const char* alias, const char *data, size_t len, int expected_err);
--- /dev/null
+# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+PKG_CHECK_MODULES(CKM_DEP
+ REQUIRED
+ libsmack
+ dbus-1
+)
+
+SET(CKM_SOURCES
+ access_provider2.cpp
+ async-api.cpp
+ capi-access_control.cpp
+ ckm-privileged-common.cpp
+ initial-values.cpp
+ main.cpp
+ system-db.cpp
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common
+ ..
+ .
+)
+
+ADD_EXECUTABLE(${TARGET_CKM_PRIVILEGED_TESTS} ${CKM_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKM_PRIVILEGED_TESTS}
+ ${TARGET_CKM_TEST_COMMON}
+ ${CKM_DEP_LIBRARIES}
+ ${COMMON_TARGET_TEST}
+)
+
+INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin)
+INSTALL(FILES ckm-tests-on-onlycap.sh
+ DESTINATION bin
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE
+ GROUP_READ GROUP_EXECUTE
+ WORLD_READ WORLD_EXECUTE
+)
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file async-api.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <mutex>
+#include <utility>
+#include <condition_variable>
+#include <cassert>
+
+#include <ckmc/ckmc-type.h>
+#include <ckm/ckm-manager-async.h>
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-raw-buffer.h>
+
+#include <fstream>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <test-certs.h>
+#include <ckm-common.h>
+#include <access_provider2.h>
+#include <random>
+
+using namespace CKM;
+using namespace std;
+using namespace TestData;
+
+namespace {
+
+const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
+
+const char* TEST_PASS = "test-pass";
+
+const CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CertificateShPtrVector NULL_PTR_VECTOR = {
+ CertificateShPtr(),
+ CertificateShPtr(),
+ CertificateShPtr()
+};
+const AliasVector EMPTY_ALIAS_VECTOR;
+const Alias alias_PKCS_exportable = "async-test-PKCS-export";
+const Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
+
+class MyObserver: public ManagerAsync::Observer
+{
+public:
+ MyObserver() :
+ m_finished(false), m_error(0)
+ {
+ }
+
+ void ReceivedError(int error)
+ {
+ m_finished = true;
+ m_error = error;
+ m_cv.notify_one();
+ }
+
+ void ReceivedSaveKey() { Succeeded(); }
+ void ReceivedSaveCertificate() { Succeeded(); }
+ void ReceivedSaveData() { Succeeded(); }
+ void ReceivedSavePKCS12() { Succeeded(); }
+
+ void ReceivedRemovedAlias() { Succeeded(); }
+
+ void ReceivedKey(Key &&) { Succeeded(); }
+ void ReceivedCertificate(Certificate &&) { Succeeded(); }
+ void ReceivedData(RawBuffer &&) { Succeeded(); }
+ void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
+
+ void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+
+ void ReceivedCreateKeyAES() { Succeeded(); }
+ void ReceivedCreateKeyPair() { Succeeded(); }
+
+ void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
+ { m_certChain = move(chain); Succeeded(); }
+
+ void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
+ void ReceivedVerifySignature() { Succeeded(); }
+
+ void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
+
+ void ReceivedSetPermission() { Succeeded(); }
+
+ void WaitForResponse()
+ {
+ unique_lock < mutex > lock(m_mutex);
+
+ m_cv.wait(lock, [this] {return m_finished;});
+ }
+
+ bool m_finished;
+ int m_error;
+ AliasVector m_aliases;
+ CertificateShPtrVector m_certChain;
+ PKCS12ShPtr m_pkcs;
+ RawBuffer m_signed;
+ int m_ocspStatus;
+
+protected:
+ void Succeeded()
+ {
+ m_finished = true;
+ m_cv.notify_one();
+ }
+
+ mutex m_mutex;
+ condition_variable m_cv;
+};
+
+typedef shared_ptr<MyObserver> MyObserverPtr;
+
+enum Type {
+ RSA,
+ DSA,
+ ECDSA,
+ AES
+};
+
+struct KeyContainer
+{
+ // assymetric
+ KeyContainer(const std::string& prv_pem, const std::string& pub_pem) {
+ RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
+ prv = Key::create(buffer_prv);
+ assert(prv);
+
+ RawBuffer buffer_pub(pub_pem.begin(), pub_pem.end());
+ pub = Key::create(buffer_pub);
+ assert(pub);
+ }
+
+ // symmetric
+ KeyContainer(const RawBuffer& key_raw) {
+ prv = pub = Key::createAES(key_raw);
+ assert(prv);
+ assert(pub);
+ }
+
+ KeyShPtr prv;
+ KeyShPtr pub;
+};
+
+typedef map<Type, vector<KeyContainer> > KeyMap;
+
+
+KeyMap initializeKeys()
+{
+ KeyMap km;
+
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4\n"
+ "x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x\n"
+ "fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx\n"
+ "KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr\n"
+ "sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN\n"
+ "p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4\n"
+ "Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj\n"
+ "ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl\n"
+ "oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/\n"
+ "UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw\n"
+ "iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2\n"
+ "N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=\n"
+ "-----END RSA PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt\n"
+ "JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B\n"
+ "CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+\n"
+ "3Op0tEjy0jpmzeyNiQIDAQAB\n"
+ "-----END PUBLIC KEY-----"
+ );
+
+ km[RSA].emplace_back(
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6\n"
+ "YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6T\n"
+ "AQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7m\n"
+ "Tus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2QNv3kBPuYdQQrXhoxCcIVtSIl8pU\n"
+ "fI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8SGjA6mSpmrp7lPlKE\n"
+ "9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWpxOzb\n"
+ "lliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37J\n"
+ "IudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4\n"
+ "V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDes\n"
+ "NBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ4rsmBqOwuglHFW52dIZEG9u/20ta\n"
+ "QMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLiBLx0Yr/RXKf6gJUCAwEA\n"
+ "AQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh18pva5Kzh\n"
+ "EU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh\n"
+ "9u236vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXN\n"
+ "GF5JjNcCOQxO1Em8pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG\n"
+ "5DPb19r9XjQhUPjbcq3/4qmLwtLT9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+\n"
+ "fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK6wX2IQ+7vJoWQyg2w6DbpSRq\n"
+ "cyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxeeRpNqFU9OCw0B\n"
+ "d3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O\n"
+ "bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBW\n"
+ "gUyLSdxR5RoEjBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbP\n"
+ "ggFZ8JnuwgtNo0soVKsWGATH65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX8\n"
+ "0jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H1TYDjwA1iBFku/O/xx7Jag7Y0A2l\n"
+ "1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MOGFTs5r9QyM//sm5D\n"
+ "2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDOUCx6\n"
+ "xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0\n"
+ "/zX4MFMD/Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWd\n"
+ "kKpm9xcFddATlT0CggEBAOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvE\n"
+ "qgKHOgZO9ztD6/UgX41uc+3rKfvmY5AsldGZgd0ov/DyeF0N834LeBVayG1fdcEt\n"
+ "amqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9TwoUWS2xmldc+nehCdHs\n"
+ "WQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ETjKemdK\n"
+ "HQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5\n"
+ "ZB7ev8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FW\n"
+ "Nqvwp9PQzxwTv8wuxBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o\n"
+ "1Rad6jtb1SiV9KcPk83wIeoUk/xp0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7L\n"
+ "qpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8eTEywu5yrMGeAjVpLFfKlmGI\n"
+ "pYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk2kuGLYXISfUG\n"
+ "j0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a\n"
+ "xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8W\n"
+ "X4+ZEW7S4heLsUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/a\n"
+ "W22I0REV5UU8bS1F7taV93EwWmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVy\n"
+ "FjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4igfJpPcUFYOazZ3Y7q53RdCgIPKKy\n"
+ "iVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GHW93TUDTKWlTXyUFm\n"
+ "C2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltYG08t\n"
+ "fEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL6\n"
+ "06qeBC8xoVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQ\n"
+ "pyVWfB+F2ppBOYtKvNubyKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+I\n"
+ "Qj8I06c1T31kzfJ71Vx1DUWZW/65xmFD4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rq\n"
+ "uPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+Vx676FQrM4EzjSSqgA==\n"
+ "-----END RSA PRIVATE KEY-----\n",
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3\n"
+ "+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui\n"
+ "tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB\n"
+ "x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2\n"
+ "QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8\n"
+ "9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4\n"
+ "m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA\n"
+ "+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp\n"
+ "f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4\n"
+ "+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ\n"
+ "4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+\n"
+ "8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==\n"
+ "-----END PUBLIC KEY-----");
+ km[DSA].emplace_back(
+ "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQDIsQRYgnU4mm5VrMyykpNNzeHTQAO8E2hJAcOwNPBrdos8amak\n"
+ "rcJnyBaNh56ZslcuXNEKJuxiDsy4VM9KUR8fHTqTiF5s+4NArzdrdwNQpKWjAqJN\n"
+ "fgpCdaLZHw9o857flcQ4dyYNnAz1/SNGnv03Dm8EYRNRFNaFNw7zBPjyVwIVANyj\n"
+ "7ijLfrCbDZDi6ond5Np1Ns0hAoGBAIcS1ceWtw6DAGmYww27r/1lLtqjrq8j0w0a\n"
+ "F6Ly+pZ/y+WTw9KT18eRKPmVgruVSn3VVVJeN00XaoKvfPSHkTRIE5rro2ZEInhp\n"
+ "3g0Vak7EXJWe7KKBRXqSMNFkndjKv1nyNKeWSEq9Xql6SPn8J8TfmbyUpPSIglZR\n"
+ "vJ2DHwHJAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkBeukXzeZGqNWEjgzLAjMZEVYM\n"
+ "DLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23ToR8fQuiBu+KvtAP/QuCOJ/L\n"
+ "S0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6J2+fygnWcOOSo6sCFC/slPOv\n"
+ "yAKPlW7WQzgV5jLLNUW7\n"
+ "-----END DSA PRIVATE KEY-----\n",
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMixBFiCdTiablWszLKSk03N4dNAA7wT\n"
+ "aEkBw7A08Gt2izxqZqStwmfIFo2HnpmyVy5c0Qom7GIOzLhUz0pRHx8dOpOIXmz7\n"
+ "g0CvN2t3A1CkpaMCok1+CkJ1otkfD2jznt+VxDh3Jg2cDPX9I0ae/TcObwRhE1EU\n"
+ "1oU3DvME+PJXAhUA3KPuKMt+sJsNkOLqid3k2nU2zSECgYEAhxLVx5a3DoMAaZjD\n"
+ "Dbuv/WUu2qOuryPTDRoXovL6ln/L5ZPD0pPXx5Eo+ZWCu5VKfdVVUl43TRdqgq98\n"
+ "9IeRNEgTmuujZkQieGneDRVqTsRclZ7sooFFepIw0WSd2Mq/WfI0p5ZISr1eqXpI\n"
+ "+fwnxN+ZvJSk9IiCVlG8nYMfAckDgYQAAoGAPZLRdIhIIJi4UWoyQrCqk1iF3pkB\n"
+ "eukXzeZGqNWEjgzLAjMZEVYMDLLKippahjxLZSWB7LOoS+XE4fonpBBute/tgF23\n"
+ "ToR8fQuiBu+KvtAP/QuCOJ/LS0aYYr1/eXmMByYPZ58Vf93KuUgoUAkWmc+mLBn6\n"
+ "J2+fygnWcOOSo6s=\n"
+ "-----END PUBLIC KEY-----\n"
+ );
+ km[ECDSA].emplace_back(
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MF8CAQEEGF3rz8OuFpcESrlqCm0G96oovr0XbX+DRKAKBggqhkjOPQMBAaE0AzIA\n"
+ "BHiZYByQiRNQ91GWNnTfoBbp9G8DP9oJYc/cDZlk4lKUpmbvm//RWf1U7ag3tOVy\n"
+ "sQ==\n"
+ "-----END EC PRIVATE KEY-----",
+
+ "-----BEGIN PUBLIC KEY-----\n"
+ "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEeJlgHJCJE1D3UZY2dN+gFun0bwM/\n"
+ "2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
+ "-----END PUBLIC KEY-----"
+ );
+
+ CKM::RawBuffer AES_key = createRandomBuffer(256/8);
+ km[AES].emplace_back(AES_key);
+
+ return km;
+}
+
+KeyMap keys = initializeKeys();
+typedef vector<CertificateShPtr> CertVector;
+
+const RawBuffer raw_buffer(const char* buffer)
+{
+ return RawBuffer(buffer, buffer + strlen(buffer));
+}
+
+const RawBuffer test_buffer = raw_buffer("test_string");
+
+template <typename F, typename... Args>
+void test_negative(F&& func, int expected, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
+
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
+ obs->WaitForResponse();
+
+ RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
+ RUNNER_ASSERT_MSG(
+ obs->m_error == expected,
+ "Expected " << expected << "/" << CKMErrorToString(expected) <<
+ " got: " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+}
+
+template <typename F, typename... Args>
+void test_invalid_param(F&& func, Args... args)
+{
+ test_negative(move(func), CKM_API_ERROR_INPUT_PARAM, args...);
+}
+
+template <typename F, typename... Args>
+MyObserverPtr test_positive(F&& func, Args... args)
+{
+ MyObserverPtr obs = make_shared<MyObserver>();
+ ManagerAsync mgr;
+
+ (mgr.*func)(static_pointer_cast < ManagerAsync::Observer > (obs), args...);
+ obs->WaitForResponse();
+
+ RUNNER_ASSERT_MSG(obs->m_finished, "Request is not finished!");
+ RUNNER_ASSERT_MSG(obs->m_error == 0,
+ "Request failed " << obs->m_error << "/" << CKMErrorToString(obs->m_error));
+ return obs;
+}
+
+template <typename F, typename... Args>
+void test_check_aliases(F&& func, const AliasVector& expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(obs->m_aliases == expected, "Retrieved aliases differ from expected");
+}
+
+template <typename F, typename... Args>
+void test_check_cert_chain(F&& func, size_t expected, Args... args)
+{
+ auto obs = test_positive(move(func), args...);
+ RUNNER_ASSERT_MSG(
+ obs->m_certChain.size() == expected,
+ "Expected chain length: " << expected << " got: " << obs->m_certChain.size());
+}
+
+typedef void (ManagerAsync::*certChainFn1)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const CertificateShPtrVector&,
+ const CertificateShPtrVector&,
+ bool);
+
+typedef void (ManagerAsync::*certChainFn2)(const ManagerAsync::ObserverPtr&,
+ const CertificateShPtr&,
+ const AliasVector&,
+ const AliasVector&,
+ bool);
+
+class UserEnv : public RemoveDataEnv<APP_UID>
+{
+public:
+ void init(const std::string & str) {
+ RemoveDataEnv<APP_UID>::init(str);
+ unlock_user_data(APP_UID, TEST_PASS);
+ m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID));
+ }
+ void finish() {
+ m_ap.reset();
+ // lock is performed by remove_user_data() in RemoveDataEnv
+ RemoveDataEnv<APP_UID>::finish();
+ }
+ std::unique_ptr<ScopedAccessProvider> m_ap;
+};
+
+} // namespace anonymous
+
+RUNNER_TEST_GROUP_INIT(CKM_ASYNC_API);
+
+// setPermission
+RUNNER_TEST(TA1810_allow_access_invalid_param, UserEnv)
+{
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
+}
+
+RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
+{
+ ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
+ std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ save_data(alias1.c_str(), TEST_DATA);
+ save_data(alias2.c_str(), TEST_DATA);
+ save_data(alias3.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL_2,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ }
+
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
+
+ // test from allowed label, but without properly addressing alias (coming from default label)
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
+
+ // now test with appropriate addressing
+ test_positive(&ManagerAsync::getData, alias2, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
+
+ test_positive(&ManagerAsync::getData, alias3, "");
+ test_positive(&ManagerAsync::removeAlias, alias3);
+ }
+}
+
+// denyAccess
+RUNNER_TEST(TA1910_deny_access_invalid_param, UserEnv)
+{
+ test_no_observer(&ManagerAsync::setPermission, "alias", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "", "accessor", CKM::Permission::NONE);
+ test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
+}
+
+RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
+{
+ ScopedDBUnlock dbu(APP_UID, TEST_PASS);
+
+ // prepare: add data
+ std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
+ {
+ ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
+ save_data(alias1.c_str(), TEST_DATA);
+
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL_2,
+ CKM::Permission::NONE);
+ }
+
+ {
+ ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
+
+ test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
+ test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ckm-privileged-common.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+#include "ckm-privileged-common.h"
+
+#include <dpl/test/test_runner.h>
+
+#include <service_manager.h>
+#include <ckm-common.h>
+
+namespace {
+
+const char *SERVICE[] = {
+ "central-key-manager-listener.service",
+ "central-key-manager.service"
+};
+
+void changeLabel(const char *label)
+{
+ int ret = smack_set_label_for_self(label);
+ RUNNER_ASSERT_MSG(0 == ret,
+ "Error in smack_set_label_for_self(" << label << "). Error: " << ret);
+}
+
+} // namespace anonymous
+
+ScopedLabel::ScopedLabel(const char *label) : m_original_label(getLabel())
+{
+ changeLabel(label);
+}
+
+ScopedLabel::~ScopedLabel()
+{
+ /*
+ * Let it throw. If we can't restore label then remaining tests results will be
+ * unreliable anyway.
+ */
+ changeLabel(m_original_label.c_str());
+}
+
+void start_service(ServiceIdx idx)
+{
+ ServiceManager sm(SERVICE[idx]);
+ sm.startService();
+}
+
+void stop_service(ServiceIdx idx)
+{
+ ServiceManager sm(SERVICE[idx]);
+ sm.stopService();
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file ckm-privileged-common.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <string>
+
+// service lifecycle management
+enum ServiceIdx {
+ LISTENER,
+ MANAGER
+};
+
+void start_service(ServiceIdx idx);
+void stop_service(ServiceIdx idx);
+
+// changes process label upon construction and restores it upon destruction
+class ScopedLabel
+{
+public:
+ ScopedLabel(const char* label);
+ ~ScopedLabel();
+
+private:
+ std::string m_original_label;
+};
System" > /sys/fs/smackfs/onlycap
# set capability for changing smack label of self and add/remove smack rules
-setcap cap_mac_admin=eip /usr/bin/ckm-tests
+setcap cap_mac_admin=eip /usr/bin/ckm-privileged-tests
# run test
-ckm-tests "${@}" # propagate all arguments
+ckm-privileged-tests "${@}" # propagate all arguments
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <ckm-common.h>
+#include <ckm-privileged-common.h>
#include <ckm/ckm-control.h>
#include <ckmc/ckmc-manager.h>
#include <access_provider2.h>
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <netdb.h>
+
+#include <dpl/test/test_runner.h>
+#include <dpl/test/test_runner_child.h>
+
+#include <tests_common.h>
+#include <test-certs.h>
+#include <access_provider2.h>
+#include <ckm-common.h>
+#include <ckm-privileged-common.h>
+
+#include <ckm/ckm-manager.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-password.h>
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-pkcs12.h>
+
+#include <fstream>
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+
+const int USER_APP_2 = 5020;
+const int USER_APP_3 = 5030;
+
+const char * const APP_PASS = "user-pass";
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
+
+/*
+ * How to numerate tests:
+ * TABCD_NAME
+ * T - test case (always T)
+ * AB - number of test group (always two digits)
+ * C - test number in group (all tests with same TABC must be run in the same time).
+ * D - subtest.
+ */
+
+RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1510_init_unlock_key)
+{
+ reset_user_data(USER_TEST, APP_PASS);
+}
+
+RUNNER_TEST(T1511_insert_data)
+{
+ auto certee = TestData::getTestCertificate(TestData::MBANK);
+ auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
+ CKM::Alias certeeAlias("CertEE");
+ CKM::Alias certimAlias("CertIM");
+ {
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
+ RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
+ }
+
+ // restart CKM
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ // actual test
+ {
+ ScopedDBUnlock unlock(USER_TEST, APP_PASS);
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto manager = CKM::Manager::create();
+ int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
+ int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+ "Certificate should be in database already. Error=" << CKMErrorToString(status1));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+ "Certificate should be in database already. Error=" << CKMErrorToString(status2));
+ }
+}
+
+RUNNER_TEST(T1519_deinit)
+{
+ remove_user_data(USER_TEST);
+}
+
+RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1701_init_unlock_key)
+{
+ unlock_user_data(USER_TEST+1, "t170-special-password");
+
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+}
+
+RUNNER_CHILD_TEST(T1702_insert_data)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ auto certee = TestData::getTestCertificate(TestData::MBANK);
+
+ auto manager = CKM::Manager::create();
+ size_t current_aliases_num = count_aliases(ALIAS_CERT);
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKMErrorToString(status1));
+
+ CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
+}
+
+RUNNER_TEST(T1703_removeApplicationData)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1704_data_test)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_TEST(T1705_deinit)
+{
+ remove_user_data(USER_TEST+1);
+}
+
+RUNNER_TEST(T17101_init)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
+ "Error=" << CKMErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17102_prep_data_01)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17103_prep_data_02)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17104_prep_data_03)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17105_prep_data_04)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
+ "Error=" << CKMErrorToString(temp));
+}
+
+RUNNER_TEST(T17106_remove_application)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKMErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17107_check_data_01)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17108_check_data_02)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17109_unlock_user2)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKMErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17110_check_data_03)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17111_check_data_04)
+{
+ int temp;
+ ScopedAccessProvider ap(TEST_LABEL_2);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKMErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17112_deinit)
+{
+ remove_user_data(USER_TEST+2);
+ remove_user_data(USER_TEST+3);
+}
+
+int main(int argc, char *argv[])
+{
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+}
* @version 1.0
*/
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <ckm-common.h>
+#include <ckm-privileged-common.h>
#include <ckm/ckm-control.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-type.h>
const char* TEST_ALIAS = "test-alias";
const char* INVALID_LABEL = "coco-jumbo";
-std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS);
-std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2");
+std::string TEST_SYSTEM_ALIAS = sharedDatabase(TEST_ALIAS);
+std::string TEST_SYSTEM_ALIAS_2 = sharedDatabase("test-alias-2");
const char* TEST_DATA =
"Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
--- /dev/null
+# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @brief
+#
+SET(CKM_SOURCES
+ algo-params.cpp
+ async-api.cpp
+ capi-certificate-chains.cpp
+ capi-testcases.cpp
+ encryption-decryption-env.cpp
+ encryption-decryption.cpp
+ main.cpp
+)
+
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common
+ ..
+ .
+)
+
+ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS}
+ ${TARGET_CKM_TEST_COMMON}
+ ${COMMON_TARGET_TEST}
+)
+
+INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
#include <fstream>
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
#include <ckm-common.h>
-#include <access_provider2.h>
#include <random>
using namespace CKM;
void init(const std::string & str) {
RemoveDataEnv<APP_UID>::init(str);
unlock_user_data(APP_UID, TEST_PASS);
- m_ap.reset(new ScopedAccessProvider(TEST_LABEL, APP_UID, APP_GID));
}
void finish() {
- m_ap.reset();
// lock is performed by remove_user_data() in RemoveDataEnv
RemoveDataEnv<APP_UID>::finish();
}
- std::unique_ptr<ScopedAccessProvider> m_ap;
};
CKM::PKCS12ShPtr loadPkcs()
RUNNER_TEST(TA0950_get_key_alias_vector_positive, UserEnv)
{
test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA") });
test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA"),
+ aliasWithLabelFromSelf("alias_DSA") });
test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_DSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA"),
+ aliasWithLabelFromSelf("alias_DSA"),
+ aliasWithLabelFromSelf("alias_AES") });
// remove DSA key
test_positive(&ManagerAsync::removeAlias, "alias_DSA");
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
- aliasWithLabel(TEST_LABEL, "alias_AES")});
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_RSA"),
+ aliasWithLabelFromSelf("alias_AES")});
}
RUNNER_TEST(TA1050_get_cert_alias_vector_positive, UserEnv)
{
test_positive(&ManagerAsync::saveCertificate, "alias1", getTestCertificate(MBANK), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1") });
test_positive(&ManagerAsync::saveCertificate, "alias2", getTestCertificate(SYMANTEC), Policy());
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias1"),
+ aliasWithLabelFromSelf("alias2") });
test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getCertificateAliasVector, { aliasWithLabelFromSelf("alias2") });
}
RUNNER_TEST(TA1150_get_data_alias_vector_positive, UserEnv)
{
test_positive(&ManagerAsync::saveData, "alias1", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabelFromSelf("alias1") });
test_positive(&ManagerAsync::saveData, "alias2", test_buffer, Policy());
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabelFromSelf("alias1"),
+ aliasWithLabelFromSelf("alias2") });
test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
+ test_check_aliases(&ManagerAsync::getDataAliasVector, { aliasWithLabelFromSelf("alias2") });
}
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_prv"),
+ aliasWithLabelFromSelf("alias_pub") });
}
// createKeyPairDSA
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_prv"),
+ aliasWithLabelFromSelf("alias_pub") });
}
// createKeyPairECDSA
Policy(),
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_prv"),
- aliasWithLabel(TEST_LABEL, "alias_pub") });
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_prv"),
+ aliasWithLabelFromSelf("alias_pub") });
}
// createKeyAES
"alias_AES",
Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_AES")});
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabelFromSelf("alias_AES")});
}
// getCertificateChain
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::READ | CKM::Permission::REMOVE);
}
-RUNNER_TEST(TA1820_allow_access, RemoveDataEnv<APP_UID>)
+RUNNER_TEST(TA1820_allow_access, UserEnv)
{
ScopedDBUnlock dbu(APP_UID, TEST_PASS);
// prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- std::string alias2 = aliasWithLabel(TEST_LABEL, "alias-2");
- std::string alias3 = aliasWithLabel(TEST_LABEL, "alias-3");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
- save_data(alias2.c_str(), TEST_DATA);
- save_data(alias3.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias2,
- TEST_LABEL_2,
- CKM::Permission::READ);
- test_positive(&ManagerAsync::setPermission,
- alias3,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- }
-
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
-
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
-
- // test from allowed label, but without properly addressing alias (coming from default label)
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, "alias-2", "");
+ const char *alias1 = "alias-1";
+ const char *alias2 = "alias-2";
+ const char *alias3 = "alias-3";
- // now test with appropriate addressing
- test_positive(&ManagerAsync::getData, alias2, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_ACCESS_DENIED, alias2);
+ save_data(alias1, TEST_DATA);
+ save_data(alias2, TEST_DATA);
+ save_data(alias3, TEST_DATA);
- test_positive(&ManagerAsync::getData, alias3, "");
- test_positive(&ManagerAsync::removeAlias, alias3);
- }
+ test_positive(&ManagerAsync::setPermission,
+ alias2,
+ TEST_LABEL,
+ CKM::Permission::READ);
+ test_positive(&ManagerAsync::setPermission,
+ alias3,
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
}
// denyAccess
test_invalid_param(&ManagerAsync::setPermission, "alias", "", CKM::Permission::NONE);
}
-RUNNER_TEST(TA1920_deny_access, RemoveDataEnv<APP_UID>)
+RUNNER_TEST(TA1920_deny_access, UserEnv)
{
ScopedDBUnlock dbu(APP_UID, TEST_PASS);
// prepare: add data
- std::string alias1 = aliasWithLabel(TEST_LABEL, "alias-1");
- {
- ScopedAccessProvider ap(TEST_LABEL, APP_UID, APP_GID);
- save_data(alias1.c_str(), TEST_DATA);
-
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::READ | CKM::Permission::REMOVE);
- test_positive(&ManagerAsync::setPermission,
- alias1,
- TEST_LABEL_2,
- CKM::Permission::NONE);
- }
+ const char *alias1 = "alias-1";
- {
- ScopedAccessProvider ap(TEST_LABEL_2, APP_UID, APP_GID);
+ save_data(alias1, TEST_DATA);
- test_negative(&ManagerAsync::getData, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1, "");
- test_negative(&ManagerAsync::removeAlias, CKM_API_ERROR_DB_ALIAS_UNKNOWN, alias1);
- }
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL,
+ CKM::Permission::READ | CKM::Permission::REMOVE);
+ test_positive(&ManagerAsync::setPermission,
+ alias1,
+ TEST_LABEL,
+ CKM::Permission::NONE);
}
-RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, RemoveDataEnv<0>)
+RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs, UserEnv)
{
auto pkcs = loadPkcs();
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
pkcs,
exportable,
exportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
pkcs,
notExportable,
notExportable);
test_negative(&ManagerAsync::savePKCS12,
CKM_API_ERROR_DB_ALIAS_EXISTS,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
pkcs,
notExportable,
notExportable);
}
-RUNNER_TEST(TA2010_PKCS_get, RemoveDataEnv<0>)
+RUNNER_TEST(TA2010_PKCS_get, UserEnv)
{
auto pkcs = loadPkcs();
CKM::Policy notExportable(CKM::Password(), false);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
pkcs,
exportable,
exportable);
test_positive(&ManagerAsync::savePKCS12,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
pkcs,
notExportable,
notExportable);
// fail - no entry
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_DB_ALIAS_UNKNOWN,
- sharedDatabase("i-do-not-exist").c_str(),
+ "i-do-not-exist",
CKM::Password(),
CKM::Password());
// fail - not exportable
test_negative(&ManagerAsync::getPKCS12,
CKM_API_ERROR_NOT_EXPORTABLE,
- sharedDatabase(alias_PKCS_not_exportable),
+ alias_PKCS_not_exportable,
CKM::Password(),
CKM::Password());
// success - exportable
auto obs = test_positive(&ManagerAsync::getPKCS12,
- sharedDatabase(alias_PKCS_exportable),
+ alias_PKCS_exportable,
CKM::Password(),
CKM::Password());
addCert(m_trustedCerts, cert);
std::stringstream ss;
- ss << sharedDatabase("TRUSTED_CERT_ALIAS_") << size;
+ ss << "TRUSTED_CERT_ALIAS_" << size;
save_cert(cert, ss.str().c_str());
addAlias(m_trustedAliases, ss.str().c_str());
}
addCert(m_untrustedCerts, cert);
std::stringstream ss;
- ss << sharedDatabase("UNTRUSTED_CERT_ALIAS_") << size;
+ ss << "UNTRUSTED_CERT_ALIAS_" << size;
save_cert(cert, ss.str().c_str());
addAlias(m_untrustedAliases, ss.str().c_str());
}
RUNNER_TEST(TCCH_0000_init)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
}
// old API
RUNNER_TEST(TCCH_0010_get_chain_old_api)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifierOld cv;
cv.verifyNegative(TestData::GOOGLE_COM);
// old API
RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifierOld cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
// check invalid arguments
RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
*/
RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.addUntrusted(TestData::GIAG2);
*/
RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(false);
RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
ChainVerifier cv;
cv.enableSystem(true);
RUNNER_TEST(TCCH_9999_deinit)
{
- remove_user_data(0);
+ remove_user_data(APP_UID);
}
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
#include <ckm-common.h>
-#include <access_provider2.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <stdlib.h>
namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
+const int USER_APP = 5001;
const char* USER_PASS = "user-pass";
const char *const TEST_OBJECT1 = "OBJECT1";
-const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
-const char* TEST_SYSTEM_ALIAS = "system-alias-1";
-const char* TEST_DATA = "ABCD";
} // namespace anonymous
CKMCReadableError(temp));
}
-RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
-{
- save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
-
- // [test] - expect success
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA);
-
- // remove user data - expect to map to the system DB
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
- CKMCReadableError(temp));
-
- // [test] - expect fail
- check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
-}
RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
{
int temp;
- remove_user_data(0);
+ remove_user_data(USER_APP);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
ckmc_policy_s test_policy;
char* password = NULL;
- CKM::Alias alias = sharedDatabase("mykey");
+ CKM::Alias alias = "mykey";
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T30203_AES_key_C_API)
{
int temp;
- CKM::Alias alias = sharedDatabase("my_AES_key");
+ CKM::Alias alias = "my_AES_key";
size_t key_length = 192;
ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
ckmc_cert_s *cert2;
ckmc_cert_s cert;
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
+ CKM::Alias alias = "test-cert-1-RSA";
ckmc_policy_s test_policy;
test_policy.password = password;
char* password = NULL;
ckmc_cert_s *cert2;
- CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
+ CKM::Alias alias = "test-cert-1-RSA";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
size_t current_aliases_num = count_aliases(ALIAS_CERT);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_CERT);
"Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
}
-
-RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
+RUNNER_TEST(T30207_save_AES_key_passwd_C_API)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- const char *passwordPolicy = "x";
- const char *alias = "mykey";
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = const_cast<char *>(passwordPolicy);
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
- CKMCReadableError(temp));
-
- // RUNNER_ASSERT_MSG(
- // key.getDER() == key2.getDER(), "Key value has been changed by service");
-
- delete [] char_keypem;
-}
-
-RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
-{
- AccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- const char* password = NULL;
- size_t key_length = 192;
- CKM::Alias alias = "my_AES_key";
-
- ckmc_key_s *test_key = generate_AES_key(key_length, password);
- ckmc_key_s *test_key2;
- ckmc_policy_s test_policy;
- test_policy.password = const_cast<char *>(password);
- test_policy.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
- CKMCReadableError(temp));
-
- compare_AES_keys(test_key, test_key2);
- ckmc_key_free(test_key);
- ckmc_key_free(test_key2);
-}
-
-RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
-{
- AccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
const char* password = "x";
size_t key_length = 192;
ckmc_key_free(test_key);
}
-RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
+RUNNER_TEST(T30208_save_RSA_keys_exportable_flag)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
+RUNNER_TEST(T30209_save_AES_keys_exportable_flag)
{
- AccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
const char* password = NULL;
size_t key_length = 256;
CKMCReadableError(temp));
}
-RUNNER_TEST(T30212_certificate_with_DSA_key_C_API)
+RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
{
int temp;
cert.cert_size = certPem.length();
cert.data_format = CKMC_FORM_PEM;
- CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
+ CKM::Alias alias = "test-cert-1-DSA";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
CKMCReadableError(temp));
ckmc_cert_free(cert2);
}
-RUNNER_TEST(T30213_deinit_C_API)
+RUNNER_TEST(T30211_deinit_C_API)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
{
int temp;
- remove_user_data(0);
+ remove_user_data(USER_APP);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
CKMCReadableError(temp));
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_KEY);
ckmc_key_s *test_key2;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
+ CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
CKMCReadableError(temp));
}
int current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key1", *test_key, test_policy1)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key2", *test_key, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key3", *test_key, test_policy3)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
ckmc_key_s *test_key2;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("AES_key1", NULL, &test_key2)),
CKMCReadableError(temp));
validate_AES_key(test_key2);
ckmc_key_free(test_key2);
// actual test - remove middle item
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key("AES_key2")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key("AES_key2", NULL, &test_key2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_key("AES_key3", NULL, &test_key2)),
CKMCReadableError(temp));
validate_AES_key(test_key2);
ckmc_key_free(test_key2);
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
RUNNER_TEST(T3041_init_C_API)
{
- remove_user_data(0);
reset_user_data(USER_APP, "simple-password");
}
size_t current_aliases_num = count_aliases(ALIAS_DATA);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
+ CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_DATA);
ckmc_raw_buffer_s *testData4;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
CKMCReadableError(temp));
int compareResult;
"Data corrupted");
}
-RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
+RUNNER_TEST(T3043_app_user_save_bin_data_C_API)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
ckmc_raw_buffer_s testData1;
char* password = NULL;
size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
CKMCReadableError(temp));
size_t actual_cnt = count_aliases(ALIAS_DATA);
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
+ CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
CKMCReadableError(temp));
int compareResult;
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
CKMCReadableError(temp));
}
RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
{
const size_t BIG_SIZE = 5000000;
- ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
std::vector<char> big_data(BIG_SIZE);
std::ifstream is("/dev/urandom", std::ifstream::binary);
RUNNER_ASSERT_MSG(is,
"Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
- save_data(TEST_ALIAS1.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
- check_read(TEST_OBJECT1, TEST_LABEL, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ save_data(TEST_OBJECT1, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ auto self_label = getOwnerIdFromSelf();
+ check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
}
RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key)
+RUNNER_TEST(T3052_CAPI_create_RSA_key)
{
int temp;
-
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t size = 1024;
const char *private_key_alias = "RSA-test-1-priv";
const char *public_key_alias = "RSA-test-1-pub";
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key)
+RUNNER_TEST(T3053_CAPI_create_DSA_key)
{
int temp;
-
- AccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t size = 1024;
const char *private_key_alias = "DSA-test-2-priv";
const char *public_key_alias = "DSA-test-2-pub";
}
-RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key)
+RUNNER_TEST(T3054_CAPI_create_AES_key)
{
int temp;
size_t size = 128;
- CKM::Alias key_alias = sharedDatabase("AES-gen-test-1");
+ CKM::Alias key_alias = "AES-gen-test-1";
ckmc_policy_s policy_key;
policy_key.password = NULL;
RUNNER_TEST(T3061_CAPI_init)
{
- remove_user_data(0);
reset_user_data(USER_APP, USER_PASS);
}
int temp;
size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
+ CKM::Alias private_key_alias = "rsa-test-1";
+ CKM::Alias public_key_alias = "rsa-test-2";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
int temp;
size_t size = 1024;
- CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
+ CKM::Alias private_key_alias = "dsa-test-1";
+ CKM::Alias public_key_alias = "dsa-test-2";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
int temp;
ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
- CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
- CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
+ CKM::Alias private_key_alias = "ecdsa-test-1";
+ CKM::Alias public_key_alias = "ecdsa-test-2";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
RUNNER_TEST(T3065_CAPI_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
// TODO
RUNNER_TEST(T3071_CAPI_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
RUNNER_TEST(T3075_CAPI_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
CKMCReadableError(temp));
-
- remove_user_data(0);
}
RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
const char *key_passwd = "1234";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
int temp;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
- CKM::Alias pub_alias = sharedDatabase("pub1");
- CKM::Alias pri_alias = sharedDatabase("prv1");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
"-----END PUBLIC KEY-----\n";
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("ecprv2");
- CKM::Alias pub_alias = sharedDatabase("ecpub2");
+ CKM::Alias pri_alias = "ecprv2";
+ CKM::Alias pub_alias = "ecpub2";
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("prv3");
- CKM::Alias pub_alias = sharedDatabase("pub3");
+ CKM::Alias pri_alias = "prv3";
+ CKM::Alias pub_alias = "pub3";
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
+ CKM::Alias pub_alias = "dsa-pub1";
+ CKM::Alias pri_alias = "dsa-prv1";
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
- CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
+ CKM::Alias pub_alias = "dsa-pub2";
+ CKM::Alias pri_alias = "dsa-prv2";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = sharedDatabase("prv4");
- CKM::Alias pub_alias = sharedDatabase("pub4");
+ CKM::Alias pri_alias = "prv4";
+ CKM::Alias pub_alias = "pub4";
char *key_passwd = NULL;
char *pri_passwd = NULL;
char *pub_passwd = NULL;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3089_CAPI__deinit)
+RUNNER_TEST(T3089_CAPI_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T3091_CAPI_TYPE_init)
{
- remove_user_data(0);
reset_user_data(USER_APP, USER_PASS);
}
RUNNER_ASSERT_MSG(
pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
- CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
+ CKM::Alias lcert_alias = "lcert_alias";
ckmc_policy_s policy;
policy.password = NULL;
policy.extractable = 1;
policy.extractable = 1;
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
+ CKM::Alias pkey_alias = "pkey_alias";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
CKMCReadableError(temp));
- CKM::Alias cert_alias = sharedDatabase("cert_alias");
+ CKM::Alias cert_alias = "cert_alias";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_");
+ std::string caCertAlias = "ca_cert_alias_";
const char *idx = "0";
int cnt = 0;
ckmc_cert_list_s *tmpList = ca_cert_list;
policy.extractable = 1;
- CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
+ CKM::Alias pkey_alias = "pkey_alias2";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
CKMCReadableError(temp));
- CKM::Alias cert_alias = sharedDatabase("cert_alias2");
+ CKM::Alias cert_alias = "cert_alias2";
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
CKMCReadableError(temp));
- std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
+ std::string caCertAlias = "ca_cert_alias_2_";
const char *idx = "0";
int cnt = 0;
ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
RUNNER_TEST(T3098_CAPI_TYPE_deinit)
{
int temp;
- remove_user_data(0);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
CKMCReadableError(temp));
namespace
{
-CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
+CKM::Alias alias_PKCS_exportable = "CAPI-test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
// fail - no entry
RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
CKMCReadableError(temp));
ckmc_pkcs12_free(pkcs);
pkcs = NULL;
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
reset_user_data(USER_APP, USER_PASS);
}
-RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
+RUNNER_TEST(T3202_CAPI_get_data_from_empty_database)
{
ScopedDBUnlock unlock(USER_APP, USER_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::Alias alias = "mykey";
RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
}
-RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
+RUNNER_TEST(T3203_CAPI_lock_database)
{
ScopedDBUnlock unlock(USER_APP, USER_PASS);
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
+RUNNER_TEST(T3204_CAPI_get_data_from_locked_database)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
CKM::Alias alias = "mykey";
char *password = NULL;
#include <ckm-common.h>
#include <ckmc/ckmc-manager.h>
#include <ckm/ckm-type.h>
-#include <access_provider2.h>
#include <encryption-decryption-env.h>
using namespace CKM;
namespace {
const char* PASSWORD = "test-password";
-const uid_t UID = 5555;
-const gid_t GID = 5555;
+const uid_t UID = 5001;
const size_t CTR_DEFAULT_LEN = 16*8;
const size_t DEFAULT_IV_LEN = 16;
const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
class EncEnv : public RemoveDataEnv<UID> {
public:
- EncEnv() : m_dbu(NULL), m_sap(NULL) {}
- ~EncEnv() { delete m_sap; delete m_dbu; }
+ EncEnv() : m_dbu(NULL) {}
+ ~EncEnv() { delete m_dbu; }
void init(const std::string& str) {
RemoveDataEnv<UID>::init(str);
m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
- m_sap = new ScopedAccessProvider(TEST_LABEL); // setup label
-
- // setup smack rules and switch user
- m_sap->allowAPI("key-manager::api-storage", "rw");
- m_sap->allowAPI("key-manager::api-encryption", "rw");
- m_sap->applyAndSwithToUser(UID, GID);
}
void finish() {
- delete m_sap;
- m_sap = NULL;
delete m_dbu;
m_dbu = NULL;
RemoveDataEnv<UID>::finish();
}
ScopedDBUnlock* m_dbu;
- ScopedAccessProvider* m_sap;
};
struct SyncEnv : public EncEnv {
#include <netdb.h>
#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
#include <test-certs.h>
-#include <access_provider2.h>
#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <openssl/x509v3.h>
namespace {
-const int USER_APP = 5000;
-const int GROUP_APP = 5000;
+const int USER_APP = 5001;
const int USER_APP_2 = 5020;
const int USER_APP_3 = 5030;
* C - test number in group (all tests with same TABC must be run in the same time).
* D - subtest.
*/
-
-RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
-RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
- stop_service(MANAGER);
- start_service(MANAGER);
-
- std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
-
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
-
- auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
- RUNNER_ASSERT_MSG(
- NULL != pkcs.get(),
- "Error in PKCS12::create()");
-
- // all further tests will start with newly started service,
- // OpenSSL on the service side will have to be properly initialized too
- stop_service(MANAGER);
- start_service(MANAGER);
-}
-
RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
RUNNER_TEST(T0011_Control)
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
CKM::KeyShPtr key2;
- CKM::Alias alias = sharedDatabase("mykey");
+ CKM::Alias alias = "mykey";
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::CertificateShPtr cert2;
- CKM::Alias alias = sharedDatabase("myCert");
+ CKM::Alias alias = "myCert";
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
"Data has been modified in key manager");
}
-RUNNER_CHILD_TEST(T1013_user_app_save_key)
-{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- int temp;
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey";
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(), "Key value has been changed by service");
-}
-
RUNNER_TEST(T1014_save_with_label)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1015_deinit)
{
- remove_user_data(0);
remove_user_data(USER_APP);
}
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey2", key, CKM::Policy())),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
+ CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
-RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
+RUNNER_TEST(T1022_app_user_save_keys_get_alias)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
-RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
+RUNNER_TEST(T1023_app_user_save_keys_exportable_flag)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1029_deinit)
{
- remove_user_data(0);
remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
RUNNER_TEST(T1030_init)
{
- remove_user_data(0);
reset_user_data(USER_APP, APP_PASS);
}
-RUNNER_TEST(T1031_save_get_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData1 = "My bin data1";
- std::string binData2 = "My bin data2";
- std::string binData3 = "My bin data3";
-
- CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num+3),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
- "The wrong password should be ignored because non was used in saveData. Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
+RUNNER_TEST(T1032_app_user_save_bin_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
auto manager = CKM::Manager::create();
"Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
}
-RUNNER_TEST(T1033_remove_bin_data)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string binData2 = "My bin data2";
- CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
-
- CKM::AliasVector labelAliasVector;
-
- size_t current_aliases_num = count_aliases(ALIAS_DATA);
- std::string invalid_address = sharedDatabase("i-do-not-exist");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- labelAliasVector.size() == (current_aliases_num-2),
- "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
-
- CKM::RawBuffer buffer;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- buffer == buffer2,
- "Data corrupted");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
- "Error=" << CKMErrorToString(temp));
-}
-
RUNNER_TEST(T1034_app_remove_bin_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1035_getData_wrong_password)
{
+ ScopedDBUnlock unlock(USER_APP, APP_PASS);
+
int temp;
auto manager = CKM::Manager::create();
CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
"Error=" << CKMErrorToString(temp));
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
+ CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
"Error=" << CKMErrorToString(temp));
RUNNER_ASSERT_MSG(
buffer == buffer1,
"Data corrupted");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
"Error=" << CKMErrorToString(temp));
}
RUNNER_TEST(T1036_deinit)
{
- remove_user_data(0);
remove_user_data(USER_APP);
}
"Error=" << CKMErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1041_create_RSA_key)
+RUNNER_TEST(T1041_create_RSA_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
-RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
+RUNNER_TEST(T1042_create_RSA_key_foreign_label)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKMErrorToString(temp));
"Error=" << CKMErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1043_create_DSA_key)
+RUNNER_TEST(T1043_create_DSA_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap(TEST_LABEL_3);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
size_t current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
-RUNNER_CHILD_TEST(T1044_create_AES_key)
+RUNNER_TEST(T1044_create_AES_key)
{
int temp;
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- AccessProvider ap(TEST_LABEL_4);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int current_aliases_num = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("rsa-test-1");
- CKM::Alias a2 = sharedDatabase("rsa-test-2");
+ CKM::Alias a1 = "rsa-test-1";
+ CKM::Alias a2 = "rsa-test-2";
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("dsa-test-1");
- CKM::Alias a2 = sharedDatabase("dsa-test-2");
+ CKM::Alias a1 = "dsa-test-1";
+ CKM::Alias a2 = "dsa-test-2";
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
{
int temp;
auto manager = CKM::Manager::create();
- CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
- CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
+ CKM::Alias a1 = "ecdsa-test-1";
+ CKM::Alias a2 = "ecdsa-test-2";
CKM::Policy p1;
CKM::Policy p2;
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1114_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
RUNNER_TEST(T12101_key_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12102_saveKey_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12103_saveKey_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
RUNNER_TEST(T12104_saveKey_empty_key)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias; //alias is not initialized
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto cert = TestData::getTestCertificate(TestData::GIAG2);
CKM::Alias alias = "iamsomebodyelse alias";
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
RUNNER_TEST(T12108_saveData_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12109_saveData_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
RUNNER_TEST(T12110_saveData_empty_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
RUNNER_TEST(T12113_getData_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12114_RSA_key_damaged)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12115_RSA_key_too_short)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12116_DSA_key_too_short)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int ret;
auto manager = CKM::Manager::create();
RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
RUNNER_TEST(T1311_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
RUNNER_ASSERT_MSG(time(0) > 1405343457,
"Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
- CKM::Alias alias = sharedDatabase("imcert");
+ CKM::Alias alias = "imcert";
int tmp;
auto manager = CKM::Manager::create();
RUNNER_TEST(T1315_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
RUNNER_TEST(T1411_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1412_RSA_key_create_verify)
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
CKM::Password password = "1234";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("ecpub2");
- CKM::Alias aliasPrv = sharedDatabase("ecprv2");
+ CKM::Alias aliasPub = "ecpub2";
+ CKM::Alias aliasPrv = "ecprv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub1");
- CKM::Alias aliasPrv = sharedDatabase("prv1");
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub2");
- CKM::Alias aliasPrv = sharedDatabase("prv2");
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub1-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
+ CKM::Alias aliasPub = "pub1-cert";
+ CKM::Alias aliasPrv = "prv1-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub2-cert");
- CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
+ CKM::Alias aliasPub = "pub2-cert";
+ CKM::Alias aliasPrv = "prv2-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("pub3");
- CKM::Alias aliasPrv = sharedDatabase("prv3");
+ CKM::Alias aliasPub = "pub3";
+ CKM::Alias aliasPrv = "prv3";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
RUNNER_TEST(T1420_deinit)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
RUNNER_TEST(T14180_init)
{
int temp;
- remove_user_data(0);
+ remove_user_data(USER_APP);
auto manager = CKM::Manager::create();
"zQIDAQAB\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::Password password = "1234";
auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
"05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
"-----END PUBLIC KEY-----\n";
- CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
+ CKM::Alias aliasEcPub = "ecpub_nohash1";
+ CKM::Alias aliasEcPrv = "ecprv_nohash1";
auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
auto manager = CKM::Manager::create();
std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
- CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
std::string message = "message test";
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
big_msg[msgSize-1]=0x00;
std::string message(big_msg);
- CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
- CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
CKM::RawBuffer signature;
RUNNER_TEST(T14189_deinit)
{
- remove_user_data(0);
-}
-
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1510_init_unlock_key)
-{
- reset_user_data(USER_TEST, APP_PASS);
-}
-
-RUNNER_TEST(T1511_insert_data)
-{
- auto certee = TestData::getTestCertificate(TestData::MBANK);
- auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
- CKM::Alias certeeAlias("CertEE");
- CKM::Alias certimAlias("CertIM");
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
- RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
- }
-
- // restart CKM
- stop_service(MANAGER);
- start_service(MANAGER);
-
- // actual test
- {
- ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto manager = CKM::Manager::create();
- int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
- int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKMErrorToString(status1));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKMErrorToString(status2));
- }
-}
-
-RUNNER_TEST(T1519_deinit)
-{
- remove_user_data(USER_TEST);
-}
-
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_TEST(T1701_init_unlock_key)
-{
- unlock_user_data(USER_TEST+1, "t170-special-password");
-
- ScopedAccessProvider ap(TEST_LABEL_5);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-}
-
-RUNNER_CHILD_TEST(T1702_insert_data)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL_5);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- auto certee = TestData::getTestCertificate(TestData::MBANK);
-
- auto manager = CKM::Manager::create();
- size_t current_aliases_num = count_aliases(ALIAS_CERT);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKMErrorToString(status1));
-
- CKM::AliasVector av;
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
- "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
-}
-
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL_5)),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1704_data_test)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL_5);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_TEST(T1705_deinit)
-{
- remove_user_data(USER_TEST+1);
-}
-
-RUNNER_TEST(T17101_init)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17102_prep_data_01)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17103_prep_data_02)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17104_prep_data_03)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T17105_prep_data_04)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
-
- CKM::RawBuffer buffer(data.begin(), data.end());
- CKM::Policy exportable(CKM::Password(), true);
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
- "Error=" << CKMErrorToString(temp));
-}
-
-RUNNER_TEST(T17106_remove_application)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
- "Error=" << CKMErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17107_check_data_01)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17108_check_data_02)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
-
-RUNNER_TEST(T17109_unlock_user2)
-{
- int tmp;
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
- "Error=" << CKMErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T17110_check_data_03)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
-
-RUNNER_CHILD_TEST(T17111_check_data_04)
-{
- int temp;
- ScopedAccessProvider ap(TEST_LABEL_2);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
-
- CKM::AliasVector av;
- auto manager = CKM::Manager::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
- "Error=" << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
+ remove_user_data(USER_APP);
}
-RUNNER_TEST(T17112_deinit)
-{
- remove_user_data(USER_TEST+2);
- remove_user_data(USER_TEST+3);
-}
RUNNER_TEST_GROUP_INIT(T180_PKCS12);
namespace
{
-CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
-CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
-CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
-CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
-CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
}
RUNNER_TEST(T1800_init)
{
- remove_user_data(0);
+ remove_user_data(USER_APP);
}
RUNNER_TEST(T1801_parse_PKCS12) {
// fail - no entry
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
"Error=" << CKMErrorToString(temp));
// fail - not exportable
RUNNER_TEST(T1812_get_pkcs12_password_tests)
{
- CKM::Alias alias = sharedDatabase("t1812alias1");
+ CKM::Alias alias = "t1812alias1";
auto manager = CKM::Manager::create();
std::ifstream is(CKM_TEST_DIR "/pkcs.p12");
RUNNER_TEST(T1902_get_data)
{
ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
RUNNER_TEST(T1904_get_data_from_locked_database)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
auto manager = CKM::Manager::create();
CKM::KeyShPtr ptr;
#include <errno.h>
#include <string.h>
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
+const uid_t APP_UID = 5001;
+const gid_t APP_GID = 5001;
const uid_t APP_UID_2 = 5200;
const gid_t APP_GID_2 = 5200;
const uid_t DB_ALARM_UID = 6001;
} \
void Proc##Multi(std::tuple<__VA_ARGS__> &optionalArgsTuple DPL_UNUSED)
-#endif
\ No newline at end of file
+#endif
projects / platform / core / test / security-tests.git / commitdiff