security: Fix bug preventing customization of KeyChain's TPM on macOS
Implementation incorrectly assumed that default PIB and TPM locators are
in canonical form, potentially leading to an wrong decision to reset
contents of PIB every time KeyChain is initialized.
Change-Id: I8b30f3aa2ac74e859e9225cf03b2b43af27d7d76
Refs: #4297
diff --git a/tests/unit-tests/security/v2/key-chain.t.cpp b/tests/unit-tests/security/v2/key-chain.t.cpp
index a4cc2f7..2bbc239 100644
--- a/tests/unit-tests/security/v2/key-chain.t.cpp
+++ b/tests/unit-tests/security/v2/key-chain.t.cpp
@@ -50,8 +50,19 @@
~TestHomeAndPibFixture()
{
- const_cast<std::string&>(KeyChain::getDefaultPibLocator()).clear();
- const_cast<std::string&>(KeyChain::getDefaultTpmLocator()).clear();
+ try {
+ const_cast<std::string&>(KeyChain::getDefaultPibLocator()).clear();
+ }
+ catch (const KeyChain::Error&) {
+ // ignore
+ }
+
+ try {
+ const_cast<std::string&>(KeyChain::getDefaultTpmLocator()).clear();
+ }
+ catch (const KeyChain::Error&) {
+ // ignore
+ }
}
};
@@ -162,6 +173,30 @@
BOOST_REQUIRE_THROW(KeyChain(), KeyChain::Error); // Wrong configuration. Error expected.
}
+struct PibPathConfigFileNonCanonicalTpm
+{
+ const std::string PATH = "build/config-file-non-canonical-tpm/";
+};
+
+BOOST_FIXTURE_TEST_CASE(ConstructorNonCanonicalTpm, TestHomeAndPibFixture<PibPathConfigFileNonCanonicalTpm>) // Bug 4297
+{
+ createClientConf({"pib=pib-sqlite3:", "tpm=tpm-file"});
+
+ {
+ KeyChain keyChain;
+ keyChain.createIdentity("/test");
+ BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
+ BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
+ }
+
+ {
+ KeyChain keyChain;
+ BOOST_CHECK_EQUAL(keyChain.getPib().getPibLocator(), "pib-sqlite3:");
+ BOOST_CHECK_EQUAL(keyChain.getTpm().getTpmLocator(), "tpm-file:");
+ BOOST_CHECK(keyChain.getPib().getIdentities().find("/test") != keyChain.getPib().getIdentities().end());
+ }
+}
+
BOOST_AUTO_TEST_CASE(KeyChainWithCustomTpmAndPib)
{
BOOST_REQUIRE_NO_THROW((KeyChain("pib-memory", "tpm-memory")));