test_ccapi_ccache.c   [plain text]

#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <limits.h>
#include "test_ccapi_check.h"
#include "test_ccapi_util.h"
#include "test_ccapi_context.h"
#include "test_ccapi_ccache.h"

// ---------------------------------------------------------------------------


int check_cc_ccache_release(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_release");
	
	#ifndef cc_ccache_release
	log_error("cc_ccache_release is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	
	
	
	if (!err) {
		check_once_cc_ccache_release(context, ccache, ccNoError, NULL);
		ccache = NULL;
	}
	
	if (context) { cc_context_release(context); }
	
	#endif /* cc_ccache_release */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_release(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[2] = {
		ccNoError, 
		ccErrInvalidCCache, 
	};

	cc_string_t name = NULL;
	
	err = cc_ccache_get_name(ccache, &name);
	err = cc_ccache_release(ccache);
	ccache = NULL;
	
    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_release
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err && name) { // try opening released ccache to make sure it still exists
		err = cc_context_open_ccache(context, name->data, &ccache);
	}
	check_if(err == ccErrCCacheNotFound, "released ccache was actually destroyed instead");
	
	if (ccache) { cc_ccache_destroy(ccache); }
	if (name) { cc_string_release(name); }
	
	#endif /* cc_ccache_release */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_destroy(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_destroy");
	
	#ifndef cc_ccache_destroy
	log_error("cc_ccache_destroy is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	
	
	
	if (!err) {
		check_once_cc_ccache_destroy(context, ccache, ccNoError, NULL);
		ccache = NULL;
	}
		
	if (context) { cc_context_release(context); }
	
	#endif /* cc_ccache_destroy */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_destroy(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[2] = {
		ccNoError, 
		ccErrInvalidCCache, 
	};

	cc_string_t name = NULL;
	
    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_destroy
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_get_name(ccache, &name);
	err = cc_ccache_destroy(ccache);
	ccache = NULL;
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err && name) { // try opening released ccache to make sure it still exists
		err = cc_context_open_ccache(context, name->data, &ccache);
	}
	check_if(err != ccErrCCacheNotFound, "destroyed ccache was actually released instead");
	
	if (ccache) { cc_ccache_destroy(ccache); }
	if (name) { cc_string_release(name); }
	
	#endif /* cc_ccache_destroy */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_set_default(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_set_default");
	
	#ifndef cc_ccache_set_default
	log_error("cc_ccache_set_default is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	// try when it's the only ccache (already default)
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_set_default(context, ccache, ccNoError, "when it's the only ccache (already default)");
	}
	if (ccache) {
		err = cc_ccache_release(ccache);
		ccache = NULL;
	}
	
	// try when it's not the only ccache (and not default)
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "baz@BAR.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_set_default(context, ccache, ccNoError, "when it's not the only ccache (and not default)");
	}
	if (ccache) {
		err = cc_ccache_release(ccache);
		ccache = NULL;
	}
	
	// try when it's not the only ccache (and already default)	
	if (!err) {
		err = cc_context_open_default_ccache(context, &ccache);
	}
	if (!err) {
		check_once_cc_ccache_set_default(context, ccache, ccNoError, "when it's not the only ccache (and already default)");
	}
	if (ccache) {
		err = cc_ccache_release(ccache);
		ccache = NULL;
	}
			
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	if (context) { cc_context_release(context); }
	
	#endif /* cc_ccache_set_default */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_set_default(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[3] = {
		ccNoError, 
		ccErrInvalidCCache, 
		ccErrCCacheNotFound, 
	};

	cc_ccache_t default_ccache = NULL;
	cc_string_t name = NULL;
	cc_string_t default_name = NULL;
	
    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_set_default
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_set_default(ccache);
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err) {
		err = cc_ccache_get_name(ccache, &name);
	}
	if (!err) {
		err = cc_context_open_default_ccache(context, &default_ccache);
	}
	if (!err) {
		err = cc_ccache_get_name(default_ccache, &default_name);
	}
	if (name && default_name) {
		check_if(strcmp(name->data, default_name->data), NULL);
	}
	else {
		check_if(1, "cc_ccache_get_name failed");
	}
		
	if (default_ccache) { cc_ccache_release(default_ccache); }
	//if (ccache) { cc_ccache_destroy(ccache); } // ccache is released by the caller
	if (default_name) { cc_string_release(default_name); }
	if (name) { cc_string_release(name); }
	
	#endif /* cc_ccache_set_default */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_get_credentials_version(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_get_credentials_version");
	
	#ifndef cc_ccache_get_credentials_version
	log_error("cc_ccache_get_credentials_version is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	// try one created with v5 creds
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v5, ccNoError, "v5 creds");
	}
	else {
		log_error("cc_context_create_new_ccache failed, can't complete test");
		failure_count++;
	}
	
#if 0
	// try it with added v4 creds
	if (!err) {
		err = cc_ccache_set_principal(ccache, cc_credentials_v4, "foo@BAR.ORG");
	}
	if (!err) {
		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v5 with v4 creds added");
	}
	else {
		log_error("cc_ccache_set_principal failed, can't complete test");
		failure_count++;
	}
#endif	
	if (ccache) {
		cc_ccache_destroy(ccache);
		ccache = NULL;
	}
	
	err = ccNoError;
	
#if 0
	// try one created with v4 creds
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAR.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4, ccNoError, "v4 creds");
	}
	else {
		log_error("cc_context_create_new_ccache failed, can't complete test");
		failure_count++;
	}
	
	// try it with added v5 creds
	if (!err) {
		err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
	}
	if (!err) {
		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v4 with v5 creds added");
	}	
	else {
		log_error("cc_ccache_set_principal failed, can't complete test");
		failure_count++;
	}
#endif	
	if (ccache) {
		cc_ccache_destroy(ccache);
		ccache = NULL;
	}
	
	if (context) { cc_context_release(context); }
	
	#endif /* cc_ccache_get_credentials_version */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_get_credentials_version(cc_ccache_t ccache, cc_uint32 expected_cred_vers, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[4] = {
		ccNoError, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrCCacheNotFound, 
	};

	cc_uint32 stored_cred_vers = 0;
	
    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_get_credentials_version
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_get_credentials_version(ccache, &stored_cred_vers);
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err) {
		check_if(stored_cred_vers != expected_cred_vers, NULL);
	}
	
	#endif /* cc_ccache_get_credentials_version */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_get_name(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_get_name");
	
	#ifndef cc_ccache_get_name
	log_error("cc_ccache_get_name is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	// try with unique ccache (which happens to be default)
	if (!err) {
		err = cc_context_create_ccache(context, "0", cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_name(ccache, "0", ccNoError, "unique ccache (which happens to be default)");
	}
	else {
		log_error("cc_context_create_ccache failed, can't complete test");
		failure_count++;
	}	
	if (ccache) {
		cc_ccache_release(ccache);
		ccache = NULL;
	}
	
	// try with unique ccache (which is not default)
	if (!err) {
		err = cc_context_create_ccache(context, "1", cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_name(ccache, "1", ccNoError, "unique ccache (which is not default)");
	}
	else {
		log_error("cc_context_create_ccache failed, can't complete test");
		failure_count++;
	}
	
	// try with bad param
	if (!err) {
		check_once_cc_ccache_get_name(ccache, NULL, ccErrBadParam, "NULL param");
	}
	if (ccache) {
		cc_ccache_release(ccache);
		ccache = NULL;
	}
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_get_name */
	
	END_TEST_AND_RETURN	
}

cc_int32 check_once_cc_ccache_get_name(cc_ccache_t ccache, const char *expected_name, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[4] = {
		ccNoError, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrCCacheNotFound, 
	};

	cc_string_t stored_name = NULL;
	
    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_get_name
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (expected_name == NULL) { // we want to try with a NULL param
		err = cc_ccache_get_name(ccache, NULL);
	}
	else {
		err = cc_ccache_get_name(ccache, &stored_name);
	}
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err) {
		check_if(strcmp(stored_name->data, expected_name), NULL);
	}
	
	if (stored_name) { cc_string_release(stored_name); }
	
	#endif /* cc_ccache_get_name */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------

cc_int32 check_once_cc_ccache_get_principal(cc_ccache_t ccache, 
                                            cc_uint32 cred_vers, 
                                            const char *expected_principal, 
                                            cc_int32 expected_err, 
                                            const char *description) {
	cc_int32 err = ccNoError;
	cc_string_t stored_principal = NULL;
		
	cc_int32 possible_return_values[6] = {
		ccNoError, 
		ccErrNoMem, 
		ccErrBadCredentialsVersion, 
		ccErrBadParam, 
		ccErrInvalidCCache, 
		ccErrCCacheNotFound, 
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_get_principal
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (expected_principal == NULL) { // we want to try with a NULL param
		err = cc_ccache_get_principal(ccache, cred_vers, NULL);
	}
	else {
		err = cc_ccache_get_principal(ccache, cred_vers, &stored_principal);
	}
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err) {
		check_if(strcmp(stored_principal->data, expected_principal), "expected princ == \"%s\" stored princ == \"%s\"", expected_principal, stored_principal->data);
	}
	
	if (stored_principal) { cc_string_release(stored_principal); }
	
	#endif /* cc_ccache_get_principal */
	
	END_CHECK_ONCE;
	
	return err;
}

// ---------------------------------------------------------------------------

int check_cc_ccache_get_principal(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_get_principal");
	
	#ifndef cc_ccache_get_principal
	log_error("cc_ccache_get_principal is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	// try with krb5 principal
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo/BAR@BAZ.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_principal(ccache, cc_credentials_v5, "foo/BAR@BAZ.ORG", ccNoError, "trying to get krb5 princ for krb5 ccache");
	}
	else {
		log_error("cc_context_create_new_ccache failed, can't complete test");
		failure_count++;
	}
	if (ccache) {
		cc_ccache_release(ccache);
		ccache = NULL;
	}
	
#if 0
	// try with krb4 principal
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo.BAR@BAZ.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_principal(ccache, cc_credentials_v4, "foo.BAR@BAZ.ORG", ccNoError, "trying to get krb4 princ for krb4 ccache");
	}
	else {
		log_error("cc_context_create_new_ccache failed, can't complete test");
		failure_count++;
	}
	// try with bad param
	if (!err) {
		// cc_ccache_t doesn't have any concept of the difference between a v4 and v5 principal
		check_once_cc_ccache_get_principal(ccache, cc_credentials_v4_v5, "foo.BAR@BAZ.ORG", 
			ccErrBadCredentialsVersion,
			"passing cc_credentials_v4_v5 (shouldn't be allowed)");
		check_once_cc_ccache_get_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "passed null out param");
	}
#endif
	
	if (ccache) {
		cc_ccache_release(ccache);
		ccache = NULL;
	}
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_get_principal */
	
	END_TEST_AND_RETURN	
}

// ---------------------------------------------------------------------------

int check_cc_ccache_set_principal(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_set_principal");
	
	#ifndef cc_ccache_set_principal
	log_error("cc_ccache_set_principal is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	// bad params
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
	}
	if (!err) {
		check_once_cc_ccache_set_principal(ccache, cc_credentials_v4_v5, "foo/BAZ@BAR.ORG", ccErrBadCredentialsVersion, "cc_credentials_v4_v5 (not allowed)");
		check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL principal");
	}
	else {
		log_error("cc_context_create_new_ccache failed, can't complete test");
		failure_count++;
	}
	if (ccache) {
		cc_ccache_destroy(ccache);
		ccache = NULL;
	}
	

	// empty ccache

		// replace v5 only ccache's principal
		if (!err) {
			err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
		}
		if (!err) {
			check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError, "replace v5 only ccache's principal (empty ccache)");
		}
		else {
			log_error("cc_context_create_new_ccache failed, can't complete test");
			failure_count++;
		}
		if (ccache) {
			cc_ccache_destroy(ccache);
			ccache = NULL;
		}
		
		// add v4 principal to v5 only ccache
		if (!err) {
			err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
		}
#if 0
		if (!err) {
			check_once_cc_ccache_set_principal(ccache, cc_credentials_v4, "foo.BAZ@BAR.ORG", ccNoError, "add v4 principal to v5 only ccache (empty ccache)");
		}
		else {
			log_error("cc_context_create_new_ccache failed, can't complete test");
			failure_count++;
		}
#endif
		if (ccache) {
			cc_ccache_destroy(ccache);
			ccache = NULL;
		}

#if 0
		// replace v4 only ccache's principal
		if (!err) {
			err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
		}
		if (!err) {
			check_once_cc_ccache_set_principal(ccache, cc_credentials_v4, "foo.BAZ@BAR.ORG", ccNoError, "replace v4 only ccache's principal (empty ccache)");
		}
		else {
			log_error("cc_context_create_new_ccache failed, can't complete test");
			failure_count++;
		}
		if (ccache) {
			cc_ccache_destroy(ccache);
			ccache = NULL;
		}
		
		// add v5 principal to v4 only ccache
		if (!err) {
			err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
		}
		if (!err) {
			check_once_cc_ccache_set_principal(ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError, "add v5 principal to v4 only ccache (empty ccache)");
		}
		else {
			log_error("cc_context_create_new_ccache failed, can't complete test");
			failure_count++;
		}
		if (ccache) {
			cc_ccache_destroy(ccache);
			ccache = NULL;
		}
#endif
		
	// with credentials
	
		// replace v5 only ccache's principal
		
		// add v4 principal to v5 only ccache

		// replace v4 only ccache's principal
		
		// add v5 principal to v4 only ccache
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_set_principal */
	
	END_TEST_AND_RETURN	
}

cc_int32 check_once_cc_ccache_set_principal(cc_ccache_t ccache, cc_uint32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_string_t stored_principal = NULL;
		
	cc_int32 possible_return_values[6] = {
		ccNoError, 
		ccErrNoMem, 
		ccErrInvalidCCache, 
		ccErrBadCredentialsVersion, 
		ccErrBadParam, 
		ccErrCCacheNotFound, 
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_set_principal
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_set_principal(ccache, cred_vers, in_principal);
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err) {
		err = cc_ccache_get_principal(ccache, cred_vers, &stored_principal);
	}
	
	// compare stored with input
	if (!err) {
		check_if(strcmp(stored_principal->data, in_principal), "expected princ == \"%s\" stored princ == \"%s\"", in_principal, stored_principal->data);
	}
	
	if (stored_principal) { cc_string_release(stored_principal); }
	
	#endif /* cc_ccache_set_principal */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_store_credentials(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	cc_ccache_t dup_ccache = NULL;
	cc_credentials_union creds_union;
	cc_string_t name = NULL;
	
	BEGIN_TEST("cc_ccache_store_credentials");
	
	#ifndef cc_ccache_store_credentials
	log_error("cc_ccache_store_credentials is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}

	// cred with matching version and realm
	if (!err) {
		err = new_v5_creds_union(&creds_union, "BAR.ORG");
	}
	
	if (!err) {
		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccNoError, "ok creds");
	}
	
	if (&creds_union) { release_v5_creds_union(&creds_union); }
	
	// try with bad params
	check_once_cc_ccache_store_credentials(ccache, NULL, ccErrBadParam, "NULL creds param");
	
	// invalid creds
	if (!err) {
		err = new_v5_creds_union(&creds_union, "BAR.ORG");
	}
	
	if (!err) {
		if (creds_union.credentials.credentials_v5->client) {
			free(creds_union.credentials.credentials_v5->client);
			creds_union.credentials.credentials_v5->client = NULL;
		}
		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadParam, "invalid creds (NULL client string)");
	}
	
	if (&creds_union) { release_v5_creds_union(&creds_union); }
	
	// bad creds version
	if (!err) {
		err = new_v5_creds_union(&creds_union, "BAR.ORG");
	}
	
	if (!err) {
		creds_union.version = cc_credentials_v4_v5;
		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4_v5 creds (invalid) into a ccache with only v5 princ");
		creds_union.version = cc_credentials_v4;
		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4 creds into a ccache with only v5 princ");
		creds_union.version = cc_credentials_v5;
	}
	
	if (&creds_union) { release_v5_creds_union(&creds_union); }
	
	// non-existent ccache
	if (ccache) { 
		err = cc_ccache_get_name(ccache, &name);
		if (!err) {
			err = cc_context_open_ccache(context, name->data, &dup_ccache);
		}
		if (name) { cc_string_release(name); }
		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
	}
	
	if (!err) {
		err = new_v5_creds_union(&creds_union, "BAR.ORG");
	}
	
	if (!err) {
		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrInvalidCCache, "invalid ccache");
	}
	
	if (!err && &creds_union) { release_v5_creds_union(&creds_union); }
	if (ccache) { cc_ccache_release(ccache); }
	if (context) { 
		destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_store_credentials */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_store_credentials(cc_ccache_t ccache, const cc_credentials_union *credentials, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_credentials_iterator_t creds_iterator = NULL;
	cc_credentials_t creds = NULL;
		
	cc_int32 possible_return_values[6] = {
		ccNoError, 
		ccErrBadParam, 
		ccErrInvalidCCache, 
		ccErrInvalidCredentials, 
		ccErrBadCredentialsVersion, 
		ccErrCCacheNotFound, 
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_store_credentials
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_store_credentials(ccache, credentials);
		
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	// make sure credentials were truly stored
	if (!err) {
		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
	}
	while (!err) {
		err = cc_credentials_iterator_next(creds_iterator, &creds);
		if (creds) {
			if (compare_v5_creds_unions(credentials, creds->data) == 0) {
				break;
			}
			cc_credentials_release(creds);
			creds = NULL;			
		}
	}
	
	if (err == ccIteratorEnd) { 
		check_if((creds != NULL), "stored credentials not found in ccache");
		err = ccNoError;
	}
	if (creds) { cc_credentials_release(creds); }
	
	#endif /* cc_ccache_store_credentials */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_remove_credentials(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	cc_ccache_t dup_ccache = NULL;
	cc_credentials_t creds_array[10];
	cc_credentials_t creds = NULL;
	cc_credentials_union creds_union;
	cc_credentials_iterator_t creds_iterator = NULL;
	cc_string_t name = NULL;
	unsigned int i;
	
	BEGIN_TEST("cc_ccache_remove_credentials");
	
	#ifndef cc_ccache_remove_credentials
	log_error("cc_ccache_remove_credentials is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	
	// store 10 creds and retrieve their cc_credentials_t representations
	for(i = 0; !err && (i < 10); i++) {
		new_v5_creds_union(&creds_union, "BAR.ORG");
		err = cc_ccache_store_credentials(ccache, &creds_union);
		if (&creds_union) { release_v5_creds_union(&creds_union); }
	}
	if (err) {
		log_error("failure to store creds_union in remove_creds test");
	}
	if (!err) {
		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
	}
	i = 0;
	while (!err && i < 10) {
		err = cc_credentials_iterator_next(creds_iterator, &creds);
		if (creds) {
			creds_array[i++] = creds;
			creds = NULL;
		}
	}
	if (err == ccIteratorEnd) { err = ccNoError; }
	
	// remove 10 valid creds
	for (i = 0; !err && (i < 8); i++) {
		check_once_cc_ccache_remove_credentials(ccache, creds_array[i], ccNoError, "10 ok creds");
	}

	// NULL param
	check_once_cc_ccache_remove_credentials(ccache, NULL, ccErrBadParam, "NULL creds in param");
	
	// non-existent creds (remove same one twice)
	check_once_cc_ccache_remove_credentials(ccache, creds_array[0], ccErrCredentialsNotFound, "removed same creds twice");
	
	// non-existent ccache
	if (ccache) { 
		err = cc_ccache_get_name(ccache, &name);
		if (!err) {
			err = cc_context_open_ccache(context, name->data, &dup_ccache);
		}
		if (name) { cc_string_release(name); }
		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
	}
	
	if (!err) {
		err = new_v5_creds_union(&creds_union, "BAR.ORG");
	}
	
	if (!err) {
		check_once_cc_ccache_remove_credentials(ccache, creds_array[8], ccErrCredentialsNotFound, "invalid ccache");
	}

	for(i = 0; i < 10; i++) {
		if (creds_array[i]) { cc_credentials_release(creds_array[i]); }
	}

	if (ccache) { cc_ccache_release(ccache); }
	if (context) { 
		destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_remove_credentials */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_remove_credentials(cc_ccache_t ccache, cc_credentials_t in_creds, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_credentials_iterator_t creds_iterator = NULL;
	cc_credentials_t creds = NULL;
		
	cc_int32 possible_return_values[6] = {
		ccNoError, 
		ccErrBadParam, 
		ccErrInvalidCCache, 
		ccErrInvalidCredentials, 
		ccErrCredentialsNotFound, 
		ccErrCCacheNotFound,
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_remove_credentials
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_remove_credentials(ccache, in_creds);
		
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	// make sure credentials were truly removed
	if (!err) {
		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
	}
	while (!err) {
		err = cc_credentials_iterator_next(creds_iterator, &creds);
		if (creds) {
			if (compare_v5_creds_unions(in_creds->data, creds->data) == 0) {
				break;
			}
			cc_credentials_release(creds);
			creds = NULL;			
		}
	}
	
	if (err == ccIteratorEnd) { 
		err = ccNoError;
	}
	else {
		check_if((creds != NULL), "credentials not removed from ccache");
	}
	if (creds) { cc_credentials_release(creds); }
	
	#endif /* cc_ccache_remove_credentials */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------


int check_cc_ccache_new_credentials_iterator(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	cc_ccache_t dup_ccache = NULL;
	cc_credentials_iterator_t creds_iterator = NULL;
	cc_string_t name = NULL;
	
	BEGIN_TEST("cc_ccache_new_credentials_iterator");
	
	#ifndef cc_ccache_new_credentials_iterator
	log_error("cc_ccache_new_credentials_iterator is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	
	// valid params
	if (!err) {
		check_once_cc_ccache_new_credentials_iterator(ccache, &creds_iterator, ccNoError, "valid params");
	}
	if (creds_iterator) { 
		cc_credentials_iterator_release(creds_iterator); 
		creds_iterator = NULL;
	}
	
	// NULL out param
	if (!err) {
		check_once_cc_ccache_new_credentials_iterator(ccache, NULL, ccErrBadParam, "NULL out iterator param");
	}
	if (creds_iterator) { 
		cc_credentials_iterator_release(creds_iterator); 
		creds_iterator = NULL;
	}
	
	// non-existent ccache
	if (ccache) { 
		err = cc_ccache_get_name(ccache, &name);
		if (!err) {
			err = cc_context_open_ccache(context, name->data, &dup_ccache);
		}
		if (name) { cc_string_release(name); }
		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
	}
	
	if (!err) {
		check_once_cc_ccache_new_credentials_iterator(ccache, &creds_iterator, ccErrInvalidCCache, "invalid ccache");
	}
	
	if (creds_iterator) { 
		cc_credentials_iterator_release(creds_iterator); 
		creds_iterator = NULL;
	}
	if (ccache) { cc_ccache_release(ccache); }
	if (context) { 
		destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_new_credentials_iterator */
	
	END_TEST_AND_RETURN
}


cc_int32 check_once_cc_ccache_new_credentials_iterator(cc_ccache_t ccache, cc_credentials_iterator_t *iterator, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[5] = {
		ccNoError, 
		ccErrBadParam, 
		ccErrNoMem, 
		ccErrCCacheNotFound, 
		ccErrInvalidCCache, 
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_new_credentials_iterator
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_new_credentials_iterator(ccache, iterator);
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	#endif /* cc_ccache_new_credentials_iterator */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------

cc_int32 check_once_cc_ccache_get_change_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_time_t this_time = 0;
		
	cc_int32 possible_return_values[4] = {
		ccNoError, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrCCacheNotFound, 
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_get_change_time
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (last_time == NULL) {
		err = cc_ccache_get_change_time(ccache, NULL); // passed NULL to compare against because intention is actually to pass bad param instead
	} else {
		err = cc_ccache_get_change_time(ccache, &this_time);
	}
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if ((!err) && last_time) {
		check_if(this_time <= *last_time, "change time didn't increase when expected");
		*last_time = this_time;
	}
		
	#endif /* cc_ccache_get_change_time */
	
	END_CHECK_ONCE;
	
	return err;
}

// ---------------------------------------------------------------------------

int check_cc_ccache_get_change_time(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t dummy_ccache = NULL;
	cc_ccache_t ccache = NULL;
	cc_credentials_union creds_union;
	cc_credentials_iterator_t creds_iterator = NULL;
	cc_credentials_t credentials = NULL;
	cc_time_t last_time = 0;
	
    BEGIN_TEST("cc_ccache_get_change_time");
	
	#ifndef cc_ccache_get_change_time
	log_error("cc_ccache_get_change_time is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	// create some ccaches (so that the one we keep around as 'ccache' is not default)
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}
	if (ccache) {
		cc_ccache_release(ccache);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
	}
	
	// change it in all the ways it can change, checking after each
	
	// the ccache is created
	if (!err) {
		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "new ccache (change time should be > 0)");
	}
	
	// the ccache is made default
	if (!err) {
		err = cc_ccache_set_default(ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "non-default ccache became default");
	}
	
	// the ccache is made not-default
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "something@ELSE.COM", &dummy_ccache);
	}
	if (!err) {
		err = cc_ccache_set_default(dummy_ccache);
	}
	if (dummy_ccache) {	
		cc_ccache_release(dummy_ccache);
	}
	if (!err) {
		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "default ccache became non-default");
	}
	
	// try with bad params
	
	// NULL out param
	if (!err) {
		check_once_cc_ccache_get_change_time(ccache, NULL, ccErrBadParam, "NULL out param for time");
	}
	
	// store a credential
	if (!err) {
		new_v5_creds_union(&creds_union, "BAR.ORG");
		err = cc_ccache_store_credentials(ccache, &creds_union);
		release_v5_creds_union(&creds_union);
	}
	check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "stored new credential");
	
	if (!err) {
		// change principal (fails with ccErrBadInternalMessage)
		err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
		if (err) {
			log_error("failed to change ccache's principal - %s (%d)", translate_ccapi_error(err), err);
			failure_count++;
			err = ccNoError;
		}
	}
	check_once_cc_context_get_change_time(context, &last_time, ccNoError, "after changing a principle");
	
	// remove a credential
	if (!err) {
		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
	}
	if (!err) {
		err = cc_credentials_iterator_next(creds_iterator, &credentials);
	}
	if (err == ccIteratorEnd) {
		err = ccNoError;
	}
	if (!err) {
		err = cc_ccache_remove_credentials(ccache, credentials);
	}
	check_once_cc_context_get_change_time(context, &last_time, ccNoError, "after removing a credential");
	
	
	// invalid ccache
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	if (!err) {
		check_once_cc_ccache_get_change_time(ccache, &last_time, ccErrInvalidCCache, "getting change time on destroyed ccache");
	}
	
	if (ccache) { cc_ccache_release(ccache); }
	if (context) { 
		destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_get_change_time */
	
	END_TEST_AND_RETURN
}


// ---------------------------------------------------------------------------

cc_int32 check_once_cc_ccache_get_last_default_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_time_t this_time = 0;
		
	cc_int32 possible_return_values[5] = {
		ccNoError, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrNeverDefault, 
		ccErrCCacheNotFound, 
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_get_last_default_time
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (last_time == NULL) {
		err = cc_ccache_get_last_default_time(ccache, NULL); // passed NULL to compare against because intention is actually to pass bad param instead
	} else {
		err = cc_ccache_get_last_default_time(ccache, &this_time);
	}
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err && last_time) {
		check_if(this_time > *last_time, "last default time isn't as expected");
		*last_time = this_time;
	}
		
	#endif /* cc_ccache_get_last_default_time */
	
	END_CHECK_ONCE;
	
	return err;
}

// ---------------------------------------------------------------------------

int check_cc_ccache_get_last_default_time(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache_1 = NULL;
	cc_ccache_t ccache_2 = NULL;
	cc_time_t last_time_1 = 0;
	cc_time_t last_time_2 = 0;
	cc_string_t name = NULL;
	
	BEGIN_TEST("cc_ccache_get_last_default_time");
	
	#ifndef cc_ccache_get_last_default_time
	log_error("cc_ccache_get_last_default_time is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	// create 2 ccaches
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@ONE.ORG", &ccache_1);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@TWO.ORG", &ccache_2);
	}
	
	if (!err) {
		err = cc_ccache_get_change_time(ccache_1, &last_time_1);
	}
	
	// since we destroyed all ccaches before creating these two, 
	// ccache_1 should be default and ccache_2 should never have been default
	if (!err) {
		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccNoError, "ccache_1 default at creation");
		check_once_cc_ccache_get_last_default_time(ccache_2, &last_time_2, ccErrNeverDefault, "ccache_2 never default");
	}
	
	// make ccache_2 default and check each of their times again
	if (!err) {
		err = cc_ccache_set_default(ccache_2);
	}
	if (!err) {
		err = cc_ccache_get_change_time(ccache_2, &last_time_2);
	}
	if (!err) {
		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccNoError, "ccache_1 no longer default");
		check_once_cc_ccache_get_last_default_time(ccache_2, &last_time_2, ccNoError, "ccache_2 newly default");
	}

	// NULL param
	if (!err) {
		check_once_cc_ccache_get_last_default_time(ccache_1, NULL, ccErrBadParam, "NULL out param");
	}
	
	// non-existent ccache
	if (ccache_2) { 
		cc_ccache_release(ccache_2); 
		ccache_2 = NULL;
	}
	if (!err) {
		err = cc_ccache_get_name(ccache_1, &name);
	}
	if (!err) {
		err = cc_context_open_ccache(context, name->data, &ccache_2);
	}
	if (!err) {
		cc_ccache_destroy(ccache_2);
		ccache_2 = NULL;
	}
	
	if (!err) {
		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccErrInvalidCCache, "destroyed ccache");
	}
	
	if (ccache_1) { cc_ccache_release(ccache_1); }
	
	if (context) { 
		destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_get_last_default_time */
	
	END_TEST_AND_RETURN
}

// ---------------------------------------------------------------------------

int check_cc_ccache_move(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t source = NULL;
	cc_ccache_t destination = NULL;
	
	cc_credentials_union creds_union;
	unsigned int i = 0;
	
	BEGIN_TEST("cc_ccache_move");
	
	#ifndef cc_ccache_move
	log_error("cc_ccache_move is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
	
	if (!err) {
		err = destroy_all_ccaches(context);
	}
	
	// create 2 ccaches
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@ONE.ORG", &source);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@TWO.ORG", &destination);
	}
	
	// store credentials in each
	for (i = 0; !err && (i < 10); i++) {
		new_v5_creds_union(&creds_union, "ONE.ORG");
		err = cc_ccache_store_credentials(source, &creds_union);
	}
	for (i = 0; !err && (i < 10); i++) {
		new_v5_creds_union(&creds_union, "TWO.ORG");
		err = cc_ccache_store_credentials(destination, &creds_union);
	}
	
	// move source into destination
	if (!err) {
		check_once_cc_ccache_move(source, destination, ccNoError, "valid params");
	}

	// NULL param
	if (!err) {
		check_once_cc_ccache_move(destination, NULL, ccErrBadParam, "NULL destination param");
	}
	
	// non-existent ccache
	if (!err) {
		check_once_cc_ccache_move(destination, source, ccErrInvalidCCache, "recently moved source as destination param");
	}
	
	if (source) { cc_ccache_release(source); }
	if (destination) { cc_ccache_release(destination); }
	
	if (context) { 
		destroy_all_ccaches(context);
		cc_context_release(context);
	}
	
	#endif /* cc_ccache_move */
	
	END_TEST_AND_RETURN
	
	
}

cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_credentials_t dst_creds[10] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, };
	cc_credentials_t creds = NULL;
	cc_credentials_iterator_t cred_iterator = NULL;
	unsigned int i = 0;
	
	cc_string_t src_principal = NULL;
	cc_string_t dst_principal = NULL;
	
	cc_int32 possible_return_values[4] = {
		ccNoError, 
		ccErrBadParam, 
		ccErrInvalidCCache, 
		ccErrCCacheNotFound,
	};

    BEGIN_CHECK_ONCE(description);
	
	#ifdef cc_ccache_move
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (destination) {
		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)	
		if (!err) {
			err = cc_ccache_new_credentials_iterator(destination, &cred_iterator);
		}
		while (!err && (i < 10)) {
			err = cc_credentials_iterator_next(cred_iterator, &creds);
			if (creds) {
				dst_creds[i++] = creds;
			}
		}
		if (err == ccIteratorEnd) {
			err = ccNoError;
		}
		if (cred_iterator) { 
			cc_credentials_iterator_release(cred_iterator); 
			cred_iterator = NULL;
		}

		// verify that destination's principal has changed to source's (strcmp)
		if (!err) {
			err = cc_ccache_get_principal(source, cc_credentials_v5, &src_principal);
		}
	}
	
	
	if (!err) {
		err = cc_ccache_move(source, destination);
	}
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	
	if (!err) {
		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)
		i = 0;
		while (dst_creds[i] && (i < 10)) {
			err = cc_ccache_remove_credentials(destination, dst_creds[i]);
			check_if(!(!err || err == ccErrCredentialsNotFound || ccErrInvalidCredentials), "credentials in destination not removed as promised");
			cc_credentials_release(dst_creds[i]);
			i++;
		}
		err = ccNoError;
	}

		// verify that destination's principal has changed to source's (strcmp)
		if (!err) {
			err = cc_ccache_get_principal(destination, cc_credentials_v5, &dst_principal);
		}
		if (!err) {
			check_if(strcmp(src_principal->data, dst_principal->data), "destination principal not overwritten by source");
		}

		// verify that handles for source are no longer valid (get_change_time)
		if (src_principal) { 
			cc_string_release(src_principal);
			src_principal = NULL;
		}
		if (!err) {
			err = cc_ccache_get_principal(source, cc_credentials_v5, &src_principal);
			check_if(err != ccErrInvalidCCache, "source ccache was not invalidated after move");
		}
	
	
	if (cred_iterator) { cc_credentials_iterator_release(cred_iterator); }
	if (src_principal) { cc_string_release(src_principal); }
	if (dst_principal) { cc_string_release(dst_principal); }
		
	#endif /* cc_ccache_move */
	
	END_CHECK_ONCE;
	
	return err;
}


// ---------------------------------------------------------------------------

int check_cc_ccache_compare(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache_a = NULL;
	cc_ccache_t ccache_b = NULL;
	cc_uint32 equal = 0;
	
	BEGIN_TEST("cc_ccache_compare");
	
	#ifndef cc_ccache_compare
	log_error("cc_ccache_compare is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);

	if (!err) {
		err = destroy_all_ccaches(context);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache_a);
	}
	if (!err) {
		err = cc_context_open_default_ccache(context, &ccache_b);
	}

	equal = 1;
	check_once_cc_ccache_compare(ccache_a, ccache_a, &equal, ccNoError, "compare ccache with same pointer");
	equal = 1;
	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different handles to same ccache");
	
	if (ccache_b) {
		cc_ccache_release(ccache_b);
		ccache_b = NULL;
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "baz@BAR.ORG", &ccache_b);
	}
	equal = 0;
	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different ccaches");
	check_once_cc_ccache_compare(ccache_a, NULL, &equal, ccErrBadParam, "NULL compare_to ccache");
	check_once_cc_ccache_compare(ccache_a, ccache_b, NULL, ccErrBadParam, "NULL out param");

	if (ccache_a) { cc_ccache_release(ccache_a); }
	if (ccache_b) { cc_ccache_release(ccache_b); }
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context); 
	}
	
	#endif /* cc_ccache_compare */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_uint32 actually_equal = 0;
	
	cc_int32 possible_return_values[4] = {
		ccNoError, 
		ccErrInvalidContext, 
		ccErrBadParam, 
		ccErrServerUnavailable,
	};

    BEGIN_CHECK_ONCE(description);

	#ifdef cc_ccache_compare
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (equal) {
		actually_equal = *equal;
	} 
	
	err = cc_ccache_compare(ccache, compare_to, equal);
	
	if (!err && equal) {
		if (actually_equal) {
			check_if(actually_equal != *equal, "equal ccaches not considered equal");
		}
		else {
			check_if(actually_equal != *equal, "non-equal ccaches considered equal");
		}
	}
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	#endif /* cc_ccache_compare */
	
	return err;
}


// ---------------------------------------------------------------------------

int check_cc_ccache_get_kdc_time_offset(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	cc_time_t time_offset = 0;
	
	BEGIN_TEST("cc_ccache_get_kdc_time_offset");
	
	#ifndef cc_ccache_get_kdc_time_offset
	log_error("cc_ccache_get_kdc_time_offset is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);

	if (!err) {
		err = destroy_all_ccaches(context);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}

	time_offset = 0;
	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccErrTimeOffsetNotSet, "brand new ccache (offset not yet set)");
	
	time_offset = 10;
	if (!err) {
		err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, time_offset);
	}
	if (!err) {
		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccNoError, "offset set for v5 but not v4");
	}
#if 0
	if (!err) {
		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccErrTimeOffsetNotSet, "asking for v4 offset when only v5 is set");
	}
	if (!err) {
		err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, time_offset);
	}
	if (!err) {
		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccNoError, "asking for v4 offset when v4 and v5 are set");
	}
#endif

	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL time_offset out param");
#if 0
	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4_v5, &time_offset, ccErrBadCredentialsVersion, "v4_v5 creds_vers in param (invalid)");
#endif

	if (ccache) { cc_ccache_release(ccache); }
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context); 
	}
	
	#endif /* cc_ccache_get_kdc_time_offset */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_get_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t *time_offset, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_time_t expected_offset;
	
	cc_int32 possible_return_values[7] = {
		ccNoError, 
		ccErrTimeOffsetNotSet, 
		ccErrCCacheNotFound, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrServerUnavailable, 
		ccErrBadCredentialsVersion,	
	};

    BEGIN_CHECK_ONCE(description);

	#ifdef cc_ccache_get_kdc_time_offset
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	if (time_offset) {
		expected_offset = *time_offset;
	}
	
	err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, time_offset);
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err && time_offset) {
		check_if(*time_offset != expected_offset, "kdc time offset doesn't match expected value");
	}
	
	#endif /* cc_ccache_get_kdc_time_offset */
	
	return err;
}


// ---------------------------------------------------------------------------

int check_cc_ccache_set_kdc_time_offset(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_set_kdc_time_offset");
	
	#ifndef cc_ccache_set_kdc_time_offset
	log_error("cc_ccache_set_kdc_time_offset is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);

	if (!err) {
		err = destroy_all_ccaches(context);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}

	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0, ccNoError, "first time setting offset (v5)");
#if 0
	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0, ccNoError, "first time setting offset (v4)");
	
	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4_v5, 0, ccErrBadCredentialsVersion, "invalid creds_vers (v4_v5)");
#endif

	if (ccache) { cc_ccache_release(ccache); }
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context); 
	}
	
	#endif /* cc_ccache_set_kdc_time_offset */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_set_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t time_offset, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	cc_time_t stored_offset = 0;
		
	cc_int32 possible_return_values[6] = {
		ccNoError, 
		ccErrCCacheNotFound, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrServerUnavailable, 
		ccErrBadCredentialsVersion,
	};

    BEGIN_CHECK_ONCE(description);

	#ifdef cc_ccache_set_kdc_time_offset
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
	
	err = cc_ccache_set_kdc_time_offset(ccache, credentials_version, time_offset);
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
	if (!err) {
		err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, &stored_offset);
	}
	
	if (!err) {
		check_if(time_offset != stored_offset, "kdc time offset doesn't match expected value");
	}
	
	#endif /* cc_ccache_set_kdc_time_offset */
	
	return err;
}


// ---------------------------------------------------------------------------

int check_cc_ccache_clear_kdc_time_offset(void) {
	cc_int32 err = 0;
	cc_context_t context = NULL;
	cc_ccache_t ccache = NULL;
	
	BEGIN_TEST("cc_ccache_clear_kdc_time_offset");
	
	#ifndef cc_ccache_clear_kdc_time_offset
	log_error("cc_ccache_clear_kdc_time_offset is not implemented yet");
	failure_count++;
	#else
	
	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);

	if (!err) {
		err = destroy_all_ccaches(context);
	}
	if (!err) {
		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
	}

	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing an offset that was never set (v5)");
#if 0
	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing an offset that was never set (v4)");
#endif

	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0);
#if 0
	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0);
#endif
	
	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing v5");
#if 0
	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing v4");
	
	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4_v5, ccErrBadCredentialsVersion, "bad in param creds vers (v4_v5)");
#endif
	
	if (ccache) { cc_ccache_release(ccache); }
	
	if (context) { 
		err = destroy_all_ccaches(context);
		cc_context_release(context); 
	}
	
	#endif /* cc_ccache_clear_kdc_time_offset */
	
	END_TEST_AND_RETURN
}

cc_int32 check_once_cc_ccache_clear_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_int32 expected_err, const char *description) {
	cc_int32 err = ccNoError;
	
	cc_int32 possible_return_values[6] = {
		ccNoError, 
		ccErrCCacheNotFound, 
		ccErrInvalidCCache, 
		ccErrBadParam, 
		ccErrServerUnavailable, 
		ccErrBadCredentialsVersion,
	};
	BEGIN_CHECK_ONCE(description);

	#ifdef cc_ccache_clear_kdc_time_offset
	
	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])

	err = cc_ccache_clear_kdc_time_offset(ccache, credentials_version);
	
	// check returned error
	check_err(err, expected_err, possible_return_values);
	
#if 0
	if (!err) {
		err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, &stored_offset);
		check_if(err != ccErrTimeOffsetNotSet, "time offset not cleared");
	}
#endif
	
	#endif /* cc_ccache_clear_kdc_time_offset */
	
	return err;
}