filter: Respect CKF_WRITE_PROTECTED setting when allowing a token

1 files changed, 102 insertions, 0 deletions

diff --git a/p11-kit/test-filter.c b/p11-kit/test-filter.c
index 74f8d4e..a22f0e1 100644
--- a/p11-kit/test-filter.c
+++ b/p11-kit/test-filter.c
@@ -196,6 +196,107 @@ test_denied (void)
 	p11_filter_release (filter);
 }
 
+static void
+test_write_protected (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SLOT_ID slots[1], slot;
+	CK_SLOT_INFO slot_info;
+	CK_TOKEN_INFO token_info;
+	CK_TOKEN_INFO token_one;
+	CK_MECHANISM_TYPE mechs[8];
+	CK_MECHANISM_INFO mech;
+	CK_SESSION_HANDLE session = 0;
+	p11_virtual virt;
+	p11_virtual *filter;
+	CK_ULONG count;
+	CK_RV rv;
+
+	p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL);
+	filter = p11_filter_subclass (&virt, NULL);
+	module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit);
+	assert_ptr_not_null (module);
+
+	memcpy (&token_one, &TOKEN_ONE, sizeof (CK_TOKEN_INFO));
+	token_one.flags |= CKF_WRITE_PROTECTED;
+
+	p11_filter_allow_token (filter, &token_one);
+
+	rv = (module->C_Initialize) (NULL);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_GetSlotList) (CK_TRUE, NULL, NULL);
+	assert_num_eq (CKR_ARGUMENTS_BAD, rv);
+
+	rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (count, 1);
+
+	count = 0;
+	rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);
+	assert_num_eq (CKR_BUFFER_TOO_SMALL, rv);
+
+	count = 1;
+	rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (count, 1);
+
+	rv = (module->C_GetSlotInfo) (99, &slot_info);
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_GetSlotInfo) (slots[0], &slot_info);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_GetTokenInfo) (99, &token_info);
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_GetTokenInfo) (slots[0], &token_info);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_GetMechanismList) (99, NULL, &count);
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_GetMechanismList) (slots[0], NULL, &count);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_GetMechanismList) (slots[0], mechs, &count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (2, count);
+
+	rv = (module->C_GetMechanismInfo) (99, mechs[0], &mech);
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_GetMechanismInfo) (slots[0], mechs[0], &mech);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_InitToken) (99, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_InitToken) (slots[0], (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
+	assert_num_eq (CKR_TOKEN_WRITE_PROTECTED, rv);
+
+	rv = (module->C_WaitForSlotEvent) (0, &slot, NULL);
+	assert_num_eq (CKR_FUNCTION_NOT_SUPPORTED, rv);
+
+	rv = (module->C_OpenSession) (99, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session);
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_OpenSession) (slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session);
+	assert_num_eq (CKR_TOKEN_WRITE_PROTECTED, rv);
+
+	rv = (module->C_CloseAllSessions) (99);
+	assert_num_eq (CKR_SLOT_ID_INVALID, rv);
+
+	rv = (module->C_CloseAllSessions) (slots[0]);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_Finalize) (NULL);
+	assert_num_eq (CKR_OK, rv);
+
+	p11_virtual_unwrap (module);
+	p11_filter_release (filter);
+}
+
 int
 main (int argc,
       char *argv[])
@@ -205,6 +306,7 @@ main (int argc,
 
 	p11_test (test_allowed, "/filter/test_allowed");
 	p11_test (test_denied, "/filter/test_denied");
+	p11_test (test_write_protected, "/filter/test_write_protected");
 
 	return p11_test_run (argc, argv);
 }