Implement tests with second PKI object

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

6 files changed, 105 insertions, 17 deletions

diff --git a/tests/common.c b/tests/common.c
index e5bc3e2..d1681f2 100644
--- a/tests/common.c
+++ b/tests/common.c
@@ -192,7 +192,7 @@ void get_properties_coid(VReader *reader, const unsigned char coid[2],
 
                 case 0x43: /* PKI properties */
                     g_assert_cmphex(p2[0], ==, 0x06);
-                    if (hw_tests) {
+                    if (hw_tests && object_type == TEST_PKI) {
                         /* Assuming CAC card with 1024 b RSA keys */
                         key_bits = 1024;
                     } else {
@@ -248,7 +248,7 @@ void get_properties_coid(VReader *reader, const unsigned char coid[2],
         g_assert_cmpint(num_objects_expected, ==, 0);
     }
 
-    if (object_type == TEST_PKI) {
+    if (object_type == TEST_PKI || object_type == TEST_PKI_2) {
         g_assert_cmpint(verified_pki_properties, ==, 1);
     }
 
@@ -307,12 +307,17 @@ void get_properties(VReader *reader, int object_type)
     unsigned char coid[2];
     switch (object_type) {
     case TEST_PKI:
-        // XXX only the first PKI for now
         coid[0] = 0x01;
         coid[1] = 0x00;
         get_properties_coid(reader, coid, object_type);
         break;
 
+    case TEST_PKI_2:
+        coid[0] = 0x01;
+        coid[1] = 0x01;
+        get_properties_coid(reader, coid, object_type);
+        break;
+
     case TEST_CCC:
         coid[0] = 0xDB;
         coid[1] = 0x00;
@@ -426,6 +431,10 @@ void select_applet(VReader *reader, int type)
         /* Select first PKI Applet */
         0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00
     };
+    uint8_t selfile_pki_2[] = {
+        /* Select second PKI Applet */
+        0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x01
+    };
     uint8_t selfile_passthrough[] = {
         /* Select Person Instance (passthrough) */
         0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0x00
@@ -442,6 +451,11 @@ void select_applet(VReader *reader, int type)
         aid_len = sizeof(selfile_pki);
         break;
 
+    case TEST_PKI_2:
+        aid = selfile_pki_2;
+        aid_len = sizeof(selfile_pki_2);
+        break;
+
     case TEST_CCC:
         aid = selfile_ccc;
         aid_len = sizeof(selfile_ccc);
@@ -562,7 +576,7 @@ void do_sign(VReader *reader, int parts)
 
 }
 
-void do_decipher(VReader *reader)
+void do_decipher(VReader *reader, int type)
 {
     VReaderStatus status;
     int dwRecvLength = APDUBufSize;
@@ -589,14 +603,30 @@ void do_decipher(VReader *reader)
 
     /* Read the encrypted file */
     if (hw_tests) {
-        filename = g_test_build_filename(G_TEST_BUILT, "01.crypt", NULL);
+        const char *name;
+        if (type == TEST_PKI) {
+            name = "01.crypt";
+        } else if (type == TEST_PKI_2) {
+            name = "02.crypt";
+        } else {
+            g_assert_not_reached();
+        }
+        filename = g_test_build_filename(G_TEST_BUILT, name, NULL);
     } else {
         /* Generated from existing db using:
          * echo "1234567890" > data
          * certutil -L -d sql:$PWD/tests/db/ -n cert1 -r > tests/db.cert
          * openssl rsautl -encrypt -inkey "tests/db.cert" -keyform DER -certin -in data -out "tests/db.crypt"
          */
-        filename = g_test_build_filename(G_TEST_DIST, "db.crypt", NULL);
+        const char *name;
+        if (type == TEST_PKI) {
+            name = "db.crypt";
+        } else if (type == TEST_PKI_2) {
+            name = "db2.crypt";
+        } else {
+            g_assert_not_reached();
+        }
+        filename = g_test_build_filename(G_TEST_DIST, name, NULL);
     }
     if (!g_file_get_contents(filename, &ciphertext, &ciphertext_len, NULL)) {
         g_test_skip("The encrypted file not found");
diff --git a/tests/common.h b/tests/common.h
index db217b4..459d980 100644
--- a/tests/common.h
+++ b/tests/common.h
@@ -17,12 +17,13 @@
 
 enum {
     TEST_PKI = 1,
-    TEST_CCC = 2,
-    TEST_ACA = 3,
-    TEST_GENERIC = 4,
-    TEST_EMPTY_BUFFER = 5,
-    TEST_EMPTY = 6,
-    TEST_PASSTHROUGH = 7,
+    TEST_PKI_2,
+    TEST_CCC,
+    TEST_ACA,
+    TEST_GENERIC,
+    TEST_EMPTY_BUFFER,
+    TEST_EMPTY,
+    TEST_PASSTHROUGH,
 };
 
 void select_coid_good(VReader *reader, unsigned char *coid);
@@ -40,7 +41,7 @@ void read_buffer(VReader *reader, uint8_t type, int object_type);
 
 void do_sign(VReader *reader, int parts);
 
-void do_decipher(VReader *reader);
+void do_decipher(VReader *reader, int type);
 
 void test_empty_applets(void);
 
diff --git a/tests/db2.crypt b/tests/db2.crypt
new file mode 100644
index 0000000..dc6f53f
--- /dev/null
+++ b/tests/db2.crypt
diff --git a/tests/hwtests.c b/tests/hwtests.c
index 3684642..2474578 100644
--- a/tests/hwtests.c
+++ b/tests/hwtests.c
@@ -256,6 +256,17 @@ static void test_sign(void)
     /* test also multipart signatures */
     do_sign(reader, 1);
 
+    /* select the second PKI */
+    select_applet(reader, TEST_PKI_2);
+
+    /* get properties to figure out the key length */
+    get_properties(reader, TEST_PKI_2);
+
+    do_sign(reader, 0);
+
+    /* test also multipart signatures */
+    do_sign(reader, 1);
+
     vreader_free(reader); /* get by id ref */
 }
 
@@ -281,7 +292,15 @@ static void test_decipher(void)
     /* get properties to figure out the key length */
     get_properties(reader, TEST_PKI);
 
-    do_decipher(reader);
+    do_decipher(reader, TEST_PKI);
+
+    /* select the second PKI */
+    select_applet(reader, TEST_PKI_2);
+
+    /* get properties to figure out the key length */
+    get_properties(reader, TEST_PKI_2);
+
+    do_decipher(reader, TEST_PKI_2);
 
     vreader_free(reader); /* get by id ref */
 }
@@ -318,7 +337,7 @@ static void test_sign_bad_data_x509(void)
 0x00 /* <-- [Le] */
     };
     int sign_len = sizeof(sign);
-    int key_bits = getBits();
+    int key_bits;
 
     g_assert_nonnull(reader);
 
@@ -329,6 +348,10 @@ static void test_sign_bad_data_x509(void)
         return;
     }
 
+    /* get properties to figure out the key length */
+    select_applet(reader, TEST_PKI);
+    get_properties(reader, TEST_PKI);
+
     /* run the actual test */
 
     key_bits = getBits();
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 5328ace..37dedbb 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -515,6 +515,25 @@ static void test_cac_pki(void)
     vreader_free(reader); /* get by id ref */
 }
 
+static void test_cac_pki_2(void)
+{
+    VReader *reader = vreader_get_reader_by_id(0);
+
+    /* select the first PKI applet */
+    select_applet(reader, TEST_PKI_2);
+
+    /* get properties */
+    get_properties(reader, TEST_PKI_2);
+
+    /* get the TAG buffer length */
+    read_buffer(reader, CAC_FILE_TAG, TEST_PKI_2);
+
+    /* get the VALUE buffer length */
+    read_buffer(reader, CAC_FILE_VALUE, TEST_PKI_2);
+
+    vreader_free(reader); /* get by id ref */
+}
+
 static void test_cac_ccc(void)
 {
     VReader *reader = vreader_get_reader_by_id(0);
@@ -579,6 +598,14 @@ static void test_sign(void)
     /* test also multipart signatures */
     do_sign(reader, 1);
 
+    /* select the second PKI */
+    select_applet(reader, TEST_PKI_2);
+
+    do_sign(reader, 0);
+
+    /* test also multipart signatures */
+    do_sign(reader, 1);
+
     vreader_free(reader); /* get by id ref */
 }
 
@@ -594,7 +621,12 @@ static void test_decipher(void)
     /* select the PKI */
     select_applet(reader, TEST_PKI);
 
-    do_decipher(reader);
+    do_decipher(reader, TEST_PKI);
+
+    /* select the PKI */
+    select_applet(reader, TEST_PKI_2);
+
+    do_decipher(reader, TEST_PKI_2);
 
     vreader_free(reader); /* get by id ref */
 }
@@ -925,6 +957,7 @@ static void test_invalid_read_buffer(void)
 
     test_invalid_read_buffer_applet(reader, TEST_CCC);
     test_invalid_read_buffer_applet(reader, TEST_PKI);
+    test_invalid_read_buffer_applet(reader, TEST_PKI_2);
     test_invalid_read_buffer_applet(reader, TEST_PASSTHROUGH);
     test_invalid_read_buffer_applet(reader, TEST_EMPTY);
 
@@ -1122,6 +1155,7 @@ int main(int argc, char *argv[])
     g_test_add_func("/libcacard/xfer", test_xfer);
     g_test_add_func("/libcacard/select-coid", test_select_coid);
     g_test_add_func("/libcacard/cac-pki", test_cac_pki);
+    g_test_add_func("/libcacard/cac-pki-2", test_cac_pki_2);
     g_test_add_func("/libcacard/cac-ccc", test_cac_ccc);
     g_test_add_func("/libcacard/cac-aca", test_cac_aca);
     g_test_add_func("/libcacard/get-response", test_get_response);
diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh
index c3874e5..f187191 100755
--- a/tests/setup-softhsm2.sh
+++ b/tests/setup-softhsm2.sh
@@ -111,7 +111,7 @@ if [ ! -d "tokens" ]; then
 
 	# Generate 1024b RSA Key pair
 	generate_cert "RSA:1024" "01" "RSA_auth"
-	#generate_cert "RSA:1024" "02" "RSA_sign"
+	generate_cert "RSA:2048" "02" "RSA_sign"
 fi
 # NSS DB
 if [ ! -d "$NSSDB" ]; then