diff -r 2455ef1f5bbc -r d5e927d5853b javacommons/security/tsrc/javasrc/com/nokia/mj/impl/security/midp/authentication/AuthenticationModuleTests.java --- a/javacommons/security/tsrc/javasrc/com/nokia/mj/impl/security/midp/authentication/AuthenticationModuleTests.java Wed Sep 01 12:33:18 2010 +0100 +++ b/javacommons/security/tsrc/javasrc/com/nokia/mj/impl/security/midp/authentication/AuthenticationModuleTests.java Tue Sep 14 21:06:50 2010 +0300 @@ -179,7 +179,8 @@ authenticationModule.removeSecurityData(session, appUID); try { - authenticationModule.authenticateJar(session, appUID,null,"somethingWhichDoesNotExist", false); + authenticationModule.authenticateJar(appUID,null,"somethingWhichDoesNotExist", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(false); } catch (InstallerSecurityException e) @@ -193,13 +194,15 @@ authenticationModule.removeSecurityData(session, appUID); // 3. unsigned, install from JAR authenticationModule.removeSecurityData(session, appUID); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(authenticationModule.getProtectionDomainCategory(session, appUID).equals(ApplicationInfo.UNIDENTIFIED_THIRD_PARTY_DOMAIN) && authenticationModule.getCertificatesDetails(session, appUID) == null); authenticationModule.removeSecurityData(session, appUID); - // 3.1. unsigned, install from JAR, no session provided to authenticateJar -> no authentication data stored to storage + // 3.1. unsigned, install from JAR, no session provided to addSecurityData -> no authentication data stored to storage authenticationModule.removeSecurityData(session, appUID); - authenticationModule.authenticateJar(null, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(null, appUID, null); StorageEntry query = new StorageEntry(); query.addAttribute(new StorageAttribute( StorageAttribute.ID, @@ -231,13 +234,15 @@ credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); assertTrue(credentials != null && credentials.length == 1 && credentials[0].getProtectionDomainName().equals("UnidentifiedThirdParty") && authenticationModule.getCertificatesDetails(session, appUID) == null); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(authenticationModule.getProtectionDomainCategory(session, appUID).equals(ApplicationInfo.UNIDENTIFIED_THIRD_PARTY_DOMAIN)); authenticationModule.removeSecurityData(session, appUID); // 5. upgrade of authentication storage data authenticationModule.removeSecurityData(session, appUID); storage.writeAuthenticationStorageData(appUID, new AuthenticationStorageData("UnidentifiedThirdParty", ApplicationInfo.UNIDENTIFIED_THIRD_PARTY_DOMAIN, "jarHash", "rootHash", new Vector())); - authenticationModule.authenticateJar(session, appUID,appUID,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,appUID,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, appUID); assertTrue(authenticationModule.getProtectionDomainCategory(session, appUID).equals(ApplicationInfo.UNIDENTIFIED_THIRD_PARTY_DOMAIN) && authenticationModule.getCertificatesDetails(session, appUID) == null); authenticationModule.removeSecurityData(session, appUID); @@ -272,7 +277,8 @@ securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); details = (SigningCertificate[])authenticationModule.getCertificatesDetails(session, appUID); - authenticationModule.authenticateJar(session, appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); // this empties the cache as well authenticationModule.removeSecurityData(session, appUID); @@ -359,7 +365,8 @@ authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); try { - authenticationModule.authenticateJar(session, appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "modified_app.jar", false); + authenticationModule.authenticateJar(appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "modified_app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(INVALID_CERTIFICATE_SIGNATURE_MSG, false); } catch (InstallerSecurityException e) @@ -552,7 +559,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.IDENTIFIED_THIRD_PARTY_DOMAIN)); // 17. Developer Certificates/Manufacturer - sign to operator party domain @@ -566,7 +574,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.OPERATOR_DOMAIN)); // 18. Developer Certificates/Manufacturer - sign to manufacturer domain @@ -580,7 +589,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.MANUFACTURER_DOMAIN)); // 19. Developer Certificates/Operator - sign to trusted third party domain @@ -594,7 +604,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.IDENTIFIED_THIRD_PARTY_DOMAIN)); // 20. Developer Certificates/Operator - sign to operator party domain @@ -608,7 +619,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.OPERATOR_DOMAIN)); // 21. Developer Certificates/Operator - sign to manufacturer domain -> still the operator domain is used @@ -622,7 +634,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.OPERATOR_DOMAIN)); // 22. Developer Certificates/TrustedThirdParty - sign to manufacturer domain -> still the trusted third party domain is used @@ -636,7 +649,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.IDENTIFIED_THIRD_PARTY_DOMAIN)); // 23. Developer Certificates/TrustedThirdParty - sign to operator domain -> still the trusted third party domain is used @@ -650,7 +664,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.IDENTIFIED_THIRD_PARTY_DOMAIN)); // 24. Developer Certificates - no domain info -> fail @@ -687,7 +702,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); domainCategory = authenticationModule.getProtectionDomainCategory(session, appUID); assertTrue(domainCategory.equals(ApplicationInfo.IDENTIFIED_THIRD_PARTY_DOMAIN)); // 26. Developer Certificates - empty IMEI list -> failure @@ -807,7 +823,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); SigningInfo info = authenticationModule.getSigningInfo("appName","appVersion","appVendor"); // app is unknown assertTrue(info == null); @@ -851,7 +868,8 @@ securityAttributes = new SecurityAttributes(); securityAttributes.addDescriptorAttributes(allAttributes); authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); - authenticationModule.authenticateJar(session, appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.authenticateJar(appUID, null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar", false); + authenticationModule.addSecurityData(session, appUID, null); info = authenticationModule.getSigningInfo("appName","appVersion","appVendor"); assertTrue(info.getProtectionDomain() != null && info.getProtectionDomain().getName() != null @@ -958,7 +976,8 @@ authenticationModule.removeSecurityData(session, appUID); try { - authenticationModule.authenticateJar(session, appUID, null, domain, TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar"); + authenticationModule.authenticateJar(appUID, null, domain, TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "app.jar"); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(!expectToFail); } catch (InstallerSecurityException e) @@ -1200,7 +1219,8 @@ allAttributes.clear(); allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP3)); securityAttributes.addManifestAttributes(allAttributes); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(true); // PreInstallation: ocsp disabled, warning undefined, silent mode ocspSettings = new OcspSettings(OcspSettings.OCSP_MODE_DISABLED, OcspSettings.OCSP_WARNING_UNDEFINED, true, "0", "0"); @@ -1218,7 +1238,8 @@ allAttributes.clear(); allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP3)); securityAttributes.addManifestAttributes(allAttributes); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(true); // PreInstallation: ocsp enabled, warning ignore, silent mode, ocsp url not set ocspSettings = new OcspSettings(OcspSettings.OCSP_MODE_ENABLED, OcspSettings.OCSP_WARNING_IGNORE, true, "0", "0"); @@ -1236,7 +1257,8 @@ allAttributes.clear(); allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP3)); securityAttributes.addManifestAttributes(allAttributes); - authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + authenticationModule.authenticateJar(appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + authenticationModule.addSecurityData(session, appUID, null); assertTrue(true); }