Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / 762da74eeaceba1d77fed0348dad256a4e675f26 / . / test / certs_manager_test.cpp
blob: b807b1e9f0cdd9ef6bc034770232d60fb09d2289 [file] [log] [blame]
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]1#include "config.h"
2
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]3#include "certificate.hpp"
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]4#include "certs_manager.hpp"
5
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]6#include <openssl/bio.h>
7#include <openssl/crypto.h>
8#include <openssl/err.h>
9#include <openssl/evp.h>
10#include <openssl/pem.h>
11#include <openssl/x509v3.h>
12
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]13#include <algorithm>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]14#include <filesystem>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]15#include <fstream>
16#include <iterator>
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]17#include <sdeventplus/event.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]18#include <string>
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]19#include <xyz/openbmc_project/Certs/error.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]20#include <xyz/openbmc_project/Common/error.hpp>
21
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]22#include <gtest/gtest.h>
Nan Zhoue1289ad2021-12-28 11:02:56 -0800[diff] [blame]23
24namespace phosphor::certs
25{
26namespace
27{
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]28namespace fs = std::filesystem;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]29using InternalFailure =
30 sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]31using InvalidCertificate =
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]32 sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]33
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]34/**
35 * Class to generate certificate file and test verification of certificate file
36 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]37class TestCertificates : public ::testing::Test
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]38{
39 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]40 TestCertificates() : bus(sdbusplus::bus::new_default())
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]41 {
42 }
43 void SetUp() override
44 {
45 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
46 auto dirPtr = mkdtemp(dirTemplate);
Nan Zhoucfb58022021-12-28 11:02:26 -0800[diff] [blame]47 if (dirPtr == nullptr)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]48 {
49 throw std::bad_alloc();
50 }
Zbigniew Lukwinskife590c42019-12-10 12:33:50 +0100[diff] [blame]51 certDir = std::string(dirPtr) + "/certs";
52 fs::create_directories(certDir);
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]53
54 createNewCertificate();
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]55 }
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]56
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]57 void TearDown() override
58 {
59 fs::remove_all(certDir);
60 fs::remove(certificateFile);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]61 fs::remove(CSRFile);
62 fs::remove(privateKeyFile);
Nan Zhoucf811c42021-12-02 14:56:17 -0800[diff] [blame]63 fs::remove_all("demoCA");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]64 }
65
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]66 void createNewCertificate(bool setNewCertId = false)
67 {
68 certificateFile = "cert.pem";
69 CSRFile = "domain.csr";
70 privateKeyFile = "privkey.pem";
71 rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem";
72 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
Nan Zhoucf811c42021-12-02 14:56:17 -0800[diff] [blame]73 cmd += "-keyout cert.pem -out cert.pem -days 365000 -nodes";
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]74 cmd += " -subj /O=openbmc-project.xyz/CN=localhost";
75
76 if (setNewCertId)
77 {
78 cmd += std::to_string(certId++);
79 }
80
81 auto val = std::system(cmd.c_str());
82 if (val)
83 {
84 std::cout << "COMMAND Error: " << val << std::endl;
85 }
86 }
87
Nan Zhoucf811c42021-12-02 14:56:17 -0800[diff] [blame]88 void createNeverExpiredRootCertificate()
89 {
90 // remove the old cert
91 fs::remove(certificateFile);
92
93 // The following routines create a cert that has NotBefore
94 // set to 1970/01/01 and NotAfter set to 9999/12/31 via the
95 // OpenSSL CA application.
96 certificateFile = "cert.pem";
97 ASSERT_EQ(std::system("mkdir -p demoCA"), 0);
98 ASSERT_EQ(std::system("mkdir -p demoCA/private/"), 0);
99 ASSERT_EQ(std::system("mkdir -p demoCA/newcerts/"), 0);
100 ASSERT_EQ(std::system("touch demoCA/index.txt"), 0);
101 ASSERT_EQ(std::system("echo 1000 > demoCA/serial"), 0);
102 ASSERT_EQ(
103 std::system(
104 "openssl req -x509 -sha256 -newkey rsa:2048 -keyout "
105 "demoCA/private/cakey.pem -out demoCA/cacert.pem -nodes "
106 "-subj /O=openbmc-project.xyz/C=US/ST=CA/CN=localhost-ca"),
107 0);
108 ASSERT_EQ(std::system(
109 "openssl req -new -newkey rsa:2048 -nodes -keyout "
110 "demoCA/server.key -out demoCA/server.csr -subj "
111 "/O=openbmc-project.xyz/C=US/ST=CA/CN=localhost-server"),
112 0);
113 ASSERT_EQ(
114 std::system(
115 "openssl ca -batch -startdate 19700101000000Z -enddate "
116 "99991231235959Z -out cert.pem -infiles demoCA/server.csr"),
117 0);
118 }
119
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]120 bool compareFiles(const std::string& file1, const std::string& file2)
121 {
122 std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate);
123 std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate);
124
125 if (f1.fail() || f2.fail())
126 {
127 return false; // file problem
128 }
129
130 if (f1.tellg() != f2.tellg())
131 {
132 return false; // size mismatch
133 }
134
135 // seek back to beginning and use std::equal to compare contents
136 f1.seekg(0, std::ifstream::beg);
137 f2.seekg(0, std::ifstream::beg);
138 return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()),
139 std::istreambuf_iterator<char>(),
140 std::istreambuf_iterator<char>(f2.rdbuf()));
141 }
142
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]143 std::string getCertSubjectNameHash(const std::string& certFilePath)
144 {
145 std::unique_ptr<X509, decltype(&::X509_free)> cert(X509_new(),
146 ::X509_free);
147 if (!cert)
148 {
149 std::string();
150 }
151
152 std::unique_ptr<BIO, decltype(&::BIO_free)> bioCert(
153 BIO_new_file(certFilePath.c_str(), "rb"), ::BIO_free);
154 if (!bioCert)
155 {
156 std::string();
157 }
158
159 X509* x509 = cert.get();
160 if (!PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr))
161 {
162 std::string();
163 }
164
165 unsigned long hash = X509_subject_name_hash(cert.get());
166 static constexpr auto AUTH_CERT_HASH_LENGTH = 9;
167 char hashBuf[AUTH_CERT_HASH_LENGTH];
168 sprintf(hashBuf, "%08lx", hash);
169 return std::string(hashBuf);
170 }
171
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]172 protected:
173 sdbusplus::bus::bus bus;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]174 std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]175
176 std::string certDir;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]177 uint64_t certId;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]178};
179
180class MainApp
181{
182 public:
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]183 MainApp(phosphor::certs::Manager* manager,
184 phosphor::certs::CSR* csr = nullptr) :
185 manager(manager),
Patrick Williamse129be32021-04-30 20:35:19 -0500[diff] [blame]186 csr_(csr)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]187 {
188 }
189 void install(std::string& path)
190 {
191 manager->install(path);
192 }
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]193 void delete_()
194 {
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame]195 manager->deleteAll();
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]196 }
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]197
198 std::string generateCSR(std::vector<std::string> alternativeNames,
199 std::string challengePassword, std::string city,
200 std::string commonName, std::string contactPerson,
201 std::string country, std::string email,
202 std::string givenName, std::string initials,
203 int64_t keyBitLength, std::string keyCurveId,
204 std::string keyPairAlgorithm,
205 std::vector<std::string> keyUsage,
206 std::string organization,
207 std::string organizationalUnit, std::string state,
208 std::string surname, std::string unstructuredName)
209 {
210 return (manager->generateCSR(
211 alternativeNames, challengePassword, city, commonName,
212 contactPerson, country, email, givenName, initials, keyBitLength,
213 keyCurveId, keyPairAlgorithm, keyUsage, organization,
214 organizationalUnit, state, surname, unstructuredName));
215 }
Patrick Williamse129be32021-04-30 20:35:19 -0500[diff] [blame]216 std::string csr()
217 {
218 return (csr_->csr());
219 }
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]220 phosphor::certs::Manager* manager;
Patrick Williamse129be32021-04-30 20:35:19 -0500[diff] [blame]221 phosphor::certs::CSR* csr_;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]222};
223
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]224/** @brief Check if server install routine is invoked for server setup
225 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]226TEST_F(TestCertificates, InvokeServerInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]227{
228 std::string endpoint("https");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]229 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]230 std::string type("server");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]231 std::string installPath(certDir + "/" + certificateFile);
232 std::string verifyPath(installPath);
233 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]234 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]235 auto event = sdeventplus::Event::get_default();
236 // Attach the bus to sd_event to service user requests
237 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
238 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
239 std::move(installPath));
240 MainApp mainApp(&manager);
241 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]242 EXPECT_TRUE(fs::exists(verifyPath));
243}
244
245/** @brief Check if client install routine is invoked for client setup
246 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]247TEST_F(TestCertificates, InvokeClientInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]248{
249 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]250 std::string unit("");
251 std::string type("server");
252 std::string installPath(certDir + "/" + certificateFile);
253 std::string verifyPath(installPath);
254 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]255 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]256 auto event = sdeventplus::Event::get_default();
257 // Attach the bus to sd_event to service user requests
258 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
259 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
260 std::move(installPath));
261 MainApp mainApp(&manager);
262 mainApp.install(certificateFile);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]263 EXPECT_TRUE(fs::exists(verifyPath));
264}
265
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]266/** @brief Check if storage install routine is invoked for storage setup
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]267 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]268TEST_F(TestCertificates, InvokeAuthorityInstall)
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]269{
270 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]271 std::string unit("");
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]272 std::string type("authority");
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]273 std::string verifyDir(certDir);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]274 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]275 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]276 auto event = sdeventplus::Event::get_default();
277 // Attach the bus to sd_event to service user requests
278 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
279 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]280 std::move(certDir));
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]281 MainApp mainApp(&manager);
Nan Zhoucf811c42021-12-02 14:56:17 -0800[diff] [blame]282 // install the default certificate that's valid from today to 100 years
283 // later
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]284 mainApp.install(certificateFile);
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]285
286 std::vector<std::unique_ptr<Certificate>>& certs =
287 manager.getCertificates();
288
Nan Zhoucf811c42021-12-02 14:56:17 -0800[diff] [blame]289 ASSERT_EQ(certs.size(), 1);
290 // check some attributes as well
291 EXPECT_EQ(certs.front()->validNotAfter() - certs.front()->validNotBefore(),
292 365000ULL * 24 * 3600);
293 EXPECT_EQ(certs.front()->subject(), "O=openbmc-project.xyz,CN=localhost");
294 EXPECT_EQ(certs.front()->issuer(), "O=openbmc-project.xyz,CN=localhost");
295
296 std::string verifyPath =
297 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0";
298
299 // Check that certificate has been created at installation directory
300 EXPECT_FALSE(fs::is_empty(verifyDir));
301 EXPECT_TRUE(fs::exists(verifyPath));
302
303 // Check that installed cert is identical to input one
304 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
305}
306
307/** @brief Check if storage install routine is invoked for storage setup
308 */
309TEST_F(TestCertificates, InvokeAuthorityInstallNeverExpiredRootCert)
310{
311 std::string endpoint("ldap");
312 std::string unit("");
313 std::string type("authority");
314 std::string verifyDir(certDir);
315 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]316 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Nan Zhoucf811c42021-12-02 14:56:17 -0800[diff] [blame]317 auto event = sdeventplus::Event::get_default();
318 // Attach the bus to sd_event to service user requests
319 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
320 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
321 std::move(certDir));
322 MainApp mainApp(&manager);
323
324 // install the certificate that's valid from the Unix Epoch to Dec 31, 9999
325 createNeverExpiredRootCertificate();
326 mainApp.install(certificateFile);
327
328 std::vector<std::unique_ptr<Certificate>>& certs =
329 manager.getCertificates();
330
331 EXPECT_EQ(certs.front()->validNotBefore(), 0);
332 EXPECT_EQ(certs.front()->validNotAfter(), 253402300799ULL);
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]333
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]334 std::string verifyPath =
335 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0";
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]336
337 // Check that certificate has been created at installation directory
338 EXPECT_FALSE(fs::is_empty(verifyDir));
339 EXPECT_TRUE(fs::exists(verifyPath));
340
341 // Check that installed cert is identical to input one
342 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
343}
344
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]345/** @brief Check if in authority mode user can't install the same
346 * certificate twice.
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]347 */
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]348TEST_F(TestCertificates, InvokeInstallSameCertTwice)
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]349{
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]350 std::string endpoint("ldap");
351 std::string unit("");
352 std::string type("authority");
353 std::string verifyDir(certDir);
354 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]355 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]356 auto event = sdeventplus::Event::get_default();
357 // Attach the bus to sd_event to service user requests
358 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
359 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
360 std::move(certDir));
361 MainApp mainApp(&manager);
362 mainApp.install(certificateFile);
363
364 std::vector<std::unique_ptr<Certificate>>& certs =
365 manager.getCertificates();
366
367 EXPECT_FALSE(certs.empty());
368
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]369 // Check that certificate has been created at installation directory
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]370 std::string verifyPath =
371 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0";
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]372 EXPECT_FALSE(fs::is_empty(verifyDir));
373 EXPECT_TRUE(fs::exists(verifyPath));
374
375 // Check that installed cert is identical to input one
376 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
377
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]378 using NotAllowed =
379 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]380 EXPECT_THROW(
381 {
382 try
383 {
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]384 // Try to install the same certificate second time
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]385 mainApp.install(certificateFile);
386 }
387 catch (const NotAllowed& e)
388 {
389 throw;
390 }
391 },
392 NotAllowed);
393
394 // Check that the original certificate has been not removed
395 EXPECT_FALSE(fs::is_empty(verifyDir));
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]396 EXPECT_TRUE(fs::exists(verifyPath));
397}
398
Zbigniew Lukwinski73d1fbf2020-01-15 15:31:12 +0100[diff] [blame]399/** @brief Check if in authority mode user can install a certificate with
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]400 * certain subject hash twice.
401 */
402TEST_F(TestCertificates, InvokeInstallSameSubjectTwice)
403{
404 std::string endpoint("ldap");
405 std::string unit("");
406 std::string type("authority");
407 std::string verifyDir(certDir);
408 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]409 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]410 auto event = sdeventplus::Event::get_default();
411 // Attach the bus to sd_event to service user requests
412 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
413 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
414 std::move(certDir));
415 MainApp mainApp(&manager);
416 mainApp.install(certificateFile);
417
418 std::vector<std::unique_ptr<Certificate>>& certs =
419 manager.getCertificates();
420
421 EXPECT_FALSE(certs.empty());
422
423 // Check that certificate has been created at installation directory
424 std::string verifyPath0 =
425 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0";
426 EXPECT_FALSE(fs::is_empty(verifyDir));
427 EXPECT_TRUE(fs::exists(verifyPath0));
428
429 // Check that installed cert is identical to input one
430 EXPECT_TRUE(compareFiles(certificateFile, verifyPath0));
431
432 // Prepare second certificate with the same subject
433 createNewCertificate();
434
Zbigniew Lukwinski73d1fbf2020-01-15 15:31:12 +0100[diff] [blame]435 // Install second certificate
436 mainApp.install(certificateFile);
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]437
438 // Expect there are exactly two certificates in the collection
Zbigniew Lukwinski73d1fbf2020-01-15 15:31:12 +0100[diff] [blame]439 EXPECT_EQ(certs.size(), 2);
440
441 // Check that certificate has been created at installation directory
442 std::string verifyPath1 =
443 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".1";
444 EXPECT_TRUE(fs::exists(verifyPath1));
445
446 // Check that installed cert is identical to input one
447 EXPECT_TRUE(compareFiles(certificateFile, verifyPath1));
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]448
449 // Check that the original/first certificate has been not removed
450 EXPECT_FALSE(fs::is_empty(verifyDir));
451 EXPECT_TRUE(fs::exists(verifyPath0));
452}
453
454/** @brief Check if in authority mode user can't install more than
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]455 * maxNumAuthorityCertificates certificates.
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]456 */
457TEST_F(TestCertificates, InvokeInstallAuthCertLimit)
458{
459 std::string endpoint("ldap");
460 std::string unit("");
461 std::string type("authority");
462 std::string verifyDir(certDir);
463 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]464 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]465 auto event = sdeventplus::Event::get_default();
466 // Attach the bus to sd_event to service user requests
467 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
468 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
469 std::move(certDir));
470 MainApp mainApp(&manager);
471
472 std::vector<std::unique_ptr<Certificate>>& certs =
473 manager.getCertificates();
474
475 std::vector<std::string> verifyPaths;
476
477 // Prepare maximum number of ceritificates
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]478 for (std::size_t i = 0; i < maxNumAuthorityCertificates; ++i)
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]479 {
480 // Prepare new certificatate
481 createNewCertificate(true);
482
483 // Install ceritificate
484 mainApp.install(certificateFile);
485
486 // Check number of certificates in the collection
487 EXPECT_EQ(certs.size(), i + 1);
488
489 // Check that certificate has been created at installation directory
490 std::string verifyPath =
491 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0";
492 EXPECT_FALSE(fs::is_empty(verifyDir));
493 EXPECT_TRUE(fs::exists(verifyPath));
494
495 // Check that installed cert is identical to input one
496 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
497
498 // Save current certificate file for later check
499 verifyPaths.push_back(verifyPath);
500 }
501
502 // Prepare new certificatate
503 createNewCertificate(true);
504
505 using NotAllowed =
506 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
507 EXPECT_THROW(
508 {
509 try
510 {
511 // Try to install one more certificate
512 mainApp.install(certificateFile);
513 }
514 catch (const NotAllowed& e)
515 {
516 throw;
517 }
518 },
519 NotAllowed);
520
521 // Check that the original certificate has been not removed
522 EXPECT_FALSE(fs::is_empty(verifyDir));
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]523 for (size_t i = 0; i < maxNumAuthorityCertificates; ++i)
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]524 {
525 EXPECT_TRUE(fs::exists(verifyPaths[i]));
526 }
527}
528
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]529/** @brief Compare the installed certificate with the copied certificate
530 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]531TEST_F(TestCertificates, CompareInstalledCertificate)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]532{
533 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]534 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]535 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]536 std::string installPath(certDir + "/" + certificateFile);
537 std::string verifyPath(installPath);
538 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]539 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]540 auto event = sdeventplus::Event::get_default();
541 // Attach the bus to sd_event to service user requests
542 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
543 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
544 std::move(installPath));
545 MainApp mainApp(&manager);
546 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]547 EXPECT_TRUE(fs::exists(verifyPath));
548 EXPECT_TRUE(compareFiles(verifyPath, certificateFile));
549}
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]550
551/** @brief Check if install fails if certificate file is not found
552 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]553TEST_F(TestCertificates, TestNoCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]554{
555 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]556 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]557 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]558 std::string installPath(certDir + "/" + certificateFile);
559 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]560 std::string verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]561 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]562 std::string uploadFile = "nofile.pem";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]563 EXPECT_THROW(
564 {
565 try
566 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]567 auto event = sdeventplus::Event::get_default();
568 // Attach the bus to sd_event to service user requests
569 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
570 Manager manager(bus, event, objPath.c_str(), type,
571 std::move(unit), std::move(installPath));
572 MainApp mainApp(&manager);
573 mainApp.install(uploadFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]574 }
575 catch (const InternalFailure& e)
576 {
577 throw;
578 }
579 },
580 InternalFailure);
581 EXPECT_FALSE(fs::exists(verifyPath));
582}
583
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]584/** @brief Test replacing existing certificate
585 */
586TEST_F(TestCertificates, TestReplaceCertificate)
587{
588 std::string endpoint("ldap");
589 std::string unit("");
590 std::string type("server");
591 std::string installPath(certDir + "/" + certificateFile);
592 std::string verifyPath(installPath);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]593 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]594 auto event = sdeventplus::Event::get_default();
595 // Attach the bus to sd_event to service user requests
596 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
597 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
598 std::move(installPath));
599 MainApp mainApp(&manager);
600 mainApp.install(certificateFile);
601 EXPECT_TRUE(fs::exists(verifyPath));
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]602 std::vector<std::unique_ptr<Certificate>>& certs =
603 manager.getCertificates();
604 EXPECT_FALSE(certs.empty());
605 EXPECT_NE(certs[0], nullptr);
606 certs[0]->replace(certificateFile);
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]607 EXPECT_TRUE(fs::exists(verifyPath));
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]608}
609
610/** @brief Test replacing existing certificate
611 */
612TEST_F(TestCertificates, TestAuthorityReplaceCertificate)
613{
614 std::string endpoint("ldap");
615 std::string unit("");
616 std::string type("authority");
617 std::string verifyDir(certDir);
618 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]619 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]620 auto event = sdeventplus::Event::get_default();
621 // Attach the bus to sd_event to service user requests
622 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
623 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
624 std::move(certDir));
625 MainApp mainApp(&manager);
626 mainApp.install(certificateFile);
627
628 std::vector<std::unique_ptr<Certificate>>& certs =
629 manager.getCertificates();
630 constexpr const unsigned int REPLACE_ITERATIONS = 10;
631
632 for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++)
633 {
634 // Certificate successfully installed
635 EXPECT_FALSE(certs.empty());
636
Zbigniew Lukwinski2f3563c2020-01-08 12:35:23 +0100[diff] [blame]637 std::string verifyPath =
638 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0";
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]639
640 // Check that certificate has been created at installation directory
641 EXPECT_FALSE(fs::is_empty(verifyDir));
642 EXPECT_TRUE(fs::exists(verifyPath));
643
644 // Check that installed cert is identical to input one
645 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
646
647 // Create new certificate
648 createNewCertificate(true);
649
650 certs[0]->replace(certificateFile);
651
652 // Verify that old certificate has been removed
653 EXPECT_FALSE(fs::exists(verifyPath));
654 }
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]655}
656
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame]657/** @brief Test verifiing if delete function works.
658 */
659TEST_F(TestCertificates, TestStorageDeleteCertificate)
660{
661 std::string endpoint("ldap");
662 std::string unit("");
663 std::string type("authority");
664 std::string verifyDir(certDir);
665 UnitsToRestart verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]666 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame]667 auto event = sdeventplus::Event::get_default();
668 // Attach the bus to sd_event to service user requests
669 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
670 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
671 std::move(certDir));
672 MainApp mainApp(&manager);
673
674 // Check if certificate placeholder dir is empty
675 EXPECT_TRUE(fs::is_empty(verifyDir));
676 mainApp.install(certificateFile);
677
678 // Create new certificate
679 createNewCertificate(true);
680 mainApp.install(certificateFile);
681
682 createNewCertificate(true);
683 mainApp.install(certificateFile);
684
685 std::vector<std::unique_ptr<Certificate>>& certs =
686 manager.getCertificates();
687
688 // All 3 certificates successfully installed and added to manager
689 EXPECT_EQ(certs.size(), 3);
690
691 // Check if certificate placeholder is not empty, there should be 3
692 // certificates
693 EXPECT_FALSE(fs::is_empty(verifyDir));
694
695 certs[0]->delete_();
696 EXPECT_EQ(certs.size(), 2);
697
698 certs[0]->delete_();
699 EXPECT_EQ(certs.size(), 1);
700
701 certs[0]->delete_();
702 EXPECT_EQ(certs.size(), 0);
703
704 // Check if certificate placeholder is empty.
705 EXPECT_TRUE(fs::is_empty(verifyDir));
706}
707
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]708/** @brief Check if install fails if certificate file is empty
709 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]710TEST_F(TestCertificates, TestEmptyCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]711{
712 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]713 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]714 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]715 std::string installPath(certDir + "/" + certificateFile);
716 std::string verifyPath(installPath);
717 std::string verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]718 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]719 std::string emptyFile("emptycert.pem");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]720 std::ofstream ofs;
721 ofs.open(emptyFile, std::ofstream::out);
722 ofs.close();
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]723 EXPECT_THROW(
724 {
725 try
726 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]727 auto event = sdeventplus::Event::get_default();
728 // Attach the bus to sd_event to service user requests
729 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
730 Manager manager(bus, event, objPath.c_str(), type,
731 std::move(unit), std::move(installPath));
732 MainApp mainApp(&manager);
733 mainApp.install(emptyFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]734 }
735 catch (const InvalidCertificate& e)
736 {
737 throw;
738 }
739 },
740 InvalidCertificate);
741 EXPECT_FALSE(fs::exists(verifyPath));
742 fs::remove(emptyFile);
743}
744
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]745/** @brief Check if install fails if certificate file is corrupted
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]746 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]747TEST_F(TestCertificates, TestInvalidCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]748{
749 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]750 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]751 std::string type("client");
752
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]753 std::ofstream ofs;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]754 ofs.open(certificateFile, std::ofstream::out);
755 ofs << "-----BEGIN CERTIFICATE-----";
756 ofs << "ADD_SOME_INVALID_DATA_INTO_FILE";
757 ofs << "-----END CERTIFICATE-----";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]758 ofs.close();
759
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]760 std::string installPath(certDir + "/" + certificateFile);
761 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]762 std::string verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]763 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]764 EXPECT_THROW(
765 {
766 try
767 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]768 auto event = sdeventplus::Event::get_default();
769 // Attach the bus to sd_event to service user requests
770 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
771 Manager manager(bus, event, objPath.c_str(), type,
772 std::move(unit), std::move(installPath));
773 MainApp mainApp(&manager);
774 mainApp.install(certificateFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]775 }
776 catch (const InvalidCertificate& e)
777 {
778 throw;
779 }
780 },
781 InvalidCertificate);
782 EXPECT_FALSE(fs::exists(verifyPath));
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]783}
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]784
785/**
786 * Class to generate private and certificate only file and test verification
787 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]788class TestInvalidCertificate : public ::testing::Test
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]789{
790 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]791 TestInvalidCertificate() : bus(sdbusplus::bus::new_default())
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]792 {
793 }
794 void SetUp() override
795 {
796 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
797 auto dirPtr = mkdtemp(dirTemplate);
Nan Zhoucfb58022021-12-28 11:02:26 -0800[diff] [blame]798 if (dirPtr == nullptr)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]799 {
800 throw std::bad_alloc();
801 }
Zbigniew Lukwinskife590c42019-12-10 12:33:50 +0100[diff] [blame]802 certDir = std::string(dirPtr) + "/certs";
803 fs::create_directories(certDir);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]804 certificateFile = "cert.pem";
805 keyFile = "key.pem";
806 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
807 cmd += "-keyout key.pem -out cert.pem -days 3650 ";
808 cmd += "-subj "
809 "/O=openbmc-project.xyz/CN=localhost"
810 " -nodes";
811
812 auto val = std::system(cmd.c_str());
813 if (val)
814 {
815 std::cout << "command Error: " << val << std::endl;
816 }
817 }
818 void TearDown() override
819 {
820 fs::remove_all(certDir);
821 fs::remove(certificateFile);
822 fs::remove(keyFile);
823 }
824
825 protected:
826 sdbusplus::bus::bus bus;
827 std::string certificateFile;
828 std::string keyFile;
829 std::string certDir;
830};
831
832/** @brief Check install fails if private key is missing in certificate file
833 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]834TEST_F(TestInvalidCertificate, TestMissingPrivateKey)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]835{
836 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]837 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]838 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]839 std::string installPath(certDir + "/" + certificateFile);
840 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]841 std::string verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]842 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]843 EXPECT_THROW(
844 {
845 try
846 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]847 auto event = sdeventplus::Event::get_default();
848 // Attach the bus to sd_event to service user requests
849 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
850 Manager manager(bus, event, objPath.c_str(), type,
851 std::move(unit), std::move(installPath));
852 MainApp mainApp(&manager);
853 mainApp.install(certificateFile);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]854 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]855 catch (const InternalFailure& e)
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]856 {
857 throw;
858 }
859 },
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]860 InternalFailure);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]861 EXPECT_FALSE(fs::exists(verifyPath));
862}
863
864/** @brief Check install fails if ceritificate is missing in certificate file
865 */
866TEST_F(TestInvalidCertificate, TestMissingCeritificate)
867{
868 std::string endpoint("ldap");
869 std::string unit("");
870 std::string type("client");
871 std::string installPath(certDir + "/" + keyFile);
872 std::string verifyPath(installPath);
873 std::string verifyUnit(unit);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]874 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]875 EXPECT_THROW(
876 {
877 try
878 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]879 auto event = sdeventplus::Event::get_default();
880 // Attach the bus to sd_event to service user requests
881 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
882 Manager manager(bus, event, objPath.c_str(), type,
883 std::move(unit), std::move(installPath));
884 MainApp mainApp(&manager);
885 mainApp.install(keyFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]886 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]887 catch (const InternalFailure& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]888 {
889 throw;
890 }
891 },
892 InvalidCertificate);
893 EXPECT_FALSE(fs::exists(verifyPath));
894}
895
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]896/** @brief Check if error is thrown when multiple certificates are installed
897 * At present only one certificate per service is allowed
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]898 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]899TEST_F(TestCertificates, TestCertInstallNotAllowed)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]900{
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]901 using NotAllowed =
902 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]903 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]904 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]905 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]906 std::string installPath(certDir + "/" + certificateFile);
907 std::string verifyPath(installPath);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]908 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]909 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]910 // Attach the bus to sd_event to service user requests
911 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]912 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]913 std::move(installPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]914 MainApp mainApp(&manager);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]915 mainApp.install(certificateFile);
916 EXPECT_TRUE(fs::exists(verifyPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]917 EXPECT_THROW(
918 {
919 try
920 {
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]921 // install second certificate
922 mainApp.install(certificateFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]923 }
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]924 catch (const NotAllowed& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]925 {
926 throw;
927 }
928 },
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]929 NotAllowed);
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]930}
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]931
932TEST_F(TestCertificates, TestGenerateCSR)
933{
934 std::string endpoint("https");
935 std::string unit("");
936 std::string type("Server");
937 std::string installPath(certDir + "/" + certificateFile);
938 std::string verifyPath(installPath);
939 std::string CSRPath(certDir + "/" + CSRFile);
940 std::string privateKeyPath(certDir + "/" + privateKeyFile);
941 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]942 std::string challengePassword("Password");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]943 std::string city("HYB");
944 std::string commonName("abc.com");
945 std::string contactPerson("Admin");
946 std::string country("IN");
947 std::string email("admin@in.ibm.com");
948 std::string givenName("givenName");
949 std::string initials("G");
950 int64_t keyBitLength(2048);
951 std::string keyCurveId("0");
952 std::string keyPairAlgorithm("RSA");
953 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
954 std::string organization("IBM");
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]955 std::string organizationalUnit("orgUnit");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]956 std::string state("TS");
957 std::string surname("surname");
958 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]959 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]960 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]961 // Attach the bus to sd_event to service user requests
962 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]963 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
964 std::move(installPath));
965 Status status;
966 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
967 MainApp mainApp(&manager, &csr);
968 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
969 contactPerson, country, email, givenName, initials,
970 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
971 organization, organizationalUnit, state, surname,
972 unstructuredName);
973 std::string csrData("");
974 // generateCSR takes considerable time to create CSR and privateKey Files
975 EXPECT_FALSE(fs::exists(CSRPath));
976 EXPECT_FALSE(fs::exists(privateKeyPath));
977 EXPECT_THROW(
978 {
979 try
980 {
Patrick Williamse129be32021-04-30 20:35:19 -0500[diff] [blame]981 csrData = csr.csr();
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]982 }
983 catch (const InternalFailure& e)
984 {
985 throw;
986 }
987 },
988 InternalFailure);
989 // wait for 10 sec to get CSR and privateKey Files generated
990 sleep(10);
991 EXPECT_TRUE(fs::exists(CSRPath));
992 EXPECT_TRUE(fs::exists(privateKeyPath));
Patrick Williamse129be32021-04-30 20:35:19 -0500[diff] [blame]993 csrData = csr.csr();
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]994 ASSERT_NE("", csrData.c_str());
995}
996
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]997/** @brief Check if ECC key pair is generated when user is not given algorithm
998 * type. At present RSA and EC key pair algorithm are supported
999 */
1000TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm)
1001{
1002 std::string endpoint("https");
1003 std::string unit("");
1004 std::string type("Server");
1005 std::string installPath(certDir + "/" + certificateFile);
1006 std::string verifyPath(installPath);
1007 std::string CSRPath(certDir + "/" + CSRFile);
1008 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1009 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1010 std::string challengePassword("Password");
1011 std::string city("HYB");
1012 std::string commonName("abc.com");
1013 std::string contactPerson("Admin");
1014 std::string country("IN");
1015 std::string email("admin@in.ibm.com");
1016 std::string givenName("givenName");
1017 std::string initials("G");
1018 int64_t keyBitLength(2048);
1019 std::string keyCurveId("");
1020 std::string keyPairAlgorithm("");
1021 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1022 std::string organization("IBM");
1023 std::string organizationalUnit("orgUnit");
1024 std::string state("TS");
1025 std::string surname("surname");
1026 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1027 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]1028 auto event = sdeventplus::Event::get_default();
1029 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1030 std::move(installPath));
1031 Status status;
1032 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1033 MainApp mainApp(&manager, &csr);
1034 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1035 contactPerson, country, email, givenName, initials,
1036 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1037 organization, organizationalUnit, state, surname,
1038 unstructuredName);
1039 sleep(10);
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]1040 EXPECT_TRUE(fs::exists(CSRPath));
1041 EXPECT_TRUE(fs::exists(privateKeyPath));
1042}
1043
1044/** @brief Check if error is thrown when giving un supported key pair
1045 * algorithm. At present RSA and EC key pair algorithm are supported
1046 */
1047TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm)
1048{
1049 std::string endpoint("https");
1050 std::string unit("");
1051 std::string type("Server");
1052 std::string installPath(certDir + "/" + certificateFile);
1053 std::string verifyPath(installPath);
1054 std::string CSRPath(certDir + "/" + CSRFile);
1055 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1056 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1057 std::string challengePassword("Password");
1058 std::string city("HYB");
1059 std::string commonName("abc.com");
1060 std::string contactPerson("Admin");
1061 std::string country("IN");
1062 std::string email("admin@in.ibm.com");
1063 std::string givenName("givenName");
1064 std::string initials("G");
1065 int64_t keyBitLength(2048);
1066 std::string keyCurveId("secp521r1");
1067 std::string keyPairAlgorithm("UnSupportedAlgorithm");
1068 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1069 std::string organization("IBM");
1070 std::string organizationalUnit("orgUnit");
1071 std::string state("TS");
1072 std::string surname("surname");
1073 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1074 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]1075 auto event = sdeventplus::Event::get_default();
1076 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1077 std::move(installPath));
1078 Status status;
1079 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1080 MainApp mainApp(&manager, &csr);
1081 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1082 contactPerson, country, email, givenName, initials,
1083 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1084 organization, organizationalUnit, state, surname,
1085 unstructuredName);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]1086 EXPECT_FALSE(fs::exists(CSRPath));
1087 EXPECT_FALSE(fs::exists(privateKeyPath));
1088}
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]1089
1090/** @brief Check if error is thrown when NID_undef is returned for given key
1091 * curve id
1092 */
1093TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase)
1094{
1095 std::string endpoint("https");
1096 std::string unit("");
1097 std::string type("Server");
1098 std::string installPath(certDir + "/" + certificateFile);
1099 std::string verifyPath(installPath);
1100 std::string CSRPath(certDir + "/" + CSRFile);
1101 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1102 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1103 std::string challengePassword("Password");
1104 std::string city("BLR");
1105 std::string commonName("abc.com");
1106 std::string contactPerson("Admin");
1107 std::string country("IN");
1108 std::string email("admin@in.ibm.com");
1109 std::string givenName("givenName");
1110 std::string initials("G");
1111 int64_t keyBitLength(2048);
1112 std::string keyCurveId("DummyCurveName");
1113 std::string keyPairAlgorithm("EC");
1114 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1115 std::string organization("IBM");
1116 std::string organizationalUnit("orgUnit");
1117 std::string state("TS");
1118 std::string surname("surname");
1119 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1120 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]1121 auto event = sdeventplus::Event::get_default();
1122 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1123 std::move(installPath));
1124 Status status;
1125 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1126 MainApp mainApp(&manager, &csr);
1127 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1128 contactPerson, country, email, givenName, initials,
1129 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1130 organization, organizationalUnit, state, surname,
1131 unstructuredName);
1132 EXPECT_FALSE(fs::exists(CSRPath));
1133 EXPECT_FALSE(fs::exists(privateKeyPath));
1134}
1135
1136/** @brief Check default Key Curve Id is used if given curve id is empty
1137 */
1138TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId)
1139{
1140 std::string endpoint("https");
1141 std::string unit("");
1142 std::string type("Server");
1143 std::string installPath(certDir + "/" + certificateFile);
1144 std::string verifyPath(installPath);
1145 std::string CSRPath(certDir + "/" + CSRFile);
1146 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1147 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1148 std::string challengePassword("Password");
1149 std::string city("BLR");
1150 std::string commonName("abc.com");
1151 std::string contactPerson("Admin");
1152 std::string country("IN");
1153 std::string email("admin@in.ibm.com");
1154 std::string givenName("givenName");
1155 std::string initials("G");
1156 int64_t keyBitLength(2048);
1157 std::string keyCurveId("");
1158 std::string keyPairAlgorithm("EC");
1159 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1160 std::string organization("IBM");
1161 std::string organizationalUnit("orgUnit");
1162 std::string state("TS");
1163 std::string surname("surname");
1164 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1165 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]1166 auto event = sdeventplus::Event::get_default();
1167 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1168 std::move(installPath));
1169 Status status;
1170 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1171 MainApp mainApp(&manager, &csr);
1172 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1173 contactPerson, country, email, givenName, initials,
1174 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1175 organization, organizationalUnit, state, surname,
1176 unstructuredName);
1177 sleep(10);
1178 EXPECT_TRUE(fs::exists(CSRPath));
1179 EXPECT_TRUE(fs::exists(privateKeyPath));
1180}
1181
1182/** @brief Check if error is not thrown to generate EC key pair
1183 */
1184TEST_F(TestCertificates, TestECKeyGeneration)
1185{
1186 std::string endpoint("https");
1187 std::string unit("");
1188 std::string type("Server");
1189 std::string installPath(certDir + "/" + certificateFile);
1190 std::string verifyPath(installPath);
1191 std::string CSRPath(certDir + "/" + CSRFile);
1192 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1193 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1194 std::string challengePassword("Password");
1195 std::string city("BLR");
1196 std::string commonName("abc.com");
1197 std::string contactPerson("Admin");
1198 std::string country("IN");
1199 std::string email("admin@in.ibm.com");
1200 std::string givenName("givenName");
1201 std::string initials("G");
1202 int64_t keyBitLength(2048);
1203 std::string keyCurveId("secp521r1");
1204 std::string keyPairAlgorithm("EC");
1205 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1206 std::string organization("IBM");
1207 std::string organizationalUnit("orgUnit");
1208 std::string state("TS");
1209 std::string surname("surname");
1210 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1211 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]1212 auto event = sdeventplus::Event::get_default();
1213 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1214 std::move(installPath));
1215 Status status;
1216 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1217 MainApp mainApp(&manager, &csr);
1218 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1219 contactPerson, country, email, givenName, initials,
1220 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1221 organization, organizationalUnit, state, surname,
1222 unstructuredName);
1223 std::cout << "CSRPath: " << CSRPath << std::endl
1224 << "privateKeyPath: " << privateKeyPath << std::endl;
1225 sleep(10);
1226 EXPECT_TRUE(fs::exists(CSRPath));
1227 EXPECT_TRUE(fs::exists(privateKeyPath));
1228}
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1229
Nan Zhoubf3cf752021-12-28 11:02:07 -0800[diff] [blame]1230/** @brief Check error is thrown if giving unsupported key bit length to
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1231 * generate rsa key
1232 */
1233TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength)
1234{
1235 std::string endpoint("https");
1236 std::string unit("");
1237 std::string type("Server");
1238 std::string installPath(certDir + "/" + certificateFile);
1239 std::string verifyPath(installPath);
1240 std::string CSRPath(certDir + "/" + CSRFile);
1241 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1242 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1243 std::string challengePassword("Password");
1244 std::string city("BLR");
1245 std::string commonName("abc.com");
1246 std::string contactPerson("Admin");
1247 std::string country("IN");
1248 std::string email("admin@in.ibm.com");
1249 std::string givenName("givenName");
1250 std::string initials("G");
1251 int64_t keyBitLength(4096);
1252 std::string keyCurveId("secp521r1");
1253 std::string keyPairAlgorithm("RSA");
1254 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1255 std::string organization("IBM");
1256 std::string organizationalUnit("orgUnit");
1257 std::string state("TS");
1258 std::string surname("surname");
1259 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1260 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1261 auto event = sdeventplus::Event::get_default();
1262 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1263 std::move(installPath));
1264 Status status;
1265 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1266 MainApp mainApp(&manager, &csr);
1267 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1268 contactPerson, country, email, givenName, initials,
1269 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1270 organization, organizationalUnit, state, surname,
1271 unstructuredName);
1272 EXPECT_FALSE(fs::exists(CSRPath));
1273 EXPECT_FALSE(fs::exists(privateKeyPath));
1274}
1275
1276/** @brief Check error is thrown if generated rsa key file is not present
1277 */
1278TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase)
1279{
1280 std::string endpoint("https");
1281 std::string unit("");
1282 std::string type("Server");
1283 std::string installPath(certDir + "/" + certificateFile);
1284 std::string verifyPath(installPath);
1285 std::string CSRPath(certDir + "/" + CSRFile);
1286 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1287 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1288 std::string challengePassword("Password");
1289 std::string city("BLR");
1290 std::string commonName("abc.com");
1291 std::string contactPerson("Admin");
1292 std::string country("IN");
1293 std::string email("admin@in.ibm.com");
1294 std::string givenName("givenName");
1295 std::string initials("G");
1296 int64_t keyBitLength(2048);
1297 std::string keyCurveId("secp521r1");
1298 std::string keyPairAlgorithm("RSA");
1299 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1300 std::string organization("IBM");
1301 std::string organizationalUnit("orgUnit");
1302 std::string state("TS");
1303 std::string surname("surname");
1304 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1305 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1306 auto event = sdeventplus::Event::get_default();
1307 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1308 std::move(installPath));
1309
1310 // Removing generated RSA key file
1311 fs::remove(rsaPrivateKeyFilePath);
1312
1313 Status status;
1314 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1315 MainApp mainApp(&manager, &csr);
1316 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1317 contactPerson, country, email, givenName, initials,
1318 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1319 organization, organizationalUnit, state, surname,
1320 unstructuredName);
1321 EXPECT_FALSE(fs::exists(CSRPath));
1322 EXPECT_FALSE(fs::exists(privateKeyPath));
1323}
1324
1325/** @brief Check private key file is created from generated rsa key file is
1326 * `present
1327 */
1328TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile)
1329{
1330 std::string endpoint("https");
1331 std::string unit("");
1332 std::string type("Server");
1333 std::string installPath(certDir + "/" + certificateFile);
1334 std::string verifyPath(installPath);
1335 std::string CSRPath(certDir + "/" + CSRFile);
1336 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1337 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1338 std::string challengePassword("Password");
1339 std::string city("BLR");
1340 std::string commonName("abc.com");
1341 std::string contactPerson("Admin");
1342 std::string country("IN");
1343 std::string email("admin@in.ibm.com");
1344 std::string givenName("givenName");
1345 std::string initials("G");
1346 int64_t keyBitLength(2048);
1347 std::string keyCurveId("secp521r1");
1348 std::string keyPairAlgorithm("RSA");
1349 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1350 std::string organization("IBM");
1351 std::string organizationalUnit("orgUnit");
1352 std::string state("TS");
1353 std::string surname("surname");
1354 std::string unstructuredName("unstructuredName");
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1355 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1356 auto event = sdeventplus::Event::get_default();
1357 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1358 std::move(installPath));
1359 Status status;
1360 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1361 MainApp mainApp(&manager, &csr);
1362 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1363 contactPerson, country, email, givenName, initials,
1364 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1365 organization, organizationalUnit, state, surname,
1366 unstructuredName);
1367 sleep(10);
1368 EXPECT_TRUE(fs::exists(CSRPath));
1369 EXPECT_TRUE(fs::exists(privateKeyPath));
1370}
1371
Nan Zhoubf3cf752021-12-28 11:02:07 -0800[diff] [blame]1372/** @brief Check RSA key is generated during application startup*/
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1373TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile)
1374{
1375 std::string endpoint("https");
1376 std::string unit("");
1377 std::string type("Server");
1378 std::string installPath(certDir + "/" + certificateFile);
Nan Zhou718eef32021-12-28 11:03:30 -0800[diff] [blame]1379 auto objPath = std::string(objectNamePrefix) + '/' + type + '/' + endpoint;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]1380 auto event = sdeventplus::Event::get_default();
1381
1382 EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath));
1383 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1384 std::move(installPath));
1385 EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath));
1386}
Nan Zhoue1289ad2021-12-28 11:02:56 -0800[diff] [blame]1387} // namespace
1388} // namespace phosphor::certs