1 files changed, 50 insertions, 0 deletions

diff --git a/tests/keyctl/restrict/bad-args/runtest.sh b/tests/keyctl/restrict/bad-args/runtest.sh
new file mode 100644
index 0000000..8cd073e
--- /dev/null
+++ b/tests/keyctl/restrict/bad-args/runtest.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+. ../../../prepare.inc.sh
+. ../../../toolbox.inc.sh
+
+# ---- do the actual testing ----
+
+if [ $have_restrict_keyring = 0 ]
+then
+    toolbox_skip_test $TEST "SKIPPING DUE TO LACK OF KEYRING RESTRICTION"
+    exit 0
+fi
+
+result=PASS
+echo "++++ BEGINNING TEST" >$OUTPUTFILE
+
+# create a keyring for CA keys
+marker "ADD CA KEYRING"
+create_keyring cakeyring @s
+expect_keyid cakeyringid
+
+# create a keyring
+marker "ADD KEYRING TO RESTRICT"
+create_keyring restrict @s
+expect_keyid restrictid
+
+# invalid payload
+marker "INVALID EXTRA PARAMETER 1"
+restrict_keyring --fail $restrictid "asymmetric" "key_or_keyring:$cakeyringid:bad_param"
+
+marker "INVALID EXTRA PARAMETER 2"
+restrict_keyring --fail $restrictid "asymmetric" "builtin_trusted:bad_param"
+
+marker "INVALID RESTRICT METHOD"
+restrict_keyring --fail $restrictid "asymmetric" "no_such_method:$cakeyringid"
+
+marker "INVALID KEY TYPE"
+restrict_keyring --fail $restrictid "not_a_key_type" "builtin_trusted"
+
+marker "INVALID KEY ID"
+restrict_keyring --fail $restrictid "asymmetric" "key_or_keyring:abcxyz"
+
+# invalid key option
+marker "USE KEY ID 0 FOR KEYRING"
+restrict_keyring --fail $restrictid "asymmetric" "key_or_keyring:0"
+
+echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
+
+# --- then report the results in the database ---
+toolbox_report_result $TEST $result