summaryrefslogtreecommitdiff
path: root/src/tests
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/config.rs66
-rw-r--r--src/tests/encrypted.rs95
-rw-r--r--src/tests/hidden.rs49
-rw-r--r--src/tests/lock.rs44
-rw-r--r--src/tests/mod.rs180
-rw-r--r--src/tests/otp.rs130
-rw-r--r--src/tests/pin.rs84
-rw-r--r--src/tests/pws.rs123
-rw-r--r--src/tests/reset.rs60
-rw-r--r--src/tests/run.rs103
-rw-r--r--src/tests/status.rs81
-rw-r--r--src/tests/unencrypted.rs46
12 files changed, 1061 insertions, 0 deletions
diff --git a/src/tests/config.rs b/src/tests/config.rs
new file mode 100644
index 0000000..ea3a0e8
--- /dev/null
+++ b/src/tests/config.rs
@@ -0,0 +1,66 @@
+// config.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test_device]
+fn get(model: nitrokey::Model) -> crate::Result<()> {
+ let re = regex::Regex::new(
+ r#"^Config:
+ numlock binding: (not set|\d+)
+ capslock binding: (not set|\d+)
+ scrollock binding: (not set|\d+)
+ require user PIN for OTP: (true|false)
+$"#,
+ )
+ .unwrap();
+
+ let out = Nitrocli::with_model(model).handle(&["config", "get"])?;
+ assert!(re.is_match(&out), out);
+ Ok(())
+}
+
+#[test_device]
+fn set_wrong_usage(model: nitrokey::Model) {
+ let res = Nitrocli::with_model(model).handle(&["config", "set", "--numlock", "2", "-N"]);
+ assert_eq!(
+ res.unwrap_str_err(),
+ "--numlock and --no-numlock are mutually exclusive"
+ );
+}
+
+#[test_device]
+fn set_get(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["config", "set", "-s", "1", "-c", "0", "-N"])?;
+
+ let re = regex::Regex::new(
+ r#"^Config:
+ numlock binding: not set
+ capslock binding: 0
+ scrollock binding: 1
+ require user PIN for OTP: (true|false)
+$"#,
+ )
+ .unwrap();
+
+ let out = ncli.handle(&["config", "get"])?;
+ assert!(re.is_match(&out), out);
+ Ok(())
+}
diff --git a/src/tests/encrypted.rs b/src/tests/encrypted.rs
new file mode 100644
index 0000000..75b84c3
--- /dev/null
+++ b/src/tests/encrypted.rs
@@ -0,0 +1,95 @@
+// encrypted.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test_device(storage)]
+fn status_open_close(model: nitrokey::Model) -> crate::Result<()> {
+ fn make_re(open: Option<bool>) -> regex::Regex {
+ let encrypted = match open {
+ Some(open) => {
+ if open {
+ "active"
+ } else {
+ "(read-only|inactive)"
+ }
+ }
+ None => "(read-only|active|inactive)",
+ };
+ let re = format!(
+ r#"
+ volumes:
+ unencrypted: (read-only|active|inactive)
+ encrypted: {}
+ hidden: (read-only|active|inactive)
+$"#,
+ encrypted
+ );
+ regex::Regex::new(&re).unwrap()
+ }
+
+ let mut ncli = Nitrocli::with_model(model);
+ let out = ncli.handle(&["status"])?;
+ assert!(make_re(None).is_match(&out), out);
+
+ let _ = ncli.handle(&["encrypted", "open"])?;
+ let out = ncli.handle(&["status"])?;
+ assert!(make_re(Some(true)).is_match(&out), out);
+
+ let _ = ncli.handle(&["encrypted", "close"])?;
+ let out = ncli.handle(&["status"])?;
+ assert!(make_re(Some(false)).is_match(&out), out);
+
+ Ok(())
+}
+
+#[test_device(pro)]
+fn encrypted_open_on_pro(model: nitrokey::Model) {
+ let res = Nitrocli::with_model(model).handle(&["encrypted", "open"]);
+ assert_eq!(
+ res.unwrap_str_err(),
+ "This command is only available on the Nitrokey Storage",
+ );
+}
+
+#[test_device(storage)]
+fn encrypted_open_close(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let out = ncli.handle(&["encrypted", "open"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(device.get_status()?.encrypted_volume.active);
+ assert!(!device.get_status()?.hidden_volume.active);
+ }
+
+ let out = ncli.handle(&["encrypted", "close"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(!device.get_status()?.encrypted_volume.active);
+ assert!(!device.get_status()?.hidden_volume.active);
+ }
+
+ Ok(())
+}
diff --git a/src/tests/hidden.rs b/src/tests/hidden.rs
new file mode 100644
index 0000000..28a5d23
--- /dev/null
+++ b/src/tests/hidden.rs
@@ -0,0 +1,49 @@
+// hidden.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test_device(storage)]
+fn hidden_create_open_close(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let out = ncli.handle(&["hidden", "create", "0", "50", "100"])?;
+ assert!(out.is_empty());
+
+ let out = ncli.handle(&["hidden", "open"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(!device.get_status()?.encrypted_volume.active);
+ assert!(device.get_status()?.hidden_volume.active);
+ }
+
+ let out = ncli.handle(&["hidden", "close"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(!device.get_status()?.encrypted_volume.active);
+ assert!(!device.get_status()?.hidden_volume.active);
+ }
+
+ Ok(())
+}
diff --git a/src/tests/lock.rs b/src/tests/lock.rs
new file mode 100644
index 0000000..5140152
--- /dev/null
+++ b/src/tests/lock.rs
@@ -0,0 +1,44 @@
+// lock.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test_device(pro)]
+fn lock_pro(model: nitrokey::Model) -> crate::Result<()> {
+ // We can't really test much more here than just success of the command.
+ let out = Nitrocli::with_model(model).handle(&["lock"])?;
+ assert!(out.is_empty());
+
+ Ok(())
+}
+
+#[test_device(storage)]
+fn lock_storage(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["encrypted", "open"])?;
+
+ let out = ncli.handle(&["lock"])?;
+ assert!(out.is_empty());
+
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(!device.get_status()?.encrypted_volume.active);
+
+ Ok(())
+}
diff --git a/src/tests/mod.rs b/src/tests/mod.rs
new file mode 100644
index 0000000..5ebf285
--- /dev/null
+++ b/src/tests/mod.rs
@@ -0,0 +1,180 @@
+// mod.rs
+
+// *************************************************************************
+// * Copyright (C) 2019-2020 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use std::ffi;
+use std::fmt;
+
+use nitrokey_test::test as test_device;
+
+mod config;
+mod encrypted;
+mod hidden;
+mod lock;
+mod otp;
+mod pin;
+mod pws;
+mod reset;
+mod run;
+mod status;
+mod unencrypted;
+
+/// A trait simplifying checking for expected errors.
+pub trait UnwrapError {
+ /// Unwrap an Error::Error variant.
+ fn unwrap_str_err(self) -> String;
+ /// Unwrap a Error::CommandError variant.
+ fn unwrap_cmd_err(self) -> (Option<&'static str>, nitrokey::CommandError);
+ /// Unwrap a Error::LibraryError variant.
+ fn unwrap_lib_err(self) -> (Option<&'static str>, nitrokey::LibraryError);
+}
+
+impl<T> UnwrapError for crate::Result<T>
+where
+ T: fmt::Debug,
+{
+ fn unwrap_str_err(self) -> String {
+ match self.unwrap_err() {
+ crate::Error::Error(err) => err,
+ err => panic!("Unexpected error variant found: {:?}", err),
+ }
+ }
+
+ fn unwrap_cmd_err(self) -> (Option<&'static str>, nitrokey::CommandError) {
+ match self.unwrap_err() {
+ crate::Error::NitrokeyError(ctx, err) => match err {
+ nitrokey::Error::CommandError(err) => (ctx, err),
+ err => panic!("Unexpected error variant found: {:?}", err),
+ },
+ err => panic!("Unexpected error variant found: {:?}", err),
+ }
+ }
+
+ fn unwrap_lib_err(self) -> (Option<&'static str>, nitrokey::LibraryError) {
+ match self.unwrap_err() {
+ crate::Error::NitrokeyError(ctx, err) => match err {
+ nitrokey::Error::LibraryError(err) => (ctx, err),
+ err => panic!("Unexpected error variant found: {:?}", err),
+ },
+ err => panic!("Unexpected error variant found: {:?}", err),
+ }
+ }
+}
+
+struct Nitrocli {
+ model: Option<nitrokey::Model>,
+ admin_pin: Option<ffi::OsString>,
+ user_pin: Option<ffi::OsString>,
+ new_admin_pin: Option<ffi::OsString>,
+ new_user_pin: Option<ffi::OsString>,
+ password: Option<ffi::OsString>,
+}
+
+impl Nitrocli {
+ pub fn new() -> Self {
+ Self {
+ model: None,
+ admin_pin: Some(nitrokey::DEFAULT_ADMIN_PIN.into()),
+ user_pin: Some(nitrokey::DEFAULT_USER_PIN.into()),
+ new_admin_pin: None,
+ new_user_pin: None,
+ password: None,
+ }
+ }
+
+ pub fn with_model<M>(model: M) -> Self
+ where
+ M: Into<nitrokey::Model>,
+ {
+ Self {
+ model: Some(model.into()),
+ admin_pin: Some(nitrokey::DEFAULT_ADMIN_PIN.into()),
+ user_pin: Some(nitrokey::DEFAULT_USER_PIN.into()),
+ new_admin_pin: None,
+ new_user_pin: None,
+ password: Some("1234567".into()),
+ }
+ }
+
+ pub fn admin_pin(&mut self, pin: impl Into<ffi::OsString>) {
+ self.admin_pin = Some(pin.into())
+ }
+
+ pub fn new_admin_pin(&mut self, pin: impl Into<ffi::OsString>) {
+ self.new_admin_pin = Some(pin.into())
+ }
+
+ pub fn user_pin(&mut self, pin: impl Into<ffi::OsString>) {
+ self.user_pin = Some(pin.into())
+ }
+
+ pub fn new_user_pin(&mut self, pin: impl Into<ffi::OsString>) {
+ self.new_user_pin = Some(pin.into())
+ }
+
+ fn model_to_arg(model: nitrokey::Model) -> &'static str {
+ match model {
+ nitrokey::Model::Pro => "--model=pro",
+ nitrokey::Model::Storage => "--model=storage",
+ }
+ }
+
+ fn do_run<F, R>(&mut self, args: &[&str], f: F) -> (R, Vec<u8>, Vec<u8>)
+ where
+ F: FnOnce(&mut crate::RunCtx<'_>, Vec<String>) -> R,
+ {
+ let args = ["nitrocli"]
+ .iter()
+ .cloned()
+ .chain(self.model.map(Self::model_to_arg))
+ .chain(args.iter().cloned())
+ .map(ToOwned::to_owned)
+ .collect();
+
+ let mut stdout = Vec::new();
+ let mut stderr = Vec::new();
+
+ let ctx = &mut crate::RunCtx {
+ stdout: &mut stdout,
+ stderr: &mut stderr,
+ admin_pin: self.admin_pin.clone(),
+ user_pin: self.user_pin.clone(),
+ new_admin_pin: self.new_admin_pin.clone(),
+ new_user_pin: self.new_user_pin.clone(),
+ password: self.password.clone(),
+ no_cache: true,
+ };
+
+ (f(ctx, args), stdout, stderr)
+ }
+
+ /// Run `nitrocli`'s `run` function.
+ pub fn run(&mut self, args: &[&str]) -> (i32, Vec<u8>, Vec<u8>) {
+ self.do_run(args, |c, a| crate::run(c, a))
+ }
+
+ /// Run `nitrocli`'s `handle_arguments` function.
+ pub fn handle(&mut self, args: &[&str]) -> crate::Result<String> {
+ let (res, out, _) = self.do_run(args, |c, a| crate::args::handle_arguments(c, a));
+ res.map(|_| String::from_utf8_lossy(&out).into_owned())
+ }
+
+ pub fn model(&self) -> Option<nitrokey::Model> {
+ self.model
+ }
+}
diff --git a/src/tests/otp.rs b/src/tests/otp.rs
new file mode 100644
index 0000000..0ccecf9
--- /dev/null
+++ b/src/tests/otp.rs
@@ -0,0 +1,130 @@
+// otp.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+use crate::args;
+
+#[test_device]
+fn set_invalid_slot_raw(model: nitrokey::Model) {
+ let (rc, out, err) = Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234"]);
+
+ assert_ne!(rc, 0);
+ assert_eq!(out, b"");
+ assert_eq!(&err[..24], b"Could not write OTP slot");
+}
+
+#[test_device]
+fn set_invalid_slot(model: nitrokey::Model) {
+ let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234"]);
+
+ assert_eq!(
+ res.unwrap_lib_err(),
+ (
+ Some("Could not write OTP slot"),
+ nitrokey::LibraryError::InvalidSlot
+ )
+ );
+}
+
+#[test_device]
+fn status(model: nitrokey::Model) -> crate::Result<()> {
+ let re = regex::Regex::new(
+ r#"^alg\tslot\tname
+((totp|hotp)\t\d+\t.+\n)+$"#,
+ )
+ .unwrap();
+
+ let mut ncli = Nitrocli::with_model(model);
+ // Make sure that we have at least something to display by ensuring
+ // that there is one slot programmed.
+ let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456"])?;
+
+ let out = ncli.handle(&["otp", "status"])?;
+ assert!(re.is_match(&out), out);
+ Ok(())
+}
+
+#[test_device]
+fn set_get_hotp(model: nitrokey::Model) -> crate::Result<()> {
+ // Secret and expected HOTP values as per RFC 4226: Appendix D -- HOTP
+ // Algorithm: Test Values.
+ const SECRET: &str = "12345678901234567890";
+ const OTP1: &str = concat!(755224, "\n");
+ const OTP2: &str = concat!(287082, "\n");
+
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&[
+ "otp", "set", "-a", "hotp", "-f", "ascii", "1", "name", &SECRET,
+ ])?;
+
+ let out = ncli.handle(&["otp", "get", "-a", "hotp", "1"])?;
+ assert_eq!(out, OTP1);
+
+ let out = ncli.handle(&["otp", "get", "-a", "hotp", "1"])?;
+ assert_eq!(out, OTP2);
+ Ok(())
+}
+
+#[test_device]
+fn set_get_totp(model: nitrokey::Model) -> crate::Result<()> {
+ // Secret and expected TOTP values as per RFC 6238: Appendix B --
+ // Test Vectors.
+ const SECRET: &str = "12345678901234567890";
+ const TIME: &str = stringify!(1111111111);
+ const OTP: &str = concat!(14050471, "\n");
+
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["otp", "set", "-d", "8", "-f", "ascii", "2", "name", &SECRET])?;
+
+ let out = ncli.handle(&["otp", "get", "-t", TIME, "2"])?;
+ assert_eq!(out, OTP);
+ Ok(())
+}
+
+#[test_device]
+fn set_totp_uneven_chars(model: nitrokey::Model) -> crate::Result<()> {
+ let secrets = [
+ (args::OtpSecretFormat::Hex, "123"),
+ (args::OtpSecretFormat::Base32, "FBILDWWGA2"),
+ ];
+
+ for (format, secret) in &secrets {
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["otp", "set", "-f", format.as_ref(), "3", "foobar", &secret])?;
+ }
+ Ok(())
+}
+
+#[test_device]
+fn clear(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["otp", "set", "3", "hotp-test", "abcdef"])?;
+ let _ = ncli.handle(&["otp", "clear", "3"])?;
+ let res = ncli.handle(&["otp", "get", "3"]);
+
+ assert_eq!(
+ res.unwrap_cmd_err(),
+ (
+ Some("Could not generate OTP"),
+ nitrokey::CommandError::SlotNotProgrammed
+ )
+ );
+ Ok(())
+}
diff --git a/src/tests/pin.rs b/src/tests/pin.rs
new file mode 100644
index 0000000..958a36d
--- /dev/null
+++ b/src/tests/pin.rs
@@ -0,0 +1,84 @@
+// pin.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use nitrokey::Authenticate;
+use nitrokey::Device;
+
+use super::*;
+
+#[test_device]
+fn unblock(model: nitrokey::Model) -> crate::Result<()> {
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_model(model)?;
+ let (device, err) = device.authenticate_user("wrong-pin").unwrap_err();
+ match err {
+ nitrokey::Error::CommandError(err) if err == nitrokey::CommandError::WrongPassword => (),
+ _ => panic!("Unexpected error variant found: {:?}", err),
+ }
+ assert!(device.get_user_retry_count()? < 3);
+ }
+
+ let _ = Nitrocli::with_model(model).handle(&["pin", "unblock"])?;
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_model(model)?;
+ assert_eq!(device.get_user_retry_count()?, 3);
+ }
+ Ok(())
+}
+
+#[test_device]
+fn set_user(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ // Set a new user PIN.
+ ncli.new_user_pin("new-pin");
+ let out = ncli.handle(&["pin", "set", "user"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_model(model)?;
+ let (_, err) = device
+ .authenticate_user(nitrokey::DEFAULT_USER_PIN)
+ .unwrap_err();
+
+ match err {
+ nitrokey::Error::CommandError(err) if err == nitrokey::CommandError::WrongPassword => (),
+ _ => panic!("Unexpected error variant found: {:?}", err),
+ }
+ }
+
+ // Revert to the default user PIN.
+ ncli.user_pin("new-pin");
+ ncli.new_user_pin(nitrokey::DEFAULT_USER_PIN);
+
+ let out = ncli.handle(&["pin", "set", "user"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_model(ncli.model().unwrap())?;
+ let _ = device
+ .authenticate_user(nitrokey::DEFAULT_USER_PIN)
+ .unwrap();
+ }
+ Ok(())
+}
diff --git a/src/tests/pws.rs b/src/tests/pws.rs
new file mode 100644
index 0000000..651b2d5
--- /dev/null
+++ b/src/tests/pws.rs
@@ -0,0 +1,123 @@
+// pws.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test_device]
+fn set_invalid_slot(model: nitrokey::Model) {
+ let res = Nitrocli::with_model(model).handle(&["pws", "set", "100", "name", "login", "1234"]);
+
+ assert_eq!(
+ res.unwrap_lib_err(),
+ (
+ Some("Could not write PWS slot"),
+ nitrokey::LibraryError::InvalidSlot
+ )
+ );
+}
+
+#[test_device]
+fn status(model: nitrokey::Model) -> crate::Result<()> {
+ let re = regex::Regex::new(
+ r#"^slot\tname
+(\d+\t.+\n)+$"#,
+ )
+ .unwrap();
+
+ let mut ncli = Nitrocli::with_model(model);
+ // Make sure that we have at least something to display by ensuring
+ // that there are there is one slot programmed.
+ let _ = ncli.handle(&["pws", "set", "0", "the-name", "the-login", "123456"])?;
+
+ let out = ncli.handle(&["pws", "status"])?;
+ assert!(re.is_match(&out), out);
+ Ok(())
+}
+
+#[test_device]
+fn set_get(model: nitrokey::Model) -> crate::Result<()> {
+ const NAME: &str = "dropbox";
+ const LOGIN: &str = "d-e-s-o";
+ const PASSWORD: &str = "my-secret-password";
+
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["pws", "set", "1", &NAME, &LOGIN, &PASSWORD])?;
+
+ let out = ncli.handle(&["pws", "get", "1", "--quiet", "--name"])?;
+ assert_eq!(out, format!("{}\n", NAME));
+
+ let out = ncli.handle(&["pws", "get", "1", "--quiet", "--login"])?;
+ assert_eq!(out, format!("{}\n", LOGIN));
+
+ let out = ncli.handle(&["pws", "get", "1", "--quiet", "--password"])?;
+ assert_eq!(out, format!("{}\n", PASSWORD));
+
+ let out = ncli.handle(&["pws", "get", "1", "--quiet"])?;
+ assert_eq!(out, format!("{}\n{}\n{}\n", NAME, LOGIN, PASSWORD));
+
+ let out = ncli.handle(&["pws", "get", "1"])?;
+ assert_eq!(
+ out,
+ format!(
+ "name: {}\nlogin: {}\npassword: {}\n",
+ NAME, LOGIN, PASSWORD
+ ),
+ );
+ Ok(())
+}
+
+#[test_device]
+fn set_reset_get(model: nitrokey::Model) -> crate::Result<()> {
+ const NAME: &str = "some/svc";
+ const LOGIN: &str = "a\\user";
+ const PASSWORD: &str = "!@&-)*(&+%^@";
+
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["pws", "set", "2", &NAME, &LOGIN, &PASSWORD])?;
+
+ let out = ncli.handle(&["reset"])?;
+ assert_eq!(out, "");
+
+ let res = ncli.handle(&["pws", "get", "2"]);
+ assert_eq!(
+ res.unwrap_cmd_err(),
+ (
+ Some("Could not access PWS slot"),
+ nitrokey::CommandError::SlotNotProgrammed
+ )
+ );
+ Ok(())
+}
+
+#[test_device]
+fn clear(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let _ = ncli.handle(&["pws", "set", "10", "clear-test", "some-login", "abcdef"])?;
+ let _ = ncli.handle(&["pws", "clear", "10"])?;
+ let res = ncli.handle(&["pws", "get", "10"]);
+
+ assert_eq!(
+ res.unwrap_cmd_err(),
+ (
+ Some("Could not access PWS slot"),
+ nitrokey::CommandError::SlotNotProgrammed
+ )
+ );
+ Ok(())
+}
diff --git a/src/tests/reset.rs b/src/tests/reset.rs
new file mode 100644
index 0000000..e197970
--- /dev/null
+++ b/src/tests/reset.rs
@@ -0,0 +1,60 @@
+// reset.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Robin Krahl (robin.krahl@ireas.org) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use nitrokey::Authenticate;
+use nitrokey::GetPasswordSafe;
+
+use super::*;
+
+#[test_device]
+fn reset(model: nitrokey::Model) -> crate::Result<()> {
+ let new_admin_pin = "87654321";
+ let mut ncli = Nitrocli::with_model(model);
+
+ // Change the admin PIN.
+ ncli.new_admin_pin(new_admin_pin);
+ let _ = ncli.handle(&["pin", "set", "admin"])?;
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ // Check that the admin PIN has been changed.
+ let device = manager.connect_model(ncli.model().unwrap())?;
+ let _ = device.authenticate_admin(new_admin_pin).unwrap();
+ }
+
+ // Perform factory reset
+ ncli.admin_pin(new_admin_pin);
+ let out = ncli.handle(&["reset"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ // Check that the admin PIN has been reset.
+ let device = manager.connect_model(ncli.model().unwrap())?;
+ let mut device = device
+ .authenticate_admin(nitrokey::DEFAULT_ADMIN_PIN)
+ .unwrap();
+
+ // Check that the password store works, i.e., the AES key has been
+ // built.
+ let _ = device.get_password_safe(nitrokey::DEFAULT_USER_PIN)?;
+ }
+
+ Ok(())
+}
diff --git a/src/tests/run.rs b/src/tests/run.rs
new file mode 100644
index 0000000..c59c660
--- /dev/null
+++ b/src/tests/run.rs
@@ -0,0 +1,103 @@
+// run.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test]
+fn no_command_or_option() {
+ let (rc, out, err) = Nitrocli::new().run(&[]);
+
+ assert_ne!(rc, 0);
+ assert_eq!(out, b"");
+
+ let s = String::from_utf8_lossy(&err).into_owned();
+ assert!(s.starts_with("Usage:\n"), s);
+}
+
+#[test]
+fn help_options() {
+ fn test_run(args: &[&str], help: &str) {
+ let mut all = args.to_vec();
+ all.push(help);
+
+ let (rc, out, err) = Nitrocli::new().run(&all);
+
+ assert_eq!(rc, 0);
+ assert_eq!(err, b"");
+
+ let s = String::from_utf8_lossy(&out).into_owned();
+ let expected = format!("Usage:\n nitrocli {}", args.join(" "));
+ assert!(s.starts_with(&expected), s);
+ }
+
+ fn test(args: &[&str]) {
+ test_run(args, "--help");
+ test_run(args, "-h");
+ }
+
+ test(&[]);
+ test(&["config"]);
+ test(&["config", "get"]);
+ test(&["config", "set"]);
+ test(&["encrypted"]);
+ test(&["encrypted", "open"]);
+ test(&["encrypted", "close"]);
+ test(&["hidden"]);
+ test(&["hidden", "close"]);
+ test(&["hidden", "create"]);
+ test(&["hidden", "open"]);
+ test(&["lock"]);
+ test(&["otp"]);
+ test(&["otp", "clear"]);
+ test(&["otp", "get"]);
+ test(&["otp", "set"]);
+ test(&["otp", "status"]);
+ test(&["pin"]);
+ test(&["pin", "clear"]);
+ test(&["pin", "set"]);
+ test(&["pin", "unblock"]);
+ test(&["pws"]);
+ test(&["pws", "clear"]);
+ test(&["pws", "get"]);
+ test(&["pws", "set"]);
+ test(&["pws", "status"]);
+ test(&["reset"]);
+ test(&["status"]);
+ test(&["unencrypted"]);
+ test(&["unencrypted", "set"]);
+}
+
+#[test]
+fn version_option() {
+ fn test(re: &regex::Regex, opt: &'static str) {
+ let (rc, out, err) = Nitrocli::new().run(&[opt]);
+
+ assert_eq!(rc, 0);
+ assert_eq!(err, b"");
+
+ let s = String::from_utf8_lossy(&out).into_owned();
+ let _ = re;
+ assert!(re.is_match(&s), out);
+ }
+
+ let re = regex::Regex::new(r"^nitrocli \d+.\d+.\d+(-[^-]+)*\n$").unwrap();
+
+ test(&re, "--version");
+ test(&re, "-V");
+}
diff --git a/src/tests/status.rs b/src/tests/status.rs
new file mode 100644
index 0000000..c9f4976
--- /dev/null
+++ b/src/tests/status.rs
@@ -0,0 +1,81 @@
+// status.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+// This test acts as verification that conversion of Error::Error
+// variants into the proper exit code works properly.
+#[test_device]
+fn not_found_raw() {
+ let (rc, out, err) = Nitrocli::new().run(&["status"]);
+
+ assert_ne!(rc, 0);
+ assert_eq!(out, b"");
+ assert_eq!(err, b"Nitrokey device not found\n");
+}
+
+#[test_device]
+fn not_found() {
+ let res = Nitrocli::new().handle(&["status"]);
+ assert_eq!(res.unwrap_str_err(), "Nitrokey device not found");
+}
+
+#[test_device(pro)]
+fn output_pro(model: nitrokey::Model) -> crate::Result<()> {
+ let re = regex::Regex::new(
+ r#"^Status:
+ model: Pro
+ serial number: 0x[[:xdigit:]]{8}
+ firmware version: v\d+\.\d+
+ user retry count: [0-3]
+ admin retry count: [0-3]
+$"#,
+ )
+ .unwrap();
+
+ let out = Nitrocli::with_model(model).handle(&["status"])?;
+ assert!(re.is_match(&out), out);
+ Ok(())
+}
+
+#[test_device(storage)]
+fn output_storage(model: nitrokey::Model) -> crate::Result<()> {
+ let re = regex::Regex::new(
+ r#"^Status:
+ model: Storage
+ serial number: 0x[[:xdigit:]]{8}
+ firmware version: v\d+\.\d+
+ user retry count: [0-3]
+ admin retry count: [0-3]
+ Storage:
+ SD card ID: 0x[[:xdigit:]]{8}
+ firmware: (un)?locked
+ storage keys: (not )?created
+ volumes:
+ unencrypted: (read-only|active|inactive)
+ encrypted: (read-only|active|inactive)
+ hidden: (read-only|active|inactive)
+$"#,
+ )
+ .unwrap();
+
+ let out = Nitrocli::with_model(model).handle(&["status"])?;
+ assert!(re.is_match(&out), out);
+ Ok(())
+}
diff --git a/src/tests/unencrypted.rs b/src/tests/unencrypted.rs
new file mode 100644
index 0000000..547dcaf
--- /dev/null
+++ b/src/tests/unencrypted.rs
@@ -0,0 +1,46 @@
+// unencrypted.rs
+
+// *************************************************************************
+// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) *
+// * *
+// * This program is free software: you can redistribute it and/or modify *
+// * it under the terms of the GNU General Public License as published by *
+// * the Free Software Foundation, either version 3 of the License, or *
+// * (at your option) any later version. *
+// * *
+// * This program is distributed in the hope that it will be useful, *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+// * GNU General Public License for more details. *
+// * *
+// * You should have received a copy of the GNU General Public License *
+// * along with this program. If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use super::*;
+
+#[test_device(storage)]
+fn unencrypted_set_read_write(model: nitrokey::Model) -> crate::Result<()> {
+ let mut ncli = Nitrocli::with_model(model);
+ let out = ncli.handle(&["unencrypted", "set", "read-write"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(device.get_status()?.unencrypted_volume.active);
+ assert!(!device.get_status()?.unencrypted_volume.read_only);
+ }
+
+ let out = ncli.handle(&["unencrypted", "set", "read-only"])?;
+ assert!(out.is_empty());
+
+ {
+ let mut manager = nitrokey::force_take()?;
+ let device = manager.connect_storage()?;
+ assert!(device.get_status()?.unencrypted_volume.active);
+ assert!(device.get_status()?.unencrypted_volume.read_only);
+ }
+
+ Ok(())
+}