# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

from autotest_lib.client.bin import test, utils
from autotest_lib.client.common_lib import error
from autotest_lib.client.cros import pkcs11

class platform_Pkcs11ChangeAuthData(test.test):
    version = 1

    def run_once(self):
        pkcs11.setup_p11_test_token(True, 'auth1')
        pkcs11.load_p11_test_token('auth1')
        utils.system('p11_replay --inject --replay_wifi')
        # Change auth data while the token is not loaded.
        pkcs11.unload_p11_test_token()
        pkcs11.change_p11_test_token_auth_data('auth1', 'auth2')
        pkcs11.load_p11_test_token('auth2')
        result = utils.system('p11_replay --replay_wifi', ignore_status=True)
        if result != 0:
            raise error.TestFail('Change authorization data failed (1).')
        # Change auth data while the token is loaded.
        pkcs11.change_p11_test_token_auth_data('auth2', 'auth3')
        pkcs11.unload_p11_test_token()
        pkcs11.load_p11_test_token('auth3')
        result = utils.system('p11_replay --replay_wifi', ignore_status=True)
        if result != 0:
            raise error.TestFail('Change authorization data failed (2).')
        # Attempt change with incorrect current auth data.
        pkcs11.unload_p11_test_token()
        pkcs11.change_p11_test_token_auth_data('bad_auth', 'auth4')
        pkcs11.load_p11_test_token('auth3')
        result = utils.system('p11_replay --replay_wifi', ignore_status=True)
        if result != 0:
            raise error.TestFail('Change authorization data failed (3).')
        # Verify old auth data no longer works after change. This also verifies
        # recovery from bad auth data - expect a functional, empty token.
        pkcs11.unload_p11_test_token()
        pkcs11.change_p11_test_token_auth_data('auth3', 'auth5')
        pkcs11.load_p11_test_token('auth3')
        result = utils.system('p11_replay --replay_wifi', ignore_status=True)
        if result == 0:
            raise error.TestFail('Bad authorization data allowed (1).')
        utils.system('p11_replay --inject --replay_wifi')
        pkcs11.unload_p11_test_token()
        # Token should have been recreated with 'auth3'.
        pkcs11.load_p11_test_token('auth3')
        result = utils.system('p11_replay --replay_wifi', ignore_status=True)
        if result != 0:
            raise error.TestFail('Token not valid after recovery.')
        pkcs11.unload_p11_test_token()
        # Since token was recovered, previous correct auth should be rejected.
        pkcs11.load_p11_test_token('auth5')
        result = utils.system('p11_replay --replay_wifi', ignore_status=True)
        if result == 0:
            raise error.TestFail('Bad authorization data allowed (2).')
        pkcs11.unload_p11_test_token()
        pkcs11.cleanup_p11_test_token()