Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / c6e58c7e7fade369e64c6eaee23a5b72f37a7ace / . / test / certs_manager_test.cpp
blob: d4fd2130b0ee5623b2f247c4027d002806222aa1 [file] [log] [blame]
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]1#include "config.h"
2
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]3#include "certificate.hpp"
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]4#include "certs_manager.hpp"
5
6#include <algorithm>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]7#include <filesystem>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]8#include <fstream>
9#include <iterator>
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]10#include <sdeventplus/event.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]11#include <string>
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]12#include <xyz/openbmc_project/Certs/error.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]13#include <xyz/openbmc_project/Common/error.hpp>
14
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]15#include <gtest/gtest.h>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]16namespace fs = std::filesystem;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]17using InternalFailure =
18 sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]19using InvalidCertificate =
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]20 sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]21using namespace phosphor::certs;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]22
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]23/**
24 * Class to generate certificate file and test verification of certificate file
25 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]26class TestCertificates : public ::testing::Test
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]27{
28 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]29 TestCertificates() : bus(sdbusplus::bus::new_default())
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]30 {
31 }
32 void SetUp() override
33 {
34 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
35 auto dirPtr = mkdtemp(dirTemplate);
36 if (dirPtr == NULL)
37 {
38 throw std::bad_alloc();
39 }
40 certDir = dirPtr;
41 certificateFile = "cert.pem";
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]42 CSRFile = "domain.csr";
43 privateKeyFile = "privkey.pem";
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame^]44 rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem";
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]45 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
46 cmd += "-keyout cert.pem -out cert.pem -days 3650 ";
47 cmd += "-subj "
48 "/O=openbmc-project.xyz/CN=localhost"
49 " -nodes";
50 auto val = std::system(cmd.c_str());
51 if (val)
52 {
53 std::cout << "COMMAND Error: " << val << std::endl;
54 }
55 }
56 void TearDown() override
57 {
58 fs::remove_all(certDir);
59 fs::remove(certificateFile);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]60 fs::remove(CSRFile);
61 fs::remove(privateKeyFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]62 }
63
64 bool compareFiles(const std::string& file1, const std::string& file2)
65 {
66 std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate);
67 std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate);
68
69 if (f1.fail() || f2.fail())
70 {
71 return false; // file problem
72 }
73
74 if (f1.tellg() != f2.tellg())
75 {
76 return false; // size mismatch
77 }
78
79 // seek back to beginning and use std::equal to compare contents
80 f1.seekg(0, std::ifstream::beg);
81 f2.seekg(0, std::ifstream::beg);
82 return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()),
83 std::istreambuf_iterator<char>(),
84 std::istreambuf_iterator<char>(f2.rdbuf()));
85 }
86
87 protected:
88 sdbusplus::bus::bus bus;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame^]89 std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]90
91 std::string certDir;
92};
93
94class MainApp
95{
96 public:
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]97 MainApp(phosphor::certs::Manager* manager,
98 phosphor::certs::CSR* csr = nullptr) :
99 manager(manager),
100 csr(csr)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]101 {
102 }
103 void install(std::string& path)
104 {
105 manager->install(path);
106 }
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]107 void delete_()
108 {
109 manager->delete_();
110 }
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]111
112 std::string generateCSR(std::vector<std::string> alternativeNames,
113 std::string challengePassword, std::string city,
114 std::string commonName, std::string contactPerson,
115 std::string country, std::string email,
116 std::string givenName, std::string initials,
117 int64_t keyBitLength, std::string keyCurveId,
118 std::string keyPairAlgorithm,
119 std::vector<std::string> keyUsage,
120 std::string organization,
121 std::string organizationalUnit, std::string state,
122 std::string surname, std::string unstructuredName)
123 {
124 return (manager->generateCSR(
125 alternativeNames, challengePassword, city, commonName,
126 contactPerson, country, email, givenName, initials, keyBitLength,
127 keyCurveId, keyPairAlgorithm, keyUsage, organization,
128 organizationalUnit, state, surname, unstructuredName));
129 }
130 std::string cSR()
131 {
132 return (csr->cSR());
133 }
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]134 phosphor::certs::Manager* manager;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]135 phosphor::certs::CSR* csr;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]136};
137
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]138/** @brief Check if server install routine is invoked for server setup
139 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]140TEST_F(TestCertificates, InvokeServerInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]141{
142 std::string endpoint("https");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]143 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]144 std::string type("server");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]145 std::string installPath(certDir + "/" + certificateFile);
146 std::string verifyPath(installPath);
147 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]148 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]149 auto event = sdeventplus::Event::get_default();
150 // Attach the bus to sd_event to service user requests
151 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
152 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
153 std::move(installPath));
154 MainApp mainApp(&manager);
155 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]156 EXPECT_TRUE(fs::exists(verifyPath));
157}
158
159/** @brief Check if client install routine is invoked for client setup
160 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]161TEST_F(TestCertificates, InvokeClientInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]162{
163 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]164 std::string unit("");
165 std::string type("server");
166 std::string installPath(certDir + "/" + certificateFile);
167 std::string verifyPath(installPath);
168 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]169 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]170 auto event = sdeventplus::Event::get_default();
171 // Attach the bus to sd_event to service user requests
172 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
173 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
174 std::move(installPath));
175 MainApp mainApp(&manager);
176 mainApp.install(certificateFile);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]177 EXPECT_TRUE(fs::exists(verifyPath));
178}
179
180/** @brief Check if authority install routine is invoked for authority setup
181 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]182TEST_F(TestCertificates, InvokeAuthorityInstall)
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]183{
184 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]185 std::string unit("");
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]186 std::string type("authority");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]187 std::string installPath(certDir + "/" + certificateFile);
188 std::string verifyPath(installPath);
189 UnitsToRestart verifyUnit(unit);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]190 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]191 auto event = sdeventplus::Event::get_default();
192 // Attach the bus to sd_event to service user requests
193 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
194 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
195 std::move(installPath));
196 MainApp mainApp(&manager);
197 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]198 EXPECT_TRUE(fs::exists(verifyPath));
199}
200
201/** @brief Compare the installed certificate with the copied certificate
202 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]203TEST_F(TestCertificates, CompareInstalledCertificate)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]204{
205 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]206 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]207 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]208 std::string installPath(certDir + "/" + certificateFile);
209 std::string verifyPath(installPath);
210 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]211 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]212 auto event = sdeventplus::Event::get_default();
213 // Attach the bus to sd_event to service user requests
214 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
215 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
216 std::move(installPath));
217 MainApp mainApp(&manager);
218 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]219 EXPECT_TRUE(fs::exists(verifyPath));
220 EXPECT_TRUE(compareFiles(verifyPath, certificateFile));
221}
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]222
223/** @brief Check if install fails if certificate file is not found
224 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]225TEST_F(TestCertificates, TestNoCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]226{
227 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]228 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]229 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]230 std::string installPath(certDir + "/" + certificateFile);
231 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]232 std::string verifyUnit(unit);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]233 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]234 std::string uploadFile = "nofile.pem";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]235 EXPECT_THROW(
236 {
237 try
238 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]239 auto event = sdeventplus::Event::get_default();
240 // Attach the bus to sd_event to service user requests
241 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
242 Manager manager(bus, event, objPath.c_str(), type,
243 std::move(unit), std::move(installPath));
244 MainApp mainApp(&manager);
245 mainApp.install(uploadFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]246 }
247 catch (const InternalFailure& e)
248 {
249 throw;
250 }
251 },
252 InternalFailure);
253 EXPECT_FALSE(fs::exists(verifyPath));
254}
255
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]256/** @brief Test replacing existing certificate
257 */
258TEST_F(TestCertificates, TestReplaceCertificate)
259{
260 std::string endpoint("ldap");
261 std::string unit("");
262 std::string type("server");
263 std::string installPath(certDir + "/" + certificateFile);
264 std::string verifyPath(installPath);
265 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
266 auto event = sdeventplus::Event::get_default();
267 // Attach the bus to sd_event to service user requests
268 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
269 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
270 std::move(installPath));
271 MainApp mainApp(&manager);
272 mainApp.install(certificateFile);
273 EXPECT_TRUE(fs::exists(verifyPath));
274 EXPECT_TRUE(fs::exists(verifyPath));
275 CertificatePtr& ptr = manager.getCertificate();
276 EXPECT_NE(ptr, nullptr);
277 ptr->replace(certificateFile);
278 EXPECT_TRUE(fs::exists(verifyPath));
279}
280
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]281/** @brief Check if install fails if certificate file is empty
282 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]283TEST_F(TestCertificates, TestEmptyCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]284{
285 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]286 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]287 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]288 std::string installPath(certDir + "/" + certificateFile);
289 std::string verifyPath(installPath);
290 std::string verifyUnit(unit);
291 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]292 std::string emptyFile("emptycert.pem");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]293 std::ofstream ofs;
294 ofs.open(emptyFile, std::ofstream::out);
295 ofs.close();
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]296 EXPECT_THROW(
297 {
298 try
299 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]300 auto event = sdeventplus::Event::get_default();
301 // Attach the bus to sd_event to service user requests
302 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
303 Manager manager(bus, event, objPath.c_str(), type,
304 std::move(unit), std::move(installPath));
305 MainApp mainApp(&manager);
306 mainApp.install(emptyFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]307 }
308 catch (const InvalidCertificate& e)
309 {
310 throw;
311 }
312 },
313 InvalidCertificate);
314 EXPECT_FALSE(fs::exists(verifyPath));
315 fs::remove(emptyFile);
316}
317
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]318/** @brief Check if install fails if certificate file is corrupted
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]319 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]320TEST_F(TestCertificates, TestInvalidCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]321{
322 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]323 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]324 std::string type("client");
325
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]326 std::ofstream ofs;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]327 ofs.open(certificateFile, std::ofstream::out);
328 ofs << "-----BEGIN CERTIFICATE-----";
329 ofs << "ADD_SOME_INVALID_DATA_INTO_FILE";
330 ofs << "-----END CERTIFICATE-----";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]331 ofs.close();
332
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]333 std::string installPath(certDir + "/" + certificateFile);
334 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]335 std::string verifyUnit(unit);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]336 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]337 EXPECT_THROW(
338 {
339 try
340 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]341 auto event = sdeventplus::Event::get_default();
342 // Attach the bus to sd_event to service user requests
343 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
344 Manager manager(bus, event, objPath.c_str(), type,
345 std::move(unit), std::move(installPath));
346 MainApp mainApp(&manager);
347 mainApp.install(certificateFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]348 }
349 catch (const InvalidCertificate& e)
350 {
351 throw;
352 }
353 },
354 InvalidCertificate);
355 EXPECT_FALSE(fs::exists(verifyPath));
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]356}
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]357
358/**
359 * Class to generate private and certificate only file and test verification
360 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]361class TestInvalidCertificate : public ::testing::Test
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]362{
363 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]364 TestInvalidCertificate() : bus(sdbusplus::bus::new_default())
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]365 {
366 }
367 void SetUp() override
368 {
369 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
370 auto dirPtr = mkdtemp(dirTemplate);
371 if (dirPtr == NULL)
372 {
373 throw std::bad_alloc();
374 }
375 certDir = dirPtr;
376 certificateFile = "cert.pem";
377 keyFile = "key.pem";
378 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
379 cmd += "-keyout key.pem -out cert.pem -days 3650 ";
380 cmd += "-subj "
381 "/O=openbmc-project.xyz/CN=localhost"
382 " -nodes";
383
384 auto val = std::system(cmd.c_str());
385 if (val)
386 {
387 std::cout << "command Error: " << val << std::endl;
388 }
389 }
390 void TearDown() override
391 {
392 fs::remove_all(certDir);
393 fs::remove(certificateFile);
394 fs::remove(keyFile);
395 }
396
397 protected:
398 sdbusplus::bus::bus bus;
399 std::string certificateFile;
400 std::string keyFile;
401 std::string certDir;
402};
403
404/** @brief Check install fails if private key is missing in certificate file
405 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]406TEST_F(TestInvalidCertificate, TestMissingPrivateKey)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]407{
408 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]409 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]410 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]411 std::string installPath(certDir + "/" + certificateFile);
412 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]413 std::string verifyUnit(unit);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]414 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]415 EXPECT_THROW(
416 {
417 try
418 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]419 auto event = sdeventplus::Event::get_default();
420 // Attach the bus to sd_event to service user requests
421 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
422 Manager manager(bus, event, objPath.c_str(), type,
423 std::move(unit), std::move(installPath));
424 MainApp mainApp(&manager);
425 mainApp.install(certificateFile);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]426 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]427 catch (const InternalFailure& e)
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]428 {
429 throw;
430 }
431 },
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]432 InternalFailure);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]433 EXPECT_FALSE(fs::exists(verifyPath));
434}
435
436/** @brief Check install fails if ceritificate is missing in certificate file
437 */
438TEST_F(TestInvalidCertificate, TestMissingCeritificate)
439{
440 std::string endpoint("ldap");
441 std::string unit("");
442 std::string type("client");
443 std::string installPath(certDir + "/" + keyFile);
444 std::string verifyPath(installPath);
445 std::string verifyUnit(unit);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]446 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
447 EXPECT_THROW(
448 {
449 try
450 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]451 auto event = sdeventplus::Event::get_default();
452 // Attach the bus to sd_event to service user requests
453 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
454 Manager manager(bus, event, objPath.c_str(), type,
455 std::move(unit), std::move(installPath));
456 MainApp mainApp(&manager);
457 mainApp.install(keyFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]458 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]459 catch (const InternalFailure& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]460 {
461 throw;
462 }
463 },
464 InvalidCertificate);
465 EXPECT_FALSE(fs::exists(verifyPath));
466}
467
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]468/** @brief Check if error is thrown when multiple certificates are installed
469 * At present only one certificate per service is allowed
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]470 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]471TEST_F(TestCertificates, TestCertInstallNotAllowed)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]472{
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]473 using NotAllowed =
474 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]475 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]476 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]477 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]478 std::string installPath(certDir + "/" + certificateFile);
479 std::string verifyPath(installPath);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]480 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]481 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]482 // Attach the bus to sd_event to service user requests
483 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]484 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]485 std::move(installPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]486 MainApp mainApp(&manager);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]487 mainApp.install(certificateFile);
488 EXPECT_TRUE(fs::exists(verifyPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]489 EXPECT_THROW(
490 {
491 try
492 {
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]493 // install second certificate
494 mainApp.install(certificateFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]495 }
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]496 catch (const NotAllowed& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]497 {
498 throw;
499 }
500 },
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]501 NotAllowed);
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]502}
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]503
504TEST_F(TestCertificates, TestGenerateCSR)
505{
506 std::string endpoint("https");
507 std::string unit("");
508 std::string type("Server");
509 std::string installPath(certDir + "/" + certificateFile);
510 std::string verifyPath(installPath);
511 std::string CSRPath(certDir + "/" + CSRFile);
512 std::string privateKeyPath(certDir + "/" + privateKeyFile);
513 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]514 std::string challengePassword("Password");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]515 std::string city("HYB");
516 std::string commonName("abc.com");
517 std::string contactPerson("Admin");
518 std::string country("IN");
519 std::string email("admin@in.ibm.com");
520 std::string givenName("givenName");
521 std::string initials("G");
522 int64_t keyBitLength(2048);
523 std::string keyCurveId("0");
524 std::string keyPairAlgorithm("RSA");
525 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
526 std::string organization("IBM");
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]527 std::string organizationalUnit("orgUnit");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]528 std::string state("TS");
529 std::string surname("surname");
530 std::string unstructuredName("unstructuredName");
531 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
532 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]533 // Attach the bus to sd_event to service user requests
534 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]535 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
536 std::move(installPath));
537 Status status;
538 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
539 MainApp mainApp(&manager, &csr);
540 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
541 contactPerson, country, email, givenName, initials,
542 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
543 organization, organizationalUnit, state, surname,
544 unstructuredName);
545 std::string csrData("");
546 // generateCSR takes considerable time to create CSR and privateKey Files
547 EXPECT_FALSE(fs::exists(CSRPath));
548 EXPECT_FALSE(fs::exists(privateKeyPath));
549 EXPECT_THROW(
550 {
551 try
552 {
553 csrData = csr.cSR();
554 }
555 catch (const InternalFailure& e)
556 {
557 throw;
558 }
559 },
560 InternalFailure);
561 // wait for 10 sec to get CSR and privateKey Files generated
562 sleep(10);
563 EXPECT_TRUE(fs::exists(CSRPath));
564 EXPECT_TRUE(fs::exists(privateKeyPath));
565 csrData = csr.cSR();
566 ASSERT_NE("", csrData.c_str());
567}
568
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]569/** @brief Check if ECC key pair is generated when user is not given algorithm
570 * type. At present RSA and EC key pair algorithm are supported
571 */
572TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm)
573{
574 std::string endpoint("https");
575 std::string unit("");
576 std::string type("Server");
577 std::string installPath(certDir + "/" + certificateFile);
578 std::string verifyPath(installPath);
579 std::string CSRPath(certDir + "/" + CSRFile);
580 std::string privateKeyPath(certDir + "/" + privateKeyFile);
581 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
582 std::string challengePassword("Password");
583 std::string city("HYB");
584 std::string commonName("abc.com");
585 std::string contactPerson("Admin");
586 std::string country("IN");
587 std::string email("admin@in.ibm.com");
588 std::string givenName("givenName");
589 std::string initials("G");
590 int64_t keyBitLength(2048);
591 std::string keyCurveId("");
592 std::string keyPairAlgorithm("");
593 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
594 std::string organization("IBM");
595 std::string organizationalUnit("orgUnit");
596 std::string state("TS");
597 std::string surname("surname");
598 std::string unstructuredName("unstructuredName");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]599 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
600 auto event = sdeventplus::Event::get_default();
601 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
602 std::move(installPath));
603 Status status;
604 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
605 MainApp mainApp(&manager, &csr);
606 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
607 contactPerson, country, email, givenName, initials,
608 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
609 organization, organizationalUnit, state, surname,
610 unstructuredName);
611 sleep(10);
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]612 EXPECT_TRUE(fs::exists(CSRPath));
613 EXPECT_TRUE(fs::exists(privateKeyPath));
614}
615
616/** @brief Check if error is thrown when giving un supported key pair
617 * algorithm. At present RSA and EC key pair algorithm are supported
618 */
619TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm)
620{
621 std::string endpoint("https");
622 std::string unit("");
623 std::string type("Server");
624 std::string installPath(certDir + "/" + certificateFile);
625 std::string verifyPath(installPath);
626 std::string CSRPath(certDir + "/" + CSRFile);
627 std::string privateKeyPath(certDir + "/" + privateKeyFile);
628 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
629 std::string challengePassword("Password");
630 std::string city("HYB");
631 std::string commonName("abc.com");
632 std::string contactPerson("Admin");
633 std::string country("IN");
634 std::string email("admin@in.ibm.com");
635 std::string givenName("givenName");
636 std::string initials("G");
637 int64_t keyBitLength(2048);
638 std::string keyCurveId("secp521r1");
639 std::string keyPairAlgorithm("UnSupportedAlgorithm");
640 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
641 std::string organization("IBM");
642 std::string organizationalUnit("orgUnit");
643 std::string state("TS");
644 std::string surname("surname");
645 std::string unstructuredName("unstructuredName");
646 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
647 auto event = sdeventplus::Event::get_default();
648 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
649 std::move(installPath));
650 Status status;
651 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
652 MainApp mainApp(&manager, &csr);
653 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
654 contactPerson, country, email, givenName, initials,
655 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
656 organization, organizationalUnit, state, surname,
657 unstructuredName);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]658 EXPECT_FALSE(fs::exists(CSRPath));
659 EXPECT_FALSE(fs::exists(privateKeyPath));
660}
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]661
662/** @brief Check if error is thrown when NID_undef is returned for given key
663 * curve id
664 */
665TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase)
666{
667 std::string endpoint("https");
668 std::string unit("");
669 std::string type("Server");
670 std::string installPath(certDir + "/" + certificateFile);
671 std::string verifyPath(installPath);
672 std::string CSRPath(certDir + "/" + CSRFile);
673 std::string privateKeyPath(certDir + "/" + privateKeyFile);
674 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
675 std::string challengePassword("Password");
676 std::string city("BLR");
677 std::string commonName("abc.com");
678 std::string contactPerson("Admin");
679 std::string country("IN");
680 std::string email("admin@in.ibm.com");
681 std::string givenName("givenName");
682 std::string initials("G");
683 int64_t keyBitLength(2048);
684 std::string keyCurveId("DummyCurveName");
685 std::string keyPairAlgorithm("EC");
686 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
687 std::string organization("IBM");
688 std::string organizationalUnit("orgUnit");
689 std::string state("TS");
690 std::string surname("surname");
691 std::string unstructuredName("unstructuredName");
692 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
693 auto event = sdeventplus::Event::get_default();
694 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
695 std::move(installPath));
696 Status status;
697 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
698 MainApp mainApp(&manager, &csr);
699 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
700 contactPerson, country, email, givenName, initials,
701 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
702 organization, organizationalUnit, state, surname,
703 unstructuredName);
704 EXPECT_FALSE(fs::exists(CSRPath));
705 EXPECT_FALSE(fs::exists(privateKeyPath));
706}
707
708/** @brief Check default Key Curve Id is used if given curve id is empty
709 */
710TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId)
711{
712 std::string endpoint("https");
713 std::string unit("");
714 std::string type("Server");
715 std::string installPath(certDir + "/" + certificateFile);
716 std::string verifyPath(installPath);
717 std::string CSRPath(certDir + "/" + CSRFile);
718 std::string privateKeyPath(certDir + "/" + privateKeyFile);
719 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
720 std::string challengePassword("Password");
721 std::string city("BLR");
722 std::string commonName("abc.com");
723 std::string contactPerson("Admin");
724 std::string country("IN");
725 std::string email("admin@in.ibm.com");
726 std::string givenName("givenName");
727 std::string initials("G");
728 int64_t keyBitLength(2048);
729 std::string keyCurveId("");
730 std::string keyPairAlgorithm("EC");
731 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
732 std::string organization("IBM");
733 std::string organizationalUnit("orgUnit");
734 std::string state("TS");
735 std::string surname("surname");
736 std::string unstructuredName("unstructuredName");
737 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
738 auto event = sdeventplus::Event::get_default();
739 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
740 std::move(installPath));
741 Status status;
742 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
743 MainApp mainApp(&manager, &csr);
744 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
745 contactPerson, country, email, givenName, initials,
746 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
747 organization, organizationalUnit, state, surname,
748 unstructuredName);
749 sleep(10);
750 EXPECT_TRUE(fs::exists(CSRPath));
751 EXPECT_TRUE(fs::exists(privateKeyPath));
752}
753
754/** @brief Check if error is not thrown to generate EC key pair
755 */
756TEST_F(TestCertificates, TestECKeyGeneration)
757{
758 std::string endpoint("https");
759 std::string unit("");
760 std::string type("Server");
761 std::string installPath(certDir + "/" + certificateFile);
762 std::string verifyPath(installPath);
763 std::string CSRPath(certDir + "/" + CSRFile);
764 std::string privateKeyPath(certDir + "/" + privateKeyFile);
765 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
766 std::string challengePassword("Password");
767 std::string city("BLR");
768 std::string commonName("abc.com");
769 std::string contactPerson("Admin");
770 std::string country("IN");
771 std::string email("admin@in.ibm.com");
772 std::string givenName("givenName");
773 std::string initials("G");
774 int64_t keyBitLength(2048);
775 std::string keyCurveId("secp521r1");
776 std::string keyPairAlgorithm("EC");
777 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
778 std::string organization("IBM");
779 std::string organizationalUnit("orgUnit");
780 std::string state("TS");
781 std::string surname("surname");
782 std::string unstructuredName("unstructuredName");
783 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
784 auto event = sdeventplus::Event::get_default();
785 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
786 std::move(installPath));
787 Status status;
788 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
789 MainApp mainApp(&manager, &csr);
790 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
791 contactPerson, country, email, givenName, initials,
792 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
793 organization, organizationalUnit, state, surname,
794 unstructuredName);
795 std::cout << "CSRPath: " << CSRPath << std::endl
796 << "privateKeyPath: " << privateKeyPath << std::endl;
797 sleep(10);
798 EXPECT_TRUE(fs::exists(CSRPath));
799 EXPECT_TRUE(fs::exists(privateKeyPath));
800}
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame^]801
802/** @brief Check error is thrown if giving unsupported ket bit length to
803 * generate rsa key
804 */
805TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength)
806{
807 std::string endpoint("https");
808 std::string unit("");
809 std::string type("Server");
810 std::string installPath(certDir + "/" + certificateFile);
811 std::string verifyPath(installPath);
812 std::string CSRPath(certDir + "/" + CSRFile);
813 std::string privateKeyPath(certDir + "/" + privateKeyFile);
814 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
815 std::string challengePassword("Password");
816 std::string city("BLR");
817 std::string commonName("abc.com");
818 std::string contactPerson("Admin");
819 std::string country("IN");
820 std::string email("admin@in.ibm.com");
821 std::string givenName("givenName");
822 std::string initials("G");
823 int64_t keyBitLength(4096);
824 std::string keyCurveId("secp521r1");
825 std::string keyPairAlgorithm("RSA");
826 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
827 std::string organization("IBM");
828 std::string organizationalUnit("orgUnit");
829 std::string state("TS");
830 std::string surname("surname");
831 std::string unstructuredName("unstructuredName");
832 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
833 auto event = sdeventplus::Event::get_default();
834 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
835 std::move(installPath));
836 Status status;
837 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
838 MainApp mainApp(&manager, &csr);
839 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
840 contactPerson, country, email, givenName, initials,
841 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
842 organization, organizationalUnit, state, surname,
843 unstructuredName);
844 EXPECT_FALSE(fs::exists(CSRPath));
845 EXPECT_FALSE(fs::exists(privateKeyPath));
846}
847
848/** @brief Check error is thrown if generated rsa key file is not present
849 */
850TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase)
851{
852 std::string endpoint("https");
853 std::string unit("");
854 std::string type("Server");
855 std::string installPath(certDir + "/" + certificateFile);
856 std::string verifyPath(installPath);
857 std::string CSRPath(certDir + "/" + CSRFile);
858 std::string privateKeyPath(certDir + "/" + privateKeyFile);
859 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
860 std::string challengePassword("Password");
861 std::string city("BLR");
862 std::string commonName("abc.com");
863 std::string contactPerson("Admin");
864 std::string country("IN");
865 std::string email("admin@in.ibm.com");
866 std::string givenName("givenName");
867 std::string initials("G");
868 int64_t keyBitLength(2048);
869 std::string keyCurveId("secp521r1");
870 std::string keyPairAlgorithm("RSA");
871 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
872 std::string organization("IBM");
873 std::string organizationalUnit("orgUnit");
874 std::string state("TS");
875 std::string surname("surname");
876 std::string unstructuredName("unstructuredName");
877 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
878 auto event = sdeventplus::Event::get_default();
879 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
880 std::move(installPath));
881
882 // Removing generated RSA key file
883 fs::remove(rsaPrivateKeyFilePath);
884
885 Status status;
886 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
887 MainApp mainApp(&manager, &csr);
888 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
889 contactPerson, country, email, givenName, initials,
890 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
891 organization, organizationalUnit, state, surname,
892 unstructuredName);
893 EXPECT_FALSE(fs::exists(CSRPath));
894 EXPECT_FALSE(fs::exists(privateKeyPath));
895}
896
897/** @brief Check private key file is created from generated rsa key file is
898 * `present
899 */
900TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile)
901{
902 std::string endpoint("https");
903 std::string unit("");
904 std::string type("Server");
905 std::string installPath(certDir + "/" + certificateFile);
906 std::string verifyPath(installPath);
907 std::string CSRPath(certDir + "/" + CSRFile);
908 std::string privateKeyPath(certDir + "/" + privateKeyFile);
909 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
910 std::string challengePassword("Password");
911 std::string city("BLR");
912 std::string commonName("abc.com");
913 std::string contactPerson("Admin");
914 std::string country("IN");
915 std::string email("admin@in.ibm.com");
916 std::string givenName("givenName");
917 std::string initials("G");
918 int64_t keyBitLength(2048);
919 std::string keyCurveId("secp521r1");
920 std::string keyPairAlgorithm("RSA");
921 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
922 std::string organization("IBM");
923 std::string organizationalUnit("orgUnit");
924 std::string state("TS");
925 std::string surname("surname");
926 std::string unstructuredName("unstructuredName");
927 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
928 auto event = sdeventplus::Event::get_default();
929 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
930 std::move(installPath));
931 Status status;
932 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
933 MainApp mainApp(&manager, &csr);
934 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
935 contactPerson, country, email, givenName, initials,
936 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
937 organization, organizationalUnit, state, surname,
938 unstructuredName);
939 sleep(10);
940 EXPECT_TRUE(fs::exists(CSRPath));
941 EXPECT_TRUE(fs::exists(privateKeyPath));
942}
943
944/** @brief Check RSA key is generted during application startup*/
945TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile)
946{
947 std::string endpoint("https");
948 std::string unit("");
949 std::string type("Server");
950 std::string installPath(certDir + "/" + certificateFile);
951 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
952 auto event = sdeventplus::Event::get_default();
953
954 EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath));
955 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
956 std::move(installPath));
957 EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath));
958}