Add unit-tests for access to secure resources

iotivity · Nov 3, 2023 · 3e8be1b · 3e8be1b
1 parent 4f434a4
commit 3e8be1b
Show file tree

Hide file tree

Showing 5 changed files with 171 additions and 21 deletions.
diff --git a/security/unittest/csrtest.cpp b/security/unittest/csrtest.cpp
@@ -285,7 +285,7 @@ TEST_F(TestCSRWithDevice, RegenerateDeviceKeypair)
 
 #ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
 
-TEST_F(TestCSRWithDevice, Resource)
+TEST_F(TestCSRWithDevice, GetResourceBaseline)
 {
   // biggest supported hash and elliptic curve to get the largest CSR payload
   oc_sec_certs_md_set_signature_algorithm(MBEDTLS_MD_SHA384);

diff --git a/security/unittest/pstattest.cpp b/security/unittest/pstattest.cpp
@@ -30,6 +30,9 @@
 #include "port/oc_storage_internal.h"
 #include "security/oc_pstat_internal.h"
 #include "security/oc_svr_internal.h"
+#include "tests/gtest/Device.h"
+#include "tests/gtest/Resource.h"
+#include "util/oc_features.h"
 
 #ifdef OC_SOFTWARE_UPDATE
 #include "api/oc_swupdate_internal.h"
@@ -147,4 +150,67 @@ TEST_F(TestPstat, DumpAndLoad)
   EXPECT_TRUE(IsEqual(def, *oc_sec_get_pstat(0)));
 }
 
+static constexpr size_t kDeviceID{ 0 };
+
+class TestPstatWithServer : public testing::Test {
+public:
+  static void SetUpTestCase()
+  {
+    ASSERT_TRUE(oc::TestDevice::StartServer());
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+    ASSERT_TRUE(
+      oc::SetAccessInRFOTM(OCF_SEC_PSTAT, kDeviceID, true,
+                           OC_PERM_RETRIEVE | OC_PERM_UPDATE | OC_PERM_DELETE));
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  }
+
+  static void TearDownTestCase()
+  {
+    oc::TestDevice::StopServer();
+  }
+};
+
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+
+#else /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+
+TEST_F(TestPstatWithServer, PostRequest_FailMethodNotAuthorized)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+  oc::testNotSupportedMethod(OC_POST, &ep, "/oic/sec/pstat", nullptr,
+                             OC_STATUS_UNAUTHORIZED);
+}
+
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+
+TEST_F(TestPstatWithServer, PutRequest_Fail)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+  oc_status_t error_code = OC_STATUS_METHOD_NOT_ALLOWED;
+#else  /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc_status_t error_code = OC_STATUS_UNAUTHORIZED;
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc::testNotSupportedMethod(OC_PUT, &ep, "/oic/sec/pstat", nullptr,
+                             error_code);
+}
+
+TEST_F(TestPstatWithServer, DeleteRequest_Fail)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+  oc_status_t error_code = OC_STATUS_METHOD_NOT_ALLOWED;
+#else  /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc_status_t error_code = OC_STATUS_UNAUTHORIZED;
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc::testNotSupportedMethod(OC_DELETE, &ep, "/oic/sec/pstat", nullptr,
+                             error_code);
+}
+
 #endif /* OC_SECURITY */
diff --git a/security/unittest/rolestest.cpp b/security/unittest/rolestest.cpp
@@ -469,6 +469,8 @@ TEST_F(TestRolesWithServer, GetRequest)
   EXPECT_TRUE(invoked);
 }
 
+#if 0
+
 TEST_F(TestRolesWithServer, PostRequest)
 {
   // TODO: need communication API to send POST request, connecting device to
@@ -477,7 +479,6 @@ TEST_F(TestRolesWithServer, PostRequest)
   // roles_resource_post
 }
 
-#if 0
 
 TEST_F(TestRolesWithServer, DeleteRequest)
 {
@@ -567,9 +568,38 @@ TEST_F(TestRolesWithServer, DeleteRequest_FailInvalidCredid)
 
 #endif
 
+#else /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+
+TEST_F(TestRolesWithServer, GetRequest_FailMethodNotAuthorized)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+  oc::testNotSupportedMethod(OC_GET, &ep, OCF_SEC_ROLES_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
+}
+
+TEST_F(TestRolesWithServer, PostRequest_FailMethodNotAuthorized)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+  oc::testNotSupportedMethod(OC_POST, &ep, OCF_SEC_ROLES_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
+}
+
+TEST_F(TestRolesWithServer, DeleteRequest_FailMethodNotAuthorized)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+  oc::testNotSupportedMethod(OC_DELETE, &ep, OCF_SEC_ROLES_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
+}
+
 #endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
 
-TEST_F(TestRolesWithServer, PutRequest_FailMethodNotSupported)
+TEST_F(TestRolesWithServer, PutRequest_Fail)
 {
   auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
   ASSERT_TRUE(epOpt.has_value());

diff --git a/security/unittest/sditest.cpp b/security/unittest/sditest.cpp
@@ -33,6 +33,7 @@
 #include "tests/gtest/Device.h"
 #include "tests/gtest/RepPool.h"
 #include "tests/gtest/Resource.h"
+#include "util/oc_features.h"
 #include "util/oc_macros_internal.h"
 
 #include <array>
@@ -298,29 +299,54 @@ TEST_F(TestSdiWithServer, PostRequest)
   oc_free_string(&sdi_new.name);
 }
 
-TEST_F(TestSdiWithServer, PutRequest_FailMethodNotSupported)
+#else /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+
+TEST_F(TestSdiWithServer, GetRequest_FailMethodNotAuthorized)
 {
   auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
   ASSERT_TRUE(epOpt.has_value());
   auto ep = std::move(*epOpt);
+  oc::testNotSupportedMethod(OC_GET, &ep, OCF_SEC_SDI_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
+}
 
-  auto encode_payload = []() {
-    oc_sec_sdi_t sdi_new{};
-    oc_sec_sdi_encode_with_resource(&sdi_new, /*sdi_res*/ nullptr,
-                                    static_cast<oc_interface_mask_t>(0));
-  };
-  oc::testNotSupportedMethod(OC_PUT, &ep, OCF_SEC_SDI_URI, encode_payload);
+TEST_F(TestSdiWithServer, PostRequest_FailMethodNotAuthorized)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+  oc::testNotSupportedMethod(OC_POST, &ep, OCF_SEC_SDI_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
 }
 
-TEST_F(TestSdiWithServer, DeleteRequest_FailMethodNotSupported)
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+
+TEST_F(TestSdiWithServer, PutRequest_Fail)
 {
   auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
   ASSERT_TRUE(epOpt.has_value());
   auto ep = std::move(*epOpt);
-  oc::testNotSupportedMethod(OC_DELETE, &ep, OCF_SEC_SDI_URI);
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+  oc_status_t error_code = OC_STATUS_METHOD_NOT_ALLOWED;
+#else  /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc_status_t error_code = OC_STATUS_UNAUTHORIZED;
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc::testNotSupportedMethod(OC_PUT, &ep, OCF_SEC_SDI_URI, nullptr, error_code);
 }
 
+TEST_F(TestSdiWithServer, DeleteRequest_Fail)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+  oc_status_t error_code = OC_STATUS_METHOD_NOT_ALLOWED;
+#else  /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc_status_t error_code = OC_STATUS_UNAUTHORIZED;
 #endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc::testNotSupportedMethod(OC_DELETE, &ep, OCF_SEC_SDI_URI, nullptr,
+                             error_code);
+}
 
 TEST_F(TestSdiWithServer, Copy)
 {

diff --git a/security/unittest/sptest.cpp b/security/unittest/sptest.cpp
@@ -288,8 +288,6 @@ TEST_F(TestSecurityProfile, EncodeAndDecodeForDevice)
   expectEqual(*oc_sec_sp_get(kDeviceID), profile_copy);
 }
 
-#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
-
 class TestSecurityProfileWithServer : public testing::Test {
 public:
   static void SetUpTestCase()
@@ -314,6 +312,8 @@ class TestSecurityProfileWithServer : public testing::Test {
   }
 };
 
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+
 TEST_F(TestSecurityProfileWithServer, GetRequest)
 {
   auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
@@ -414,25 +414,53 @@ TEST_F(TestSecurityProfileWithServer, PostRequest_FailInvalidData)
   ASSERT_TRUE(invoked);
 }
 
-TEST_F(TestSecurityProfileWithServer, PutRequest_FailMethodNotSupported)
+#else /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+
+TEST_F(TestSecurityProfileWithServer, GetRequest_FailMethodNotAuthorized)
 {
   auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
   ASSERT_TRUE(epOpt.has_value());
   auto ep = std::move(*epOpt);
-  auto encode_payload = []() {
-    encodePayload(OC_SP_BASELINE | OC_SP_BLACK, OC_SP_BLACK);
-  };
-  oc::testNotSupportedMethod(OC_PUT, &ep, OCF_SEC_SP_URI, encode_payload);
+  oc::testNotSupportedMethod(OC_GET, &ep, OCF_SEC_SP_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
 }
 
-TEST_F(TestSecurityProfileWithServer, DeleteRequest_FailMethodNotSupported)
+TEST_F(TestSecurityProfileWithServer, PostRequest_FailMethodNotAuthorized)
 {
   auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
   ASSERT_TRUE(epOpt.has_value());
   auto ep = std::move(*epOpt);
-  oc::testNotSupportedMethod(OC_DELETE, &ep, OCF_SEC_SP_URI);
+  oc::testNotSupportedMethod(OC_POST, &ep, OCF_SEC_SP_URI, nullptr,
+                             OC_STATUS_UNAUTHORIZED);
 }
 
 #endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM  */
 
+TEST_F(TestSecurityProfileWithServer, PutRequest_Fail)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+  oc_status_t error_code = OC_STATUS_METHOD_NOT_ALLOWED;
+#else  /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc_status_t error_code = OC_STATUS_UNAUTHORIZED;
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc::testNotSupportedMethod(OC_PUT, &ep, OCF_SEC_SP_URI, nullptr, error_code);
+}
+
+TEST_F(TestSecurityProfileWithServer, DeleteRequest_Fail)
+{
+  auto epOpt = oc::TestDevice::GetEndpoint(kDeviceID);
+  ASSERT_TRUE(epOpt.has_value());
+  auto ep = std::move(*epOpt);
+#ifdef OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM
+  oc_status_t error_code = OC_STATUS_METHOD_NOT_ALLOWED;
+#else  /* !OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc_status_t error_code = OC_STATUS_UNAUTHORIZED;
+#endif /* OC_HAS_FEATURE_RESOURCE_ACCESS_IN_RFOTM */
+  oc::testNotSupportedMethod(OC_DELETE, &ep, OCF_SEC_SP_URI, nullptr,
+                             error_code);
+}
+
 #endif /* OC_SECURITY */