summaryrefslogtreecommitdiff
path: root/trust/tests
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2013-06-28 13:27:42 +0200
committerStef Walter <stef@thewalter.net>2013-07-03 11:46:27 +0200
commit17bc43cb82320f2aba4ccb804bd8599232524c6a (patch)
treee7ddda708713d052b991a6592c606ba7260f8ec8 /trust/tests
parent7bb9ad33da0154c9a4317f0123046eee85738349 (diff)
trust: Implement reloading of token data
* Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
Diffstat (limited to 'trust/tests')
-rw-r--r--trust/tests/test-extract.c28
-rw-r--r--trust/tests/test-parser.c184
-rw-r--r--trust/tests/test-token.c255
-rw-r--r--trust/tests/test-trust.c75
-rw-r--r--trust/tests/test-trust.h28
5 files changed, 378 insertions, 192 deletions
diff --git a/trust/tests/test-extract.c b/trust/tests/test-extract.c
index b121b21..ddb4a49 100644
--- a/trust/tests/test-extract.c
+++ b/trust/tests/test-extract.c
@@ -380,13 +380,18 @@ test_duplicate_extract (void)
}
static void
-test_duplicate_collapse (void)
+test_duplicate_distrusted (void)
{
CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
+ CK_ATTRIBUTE attrs[] = {
+ { CKA_X_DISTRUSTED, NULL, 0 },
+ };
+
+ CK_BBOOL val;
CK_RV rv;
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
+ mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
test.ex.flags = P11_EXTRACT_COLLAPSE;
p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -396,6 +401,12 @@ test_duplicate_collapse (void)
rv = p11_kit_iter_next (test.iter);
assert_num_eq (CKR_OK, rv);
+ rv = p11_kit_iter_load_attributes (test.iter, attrs, 1);
+ assert_num_eq (CKR_OK, rv);
+ assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val));
+ assert_num_eq (val, CK_TRUE);
+ free (attrs[0].pValue);
+
rv = p11_kit_iter_next (test.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -404,7 +415,6 @@ static void
test_trusted_match (void)
{
CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_BBOOL boolv;
CK_RV rv;
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
@@ -416,13 +426,6 @@ test_trusted_match (void)
p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
rv = p11_kit_iter_next (test.iter);
- assert_num_eq (CKR_OK, rv);
-
- if (!p11_attrs_find_bool (test.ex.attrs, CKA_TRUSTED, &boolv))
- boolv = CK_FALSE;
- assert_num_eq (CK_TRUE, boolv);
-
- rv = p11_kit_iter_next (test.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -470,9 +473,6 @@ test_anytrust_match (void)
assert_num_eq (CKR_OK, rv);
rv = p11_kit_iter_next (test.iter);
- assert_num_eq (CKR_OK, rv);
-
- rv = p11_kit_iter_next (test.iter);
assert_num_eq (CKR_CANCEL, rv);
}
@@ -495,7 +495,7 @@ main (int argc,
p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match");
p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match");
p11_test (test_duplicate_extract, "/extract/test_duplicate_extract");
- p11_test (test_duplicate_collapse, "/extract/test_duplicate_collapse");
+ p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted");
p11_test (test_trusted_match, "/extract/test_trusted_match");
p11_test (test_distrust_match, "/extract/test_distrust_match");
p11_test (test_anytrust_match, "/extract/test_anytrust_match");
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index 2b60254..3eee984 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -51,24 +51,25 @@
struct {
p11_parser *parser;
+ p11_array *parsed;
p11_asn1_cache *cache;
- p11_index *index;
} test;
static void
setup (void *unused)
{
- test.index = p11_index_new (NULL, NULL, NULL);
test.cache = p11_asn1_cache_new ();
- test.parser = p11_parser_new (test.index, test.cache);
+ test.parser = p11_parser_new (test.cache);
assert_ptr_not_null (test.parser);
+
+ test.parsed = p11_parser_parsed (test.parser);
+ assert_ptr_not_null (test.parsed);
}
static void
teardown (void *unused)
{
p11_parser_free (test.parser);
- p11_index_free (test.index);
p11_asn1_cache_free (test.cache);
memset (&test, 0, sizeof (test));
}
@@ -85,12 +86,19 @@ static CK_ATTRIBUTE certificate_match[] = {
};
static CK_ATTRIBUTE *
-parsed_attrs (CK_ATTRIBUTE *match)
+parsed_attrs (CK_ATTRIBUTE *match,
+ int length)
{
- CK_OBJECT_HANDLE handle;
- handle = p11_index_find (test.index, certificate_match, -1);
- return p11_index_lookup (test.index, handle);
+ int i;
+
+ if (length < 0)
+ length = p11_attrs_count (match);
+ for (i = 0; i < test.parsed->num; i++) {
+ if (p11_attrs_matchn (test.parsed->elem[i], match, length))
+ return test.parsed->elem[i];
+ }
+ return NULL;
}
static void
@@ -114,9 +122,9 @@ test_parse_der_certificate (void)
assert_num_eq (P11_PARSE_SUCCESS, ret);
/* Should have gotten certificate */
- assert_num_eq (1, p11_index_size (test.index));
+ assert_num_eq (1, test.parsed->num);
- cert = parsed_attrs (certificate_match);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (expected, cert);
}
@@ -141,9 +149,9 @@ test_parse_pem_certificate (void)
assert_num_eq (P11_PARSE_SUCCESS, ret);
/* Should have gotten certificate */
- assert_num_eq (1, p11_index_size (test.index));
+ assert_num_eq (1, test.parsed->num);
- cert = parsed_attrs (certificate_match);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (expected, cert);
}
@@ -168,9 +176,9 @@ test_parse_p11_kit_persist (void)
assert_num_eq (P11_PARSE_SUCCESS, ret);
/* Should have gotten certificate */
- assert_num_eq (1, p11_index_size (test.index));
+ assert_num_eq (1, test.parsed->num);
- cert = parsed_attrs (certificate_match);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (expected, cert);
}
@@ -212,7 +220,6 @@ test_parse_openssl_trusted (void)
CK_ATTRIBUTE *cert;
CK_ATTRIBUTE *object;
- CK_OBJECT_HANDLE handle;
int ret;
int i;
@@ -225,18 +232,15 @@ test_parse_openssl_trusted (void)
* - 1 certificate
* - 2 stapled extensions
*/
- assert_num_eq (3, p11_index_size (test.index));
+ assert_num_eq (3, test.parsed->num);
/* The certificate */
- cert = parsed_attrs (certificate_match);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (expected[0], cert);
/* The other objects */
for (i = 1; expected[i]; i++) {
- handle = p11_index_find (test.index, expected[i], 2);
- assert (handle != 0);
-
- object = p11_index_lookup (test.index, handle);
+ object = parsed_attrs (expected[i], 2);
assert_ptr_not_null (object);
test_check_attrs (expected[i], object);
@@ -281,7 +285,6 @@ test_parse_openssl_distrusted (void)
CK_ATTRIBUTE *cert;
CK_ATTRIBUTE *object;
- CK_OBJECT_HANDLE handle;
int ret;
int i;
@@ -298,16 +301,13 @@ test_parse_openssl_distrusted (void)
* - 1 certificate
* - 2 stapled extensions
*/
- assert_num_eq (3, p11_index_size (test.index));
- cert = parsed_attrs (certificate_match);
+ assert_num_eq (3, test.parsed->num);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (expected[0], cert);
/* The other objects */
for (i = 1; expected[i]; i++) {
- handle = p11_index_find (test.index, expected[i], 2);
- assert (handle != 0);
-
- object = p11_index_lookup (test.index, handle);
+ object = parsed_attrs (expected[i], 2);
assert_ptr_not_null (object);
test_check_attrs (expected[i], object);
@@ -339,9 +339,9 @@ test_parse_anchor (void)
* Should have gotten:
* - 1 certificate
*/
- assert_num_eq (1, p11_index_size (test.index));
+ assert_num_eq (1, test.parsed->num);
- cert = parsed_attrs (certificate_match);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (cacert3, cert);
}
@@ -365,9 +365,9 @@ test_parse_thawte (void)
assert_num_eq (P11_PARSE_SUCCESS, ret);
/* Should have gotten certificate */
- assert_num_eq (1, p11_index_size (test.index));
+ assert_num_eq (1, test.parsed->num);
- cert = parsed_attrs (certificate_match);
+ cert = parsed_attrs (certificate_match, -1);
test_check_attrs (expected, cert);
}
@@ -401,124 +401,6 @@ test_parse_unrecognized (void)
p11_message_loud ();
}
-static void
-test_duplicate (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_OBJECT_HANDLE *handles;
- CK_ATTRIBUTE *cert;
- int ret;
-
- ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- p11_message_quiet ();
-
- /* This shouldn't be added, should print a message */
- ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- assert (strstr (p11_message_last (), "duplicate") != NULL);
-
- p11_message_loud ();
-
- /* Should only be one certificate since the above two are identical */
- handles = p11_index_find_all (test.index, cacert3, 2);
- assert_ptr_not_null (handles);
- assert (handles[0] != 0);
- assert (handles[1] == 0);
-
- cert = p11_index_lookup (test.index, handles[0]);
- test_check_attrs (cacert3, cert);
-
- free (handles);
-}
-
-static void
-test_duplicate_priority (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE trusted[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE distrust[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
- };
-
- CK_OBJECT_HANDLE *handles;
- CK_ATTRIBUTE *cert;
- int ret;
-
- ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- p11_message_quiet ();
-
- /* This shouldn't be added, should print a message */
- ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
- P11_PARSE_FLAG_ANCHOR);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- assert (strstr (p11_message_last (), "duplicate") != NULL);
-
- p11_message_loud ();
-
- /* We should now find the trusted certificate */
- handles = p11_index_find_all (test.index, cacert3, 2);
- assert_ptr_not_null (handles);
- assert (handles[0] != 0);
- assert (handles[1] == 0);
- cert = p11_index_lookup (test.index, handles[0]);
- test_check_attrs (trusted, cert);
- free (handles);
-
- /* Now add a distrutsed one, this should override the trusted */
-
- p11_message_quiet ();
-
- ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
- P11_PARSE_FLAG_BLACKLIST);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- p11_message_loud ();
-
- /* We should now find the distrusted certificate */
- handles = p11_index_find_all (test.index, cacert3, 2);
- assert_ptr_not_null (handles);
- assert (handles[0] != 0);
- assert (handles[1] == 0);
- cert = p11_index_lookup (test.index, handles[0]);
- test_check_attrs (distrust, cert);
- free (handles);
-}
-
int
main (int argc,
char *argv[])
@@ -533,7 +415,5 @@ main (int argc,
p11_test (test_parse_thawte, "/parser/parse_thawte");
p11_test (test_parse_invalid_file, "/parser/parse_invalid_file");
p11_test (test_parse_unrecognized, "/parser/parse_unrecognized");
- p11_test (test_duplicate, "/parser/duplicate");
- p11_test (test_duplicate_priority, "/parser/duplicate_priority");
return p11_test_run (argc, argv);
}
diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c
index d372814..a518c9e 100644
--- a/trust/tests/test-token.c
+++ b/trust/tests/test-token.c
@@ -47,8 +47,14 @@
#include "message.h"
#include "token.h"
+static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
+static CK_BBOOL falsev = CK_FALSE;
+static CK_BBOOL truev = CK_TRUE;
+
struct {
p11_token *token;
+ p11_index *index;
+ char *directory;
} test;
static void
@@ -56,6 +62,19 @@ setup (void *path)
{
test.token = p11_token_new (333, path, "Label");
assert_ptr_not_null (test.token);
+
+ test.index = p11_token_index (test.token);
+ assert_ptr_not_null (test.token);
+}
+
+static void
+setup_temp (void *unused)
+{
+ test.directory = p11_path_expand ("$TEMP/test-module.XXXXXX");
+ if (!mkdtemp (test.directory))
+ assert_not_reached ();
+
+ setup (test.directory);
}
static void
@@ -66,15 +85,23 @@ teardown (void *path)
}
static void
+teardown_temp (void *unused)
+{
+ test_delete_directory (test.directory);
+ free (test.directory);
+ teardown (test.directory);
+}
+
+static void
test_token_load (void *path)
{
p11_index *index;
int count;
count = p11_token_load (test.token);
- assert_num_eq (7, count);
+ assert_num_eq (6, count);
- /* A certificate and trust object for each parsed object + builtin */
+ /* A certificate and trust object for each parsed object */
index = p11_token_index (test.token);
assert (((count - 1) * 2) + 1 <= p11_index_size (index));
}
@@ -82,10 +109,6 @@ test_token_load (void *path)
static void
test_token_flags (void *path)
{
- CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
- CK_BBOOL falsev = CK_FALSE;
- CK_BBOOL truev = CK_TRUE;
-
/*
* blacklist comes from the input/distrust.pem file. It is not in the blacklist
* directory, but is an OpenSSL trusted certificate file, and is marked
@@ -228,24 +251,8 @@ test_not_writable (void)
static void
test_writable_exists (void)
{
- char *directory;
- p11_token *token;
-
- directory = p11_path_expand ("$TEMP/test-module.XXXXXX");
- if (!mkdtemp (directory))
- assert_not_reached ();
-
- token = p11_token_new (333, directory, "Label");
-
/* A writable directory since we created it */
- assert (p11_token_is_writable (token));
-
- p11_token_free (token);
-
- if (rmdir (directory) < 0)
- assert_not_reached ();
-
- free (directory);
+ assert (p11_token_is_writable (test.token));
}
static void
@@ -276,6 +283,196 @@ test_writable_no_exist (void)
free (directory);
}
+static void
+test_load_already (void)
+{
+ CK_ATTRIBUTE cert[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_INVALID },
+ };
+
+ CK_OBJECT_HANDLE handle;
+ int ret;
+
+ test_write_file (test.directory, "test.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 1);
+ handle = p11_index_find (test.index, cert, -1);
+ assert (handle != 0);
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 0);
+ assert_num_eq (p11_index_find (test.index, cert, -1), handle);
+}
+
+static void
+test_load_unreadable (void)
+{
+ CK_ATTRIBUTE cert[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_INVALID },
+ };
+
+ int ret;
+
+ test_write_file (test.directory, "test.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 1);
+ assert (p11_index_find (test.index, cert, -1) != 0);
+
+ test_write_file (test.directory, "test.cer", "", 0);
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 0);
+ assert (p11_index_find (test.index, cert, -1) == 0);
+}
+
+static void
+test_load_gone (void)
+{
+ CK_ATTRIBUTE cert[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_INVALID },
+ };
+
+ int ret;
+
+ test_write_file (test.directory, "test.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 1);
+ assert (p11_index_find (test.index, cert, -1) != 0);
+
+ test_delete_file (test.directory, "test.cer");
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 0);
+ assert (p11_index_find (test.index, cert, -1) == 0);
+}
+
+static void
+test_load_found (void)
+{
+ CK_ATTRIBUTE cert[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_INVALID },
+ };
+
+ int ret;
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 0);
+ assert (p11_index_find (test.index, cert, -1) == 0);
+
+ test_write_file (test.directory, "test.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 1);
+ assert (p11_index_find (test.index, cert, -1) != 0);
+}
+
+static void
+test_reload_changed (void)
+{
+ CK_ATTRIBUTE cacert3[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_INVALID },
+ };
+
+ CK_ATTRIBUTE verisign[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
+ { CKA_INVALID },
+ };
+
+ CK_ATTRIBUTE *attrs;
+ CK_OBJECT_HANDLE handle;
+ int ret;
+
+ /* Just one file */
+ test_write_file (test.directory, "test.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 1);
+ handle = p11_index_find (test.index, cacert3, -1);
+ assert (handle != 0);
+
+ /* Replace the file with verisign */
+ test_write_file (test.directory, "test.cer", verisign_v1_ca,
+ sizeof (verisign_v1_ca));
+
+ /* Add another file with cacert3, but not reloaded */
+ test_write_file (test.directory, "another.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+
+ attrs = p11_index_lookup (test.index, handle);
+ assert_ptr_not_null (attrs);
+ p11_token_reload (test.token, attrs);
+
+ assert (p11_index_find (test.index, cacert3, -1) == 0);
+ assert (p11_index_find (test.index, verisign, -1) != 0);
+}
+
+static void
+test_reload_gone (void)
+{
+ CK_ATTRIBUTE cacert3[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
+ { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+ { CKA_INVALID },
+ };
+
+ CK_ATTRIBUTE verisign[] = {
+ { CKA_CLASS, &certificate, sizeof (certificate) },
+ { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
+ { CKA_INVALID },
+ };
+
+ CK_ATTRIBUTE *attrs;
+ CK_OBJECT_HANDLE handle;
+ int ret;
+
+ /* Just one file */
+ test_write_file (test.directory, "cacert3.cer", test_cacert3_ca_der,
+ sizeof (test_cacert3_ca_der));
+ test_write_file (test.directory, "verisign.cer", verisign_v1_ca,
+ sizeof (verisign_v1_ca));
+
+ ret = p11_token_load (test.token);
+ assert_num_eq (ret, 2);
+ handle = p11_index_find (test.index, cacert3, -1);
+ assert (handle != 0);
+ assert (p11_index_find (test.index, verisign, -1) != 0);
+
+ test_delete_file (test.directory, "cacert3.cer");
+ test_delete_file (test.directory, "verisign.cer");
+
+ attrs = p11_index_lookup (test.index, handle);
+ assert_ptr_not_null (attrs);
+ p11_token_reload (test.token, attrs);
+
+ assert (p11_index_find (test.index, cacert3, -1) == 0);
+ assert (p11_index_find (test.index, verisign, -1) != 0);
+}
+
int
main (int argc,
char *argv[])
@@ -283,16 +480,22 @@ main (int argc,
p11_fixture (setup, teardown);
p11_testx (test_token_load, SRCDIR "/input", "/token/load");
p11_testx (test_token_flags, SRCDIR "/input", "/token/flags");
-
- p11_fixture (setup, teardown);
p11_testx (test_token_path, "/wheee", "/token/path");
p11_testx (test_token_label, "/wheee", "/token/label");
p11_testx (test_token_slot, "/unneeded", "/token/slot");
p11_fixture (NULL, NULL);
p11_test (test_not_writable, "/token/not-writable");
- p11_test (test_writable_exists, "/token/writable-exists");
p11_test (test_writable_no_exist, "/token/writable-no-exist");
+ p11_fixture (setup_temp, teardown_temp);
+ p11_test (test_writable_exists, "/token/writable-exists");
+ p11_test (test_load_found, "/token/load-found");
+ p11_test (test_load_already, "/token/load-already");
+ p11_test (test_load_unreadable, "/token/load-unreadable");
+ p11_test (test_load_gone, "/token/load-gone");
+ p11_test (test_reload_changed, "/token/reload-changed");
+ p11_test (test_reload_gone, "/token/reload-gone");
+
return p11_test_run (argc, argv);
}
diff --git a/trust/tests/test-trust.c b/trust/tests/test-trust.c
index 33ba19e..fceaea7 100644
--- a/trust/tests/test-trust.c
+++ b/trust/tests/test-trust.c
@@ -324,3 +324,78 @@ test_check_directory_msg (const char *file,
p11_dict_free (files);
}
+
+void
+test_write_file_msg (const char *file,
+ int line,
+ const char *function,
+ const char *directory,
+ const char *name,
+ const void *contents,
+ size_t length)
+{
+ char *path;
+ FILE *f;
+
+ if (asprintf (&path, "%s/%s", directory, name) < 0)
+ assert_not_reached ();
+
+ f = fopen (path, "wb");
+ if (f == NULL) {
+ p11_test_fail (file, line, function, "Couldn't open file for writing: %s: %s",
+ path, strerror (errno));
+ }
+
+ if (fwrite (contents, 1, length, f) != length ||
+ fclose (f) != 0) {
+ p11_test_fail (file, line, function, "Couldn't write file: %s: %s",
+ path, strerror (errno));
+ }
+
+ free (path);
+}
+
+void
+test_delete_file_msg (const char *file,
+ int line,
+ const char *function,
+ const char *directory,
+ const char *name)
+{
+ char *path;
+
+ if (asprintf (&path, "%s/%s", directory, name) < 0)
+ assert_not_reached ();
+
+ if (unlink (path) < 0)
+ p11_test_fail (file, line, function, "Couldn't delete file: %s", path);
+
+ free (path);
+}
+
+void
+test_delete_directory_msg (const char *file,
+ int line,
+ const char *function,
+ const char *directory)
+{
+ struct dirent *dp;
+ DIR *dir;
+
+ dir = opendir (directory);
+ if (dir == NULL)
+ p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory);
+
+ while ((dp = readdir (dir)) != NULL) {
+ if (strcmp (dp->d_name, ".") == 0 ||
+ strcmp (dp->d_name, "..") == 0)
+ continue;
+
+ test_delete_file_msg (file, line, function, directory, dp->d_name);
+ }
+
+ closedir (dir);
+
+ if (rmdir (directory) < 0)
+ p11_test_fail (file, line, function, "Couldn't remove directory: %s", directory);
+}
diff --git a/trust/tests/test-trust.h b/trust/tests/test-trust.h
index 18ca13c..4d2c5bf 100644
--- a/trust/tests/test-trust.h
+++ b/trust/tests/test-trust.h
@@ -344,4 +344,32 @@ void test_check_directory_msg (const char *file,
(test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \
test_check_directory_files files))
+#define test_write_file(directory, name, data, length) \
+ (test_write_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length))
+
+void test_write_file_msg (const char *file,
+ int line,
+ const char *function,
+ const char *directory,
+ const char *name,
+ const void *contents,
+ size_t length);
+
+#define test_delete_file(directory, name) \
+ (test_delete_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name))
+
+void test_delete_file_msg (const char *file,
+ int line,
+ const char *function,
+ const char *directory,
+ const char *name);
+
+#define test_delete_directory(directory) \
+ (test_delete_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory))
+
+void test_delete_directory_msg (const char *file,
+ int line,
+ const char *function,
+ const char *directory);
+
#endif /* TEST_DATA_H_ */