diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-03 12:47:14 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-03 13:14:48 +0200 |
commit | a2165fe35e336fd807af053a21a396b020f90a23 (patch) | |
tree | a4f62b49fcd4fff87aa8a9213912b4426315bd74 /trust/tests | |
parent | 269c4c2e82543de273fa9415dec1b9b6e00c51af (diff) |
trust: Initial support for writing out token objects
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
Diffstat (limited to 'trust/tests')
-rw-r--r-- | trust/tests/test-module.c | 126 | ||||
-rw-r--r-- | trust/tests/test-parser.c | 1 | ||||
-rw-r--r-- | trust/tests/test-token.c | 110 | ||||
-rw-r--r-- | trust/tests/test-trust.c | 1 |
4 files changed, 227 insertions, 11 deletions
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index f5d882e..f1813a3 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -46,6 +46,7 @@ #include "hash.h" #include "library.h" #include "path.h" +#include "parser.h" #include "pkcs11x.h" #include "token.h" @@ -67,6 +68,8 @@ struct { CK_FUNCTION_LIST *module; CK_SLOT_ID slots[NUM_SLOTS]; char *directory; + p11_asn1_cache *cache; + p11_parser *parser; } test; static void @@ -109,6 +112,10 @@ teardown (void *unused) { CK_RV rv; + if (test.parser) + p11_parser_free (test.parser); + p11_asn1_cache_free (test.cache); + rv = test.module->C_Finalize (NULL); assert (rv == CKR_OK); @@ -150,6 +157,9 @@ setup_writable (void *unused) rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); assert_num_eq (rv, CKR_OK); assert_num_eq (count, 1); + + test.cache = p11_asn1_cache_new (); + test.parser = p11_parser_new (test.cache); } static void @@ -449,7 +459,6 @@ check_trust_object_equiv (CK_SESSION_HANDLE session, unsigned char subject[1024]; unsigned char issuer[1024]; unsigned char serial[128]; - CK_BBOOL modifiable; CK_BBOOL private; CK_BBOOL token; CK_RV rv; @@ -458,14 +467,13 @@ check_trust_object_equiv (CK_SESSION_HANDLE session, CK_ATTRIBUTE equiv[] = { { CKA_TOKEN, &token, sizeof (token) }, { CKA_PRIVATE, &private, sizeof (private) }, - { CKA_MODIFIABLE, &modifiable, sizeof (modifiable) }, { CKA_ISSUER, issuer, sizeof (issuer) }, { CKA_SUBJECT, subject, sizeof (subject) }, { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, { CKA_INVALID, }, }; - rv = test.module->C_GetAttributeValue (session, trust, equiv, 6); + rv = test.module->C_GetAttributeValue (session, trust, equiv, 5); assert_num_eq (CKR_OK, rv); test_check_attrs (equiv, cert); @@ -541,7 +549,6 @@ check_certificate (CK_SESSION_HANDLE session, CK_DATE start; CK_DATE end; CK_ULONG category; - CK_BBOOL modifiable; CK_BBOOL private; CK_BBOOL token; CK_RV rv; @@ -550,7 +557,6 @@ check_certificate (CK_SESSION_HANDLE session, { CKA_CLASS, &klass, sizeof (klass) }, { CKA_TOKEN, &token, sizeof (token) }, { CKA_PRIVATE, &private, sizeof (private) }, - { CKA_MODIFIABLE, &modifiable, sizeof (modifiable) }, { CKA_VALUE, value, sizeof (value) }, { CKA_ISSUER, issuer, sizeof (issuer) }, { CKA_SUBJECT, subject, sizeof (subject) }, @@ -566,8 +572,8 @@ check_certificate (CK_SESSION_HANDLE session, }; /* Note that we don't pass the CKA_INVALID attribute in */ - rv = test.module->C_GetAttributeValue (session, handle, attrs, 15); - assert (rv == CKR_OK); + rv = test.module->C_GetAttributeValue (session, handle, attrs, 14); + assert_num_eq (rv, CKR_OK); /* If this is the cacert3 certificate, check its values */ if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) { @@ -1064,6 +1070,110 @@ test_session_read_only_create (void) assert_num_eq (rv, CKR_SESSION_READ_ONLY); } +static void +test_create_and_write (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "yay.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_modify_and_write (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_VALUE, "eight", 5 }, + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_MODIFIABLE, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "nine", 4 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 5, &handle); + assert_num_eq (rv, CKR_OK); + + /* Now modify the object */ + original[0].pValue = "nine"; + original[0].ulValueLen = 4; + + rv = test.module->C_SetAttributeValue (session, handle, original, 5); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "yay.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + int main (int argc, char *argv[]) @@ -1100,6 +1210,8 @@ main (int argc, p11_fixture (setup_writable, teardown); p11_test (test_token_writable, "/module/token-writable"); p11_test (test_session_read_only_create, "/module/session-read-only-create"); + p11_test (test_create_and_write, "/module/create-and-write"); + p11_test (test_modify_and_write, "/module/modify-and-write"); return p11_test_run (argc, argv); } diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c index 3eee984..b8d31df 100644 --- a/trust/tests/test-parser.c +++ b/trust/tests/test-parser.c @@ -165,7 +165,6 @@ test_parse_p11_kit_persist (void) { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, { CKA_CLASS, &certificate, sizeof (certificate) }, { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, - { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, { CKA_TRUSTED, &truev, sizeof (truev) }, { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, { CKA_INVALID }, diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c index a518c9e..6b998ca 100644 --- a/trust/tests/test-token.c +++ b/trust/tests/test-token.c @@ -42,18 +42,21 @@ #include "attrs.h" #include "debug.h" +#include "parser.h" #include "path.h" #include "pkcs11x.h" #include "message.h" #include "token.h" static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS data = CKO_DATA; static CK_BBOOL falsev = CK_FALSE; static CK_BBOOL truev = CK_TRUE; struct { p11_token *token; p11_index *index; + p11_parser *parser; char *directory; } test; @@ -65,6 +68,9 @@ setup (void *path) test.index = p11_token_index (test.token); assert_ptr_not_null (test.token); + + test.parser = p11_token_parser (test.token); + assert_ptr_not_null (test.parser); } static void @@ -424,7 +430,8 @@ test_reload_changed (void) attrs = p11_index_lookup (test.index, handle); assert_ptr_not_null (attrs); - p11_token_reload (test.token, attrs); + if (!p11_token_reload (test.token, attrs)) + assert_not_reached (); assert (p11_index_find (test.index, cacert3, -1) == 0); assert (p11_index_find (test.index, verisign, -1) != 0); @@ -467,12 +474,108 @@ test_reload_gone (void) attrs = p11_index_lookup (test.index, handle); assert_ptr_not_null (attrs); - p11_token_reload (test.token, attrs); + if (p11_token_reload (test.token, attrs)) + assert_not_reached (); assert (p11_index_find (test.index, cacert3, -1) == 0); assert (p11_index_find (test.index, verisign, -1) != 0); } +static void +test_reload_no_origin (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + if (p11_token_reload (test.token, cacert3)) + assert_not_reached (); +} + +static void +test_write_new (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "Yay!", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "Yay!", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + rv = p11_index_add (test.index, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "Yay_.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_write_no_label (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "", 0 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + rv = p11_index_add (test.index, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "data.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + int main (int argc, char *argv[]) @@ -496,6 +599,9 @@ main (int argc, p11_test (test_load_gone, "/token/load-gone"); p11_test (test_reload_changed, "/token/reload-changed"); p11_test (test_reload_gone, "/token/reload-gone"); + p11_test (test_reload_no_origin, "/token/reload-no-origin"); + p11_test (test_write_new, "/token/write-new"); + p11_test (test_write_no_label, "/token/write-no-label"); return p11_test_run (argc, argv); } diff --git a/trust/tests/test-trust.c b/trust/tests/test-trust.c index fceaea7..205a08a 100644 --- a/trust/tests/test-trust.c +++ b/trust/tests/test-trust.c @@ -64,7 +64,6 @@ test_check_object_msg (const char *file, CK_ATTRIBUTE expected[] = { { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, - { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, { CKA_CLASS, &klass, sizeof (klass) }, { label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 }, { CKA_INVALID }, |