Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / a3bb38fb26716fadbe65ac234776e5e86409a121 / . / test / certs_manager_test.cpp
blob: 95f71918262e661e9895bb4e33948051f1ebdd4b [file] [log] [blame]
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]1#include "config.h"
2
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]3#include "certificate.hpp"
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]4#include "certs_manager.hpp"
5
6#include <algorithm>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]7#include <filesystem>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]8#include <fstream>
9#include <iterator>
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]10#include <sdeventplus/event.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]11#include <string>
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]12#include <xyz/openbmc_project/Certs/error.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]13#include <xyz/openbmc_project/Common/error.hpp>
14
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]15#include <gtest/gtest.h>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]16namespace fs = std::filesystem;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]17using InternalFailure =
18 sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]19using InvalidCertificate =
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]20 sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]21using namespace phosphor::certs;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]22
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]23/**
24 * Class to generate certificate file and test verification of certificate file
25 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]26class TestCertificates : public ::testing::Test
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]27{
28 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]29 TestCertificates() : bus(sdbusplus::bus::new_default())
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]30 {
31 }
32 void SetUp() override
33 {
34 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
35 auto dirPtr = mkdtemp(dirTemplate);
36 if (dirPtr == NULL)
37 {
38 throw std::bad_alloc();
39 }
40 certDir = dirPtr;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]41
42 createNewCertificate();
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]43 }
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]44
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]45 void TearDown() override
46 {
47 fs::remove_all(certDir);
48 fs::remove(certificateFile);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]49 fs::remove(CSRFile);
50 fs::remove(privateKeyFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]51 }
52
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]53 void createNewCertificate(bool setNewCertId = false)
54 {
55 certificateFile = "cert.pem";
56 CSRFile = "domain.csr";
57 privateKeyFile = "privkey.pem";
58 rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem";
59 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
60 cmd += "-keyout cert.pem -out cert.pem -days 3650 -nodes";
61 cmd += " -subj /O=openbmc-project.xyz/CN=localhost";
62
63 if (setNewCertId)
64 {
65 cmd += std::to_string(certId++);
66 }
67
68 auto val = std::system(cmd.c_str());
69 if (val)
70 {
71 std::cout << "COMMAND Error: " << val << std::endl;
72 }
73 }
74
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]75 bool compareFiles(const std::string& file1, const std::string& file2)
76 {
77 std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate);
78 std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate);
79
80 if (f1.fail() || f2.fail())
81 {
82 return false; // file problem
83 }
84
85 if (f1.tellg() != f2.tellg())
86 {
87 return false; // size mismatch
88 }
89
90 // seek back to beginning and use std::equal to compare contents
91 f1.seekg(0, std::ifstream::beg);
92 f2.seekg(0, std::ifstream::beg);
93 return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()),
94 std::istreambuf_iterator<char>(),
95 std::istreambuf_iterator<char>(f2.rdbuf()));
96 }
97
98 protected:
99 sdbusplus::bus::bus bus;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]100 std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]101
102 std::string certDir;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]103 uint64_t certId;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]104};
105
106class MainApp
107{
108 public:
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]109 MainApp(phosphor::certs::Manager* manager,
110 phosphor::certs::CSR* csr = nullptr) :
111 manager(manager),
112 csr(csr)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]113 {
114 }
115 void install(std::string& path)
116 {
117 manager->install(path);
118 }
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]119 void delete_()
120 {
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame^]121 manager->deleteAll();
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]122 }
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]123
124 std::string generateCSR(std::vector<std::string> alternativeNames,
125 std::string challengePassword, std::string city,
126 std::string commonName, std::string contactPerson,
127 std::string country, std::string email,
128 std::string givenName, std::string initials,
129 int64_t keyBitLength, std::string keyCurveId,
130 std::string keyPairAlgorithm,
131 std::vector<std::string> keyUsage,
132 std::string organization,
133 std::string organizationalUnit, std::string state,
134 std::string surname, std::string unstructuredName)
135 {
136 return (manager->generateCSR(
137 alternativeNames, challengePassword, city, commonName,
138 contactPerson, country, email, givenName, initials, keyBitLength,
139 keyCurveId, keyPairAlgorithm, keyUsage, organization,
140 organizationalUnit, state, surname, unstructuredName));
141 }
142 std::string cSR()
143 {
144 return (csr->cSR());
145 }
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]146 phosphor::certs::Manager* manager;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]147 phosphor::certs::CSR* csr;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]148};
149
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]150/** @brief Check if server install routine is invoked for server setup
151 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]152TEST_F(TestCertificates, InvokeServerInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]153{
154 std::string endpoint("https");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]155 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]156 std::string type("server");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]157 std::string installPath(certDir + "/" + certificateFile);
158 std::string verifyPath(installPath);
159 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]160 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]161 auto event = sdeventplus::Event::get_default();
162 // Attach the bus to sd_event to service user requests
163 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
164 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
165 std::move(installPath));
166 MainApp mainApp(&manager);
167 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]168 EXPECT_TRUE(fs::exists(verifyPath));
169}
170
171/** @brief Check if client install routine is invoked for client setup
172 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]173TEST_F(TestCertificates, InvokeClientInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]174{
175 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]176 std::string unit("");
177 std::string type("server");
178 std::string installPath(certDir + "/" + certificateFile);
179 std::string verifyPath(installPath);
180 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]181 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]182 auto event = sdeventplus::Event::get_default();
183 // Attach the bus to sd_event to service user requests
184 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
185 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
186 std::move(installPath));
187 MainApp mainApp(&manager);
188 mainApp.install(certificateFile);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]189 EXPECT_TRUE(fs::exists(verifyPath));
190}
191
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]192/** @brief Check if storage install routine is invoked for storage setup
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]193 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]194TEST_F(TestCertificates, InvokeAuthorityInstall)
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]195{
196 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]197 std::string unit("");
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]198 std::string type("authority");
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]199 std::string verifyDir(certDir);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]200 UnitsToRestart verifyUnit(unit);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]201 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]202 auto event = sdeventplus::Event::get_default();
203 // Attach the bus to sd_event to service user requests
204 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
205 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]206 std::move(certDir));
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]207 MainApp mainApp(&manager);
208 mainApp.install(certificateFile);
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]209
210 std::vector<std::unique_ptr<Certificate>>& certs =
211 manager.getCertificates();
212
213 EXPECT_FALSE(certs.empty());
214
215 std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";
216
217 // Check that certificate has been created at installation directory
218 EXPECT_FALSE(fs::is_empty(verifyDir));
219 EXPECT_TRUE(fs::exists(verifyPath));
220
221 // Check that installed cert is identical to input one
222 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
223}
224
225/** @brief Check if in athority mode user can install a certificate with certain
226 * subject hash once, but cannot install another one with the same hash
227 */
228TEST_F(TestCertificates, InvokeInstallSameSubjectTwice)
229{
230 using NotAllowed =
231 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
232
233 std::string endpoint("ldap");
234 std::string unit("");
235 std::string type("authority");
236 std::string verifyDir(certDir);
237 UnitsToRestart verifyUnit(unit);
238 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
239 auto event = sdeventplus::Event::get_default();
240 // Attach the bus to sd_event to service user requests
241 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
242 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
243 std::move(certDir));
244 MainApp mainApp(&manager);
245 mainApp.install(certificateFile);
246
247 std::vector<std::unique_ptr<Certificate>>& certs =
248 manager.getCertificates();
249
250 EXPECT_FALSE(certs.empty());
251
252 std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";
253
254 // Check that certificate has been created at installation directory
255 EXPECT_FALSE(fs::is_empty(verifyDir));
256 EXPECT_TRUE(fs::exists(verifyPath));
257
258 // Check that installed cert is identical to input one
259 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
260
261 // Try to install another one with the same subject
262 createNewCertificate(false);
263
264 EXPECT_THROW(
265 {
266 try
267 {
268 // install second certificate
269 mainApp.install(certificateFile);
270 }
271 catch (const NotAllowed& e)
272 {
273 throw;
274 }
275 },
276 NotAllowed);
277
278 // Check that the original certificate has been not removed
279 EXPECT_FALSE(fs::is_empty(verifyDir));
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]280 EXPECT_TRUE(fs::exists(verifyPath));
281}
282
283/** @brief Compare the installed certificate with the copied certificate
284 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]285TEST_F(TestCertificates, CompareInstalledCertificate)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]286{
287 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]288 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]289 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]290 std::string installPath(certDir + "/" + certificateFile);
291 std::string verifyPath(installPath);
292 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]293 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]294 auto event = sdeventplus::Event::get_default();
295 // Attach the bus to sd_event to service user requests
296 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
297 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
298 std::move(installPath));
299 MainApp mainApp(&manager);
300 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]301 EXPECT_TRUE(fs::exists(verifyPath));
302 EXPECT_TRUE(compareFiles(verifyPath, certificateFile));
303}
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]304
305/** @brief Check if install fails if certificate file is not found
306 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]307TEST_F(TestCertificates, TestNoCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]308{
309 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]310 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]311 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]312 std::string installPath(certDir + "/" + certificateFile);
313 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]314 std::string verifyUnit(unit);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]315 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]316 std::string uploadFile = "nofile.pem";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]317 EXPECT_THROW(
318 {
319 try
320 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]321 auto event = sdeventplus::Event::get_default();
322 // Attach the bus to sd_event to service user requests
323 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
324 Manager manager(bus, event, objPath.c_str(), type,
325 std::move(unit), std::move(installPath));
326 MainApp mainApp(&manager);
327 mainApp.install(uploadFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]328 }
329 catch (const InternalFailure& e)
330 {
331 throw;
332 }
333 },
334 InternalFailure);
335 EXPECT_FALSE(fs::exists(verifyPath));
336}
337
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]338/** @brief Test replacing existing certificate
339 */
340TEST_F(TestCertificates, TestReplaceCertificate)
341{
342 std::string endpoint("ldap");
343 std::string unit("");
344 std::string type("server");
345 std::string installPath(certDir + "/" + certificateFile);
346 std::string verifyPath(installPath);
347 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
348 auto event = sdeventplus::Event::get_default();
349 // Attach the bus to sd_event to service user requests
350 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
351 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
352 std::move(installPath));
353 MainApp mainApp(&manager);
354 mainApp.install(certificateFile);
355 EXPECT_TRUE(fs::exists(verifyPath));
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]356 std::vector<std::unique_ptr<Certificate>>& certs =
357 manager.getCertificates();
358 EXPECT_FALSE(certs.empty());
359 EXPECT_NE(certs[0], nullptr);
360 certs[0]->replace(certificateFile);
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]361 EXPECT_TRUE(fs::exists(verifyPath));
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]362}
363
364/** @brief Test replacing existing certificate
365 */
366TEST_F(TestCertificates, TestAuthorityReplaceCertificate)
367{
368 std::string endpoint("ldap");
369 std::string unit("");
370 std::string type("authority");
371 std::string verifyDir(certDir);
372 UnitsToRestart verifyUnit(unit);
373 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
374 auto event = sdeventplus::Event::get_default();
375 // Attach the bus to sd_event to service user requests
376 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
377 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
378 std::move(certDir));
379 MainApp mainApp(&manager);
380 mainApp.install(certificateFile);
381
382 std::vector<std::unique_ptr<Certificate>>& certs =
383 manager.getCertificates();
384 constexpr const unsigned int REPLACE_ITERATIONS = 10;
385
386 for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++)
387 {
388 // Certificate successfully installed
389 EXPECT_FALSE(certs.empty());
390
391 std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";
392
393 // Check that certificate has been created at installation directory
394 EXPECT_FALSE(fs::is_empty(verifyDir));
395 EXPECT_TRUE(fs::exists(verifyPath));
396
397 // Check that installed cert is identical to input one
398 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
399
400 // Create new certificate
401 createNewCertificate(true);
402
403 certs[0]->replace(certificateFile);
404
405 // Verify that old certificate has been removed
406 EXPECT_FALSE(fs::exists(verifyPath));
407 }
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]408}
409
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame^]410/** @brief Test verifiing if delete function works.
411 */
412TEST_F(TestCertificates, TestStorageDeleteCertificate)
413{
414 std::string endpoint("ldap");
415 std::string unit("");
416 std::string type("authority");
417 std::string verifyDir(certDir);
418 UnitsToRestart verifyUnit(unit);
419 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
420 auto event = sdeventplus::Event::get_default();
421 // Attach the bus to sd_event to service user requests
422 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
423 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
424 std::move(certDir));
425 MainApp mainApp(&manager);
426
427 // Check if certificate placeholder dir is empty
428 EXPECT_TRUE(fs::is_empty(verifyDir));
429 mainApp.install(certificateFile);
430
431 // Create new certificate
432 createNewCertificate(true);
433 mainApp.install(certificateFile);
434
435 createNewCertificate(true);
436 mainApp.install(certificateFile);
437
438 std::vector<std::unique_ptr<Certificate>>& certs =
439 manager.getCertificates();
440
441 // All 3 certificates successfully installed and added to manager
442 EXPECT_EQ(certs.size(), 3);
443
444 // Check if certificate placeholder is not empty, there should be 3
445 // certificates
446 EXPECT_FALSE(fs::is_empty(verifyDir));
447
448 certs[0]->delete_();
449 EXPECT_EQ(certs.size(), 2);
450
451 certs[0]->delete_();
452 EXPECT_EQ(certs.size(), 1);
453
454 certs[0]->delete_();
455 EXPECT_EQ(certs.size(), 0);
456
457 // Check if certificate placeholder is empty.
458 EXPECT_TRUE(fs::is_empty(verifyDir));
459}
460
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]461/** @brief Check if install fails if certificate file is empty
462 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]463TEST_F(TestCertificates, TestEmptyCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]464{
465 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]466 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]467 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]468 std::string installPath(certDir + "/" + certificateFile);
469 std::string verifyPath(installPath);
470 std::string verifyUnit(unit);
471 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]472 std::string emptyFile("emptycert.pem");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]473 std::ofstream ofs;
474 ofs.open(emptyFile, std::ofstream::out);
475 ofs.close();
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]476 EXPECT_THROW(
477 {
478 try
479 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]480 auto event = sdeventplus::Event::get_default();
481 // Attach the bus to sd_event to service user requests
482 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
483 Manager manager(bus, event, objPath.c_str(), type,
484 std::move(unit), std::move(installPath));
485 MainApp mainApp(&manager);
486 mainApp.install(emptyFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]487 }
488 catch (const InvalidCertificate& e)
489 {
490 throw;
491 }
492 },
493 InvalidCertificate);
494 EXPECT_FALSE(fs::exists(verifyPath));
495 fs::remove(emptyFile);
496}
497
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]498/** @brief Check if install fails if certificate file is corrupted
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]499 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]500TEST_F(TestCertificates, TestInvalidCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]501{
502 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]503 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]504 std::string type("client");
505
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]506 std::ofstream ofs;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]507 ofs.open(certificateFile, std::ofstream::out);
508 ofs << "-----BEGIN CERTIFICATE-----";
509 ofs << "ADD_SOME_INVALID_DATA_INTO_FILE";
510 ofs << "-----END CERTIFICATE-----";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]511 ofs.close();
512
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]513 std::string installPath(certDir + "/" + certificateFile);
514 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]515 std::string verifyUnit(unit);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]516 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]517 EXPECT_THROW(
518 {
519 try
520 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]521 auto event = sdeventplus::Event::get_default();
522 // Attach the bus to sd_event to service user requests
523 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
524 Manager manager(bus, event, objPath.c_str(), type,
525 std::move(unit), std::move(installPath));
526 MainApp mainApp(&manager);
527 mainApp.install(certificateFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]528 }
529 catch (const InvalidCertificate& e)
530 {
531 throw;
532 }
533 },
534 InvalidCertificate);
535 EXPECT_FALSE(fs::exists(verifyPath));
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]536}
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]537
538/**
539 * Class to generate private and certificate only file and test verification
540 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]541class TestInvalidCertificate : public ::testing::Test
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]542{
543 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]544 TestInvalidCertificate() : bus(sdbusplus::bus::new_default())
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]545 {
546 }
547 void SetUp() override
548 {
549 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
550 auto dirPtr = mkdtemp(dirTemplate);
551 if (dirPtr == NULL)
552 {
553 throw std::bad_alloc();
554 }
555 certDir = dirPtr;
556 certificateFile = "cert.pem";
557 keyFile = "key.pem";
558 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
559 cmd += "-keyout key.pem -out cert.pem -days 3650 ";
560 cmd += "-subj "
561 "/O=openbmc-project.xyz/CN=localhost"
562 " -nodes";
563
564 auto val = std::system(cmd.c_str());
565 if (val)
566 {
567 std::cout << "command Error: " << val << std::endl;
568 }
569 }
570 void TearDown() override
571 {
572 fs::remove_all(certDir);
573 fs::remove(certificateFile);
574 fs::remove(keyFile);
575 }
576
577 protected:
578 sdbusplus::bus::bus bus;
579 std::string certificateFile;
580 std::string keyFile;
581 std::string certDir;
582};
583
584/** @brief Check install fails if private key is missing in certificate file
585 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]586TEST_F(TestInvalidCertificate, TestMissingPrivateKey)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]587{
588 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]589 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]590 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]591 std::string installPath(certDir + "/" + certificateFile);
592 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]593 std::string verifyUnit(unit);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]594 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]595 EXPECT_THROW(
596 {
597 try
598 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]599 auto event = sdeventplus::Event::get_default();
600 // Attach the bus to sd_event to service user requests
601 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
602 Manager manager(bus, event, objPath.c_str(), type,
603 std::move(unit), std::move(installPath));
604 MainApp mainApp(&manager);
605 mainApp.install(certificateFile);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]606 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]607 catch (const InternalFailure& e)
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]608 {
609 throw;
610 }
611 },
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]612 InternalFailure);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]613 EXPECT_FALSE(fs::exists(verifyPath));
614}
615
616/** @brief Check install fails if ceritificate is missing in certificate file
617 */
618TEST_F(TestInvalidCertificate, TestMissingCeritificate)
619{
620 std::string endpoint("ldap");
621 std::string unit("");
622 std::string type("client");
623 std::string installPath(certDir + "/" + keyFile);
624 std::string verifyPath(installPath);
625 std::string verifyUnit(unit);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]626 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
627 EXPECT_THROW(
628 {
629 try
630 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]631 auto event = sdeventplus::Event::get_default();
632 // Attach the bus to sd_event to service user requests
633 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
634 Manager manager(bus, event, objPath.c_str(), type,
635 std::move(unit), std::move(installPath));
636 MainApp mainApp(&manager);
637 mainApp.install(keyFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]638 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]639 catch (const InternalFailure& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]640 {
641 throw;
642 }
643 },
644 InvalidCertificate);
645 EXPECT_FALSE(fs::exists(verifyPath));
646}
647
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]648/** @brief Check if error is thrown when multiple certificates are installed
649 * At present only one certificate per service is allowed
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]650 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]651TEST_F(TestCertificates, TestCertInstallNotAllowed)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]652{
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]653 using NotAllowed =
654 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]655 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]656 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]657 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]658 std::string installPath(certDir + "/" + certificateFile);
659 std::string verifyPath(installPath);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]660 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]661 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]662 // Attach the bus to sd_event to service user requests
663 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]664 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]665 std::move(installPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]666 MainApp mainApp(&manager);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]667 mainApp.install(certificateFile);
668 EXPECT_TRUE(fs::exists(verifyPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]669 EXPECT_THROW(
670 {
671 try
672 {
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]673 // install second certificate
674 mainApp.install(certificateFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]675 }
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]676 catch (const NotAllowed& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]677 {
678 throw;
679 }
680 },
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]681 NotAllowed);
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]682}
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]683
684TEST_F(TestCertificates, TestGenerateCSR)
685{
686 std::string endpoint("https");
687 std::string unit("");
688 std::string type("Server");
689 std::string installPath(certDir + "/" + certificateFile);
690 std::string verifyPath(installPath);
691 std::string CSRPath(certDir + "/" + CSRFile);
692 std::string privateKeyPath(certDir + "/" + privateKeyFile);
693 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]694 std::string challengePassword("Password");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]695 std::string city("HYB");
696 std::string commonName("abc.com");
697 std::string contactPerson("Admin");
698 std::string country("IN");
699 std::string email("admin@in.ibm.com");
700 std::string givenName("givenName");
701 std::string initials("G");
702 int64_t keyBitLength(2048);
703 std::string keyCurveId("0");
704 std::string keyPairAlgorithm("RSA");
705 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
706 std::string organization("IBM");
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]707 std::string organizationalUnit("orgUnit");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]708 std::string state("TS");
709 std::string surname("surname");
710 std::string unstructuredName("unstructuredName");
711 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
712 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]713 // Attach the bus to sd_event to service user requests
714 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]715 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
716 std::move(installPath));
717 Status status;
718 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
719 MainApp mainApp(&manager, &csr);
720 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
721 contactPerson, country, email, givenName, initials,
722 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
723 organization, organizationalUnit, state, surname,
724 unstructuredName);
725 std::string csrData("");
726 // generateCSR takes considerable time to create CSR and privateKey Files
727 EXPECT_FALSE(fs::exists(CSRPath));
728 EXPECT_FALSE(fs::exists(privateKeyPath));
729 EXPECT_THROW(
730 {
731 try
732 {
733 csrData = csr.cSR();
734 }
735 catch (const InternalFailure& e)
736 {
737 throw;
738 }
739 },
740 InternalFailure);
741 // wait for 10 sec to get CSR and privateKey Files generated
742 sleep(10);
743 EXPECT_TRUE(fs::exists(CSRPath));
744 EXPECT_TRUE(fs::exists(privateKeyPath));
745 csrData = csr.cSR();
746 ASSERT_NE("", csrData.c_str());
747}
748
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]749/** @brief Check if ECC key pair is generated when user is not given algorithm
750 * type. At present RSA and EC key pair algorithm are supported
751 */
752TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm)
753{
754 std::string endpoint("https");
755 std::string unit("");
756 std::string type("Server");
757 std::string installPath(certDir + "/" + certificateFile);
758 std::string verifyPath(installPath);
759 std::string CSRPath(certDir + "/" + CSRFile);
760 std::string privateKeyPath(certDir + "/" + privateKeyFile);
761 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
762 std::string challengePassword("Password");
763 std::string city("HYB");
764 std::string commonName("abc.com");
765 std::string contactPerson("Admin");
766 std::string country("IN");
767 std::string email("admin@in.ibm.com");
768 std::string givenName("givenName");
769 std::string initials("G");
770 int64_t keyBitLength(2048);
771 std::string keyCurveId("");
772 std::string keyPairAlgorithm("");
773 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
774 std::string organization("IBM");
775 std::string organizationalUnit("orgUnit");
776 std::string state("TS");
777 std::string surname("surname");
778 std::string unstructuredName("unstructuredName");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]779 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
780 auto event = sdeventplus::Event::get_default();
781 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
782 std::move(installPath));
783 Status status;
784 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
785 MainApp mainApp(&manager, &csr);
786 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
787 contactPerson, country, email, givenName, initials,
788 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
789 organization, organizationalUnit, state, surname,
790 unstructuredName);
791 sleep(10);
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]792 EXPECT_TRUE(fs::exists(CSRPath));
793 EXPECT_TRUE(fs::exists(privateKeyPath));
794}
795
796/** @brief Check if error is thrown when giving un supported key pair
797 * algorithm. At present RSA and EC key pair algorithm are supported
798 */
799TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm)
800{
801 std::string endpoint("https");
802 std::string unit("");
803 std::string type("Server");
804 std::string installPath(certDir + "/" + certificateFile);
805 std::string verifyPath(installPath);
806 std::string CSRPath(certDir + "/" + CSRFile);
807 std::string privateKeyPath(certDir + "/" + privateKeyFile);
808 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
809 std::string challengePassword("Password");
810 std::string city("HYB");
811 std::string commonName("abc.com");
812 std::string contactPerson("Admin");
813 std::string country("IN");
814 std::string email("admin@in.ibm.com");
815 std::string givenName("givenName");
816 std::string initials("G");
817 int64_t keyBitLength(2048);
818 std::string keyCurveId("secp521r1");
819 std::string keyPairAlgorithm("UnSupportedAlgorithm");
820 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
821 std::string organization("IBM");
822 std::string organizationalUnit("orgUnit");
823 std::string state("TS");
824 std::string surname("surname");
825 std::string unstructuredName("unstructuredName");
826 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
827 auto event = sdeventplus::Event::get_default();
828 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
829 std::move(installPath));
830 Status status;
831 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
832 MainApp mainApp(&manager, &csr);
833 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
834 contactPerson, country, email, givenName, initials,
835 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
836 organization, organizationalUnit, state, surname,
837 unstructuredName);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]838 EXPECT_FALSE(fs::exists(CSRPath));
839 EXPECT_FALSE(fs::exists(privateKeyPath));
840}
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]841
842/** @brief Check if error is thrown when NID_undef is returned for given key
843 * curve id
844 */
845TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase)
846{
847 std::string endpoint("https");
848 std::string unit("");
849 std::string type("Server");
850 std::string installPath(certDir + "/" + certificateFile);
851 std::string verifyPath(installPath);
852 std::string CSRPath(certDir + "/" + CSRFile);
853 std::string privateKeyPath(certDir + "/" + privateKeyFile);
854 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
855 std::string challengePassword("Password");
856 std::string city("BLR");
857 std::string commonName("abc.com");
858 std::string contactPerson("Admin");
859 std::string country("IN");
860 std::string email("admin@in.ibm.com");
861 std::string givenName("givenName");
862 std::string initials("G");
863 int64_t keyBitLength(2048);
864 std::string keyCurveId("DummyCurveName");
865 std::string keyPairAlgorithm("EC");
866 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
867 std::string organization("IBM");
868 std::string organizationalUnit("orgUnit");
869 std::string state("TS");
870 std::string surname("surname");
871 std::string unstructuredName("unstructuredName");
872 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
873 auto event = sdeventplus::Event::get_default();
874 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
875 std::move(installPath));
876 Status status;
877 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
878 MainApp mainApp(&manager, &csr);
879 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
880 contactPerson, country, email, givenName, initials,
881 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
882 organization, organizationalUnit, state, surname,
883 unstructuredName);
884 EXPECT_FALSE(fs::exists(CSRPath));
885 EXPECT_FALSE(fs::exists(privateKeyPath));
886}
887
888/** @brief Check default Key Curve Id is used if given curve id is empty
889 */
890TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId)
891{
892 std::string endpoint("https");
893 std::string unit("");
894 std::string type("Server");
895 std::string installPath(certDir + "/" + certificateFile);
896 std::string verifyPath(installPath);
897 std::string CSRPath(certDir + "/" + CSRFile);
898 std::string privateKeyPath(certDir + "/" + privateKeyFile);
899 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
900 std::string challengePassword("Password");
901 std::string city("BLR");
902 std::string commonName("abc.com");
903 std::string contactPerson("Admin");
904 std::string country("IN");
905 std::string email("admin@in.ibm.com");
906 std::string givenName("givenName");
907 std::string initials("G");
908 int64_t keyBitLength(2048);
909 std::string keyCurveId("");
910 std::string keyPairAlgorithm("EC");
911 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
912 std::string organization("IBM");
913 std::string organizationalUnit("orgUnit");
914 std::string state("TS");
915 std::string surname("surname");
916 std::string unstructuredName("unstructuredName");
917 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
918 auto event = sdeventplus::Event::get_default();
919 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
920 std::move(installPath));
921 Status status;
922 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
923 MainApp mainApp(&manager, &csr);
924 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
925 contactPerson, country, email, givenName, initials,
926 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
927 organization, organizationalUnit, state, surname,
928 unstructuredName);
929 sleep(10);
930 EXPECT_TRUE(fs::exists(CSRPath));
931 EXPECT_TRUE(fs::exists(privateKeyPath));
932}
933
934/** @brief Check if error is not thrown to generate EC key pair
935 */
936TEST_F(TestCertificates, TestECKeyGeneration)
937{
938 std::string endpoint("https");
939 std::string unit("");
940 std::string type("Server");
941 std::string installPath(certDir + "/" + certificateFile);
942 std::string verifyPath(installPath);
943 std::string CSRPath(certDir + "/" + CSRFile);
944 std::string privateKeyPath(certDir + "/" + privateKeyFile);
945 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
946 std::string challengePassword("Password");
947 std::string city("BLR");
948 std::string commonName("abc.com");
949 std::string contactPerson("Admin");
950 std::string country("IN");
951 std::string email("admin@in.ibm.com");
952 std::string givenName("givenName");
953 std::string initials("G");
954 int64_t keyBitLength(2048);
955 std::string keyCurveId("secp521r1");
956 std::string keyPairAlgorithm("EC");
957 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
958 std::string organization("IBM");
959 std::string organizationalUnit("orgUnit");
960 std::string state("TS");
961 std::string surname("surname");
962 std::string unstructuredName("unstructuredName");
963 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
964 auto event = sdeventplus::Event::get_default();
965 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
966 std::move(installPath));
967 Status status;
968 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
969 MainApp mainApp(&manager, &csr);
970 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
971 contactPerson, country, email, givenName, initials,
972 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
973 organization, organizationalUnit, state, surname,
974 unstructuredName);
975 std::cout << "CSRPath: " << CSRPath << std::endl
976 << "privateKeyPath: " << privateKeyPath << std::endl;
977 sleep(10);
978 EXPECT_TRUE(fs::exists(CSRPath));
979 EXPECT_TRUE(fs::exists(privateKeyPath));
980}
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]981
982/** @brief Check error is thrown if giving unsupported ket bit length to
983 * generate rsa key
984 */
985TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength)
986{
987 std::string endpoint("https");
988 std::string unit("");
989 std::string type("Server");
990 std::string installPath(certDir + "/" + certificateFile);
991 std::string verifyPath(installPath);
992 std::string CSRPath(certDir + "/" + CSRFile);
993 std::string privateKeyPath(certDir + "/" + privateKeyFile);
994 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
995 std::string challengePassword("Password");
996 std::string city("BLR");
997 std::string commonName("abc.com");
998 std::string contactPerson("Admin");
999 std::string country("IN");
1000 std::string email("admin@in.ibm.com");
1001 std::string givenName("givenName");
1002 std::string initials("G");
1003 int64_t keyBitLength(4096);
1004 std::string keyCurveId("secp521r1");
1005 std::string keyPairAlgorithm("RSA");
1006 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1007 std::string organization("IBM");
1008 std::string organizationalUnit("orgUnit");
1009 std::string state("TS");
1010 std::string surname("surname");
1011 std::string unstructuredName("unstructuredName");
1012 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1013 auto event = sdeventplus::Event::get_default();
1014 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1015 std::move(installPath));
1016 Status status;
1017 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1018 MainApp mainApp(&manager, &csr);
1019 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1020 contactPerson, country, email, givenName, initials,
1021 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1022 organization, organizationalUnit, state, surname,
1023 unstructuredName);
1024 EXPECT_FALSE(fs::exists(CSRPath));
1025 EXPECT_FALSE(fs::exists(privateKeyPath));
1026}
1027
1028/** @brief Check error is thrown if generated rsa key file is not present
1029 */
1030TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase)
1031{
1032 std::string endpoint("https");
1033 std::string unit("");
1034 std::string type("Server");
1035 std::string installPath(certDir + "/" + certificateFile);
1036 std::string verifyPath(installPath);
1037 std::string CSRPath(certDir + "/" + CSRFile);
1038 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1039 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1040 std::string challengePassword("Password");
1041 std::string city("BLR");
1042 std::string commonName("abc.com");
1043 std::string contactPerson("Admin");
1044 std::string country("IN");
1045 std::string email("admin@in.ibm.com");
1046 std::string givenName("givenName");
1047 std::string initials("G");
1048 int64_t keyBitLength(2048);
1049 std::string keyCurveId("secp521r1");
1050 std::string keyPairAlgorithm("RSA");
1051 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1052 std::string organization("IBM");
1053 std::string organizationalUnit("orgUnit");
1054 std::string state("TS");
1055 std::string surname("surname");
1056 std::string unstructuredName("unstructuredName");
1057 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1058 auto event = sdeventplus::Event::get_default();
1059 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1060 std::move(installPath));
1061
1062 // Removing generated RSA key file
1063 fs::remove(rsaPrivateKeyFilePath);
1064
1065 Status status;
1066 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1067 MainApp mainApp(&manager, &csr);
1068 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1069 contactPerson, country, email, givenName, initials,
1070 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1071 organization, organizationalUnit, state, surname,
1072 unstructuredName);
1073 EXPECT_FALSE(fs::exists(CSRPath));
1074 EXPECT_FALSE(fs::exists(privateKeyPath));
1075}
1076
1077/** @brief Check private key file is created from generated rsa key file is
1078 * `present
1079 */
1080TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile)
1081{
1082 std::string endpoint("https");
1083 std::string unit("");
1084 std::string type("Server");
1085 std::string installPath(certDir + "/" + certificateFile);
1086 std::string verifyPath(installPath);
1087 std::string CSRPath(certDir + "/" + CSRFile);
1088 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1089 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1090 std::string challengePassword("Password");
1091 std::string city("BLR");
1092 std::string commonName("abc.com");
1093 std::string contactPerson("Admin");
1094 std::string country("IN");
1095 std::string email("admin@in.ibm.com");
1096 std::string givenName("givenName");
1097 std::string initials("G");
1098 int64_t keyBitLength(2048);
1099 std::string keyCurveId("secp521r1");
1100 std::string keyPairAlgorithm("RSA");
1101 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1102 std::string organization("IBM");
1103 std::string organizationalUnit("orgUnit");
1104 std::string state("TS");
1105 std::string surname("surname");
1106 std::string unstructuredName("unstructuredName");
1107 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1108 auto event = sdeventplus::Event::get_default();
1109 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1110 std::move(installPath));
1111 Status status;
1112 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1113 MainApp mainApp(&manager, &csr);
1114 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1115 contactPerson, country, email, givenName, initials,
1116 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1117 organization, organizationalUnit, state, surname,
1118 unstructuredName);
1119 sleep(10);
1120 EXPECT_TRUE(fs::exists(CSRPath));
1121 EXPECT_TRUE(fs::exists(privateKeyPath));
1122}
1123
1124/** @brief Check RSA key is generted during application startup*/
1125TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile)
1126{
1127 std::string endpoint("https");
1128 std::string unit("");
1129 std::string type("Server");
1130 std::string installPath(certDir + "/" + certificateFile);
1131 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1132 auto event = sdeventplus::Event::get_default();
1133
1134 EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath));
1135 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1136 std::move(installPath));
1137 EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath));
1138}