/*

 * Copyright (c) 2016 Red Hat Inc

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 *     * Redistributions of source code must retain the above

 *       copyright notice, this list of conditions and the

 *       following disclaimer.

 *     * Redistributions in binary form must reproduce the

 *       above copyright notice, this list of conditions and

 *       the following disclaimer in the documentation and/or

 *       other materials provided with the distribution.

 *     * The names of contributors to this software may not be

 *       used to endorse or promote products derived from this

 *       software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF

 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH

 * DAMAGE.

 *

 * Author: Daiki Ueno

 */

#include "config.h"

#include "test.h"

#include "dict.h"

#include "library.h"

#include "filter.h"

#include "mock.h"

#include "modules.h"

#include "p11-kit.h"

#include "virtual.h"

#include <errno.h>

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

static CK_TOKEN_INFO TOKEN_ONE = {

	"TEST LABEL                      ",

	"TEST MANUFACTURER               ",

	"TEST MODEL      ",

	"TEST SERIAL     ",

	CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED,

	1,

	2,

	3,

	4,

	5,

	6,

	7,

	8,

	9,

	10,

	{ 75, 175 },

	{ 85, 185 },

	{ '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' }

};

static void

test_allowed (void)

{

	CK_FUNCTION_LIST_PTR module;

	CK_SLOT_ID slots[1], slot;

	CK_SLOT_INFO slot_info;

	CK_TOKEN_INFO token_info;

	CK_MECHANISM_TYPE mechs[8];

	CK_MECHANISM_INFO mech;

	CK_SESSION_HANDLE session = 0;

	p11_virtual virt;

	p11_virtual *filter;

	CK_ULONG count;

	CK_RV rv;

	p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL);

	filter = p11_filter_subclass (&virt, NULL);

	module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit);

	assert_ptr_not_null (module);

	p11_filter_allow_token (filter, &TOKEN_ONE);

	rv = (module->C_Initialize) (NULL);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetSlotList) (CK_TRUE, NULL, NULL);

	assert_num_eq (CKR_ARGUMENTS_BAD, rv);

	rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (count, 1);

	count = 0;

	rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);

	assert_num_eq (CKR_BUFFER_TOO_SMALL, rv);

	count = 1;

	rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (count, 1);

	rv = (module->C_GetSlotInfo) (99, &slot_info);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetSlotInfo) (slots[0], &slot_info);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetTokenInfo) (99, &token_info);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetTokenInfo) (slots[0], &token_info);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetMechanismList) (99, NULL, &count);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetMechanismList) (slots[0], NULL, &count);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetMechanismList) (slots[0], mechs, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (2, count);

	rv = (module->C_GetMechanismInfo) (99, mechs[0], &mech);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetMechanismInfo) (slots[0], mechs[0], &mech);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_InitToken) (99, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_InitToken) (slots[0], (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_WaitForSlotEvent) (0, &slot, NULL);

	assert_num_eq (CKR_FUNCTION_NOT_SUPPORTED, rv);

	rv = (module->C_OpenSession) (99, CKF_SERIAL_SESSION, NULL, NULL, &session);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_OpenSession) (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_CloseAllSessions) (99);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_CloseAllSessions) (slots[0]);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_Finalize) (NULL);

	assert_num_eq (CKR_OK, rv);

	p11_virtual_unwrap (module);

	p11_filter_release (filter);

}

static void

test_denied (void)

{

	CK_FUNCTION_LIST_PTR module;

	p11_virtual virt;

	p11_virtual *filter;

	CK_ULONG count;

	CK_RV rv;

	p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL);

	filter = p11_filter_subclass (&virt, NULL);

	module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit);

	assert_ptr_not_null (module);

	p11_filter_deny_token (filter, &TOKEN_ONE);

	rv = (module->C_Initialize) (NULL);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (count, 0);

	rv = (module->C_Finalize) (NULL);

	assert_num_eq (CKR_OK, rv);

	p11_virtual_unwrap (module);

	p11_filter_release (filter);

}

static void

test_write_protected (void)

{

	CK_FUNCTION_LIST_PTR module;

	CK_SLOT_ID slots[1], slot;

	CK_SLOT_INFO slot_info;

	CK_TOKEN_INFO token_info;

	CK_TOKEN_INFO token_one;

	CK_MECHANISM_TYPE mechs[8];

	CK_MECHANISM_INFO mech;

	CK_SESSION_HANDLE session = 0;

	p11_virtual virt;

	p11_virtual *filter;

	CK_ULONG count;

	CK_RV rv;

	p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL);

	filter = p11_filter_subclass (&virt, NULL);

	module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit);

	assert_ptr_not_null (module);

	memcpy (&token_one, &TOKEN_ONE, sizeof (CK_TOKEN_INFO));

	token_one.flags |= CKF_WRITE_PROTECTED;

	p11_filter_allow_token (filter, &token_one);

	rv = (module->C_Initialize) (NULL);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetSlotList) (CK_TRUE, NULL, NULL);

	assert_num_eq (CKR_ARGUMENTS_BAD, rv);

	rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (count, 1);

	count = 0;

	rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);

	assert_num_eq (CKR_BUFFER_TOO_SMALL, rv);

	count = 1;

	rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (count, 1);

	rv = (module->C_GetSlotInfo) (99, &slot_info);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetSlotInfo) (slots[0], &slot_info);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetTokenInfo) (99, &token_info);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetTokenInfo) (slots[0], &token_info);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetMechanismList) (99, NULL, &count);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetMechanismList) (slots[0], NULL, &count);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_GetMechanismList) (slots[0], mechs, &count);

	assert_num_eq (CKR_OK, rv);

	assert_num_eq (2, count);

	rv = (module->C_GetMechanismInfo) (99, mechs[0], &mech);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_GetMechanismInfo) (slots[0], mechs[0], &mech);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_InitToken) (99, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_InitToken) (slots[0], (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");

	assert_num_eq (CKR_TOKEN_WRITE_PROTECTED, rv);

	rv = (module->C_WaitForSlotEvent) (0, &slot, NULL);

	assert_num_eq (CKR_FUNCTION_NOT_SUPPORTED, rv);

	rv = (module->C_OpenSession) (99, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_OpenSession) (slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session);

	assert_num_eq (CKR_TOKEN_WRITE_PROTECTED, rv);

	rv = (module->C_CloseAllSessions) (99);

	assert_num_eq (CKR_SLOT_ID_INVALID, rv);

	rv = (module->C_CloseAllSessions) (slots[0]);

	assert_num_eq (CKR_OK, rv);

	rv = (module->C_Finalize) (NULL);

	assert_num_eq (CKR_OK, rv);

	p11_virtual_unwrap (module);

	p11_filter_release (filter);

}

int

main (int argc,

      char *argv[])

{

	p11_library_init ();

	mock_module_init ();

	p11_test (test_allowed, "/filter/test_allowed");

	p11_test (test_denied, "/filter/test_denied");

	p11_test (test_write_protected, "/filter/test_write_protected");

	return p11_test_run (argc, argv);

}