commit ddf64866a60abc698840802e701b67ebaa12e212
author Marri Devender Rao <devenrao@in.ibm.com> Wed Oct 03 07:11:02 2018 -0500
committer Jayanth Othayoth <ojayanth@in.ibm.com> Sun Oct 07 21:34:12 2018 -0500
tree a220cf17b613d457fb627c5a1e78c0b23e0ed0ea
parent e6597c5b37204501d50022f91fd5c1ab124691b5

Additional unit test for verification

1) Test passing private key only certificate file
2) Testing cerfiticate only certificate file
3) Modifying existing test to corrupt certificate file and verify

Change-Id: Ie421c881af53aaca6f439fc86897b0877f589537
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

test/certs_manager_test.cpp

diff --git a/test/certs_manager_test.cpp b/test/certs_manager_test.cpp
index a2163a0..ee03229 100644
--- a/test/certs_manager_test.cpp
+++ b/test/certs_manager_test.cpp
@@ -20,6 +20,9 @@
 using InvalidCertificate =
     sdbusplus::xyz::openbmc_project::Certs::Install::Error::InvalidCertificate;
 
+/**
+ * Class to generate certificate file and test verification of certificate file
+ */
 class TestCertsManager : public ::testing::Test
 {
   public:
@@ -208,7 +211,7 @@
     std::string unit("nslcd.service");
     std::string type("client");
 
-    std::string emptyFile("certcorrupted.pem");
+    std::string emptyFile("emptycert.pem");
     std::ofstream ofs;
     ofs.open(emptyFile, std::ofstream::out);
     ofs.close();
@@ -236,7 +239,7 @@
     fs::remove(emptyFile);
 }
 
-/** @brief Check if install fails if corrupted certificate file is not found
+/** @brief Check if install fails if certificate file is corrupted
  */
 TEST_F(TestCertsManager, TestInvalidCertificateFile)
 {
@@ -244,13 +247,14 @@
     std::string unit("nslcd.service");
     std::string type("client");
 
-    std::string corrputedFile("certcorrupted.pem");
     std::ofstream ofs;
-    ofs.open(corrputedFile, std::ofstream::out);
-    ofs << " PUBLIC KEY PRIVATE KEY XXXX YYYY ZZZZ";
+    ofs.open(certificateFile, std::ofstream::out);
+    ofs << "-----BEGIN CERTIFICATE-----";
+    ofs << "ADD_SOME_INVALID_DATA_INTO_FILE";
+    ofs << "-----END CERTIFICATE-----";
     ofs.close();
 
-    std::string path(certDir + "/" + corrputedFile);
+    std::string path(certDir + "/" + certificateFile);
     std::string verifyPath(path);
     auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
     MockCertManager manager(bus, objPath.c_str(), type, std::move(unit),
@@ -261,7 +265,7 @@
         {
             try
             {
-                mainApp.install(corrputedFile);
+                mainApp.install(certificateFile);
             }
             catch (const InvalidCertificate& e)
             {
@@ -270,5 +274,110 @@
         },
         InvalidCertificate);
     EXPECT_FALSE(fs::exists(verifyPath));
-    fs::remove(corrputedFile);
 }
+
+/**
+ * Class to generate private and certificate only file and test verification
+ */
+class TestInvalidCertsManager : public ::testing::Test
+{
+  public:
+    TestInvalidCertsManager() : bus(sdbusplus::bus::new_default())
+    {
+    }
+    void SetUp() override
+    {
+        char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
+        auto dirPtr = mkdtemp(dirTemplate);
+        if (dirPtr == NULL)
+        {
+            throw std::bad_alloc();
+        }
+        certDir = dirPtr;
+        certificateFile = "cert.pem";
+        keyFile = "key.pem";
+        std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
+        cmd += "-keyout key.pem -out cert.pem -days 3650 ";
+        cmd += "-subj "
+               "/O=openbmc-project.xyz/CN=localhost"
+               " -nodes";
+
+        auto val = std::system(cmd.c_str());
+        if (val)
+        {
+            std::cout << "command Error: " << val << std::endl;
+        }
+    }
+    void TearDown() override
+    {
+        fs::remove_all(certDir);
+        fs::remove(certificateFile);
+        fs::remove(keyFile);
+    }
+
+  protected:
+    sdbusplus::bus::bus bus;
+    std::string certificateFile;
+    std::string keyFile;
+    std::string certDir;
+};
+
+/** @brief Check install fails if private key is missing in certificate file
+ */
+TEST_F(TestInvalidCertsManager, TestMissingPrivateKey)
+{
+    std::string endpoint("ldap");
+    std::string unit("nslcd.service");
+    std::string type("client");
+    std::string path(certDir + "/" + certificateFile);
+    std::string verifyPath(path);
+
+    auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
+    MockCertManager manager(bus, objPath.c_str(), type, std::move(unit),
+                            std::move(path));
+    EXPECT_CALL(manager, clientInstall()).Times(0);
+    MainApp mainApp(&manager);
+    EXPECT_THROW(
+        {
+            try
+            {
+                mainApp.install(certificateFile);
+            }
+            catch (const InvalidCertificate& e)
+            {
+                throw;
+            }
+        },
+        InvalidCertificate);
+    EXPECT_FALSE(fs::exists(verifyPath));
+}
+
+/** @brief Check install fails if ceritificate is missing in certificate file
+ */
+TEST_F(TestInvalidCertsManager, TestMissingCeritificate)
+{
+    std::string endpoint("ldap");
+    std::string unit("nslcd.service");
+    std::string type("client");
+    std::string path(certDir + "/" + keyFile);
+    std::string verifyPath(path);
+
+    auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
+    MockCertManager manager(bus, objPath.c_str(), type, std::move(unit),
+                            std::move(path));
+    EXPECT_CALL(manager, clientInstall()).Times(0);
+    MainApp mainApp(&manager);
+    EXPECT_THROW(
+        {
+            try
+            {
+                mainApp.install(keyFile);
+            }
+            catch (const InvalidCertificate& e)
+            {
+                throw;
+            }
+        },
+        InvalidCertificate);
+    EXPECT_FALSE(fs::exists(verifyPath));
+}
\ No newline at end of file