summaryrefslogtreecommitdiff
path: root/src/tests
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2018-05-29 20:49:40 +0000
committerRobin Krahl <robin.krahl@ireas.org>2018-05-29 22:53:02 +0200
commit7197f19f38b06fe2953cfba1fe755d4562f5786e (patch)
tree972e6759f8eafe98669688f7dd44e0acee148331 /src/tests
parent89b8a947e5c622272362e967847eb19337aa68da (diff)
downloadnitrokey-rs-7197f19f38b06fe2953cfba1fe755d4562f5786e.tar.gz
nitrokey-rs-7197f19f38b06fe2953cfba1fe755d4562f5786e.tar.bz2
Add support for password safes
A password safe (PWS) stores names, logins and passwords in slots. PWS are supported both by the Nitrokey Pro and the Nitrokey Storage. They are implemented as a struct wrapping a device as the device may not be disconnected while the password safe is alive. The creation of a password safe is handled by the GetPasswordSafe trait, implemented by DeviceWrapper, Pro and Storage.
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/mod.rs1
-rw-r--r--src/tests/otp.rs7
-rw-r--r--src/tests/pws.rs169
3 files changed, 174 insertions, 3 deletions
diff --git a/src/tests/mod.rs b/src/tests/mod.rs
index c2c9f9d..34ca0aa 100644
--- a/src/tests/mod.rs
+++ b/src/tests/mod.rs
@@ -1,3 +1,4 @@
mod device;
mod otp;
+mod pws;
mod util;
diff --git a/src/tests/otp.rs b/src/tests/otp.rs
index 10f569d..8c59341 100644
--- a/src/tests/otp.rs
+++ b/src/tests/otp.rs
@@ -1,6 +1,6 @@
use std::ops::Deref;
-use {Admin, Authenticate, CommandError, CommandStatus, Config, ConfigureOtp, GenerateOtp,
- OtpMode, OtpSlotData};
+use {Admin, Authenticate, CommandError, CommandStatus, Config, ConfigureOtp, GenerateOtp, OtpMode,
+ OtpSlotData};
use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
// test suite according to RFC 4226, Appendix D
@@ -22,7 +22,8 @@ static TOTP_CODES: &[(u64, &str)] = &[
];
fn get_admin_test_device() -> Admin<Target> {
- Target::connect().expect("Could not connect to the Nitrokey Pro.")
+ Target::connect()
+ .expect("Could not connect to the Nitrokey Pro.")
.authenticate_admin(ADMIN_PASSWORD)
.expect("Could not login as admin.")
}
diff --git a/src/tests/pws.rs b/src/tests/pws.rs
new file mode 100644
index 0000000..5f5a325
--- /dev/null
+++ b/src/tests/pws.rs
@@ -0,0 +1,169 @@
+use util::{CommandError, CommandStatus};
+use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
+use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
+
+fn get_pws() -> PasswordSafe<Target> {
+ Target::connect()
+ .unwrap()
+ .get_password_safe(USER_PASSWORD)
+ .unwrap()
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+fn enable() {
+ assert!(
+ Target::connect()
+ .unwrap()
+ .get_password_safe(&(USER_PASSWORD.to_owned() + "123"))
+ .is_err()
+ );
+ assert!(
+ Target::connect()
+ .unwrap()
+ .get_password_safe(USER_PASSWORD)
+ .is_ok()
+ );
+ assert!(
+ Target::connect()
+ .unwrap()
+ .get_password_safe(ADMIN_PASSWORD)
+ .is_err()
+ );
+ assert!(
+ Target::connect()
+ .unwrap()
+ .get_password_safe(USER_PASSWORD)
+ .is_ok()
+ );
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+fn get_status() {
+ let pws = get_pws();
+ for i in 0..SLOT_COUNT {
+ assert_eq!(
+ CommandStatus::Success,
+ pws.erase_slot(i),
+ "Could not erase slot {}",
+ i
+ );
+ }
+ let status = pws.get_slot_status().unwrap();
+ assert_eq!(status, [false; SLOT_COUNT as usize]);
+
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(1, "name", "login", "password")
+ );
+ let status = pws.get_slot_status().unwrap();
+ for i in 0..SLOT_COUNT {
+ assert_eq!(i == 1, status[i as usize]);
+ }
+
+ for i in 0..SLOT_COUNT {
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(i, "name", "login", "password")
+ );
+ }
+ let status = pws.get_slot_status().unwrap();
+ assert_eq!(status, [true; SLOT_COUNT as usize]);
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+fn get_data() {
+ let pws = get_pws();
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(1, "name", "login", "password")
+ );
+ assert_eq!("name", pws.get_slot_name(1).unwrap());
+ assert_eq!("login", pws.get_slot_login(1).unwrap());
+ assert_eq!("password", pws.get_slot_password(1).unwrap());
+
+ assert_eq!(CommandStatus::Success, pws.erase_slot(1));
+ // TODO: check error codes
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(1));
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(1));
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(1));
+
+ let name = "with å";
+ let login = "pär@test.com";
+ let password = "'i3lJc[09?I:,[u7dWz9";
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(1, name, login, password)
+ );
+ assert_eq!(name, pws.get_slot_name(1).unwrap());
+ assert_eq!(login, pws.get_slot_login(1).unwrap());
+ assert_eq!(password, pws.get_slot_password(1).unwrap());
+
+ assert_eq!(
+ Err(CommandError::InvalidSlot),
+ pws.get_slot_name(SLOT_COUNT)
+ );
+ assert_eq!(
+ Err(CommandError::InvalidSlot),
+ pws.get_slot_login(SLOT_COUNT)
+ );
+ assert_eq!(
+ Err(CommandError::InvalidSlot),
+ pws.get_slot_password(SLOT_COUNT)
+ );
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+fn write() {
+ let pws = get_pws();
+
+ assert_eq!(
+ CommandStatus::Error(CommandError::InvalidSlot),
+ pws.write_slot(SLOT_COUNT, "name", "login", "password")
+ );
+
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(0, "", "login", "password")
+ );
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0));
+ assert_eq!(Ok(String::from("login")), pws.get_slot_login(0));
+ assert_eq!(Ok(String::from("password")), pws.get_slot_password(0));
+
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(0, "name", "", "password")
+ );
+ assert_eq!(Ok(String::from("name")), pws.get_slot_name(0));
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(0));
+ assert_eq!(Ok(String::from("password")), pws.get_slot_password(0));
+
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(0, "name", "login", "")
+ );
+ assert_eq!(Ok(String::from("name")), pws.get_slot_name(0));
+ assert_eq!(Ok(String::from("login")), pws.get_slot_login(0));
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(0));
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+fn erase() {
+ let pws = get_pws();
+ assert_eq!(
+ CommandStatus::Error(CommandError::InvalidSlot),
+ pws.erase_slot(SLOT_COUNT)
+ );
+
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(0, "name", "login", "password")
+ );
+ assert_eq!(CommandStatus::Success, pws.erase_slot(0));
+ assert_eq!(CommandStatus::Success, pws.erase_slot(0));
+ assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0));
+}