Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 1 | #include "certificate.hpp" |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 2 | #include "certs_manager.hpp" |
| 3 | |
| 4 | #include <algorithm> |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 5 | #include <filesystem> |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 6 | #include <fstream> |
| 7 | #include <iterator> |
| 8 | #include <string> |
| 9 | #include <xyz/openbmc_project/Certs/Install/error.hpp> |
| 10 | #include <xyz/openbmc_project/Common/error.hpp> |
| 11 | |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 12 | #include <gtest/gtest.h> |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 13 | namespace fs = std::filesystem; |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 14 | static constexpr auto BUSNAME = "xyz.openbmc_project.Certs.Manager"; |
| 15 | static constexpr auto OBJPATH = "/xyz/openbmc_project/certs"; |
| 16 | using InternalFailure = |
| 17 | sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; |
| 18 | |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 19 | using InvalidCertificate = |
| 20 | sdbusplus::xyz::openbmc_project::Certs::Install::Error::InvalidCertificate; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 21 | using namespace phosphor::certs; |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 22 | |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 23 | /** |
| 24 | * Class to generate certificate file and test verification of certificate file |
| 25 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 26 | class TestCertificates : public ::testing::Test |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 27 | { |
| 28 | public: |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 29 | TestCertificates() : bus(sdbusplus::bus::new_default()) |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 30 | { |
| 31 | } |
| 32 | void SetUp() override |
| 33 | { |
| 34 | char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; |
| 35 | auto dirPtr = mkdtemp(dirTemplate); |
| 36 | if (dirPtr == NULL) |
| 37 | { |
| 38 | throw std::bad_alloc(); |
| 39 | } |
| 40 | certDir = dirPtr; |
| 41 | certificateFile = "cert.pem"; |
| 42 | std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; |
| 43 | cmd += "-keyout cert.pem -out cert.pem -days 3650 "; |
| 44 | cmd += "-subj " |
| 45 | "/O=openbmc-project.xyz/CN=localhost" |
| 46 | " -nodes"; |
| 47 | auto val = std::system(cmd.c_str()); |
| 48 | if (val) |
| 49 | { |
| 50 | std::cout << "COMMAND Error: " << val << std::endl; |
| 51 | } |
| 52 | } |
| 53 | void TearDown() override |
| 54 | { |
| 55 | fs::remove_all(certDir); |
| 56 | fs::remove(certificateFile); |
| 57 | } |
| 58 | |
| 59 | bool compareFiles(const std::string& file1, const std::string& file2) |
| 60 | { |
| 61 | std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate); |
| 62 | std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate); |
| 63 | |
| 64 | if (f1.fail() || f2.fail()) |
| 65 | { |
| 66 | return false; // file problem |
| 67 | } |
| 68 | |
| 69 | if (f1.tellg() != f2.tellg()) |
| 70 | { |
| 71 | return false; // size mismatch |
| 72 | } |
| 73 | |
| 74 | // seek back to beginning and use std::equal to compare contents |
| 75 | f1.seekg(0, std::ifstream::beg); |
| 76 | f2.seekg(0, std::ifstream::beg); |
| 77 | return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()), |
| 78 | std::istreambuf_iterator<char>(), |
| 79 | std::istreambuf_iterator<char>(f2.rdbuf())); |
| 80 | } |
| 81 | |
| 82 | protected: |
| 83 | sdbusplus::bus::bus bus; |
| 84 | std::string certificateFile; |
| 85 | |
| 86 | std::string certDir; |
| 87 | }; |
| 88 | |
| 89 | class MainApp |
| 90 | { |
| 91 | public: |
| 92 | MainApp(phosphor::certs::Manager* manager) : manager(manager) |
| 93 | { |
| 94 | } |
| 95 | void install(std::string& path) |
| 96 | { |
| 97 | manager->install(path); |
| 98 | } |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 99 | void delete_() |
| 100 | { |
| 101 | manager->delete_(); |
| 102 | } |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 103 | phosphor::certs::Manager* manager; |
| 104 | }; |
| 105 | |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 106 | /** @brief Check if server install routine is invoked for server setup |
| 107 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 108 | TEST_F(TestCertificates, InvokeServerInstall) |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 109 | { |
| 110 | std::string endpoint("https"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 111 | std::string unit(""); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 112 | std::string type("server"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 113 | std::string installPath(certDir + "/" + certificateFile); |
| 114 | std::string verifyPath(installPath); |
| 115 | UnitsToRestart verifyUnit(unit); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 116 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 117 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 118 | certificateFile); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 119 | EXPECT_TRUE(fs::exists(verifyPath)); |
| 120 | } |
| 121 | |
| 122 | /** @brief Check if client install routine is invoked for client setup |
| 123 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 124 | TEST_F(TestCertificates, InvokeClientInstall) |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 125 | { |
| 126 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 127 | std::string unit(""); |
| 128 | std::string type("server"); |
| 129 | std::string installPath(certDir + "/" + certificateFile); |
| 130 | std::string verifyPath(installPath); |
| 131 | UnitsToRestart verifyUnit(unit); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 132 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 133 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 134 | certificateFile); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 135 | EXPECT_TRUE(fs::exists(verifyPath)); |
| 136 | } |
| 137 | |
| 138 | /** @brief Check if authority install routine is invoked for authority setup |
| 139 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 140 | TEST_F(TestCertificates, InvokeAuthorityInstall) |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 141 | { |
| 142 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 143 | std::string unit(""); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 144 | std::string type("authority"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 145 | std::string installPath(certDir + "/" + certificateFile); |
| 146 | std::string verifyPath(installPath); |
| 147 | UnitsToRestart verifyUnit(unit); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 148 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 149 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 150 | certificateFile); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 151 | EXPECT_TRUE(fs::exists(verifyPath)); |
| 152 | } |
| 153 | |
| 154 | /** @brief Compare the installed certificate with the copied certificate |
| 155 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 156 | TEST_F(TestCertificates, CompareInstalledCertificate) |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 157 | { |
| 158 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 159 | std::string unit(""); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 160 | std::string type("client"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 161 | std::string installPath(certDir + "/" + certificateFile); |
| 162 | std::string verifyPath(installPath); |
| 163 | UnitsToRestart verifyUnit(unit); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 164 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 165 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 166 | certificateFile); |
Marri Devender Rao | 947258d | 2018-09-25 10:52:24 -0500 | [diff] [blame] | 167 | EXPECT_TRUE(fs::exists(verifyPath)); |
| 168 | EXPECT_TRUE(compareFiles(verifyPath, certificateFile)); |
| 169 | } |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 170 | |
| 171 | /** @brief Check if install fails if certificate file is not found |
| 172 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 173 | TEST_F(TestCertificates, TestNoCertificateFile) |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 174 | { |
| 175 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 176 | std::string unit(""); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 177 | std::string type("client"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 178 | std::string installPath(certDir + "/" + certificateFile); |
| 179 | std::string verifyPath(installPath); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 180 | std::string verifyUnit(unit); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 181 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 182 | std::string uploadFile = "nofile.pem"; |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 183 | EXPECT_THROW( |
| 184 | { |
| 185 | try |
| 186 | { |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 187 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 188 | uploadFile); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 189 | } |
| 190 | catch (const InternalFailure& e) |
| 191 | { |
| 192 | throw; |
| 193 | } |
| 194 | }, |
| 195 | InternalFailure); |
| 196 | EXPECT_FALSE(fs::exists(verifyPath)); |
| 197 | } |
| 198 | |
| 199 | /** @brief Check if install fails if certificate file is empty |
| 200 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 201 | TEST_F(TestCertificates, TestEmptyCertificateFile) |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 202 | { |
| 203 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 204 | std::string unit(""); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 205 | std::string type("client"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 206 | std::string installPath(certDir + "/" + certificateFile); |
| 207 | std::string verifyPath(installPath); |
| 208 | std::string verifyUnit(unit); |
| 209 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 210 | std::string emptyFile("emptycert.pem"); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 211 | std::ofstream ofs; |
| 212 | ofs.open(emptyFile, std::ofstream::out); |
| 213 | ofs.close(); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 214 | EXPECT_THROW( |
| 215 | { |
| 216 | try |
| 217 | { |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 218 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 219 | emptyFile); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 220 | } |
| 221 | catch (const InvalidCertificate& e) |
| 222 | { |
| 223 | throw; |
| 224 | } |
| 225 | }, |
| 226 | InvalidCertificate); |
| 227 | EXPECT_FALSE(fs::exists(verifyPath)); |
| 228 | fs::remove(emptyFile); |
| 229 | } |
| 230 | |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 231 | /** @brief Check if install fails if certificate file is corrupted |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 232 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 233 | TEST_F(TestCertificates, TestInvalidCertificateFile) |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 234 | { |
| 235 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 236 | std::string unit(""); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 237 | std::string type("client"); |
| 238 | |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 239 | std::ofstream ofs; |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 240 | ofs.open(certificateFile, std::ofstream::out); |
| 241 | ofs << "-----BEGIN CERTIFICATE-----"; |
| 242 | ofs << "ADD_SOME_INVALID_DATA_INTO_FILE"; |
| 243 | ofs << "-----END CERTIFICATE-----"; |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 244 | ofs.close(); |
| 245 | |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 246 | std::string installPath(certDir + "/" + certificateFile); |
| 247 | std::string verifyPath(installPath); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 248 | std::string verifyUnit(unit); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 249 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 250 | EXPECT_THROW( |
| 251 | { |
| 252 | try |
| 253 | { |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 254 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 255 | certificateFile); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 256 | } |
| 257 | catch (const InvalidCertificate& e) |
| 258 | { |
| 259 | throw; |
| 260 | } |
| 261 | }, |
| 262 | InvalidCertificate); |
| 263 | EXPECT_FALSE(fs::exists(verifyPath)); |
Marri Devender Rao | e6597c5 | 2018-10-01 06:36:55 -0500 | [diff] [blame] | 264 | } |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 265 | |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 266 | /** @brief check certificate delete at manager level |
| 267 | */ |
| 268 | TEST_F(TestCertificates, TestCertManagerDelete) |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 269 | { |
| 270 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 271 | std::string unit(""); |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 272 | std::string type("client"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 273 | std::string installPath(certDir + "/" + certificateFile); |
| 274 | std::string verifyPath(installPath); |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 275 | std::string verifyUnit(unit); |
| 276 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 277 | Manager manager(bus, objPath.c_str(), type, std::move(unit), |
| 278 | std::move(installPath)); |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 279 | MainApp mainApp(&manager); |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 280 | // delete certificate file and verify file is deleted |
| 281 | mainApp.delete_(); |
| 282 | EXPECT_FALSE(fs::exists(verifyPath)); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 283 | } |
| 284 | |
| 285 | /** @brief check certificate install at manager level |
| 286 | */ |
| 287 | TEST_F(TestCertificates, TestCertManagerInstall) |
| 288 | { |
| 289 | std::string endpoint("ldap"); |
| 290 | std::string unit(""); |
| 291 | std::string type("client"); |
| 292 | std::string installPath(certDir + "/" + certificateFile); |
| 293 | std::string verifyPath(installPath); |
| 294 | std::string verifyUnit(unit); |
| 295 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
| 296 | Manager manager(bus, objPath.c_str(), type, std::move(unit), |
| 297 | std::move(installPath)); |
| 298 | MainApp mainApp(&manager); |
| 299 | mainApp.install(certificateFile); |
| 300 | EXPECT_TRUE(fs::exists(verifyPath)); |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 301 | } |
| 302 | |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 303 | /** |
| 304 | * Class to generate private and certificate only file and test verification |
| 305 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 306 | class TestInvalidCertificate : public ::testing::Test |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 307 | { |
| 308 | public: |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 309 | TestInvalidCertificate() : bus(sdbusplus::bus::new_default()) |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 310 | { |
| 311 | } |
| 312 | void SetUp() override |
| 313 | { |
| 314 | char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; |
| 315 | auto dirPtr = mkdtemp(dirTemplate); |
| 316 | if (dirPtr == NULL) |
| 317 | { |
| 318 | throw std::bad_alloc(); |
| 319 | } |
| 320 | certDir = dirPtr; |
| 321 | certificateFile = "cert.pem"; |
| 322 | keyFile = "key.pem"; |
| 323 | std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; |
| 324 | cmd += "-keyout key.pem -out cert.pem -days 3650 "; |
| 325 | cmd += "-subj " |
| 326 | "/O=openbmc-project.xyz/CN=localhost" |
| 327 | " -nodes"; |
| 328 | |
| 329 | auto val = std::system(cmd.c_str()); |
| 330 | if (val) |
| 331 | { |
| 332 | std::cout << "command Error: " << val << std::endl; |
| 333 | } |
| 334 | } |
| 335 | void TearDown() override |
| 336 | { |
| 337 | fs::remove_all(certDir); |
| 338 | fs::remove(certificateFile); |
| 339 | fs::remove(keyFile); |
| 340 | } |
| 341 | |
| 342 | protected: |
| 343 | sdbusplus::bus::bus bus; |
| 344 | std::string certificateFile; |
| 345 | std::string keyFile; |
| 346 | std::string certDir; |
| 347 | }; |
| 348 | |
| 349 | /** @brief Check install fails if private key is missing in certificate file |
| 350 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 351 | TEST_F(TestInvalidCertificate, TestMissingPrivateKey) |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 352 | { |
| 353 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 354 | std::string unit(""); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 355 | std::string type("client"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 356 | std::string installPath(certDir + "/" + certificateFile); |
| 357 | std::string verifyPath(installPath); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 358 | std::string verifyUnit(unit); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 359 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 360 | EXPECT_THROW( |
| 361 | { |
| 362 | try |
| 363 | { |
| 364 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 365 | certificateFile); |
| 366 | } |
| 367 | catch (const InvalidCertificate& e) |
| 368 | { |
| 369 | throw; |
| 370 | } |
| 371 | }, |
| 372 | InvalidCertificate); |
| 373 | EXPECT_FALSE(fs::exists(verifyPath)); |
| 374 | } |
| 375 | |
| 376 | /** @brief Check install fails if ceritificate is missing in certificate file |
| 377 | */ |
| 378 | TEST_F(TestInvalidCertificate, TestMissingCeritificate) |
| 379 | { |
| 380 | std::string endpoint("ldap"); |
| 381 | std::string unit(""); |
| 382 | std::string type("client"); |
| 383 | std::string installPath(certDir + "/" + keyFile); |
| 384 | std::string verifyPath(installPath); |
| 385 | std::string verifyUnit(unit); |
| 386 | |
| 387 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
| 388 | EXPECT_THROW( |
| 389 | { |
| 390 | try |
| 391 | { |
| 392 | Certificate certificate(bus, objPath, type, unit, installPath, |
| 393 | keyFile); |
| 394 | } |
| 395 | catch (const InvalidCertificate& e) |
| 396 | { |
| 397 | throw; |
| 398 | } |
| 399 | }, |
| 400 | InvalidCertificate); |
| 401 | EXPECT_FALSE(fs::exists(verifyPath)); |
| 402 | } |
| 403 | |
| 404 | /** @brief Check if Manager install method fails for invalid certificate file |
| 405 | */ |
| 406 | TEST_F(TestInvalidCertificate, TestCertManagerInstall) |
| 407 | { |
| 408 | std::string endpoint("ldap"); |
| 409 | std::string unit(""); |
| 410 | std::string type("client"); |
| 411 | std::string installPath(certDir + "/" + certificateFile); |
| 412 | std::string verifyPath(installPath); |
| 413 | std::string verifyUnit(unit); |
| 414 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
| 415 | Manager manager(bus, objPath.c_str(), type, std::move(unit), |
| 416 | std::move(installPath)); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 417 | MainApp mainApp(&manager); |
| 418 | EXPECT_THROW( |
| 419 | { |
| 420 | try |
| 421 | { |
| 422 | mainApp.install(certificateFile); |
| 423 | } |
| 424 | catch (const InvalidCertificate& e) |
| 425 | { |
| 426 | throw; |
| 427 | } |
| 428 | }, |
| 429 | InvalidCertificate); |
| 430 | EXPECT_FALSE(fs::exists(verifyPath)); |
| 431 | } |
| 432 | |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 433 | /** @brief Check if error is thrown when multiple certificates are installed |
| 434 | * At present only one certificate per service is allowed |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 435 | */ |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 436 | TEST_F(TestCertificates, TestCertInstallNotAllowed) |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 437 | { |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 438 | using NotAllowed = |
| 439 | sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 440 | std::string endpoint("ldap"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 441 | std::string unit(""); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 442 | std::string type("client"); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 443 | std::string installPath(certDir + "/" + certificateFile); |
| 444 | std::string verifyPath(installPath); |
Jayanth Othayoth | b50789c | 2018-10-09 07:13:54 -0500 | [diff] [blame] | 445 | std::string verifyUnit(unit); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 446 | auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 447 | Manager manager(bus, objPath.c_str(), type, std::move(unit), |
| 448 | std::move(installPath)); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 449 | MainApp mainApp(&manager); |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 450 | mainApp.install(certificateFile); |
| 451 | EXPECT_TRUE(fs::exists(verifyPath)); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 452 | EXPECT_THROW( |
| 453 | { |
| 454 | try |
| 455 | { |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 456 | // install second certificate |
| 457 | mainApp.install(certificateFile); |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 458 | } |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 459 | catch (const NotAllowed& e) |
Marri Devender Rao | ddf6486 | 2018-10-03 07:11:02 -0500 | [diff] [blame] | 460 | { |
| 461 | throw; |
| 462 | } |
| 463 | }, |
Marri Devender Rao | 8841dbd | 2019-03-04 05:43:55 -0600 | [diff] [blame^] | 464 | NotAllowed); |
Marri Devender Rao | 9abfae8 | 2018-10-03 08:10:35 -0500 | [diff] [blame] | 465 | } |