Blame - test/certs_manager_test.cpp - openbmc/phosphor-certificate-manager

2019-03-04 05:43:55 -0600

[diff] [blame]

3

#include "certificate.hpp"

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

4

#include "certs_manager.hpp"

5

6

#include <algorithm>

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

7

#include <filesystem>

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

8

#include <fstream>

9

#include <iterator>

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

10

#include <sdeventplus/event.hpp>

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

11

#include <string>

Marri Devender Rao

13bf74e

2019-03-26 01:52:17 -0500

[diff] [blame]

12

#include <xyz/openbmc_project/Certs/error.hpp>

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

13

#include <xyz/openbmc_project/Common/error.hpp>

14

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

15

#include <gtest/gtest.h>

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

16

namespace fs = std::filesystem;

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

17

using InternalFailure =

18

sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

19

using InvalidCertificate =

Marri Devender Rao

13bf74e

2019-03-26 01:52:17 -0500

[diff] [blame]

20

sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

21

using namespace phosphor::certs;

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

22

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

23

/**

24

* Class to generate certificate file and test verification of certificate file

25

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

26

class TestCertificates : public ::testing::Test

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

27

{

28

public:

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

29

TestCertificates() : bus(sdbusplus::bus::new_default())

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

30

{

31

}

32

void SetUp() override

33

{

34

char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";

35

auto dirPtr = mkdtemp(dirTemplate);

36

if (dirPtr == NULL)

37

{

38

throw std::bad_alloc();

39

}

40

certDir = dirPtr;

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

41

42

createNewCertificate();

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

43

}

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

44

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

45

void TearDown() override

46

{

47

fs::remove_all(certDir);

48

fs::remove(certificateFile);

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

49

fs::remove(CSRFile);

50

fs::remove(privateKeyFile);

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

51

}

52

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

53

void createNewCertificate(bool setNewCertId = false)

54

{

55

certificateFile = "cert.pem";

56

CSRFile = "domain.csr";

57

privateKeyFile = "privkey.pem";

58

rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem";

59

std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";

60

cmd += "-keyout cert.pem -out cert.pem -days 3650 -nodes";

61

cmd += " -subj /O=openbmc-project.xyz/CN=localhost";

if (setNewCertId)

{

cmd += std::to_string(certId++);

66

}

67

68

auto val = std::system(cmd.c_str());

69

if (val)

70

{

71

std::cout << "COMMAND Error: " << val << std::endl;

}

}

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

75

bool compareFiles(const std::string& file1, const std::string& file2)

76

{

77

std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate);

78

std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate);

79

80

if (f1.fail() || f2.fail())

81

{

82

return false; // file problem

83

}

84

85

if (f1.tellg() != f2.tellg())

86

{

87

return false; // size mismatch

88

}

89

90

// seek back to beginning and use std::equal to compare contents

91

f1.seekg(0, std::ifstream::beg);

92

f2.seekg(0, std::ifstream::beg);

93

return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()),

94

std::istreambuf_iterator<char>(),

95

std::istreambuf_iterator<char>(f2.rdbuf()));

}

protected:

sdbusplus::bus::bus bus;

Ramesh Iyyar

c6e58c7

2019-07-16 08:52:47 -0500

[diff] [blame]

100

std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath;

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

101

102

std::string certDir;

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

103

uint64_t certId;

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

};

class MainApp

{

public:

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

109

MainApp(phosphor::certs::Manager* manager,

110

phosphor::certs::CSR* csr = nullptr) :

111

manager(manager),

112

csr(csr)

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

113

{

114

}

115

void install(std::string& path)

116

{

117

manager->install(path);

118

}

Marri Devender Rao

9abfae8

2018-10-03 08:10:35 -0500

[diff] [blame]

void delete_()

{

manager->delete_();

}

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

123

124

std::string generateCSR(std::vector<std::string> alternativeNames,

125

std::string challengePassword, std::string city,

126

std::string commonName, std::string contactPerson,

127

std::string country, std::string email,

128

std::string givenName, std::string initials,

129

int64_t keyBitLength, std::string keyCurveId,

130

std::string keyPairAlgorithm,

131

std::vector<std::string> keyUsage,

132

std::string organization,

133

std::string organizationalUnit, std::string state,

134

std::string surname, std::string unstructuredName)

135

{

136

return (manager->generateCSR(

137

alternativeNames, challengePassword, city, commonName,

138

contactPerson, country, email, givenName, initials, keyBitLength,

139

keyCurveId, keyPairAlgorithm, keyUsage, organization,

140

organizationalUnit, state, surname, unstructuredName));

}

std::string cSR()

{

return (csr->cSR());

}

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

146

phosphor::certs::Manager* manager;

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

147

phosphor::certs::CSR* csr;

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

148

};

149

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

150

/** @brief Check if server install routine is invoked for server setup

151

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

152

TEST_F(TestCertificates, InvokeServerInstall)

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

153

{

154

std::string endpoint("https");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

155

std::string unit("");

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

156

std::string type("server");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

157

std::string installPath(certDir + "/" + certificateFile);

158

std::string verifyPath(installPath);

159

UnitsToRestart verifyUnit(unit);

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

160

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

161

auto event = sdeventplus::Event::get_default();

162

// Attach the bus to sd_event to service user requests

163

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

164

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

165

std::move(installPath));

166

MainApp mainApp(&manager);

167

mainApp.install(certificateFile);

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

168

EXPECT_TRUE(fs::exists(verifyPath));

169

}

170

171

/** @brief Check if client install routine is invoked for client setup

172

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

173

TEST_F(TestCertificates, InvokeClientInstall)

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

174

{

175

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

176

std::string unit("");

177

std::string type("server");

178

std::string installPath(certDir + "/" + certificateFile);

179

std::string verifyPath(installPath);

180

UnitsToRestart verifyUnit(unit);

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

181

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

182

auto event = sdeventplus::Event::get_default();

183

// Attach the bus to sd_event to service user requests

184

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

185

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

186

std::move(installPath));

187

MainApp mainApp(&manager);

188

mainApp.install(certificateFile);

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

189

EXPECT_TRUE(fs::exists(verifyPath));

190

}

191

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

192

/** @brief Check if storage install routine is invoked for storage setup

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

193

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

194

TEST_F(TestCertificates, InvokeAuthorityInstall)

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

195

{

196

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

197

std::string unit("");

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

198

std::string type("authority");

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

199

std::string verifyDir(certDir);

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

200

UnitsToRestart verifyUnit(unit);

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

201

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

202

auto event = sdeventplus::Event::get_default();

203

// Attach the bus to sd_event to service user requests

204

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

205

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

206

std::move(certDir));

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

207

MainApp mainApp(&manager);

208

mainApp.install(certificateFile);

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

209

210

std::vector<std::unique_ptr<Certificate>>& certs =

211

manager.getCertificates();

212

213

EXPECT_FALSE(certs.empty());

214

215

std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";

216

217

// Check that certificate has been created at installation directory

218

EXPECT_FALSE(fs::is_empty(verifyDir));

219

EXPECT_TRUE(fs::exists(verifyPath));

220

221

// Check that installed cert is identical to input one

222

EXPECT_TRUE(compareFiles(certificateFile, verifyPath));

223

}

224

225

/** @brief Check if in athority mode user can install a certificate with certain

226

* subject hash once, but cannot install another one with the same hash

227

*/

228

TEST_F(TestCertificates, InvokeInstallSameSubjectTwice)

229

{

230

using NotAllowed =

231

sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;

232

233

std::string endpoint("ldap");

234

std::string unit("");

235

std::string type("authority");

236

std::string verifyDir(certDir);

237

UnitsToRestart verifyUnit(unit);

238

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

239

auto event = sdeventplus::Event::get_default();

240

// Attach the bus to sd_event to service user requests

241

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

242

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

243

std::move(certDir));

244

MainApp mainApp(&manager);

245

mainApp.install(certificateFile);

246

247

std::vector<std::unique_ptr<Certificate>>& certs =

248

manager.getCertificates();

249

250

EXPECT_FALSE(certs.empty());

251

252

std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";

253

254

// Check that certificate has been created at installation directory

255

EXPECT_FALSE(fs::is_empty(verifyDir));

256

EXPECT_TRUE(fs::exists(verifyPath));

257

258

// Check that installed cert is identical to input one

259

EXPECT_TRUE(compareFiles(certificateFile, verifyPath));

260

261

// Try to install another one with the same subject

262

createNewCertificate(false);

EXPECT_THROW(

{

try

{

// install second certificate

269

mainApp.install(certificateFile);

270

}

271

catch (const NotAllowed& e)

{

throw;

}

},

NotAllowed);

// Check that the original certificate has been not removed

279

EXPECT_FALSE(fs::is_empty(verifyDir));

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

280

EXPECT_TRUE(fs::exists(verifyPath));

281

}

282

283

/** @brief Compare the installed certificate with the copied certificate

284

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

285

TEST_F(TestCertificates, CompareInstalledCertificate)

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

286

{

287

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

288

std::string unit("");

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

289

std::string type("client");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

290

std::string installPath(certDir + "/" + certificateFile);

291

std::string verifyPath(installPath);

292

UnitsToRestart verifyUnit(unit);

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

293

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

294

auto event = sdeventplus::Event::get_default();

295

// Attach the bus to sd_event to service user requests

296

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

297

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

298

std::move(installPath));

299

MainApp mainApp(&manager);

300

mainApp.install(certificateFile);

Marri Devender Rao

2018-09-25 10:52:24 -0500

[diff] [blame]

301

EXPECT_TRUE(fs::exists(verifyPath));

302

EXPECT_TRUE(compareFiles(verifyPath, certificateFile));

303

}

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

304

305

/** @brief Check if install fails if certificate file is not found

306

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

307

TEST_F(TestCertificates, TestNoCertificateFile)

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

308

{

309

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

310

std::string unit("");

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

311

std::string type("client");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

312

std::string installPath(certDir + "/" + certificateFile);

313

std::string verifyPath(installPath);

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

314

std::string verifyUnit(unit);

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

315

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

316

std::string uploadFile = "nofile.pem";

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

EXPECT_THROW(

{

try

{

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

321

auto event = sdeventplus::Event::get_default();

322

// Attach the bus to sd_event to service user requests

323

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

324

Manager manager(bus, event, objPath.c_str(), type,

325

std::move(unit), std::move(installPath));

326

MainApp mainApp(&manager);

327

mainApp.install(uploadFile);

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

328

}

329

catch (const InternalFailure& e)

{

throw;

}

},

InternalFailure);

EXPECT_FALSE(fs::exists(verifyPath));

336

}

337

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

338

/** @brief Test replacing existing certificate

339

*/

340

TEST_F(TestCertificates, TestReplaceCertificate)

341

{

342

std::string endpoint("ldap");

343

std::string unit("");

344

std::string type("server");

345

std::string installPath(certDir + "/" + certificateFile);

346

std::string verifyPath(installPath);

347

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

348

auto event = sdeventplus::Event::get_default();

349

// Attach the bus to sd_event to service user requests

350

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

351

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

352

std::move(installPath));

353

MainApp mainApp(&manager);

354

mainApp.install(certificateFile);

355

EXPECT_TRUE(fs::exists(verifyPath));

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

356

std::vector<std::unique_ptr<Certificate>>& certs =

357

manager.getCertificates();

358

EXPECT_FALSE(certs.empty());

359

EXPECT_NE(certs[0], nullptr);

360

certs[0]->replace(certificateFile);

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

361

EXPECT_TRUE(fs::exists(verifyPath));

Kowalski, Kamil

2019-07-08 17:09:39 +0200

[diff] [blame^]

362

}

363

364

/** @brief Test replacing existing certificate

365

*/

366

TEST_F(TestCertificates, TestAuthorityReplaceCertificate)

367

{

368

std::string endpoint("ldap");

369

std::string unit("");

370

std::string type("authority");

371

std::string verifyDir(certDir);

372

UnitsToRestart verifyUnit(unit);

373

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

374

auto event = sdeventplus::Event::get_default();

375

// Attach the bus to sd_event to service user requests

376

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

377

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

378

std::move(certDir));

379

MainApp mainApp(&manager);

380

mainApp.install(certificateFile);

381

382

std::vector<std::unique_ptr<Certificate>>& certs =

383

manager.getCertificates();

384

constexpr const unsigned int REPLACE_ITERATIONS = 10;

385

386

for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++)

387

{

388

// Certificate successfully installed

389

EXPECT_FALSE(certs.empty());

390

391

std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";

392

393

// Check that certificate has been created at installation directory

394

EXPECT_FALSE(fs::is_empty(verifyDir));

395

EXPECT_TRUE(fs::exists(verifyPath));

396

397

// Check that installed cert is identical to input one

398

EXPECT_TRUE(compareFiles(certificateFile, verifyPath));

399

400

// Create new certificate

401

createNewCertificate(true);

402

403

certs[0]->replace(certificateFile);

404

405

// Verify that old certificate has been removed

406

EXPECT_FALSE(fs::exists(verifyPath));

407

}

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

408

}

409

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

410

/** @brief Check if install fails if certificate file is empty

411

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

412

TEST_F(TestCertificates, TestEmptyCertificateFile)

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

413

{

414

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

415

std::string unit("");

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

416

std::string type("client");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

417

std::string installPath(certDir + "/" + certificateFile);

418

std::string verifyPath(installPath);

419

std::string verifyUnit(unit);

420

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

421

std::string emptyFile("emptycert.pem");

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

422

std::ofstream ofs;

423

ofs.open(emptyFile, std::ofstream::out);

424

ofs.close();

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

EXPECT_THROW(

{

try

{

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

429

auto event = sdeventplus::Event::get_default();

430

// Attach the bus to sd_event to service user requests

431

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

432

Manager manager(bus, event, objPath.c_str(), type,

433

std::move(unit), std::move(installPath));

434

MainApp mainApp(&manager);

435

mainApp.install(emptyFile);

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

436

}

437

catch (const InvalidCertificate& e)

{

throw;

}

},

InvalidCertificate);

EXPECT_FALSE(fs::exists(verifyPath));

444

fs::remove(emptyFile);

445

}

446

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

447

/** @brief Check if install fails if certificate file is corrupted

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

448

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

449

TEST_F(TestCertificates, TestInvalidCertificateFile)

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

450

{

451

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

452

std::string unit("");

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

453

std::string type("client");

454

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

455

std::ofstream ofs;

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

456

ofs.open(certificateFile, std::ofstream::out);

457

ofs << "-----BEGIN CERTIFICATE-----";

458

ofs << "ADD_SOME_INVALID_DATA_INTO_FILE";

459

ofs << "-----END CERTIFICATE-----";

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

460

ofs.close();

461

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

462

std::string installPath(certDir + "/" + certificateFile);

463

std::string verifyPath(installPath);

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

464

std::string verifyUnit(unit);

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

465

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

EXPECT_THROW(

{

try

{

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

470

auto event = sdeventplus::Event::get_default();

471

// Attach the bus to sd_event to service user requests

472

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

473

Manager manager(bus, event, objPath.c_str(), type,

474

std::move(unit), std::move(installPath));

475

MainApp mainApp(&manager);

476

mainApp.install(certificateFile);

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

477

}

478

catch (const InvalidCertificate& e)

{

throw;

}

},

InvalidCertificate);

EXPECT_FALSE(fs::exists(verifyPath));

Marri Devender Rao

2018-10-01 06:36:55 -0500

[diff] [blame]

485

}

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

486

487

/**

488

* Class to generate private and certificate only file and test verification

489

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

490

class TestInvalidCertificate : public ::testing::Test

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

491

{

492

public:

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

493

TestInvalidCertificate() : bus(sdbusplus::bus::new_default())

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

494

{

495

}

496

void SetUp() override

497

{

498

char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";

499

auto dirPtr = mkdtemp(dirTemplate);

500

if (dirPtr == NULL)

501

{

502

throw std::bad_alloc();

503

}

504

certDir = dirPtr;

505

certificateFile = "cert.pem";

506

keyFile = "key.pem";

507

std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";

508

cmd += "-keyout key.pem -out cert.pem -days 3650 ";

509

cmd += "-subj "

510

"/O=openbmc-project.xyz/CN=localhost"

511

" -nodes";

512

513

auto val = std::system(cmd.c_str());

514

if (val)

515

{

516

std::cout << "command Error: " << val << std::endl;

517

}

518

}

519

void TearDown() override

520

{

521

fs::remove_all(certDir);

522

fs::remove(certificateFile);

fs::remove(keyFile);

}

protected:

sdbusplus::bus::bus bus;

528

std::string certificateFile;

std::string keyFile;

std::string certDir;

};

/** @brief Check install fails if private key is missing in certificate file

534

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

535

TEST_F(TestInvalidCertificate, TestMissingPrivateKey)

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

536

{

537

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

538

std::string unit("");

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

539

std::string type("client");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

540

std::string installPath(certDir + "/" + certificateFile);

541

std::string verifyPath(installPath);

Jayanth Othayoth

2018-10-09 07:13:54 -0500

[diff] [blame]

542

std::string verifyUnit(unit);

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

543

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

EXPECT_THROW(

{

try

{

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

548

auto event = sdeventplus::Event::get_default();

549

// Attach the bus to sd_event to service user requests

550

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

551

Manager manager(bus, event, objPath.c_str(), type,

552

std::move(unit), std::move(installPath));

553

MainApp mainApp(&manager);

554

mainApp.install(certificateFile);

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

555

}

Marri Devender Rao

cd30c49

2019-06-12 01:40:17 -0500

[diff] [blame]

556

catch (const InternalFailure& e)

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

{

throw;

}

},

Marri Devender Rao

cd30c49

2019-06-12 01:40:17 -0500

[diff] [blame]

561

InternalFailure);

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

562

EXPECT_FALSE(fs::exists(verifyPath));

563

}

564

565

/** @brief Check install fails if ceritificate is missing in certificate file

566

*/

567

TEST_F(TestInvalidCertificate, TestMissingCeritificate)

568

{

569

std::string endpoint("ldap");

570

std::string unit("");

571

std::string type("client");

572

std::string installPath(certDir + "/" + keyFile);

573

std::string verifyPath(installPath);

574

std::string verifyUnit(unit);

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

575

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

EXPECT_THROW(

{

try

{

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

580

auto event = sdeventplus::Event::get_default();

581

// Attach the bus to sd_event to service user requests

582

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

583

Manager manager(bus, event, objPath.c_str(), type,

584

std::move(unit), std::move(installPath));

585

MainApp mainApp(&manager);

586

mainApp.install(keyFile);

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

587

}

Marri Devender Rao

cd30c49

2019-06-12 01:40:17 -0500

[diff] [blame]

588

catch (const InternalFailure& e)

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

{

throw;

}

},

InvalidCertificate);

EXPECT_FALSE(fs::exists(verifyPath));

595

}

596

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

597

/** @brief Check if error is thrown when multiple certificates are installed

598

* At present only one certificate per service is allowed

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

599

*/

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

600

TEST_F(TestCertificates, TestCertInstallNotAllowed)

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

601

{

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

602

using NotAllowed =

603

sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

604

std::string endpoint("ldap");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

605

std::string unit("");

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

606

std::string type("client");

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

607

std::string installPath(certDir + "/" + certificateFile);

608

std::string verifyPath(installPath);

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

609

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

610

auto event = sdeventplus::Event::get_default();

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

611

// Attach the bus to sd_event to service user requests

612

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

613

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

614

std::move(installPath));

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

615

MainApp mainApp(&manager);

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

616

mainApp.install(certificateFile);

617

EXPECT_TRUE(fs::exists(verifyPath));

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

EXPECT_THROW(

{

try

{

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

622

// install second certificate

623

mainApp.install(certificateFile);

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

624

}

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

625

catch (const NotAllowed& e)

Marri Devender Rao

2018-10-03 07:11:02 -0500

[diff] [blame]

{

throw;

}

},

Marri Devender Rao

2019-03-04 05:43:55 -0600

[diff] [blame]

630

NotAllowed);

Marri Devender Rao

9abfae8

2018-10-03 08:10:35 -0500

[diff] [blame]

631

}

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

632

633

TEST_F(TestCertificates, TestGenerateCSR)

634

{

635

std::string endpoint("https");

636

std::string unit("");

637

std::string type("Server");

638

std::string installPath(certDir + "/" + certificateFile);

639

std::string verifyPath(installPath);

640

std::string CSRPath(certDir + "/" + CSRFile);

641

std::string privateKeyPath(certDir + "/" + privateKeyFile);

642

std::vector<std::string> alternativeNames{"localhost1", "localhost2"};

Ramesh Iyyar

2019-06-07 05:23:29 -0500

[diff] [blame]

643

std::string challengePassword("Password");

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

644

std::string city("HYB");

645

std::string commonName("abc.com");

646

std::string contactPerson("Admin");

647

std::string country("IN");

648

std::string email("admin@in.ibm.com");

649

std::string givenName("givenName");

650

std::string initials("G");

651

int64_t keyBitLength(2048);

652

std::string keyCurveId("0");

653

std::string keyPairAlgorithm("RSA");

654

std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};

655

std::string organization("IBM");

Ramesh Iyyar

2019-06-07 05:23:29 -0500

[diff] [blame]

656

std::string organizationalUnit("orgUnit");

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

657

std::string state("TS");

658

std::string surname("surname");

659

std::string unstructuredName("unstructuredName");

660

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

661

auto event = sdeventplus::Event::get_default();

Marri Devender Rao

2019-06-03 04:54:12 -0500

[diff] [blame]

662

// Attach the bus to sd_event to service user requests

663

bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

664

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

665

std::move(installPath));

666

Status status;

667

CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);

668

MainApp mainApp(&manager, &csr);

669

mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,

670

contactPerson, country, email, givenName, initials,

671

keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,

672

organization, organizationalUnit, state, surname,

673

unstructuredName);

674

std::string csrData("");

675

// generateCSR takes considerable time to create CSR and privateKey Files

676

EXPECT_FALSE(fs::exists(CSRPath));

677

EXPECT_FALSE(fs::exists(privateKeyPath));

EXPECT_THROW(

{

try

{

csrData = csr.cSR();

}

catch (const InternalFailure& e)

{

throw;

}

},

InternalFailure);

// wait for 10 sec to get CSR and privateKey Files generated

691

sleep(10);

692

EXPECT_TRUE(fs::exists(CSRPath));

693

EXPECT_TRUE(fs::exists(privateKeyPath));

694

csrData = csr.cSR();

695

ASSERT_NE("", csrData.c_str());

696

}

697

Ramesh Iyyar

2019-06-07 05:23:29 -0500

[diff] [blame]

698

/** @brief Check if ECC key pair is generated when user is not given algorithm

699

* type. At present RSA and EC key pair algorithm are supported

700

*/

701

TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm)

702

{

703

std::string endpoint("https");

704

std::string unit("");

705

std::string type("Server");

706

std::string installPath(certDir + "/" + certificateFile);

707

std::string verifyPath(installPath);

708

std::string CSRPath(certDir + "/" + CSRFile);

709

std::string privateKeyPath(certDir + "/" + privateKeyFile);

710

std::vector<std::string> alternativeNames{"localhost1", "localhost2"};

711

std::string challengePassword("Password");

712

std::string city("HYB");

713

std::string commonName("abc.com");

714

std::string contactPerson("Admin");

715

std::string country("IN");

716

std::string email("admin@in.ibm.com");

717

std::string givenName("givenName");

718

std::string initials("G");

719

int64_t keyBitLength(2048);

720

std::string keyCurveId("");

721

std::string keyPairAlgorithm("");

722

std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};

723

std::string organization("IBM");

724

std::string organizationalUnit("orgUnit");

725

std::string state("TS");

726

std::string surname("surname");

727

std::string unstructuredName("unstructuredName");

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

728

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

729

auto event = sdeventplus::Event::get_default();

730

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

731

std::move(installPath));

732

Status status;

733

CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);

734

MainApp mainApp(&manager, &csr);

735

mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,

736

contactPerson, country, email, givenName, initials,

737

keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,

738

organization, organizationalUnit, state, surname,

739

unstructuredName);

740

sleep(10);

Ramesh Iyyar

2019-06-07 05:23:29 -0500

[diff] [blame]

741

EXPECT_TRUE(fs::exists(CSRPath));

742

EXPECT_TRUE(fs::exists(privateKeyPath));

743

}

744

745

/** @brief Check if error is thrown when giving un supported key pair

746

* algorithm. At present RSA and EC key pair algorithm are supported

747

*/

748

TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm)

749

{

750

std::string endpoint("https");

751

std::string unit("");

752

std::string type("Server");

753

std::string installPath(certDir + "/" + certificateFile);

754

std::string verifyPath(installPath);

755

std::string CSRPath(certDir + "/" + CSRFile);

756

std::string privateKeyPath(certDir + "/" + privateKeyFile);

757

std::vector<std::string> alternativeNames{"localhost1", "localhost2"};

758

std::string challengePassword("Password");

759

std::string city("HYB");

760

std::string commonName("abc.com");

761

std::string contactPerson("Admin");

762

std::string country("IN");

763

std::string email("admin@in.ibm.com");

764

std::string givenName("givenName");

765

std::string initials("G");

766

int64_t keyBitLength(2048);

767

std::string keyCurveId("secp521r1");

768

std::string keyPairAlgorithm("UnSupportedAlgorithm");

769

std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};

770

std::string organization("IBM");

771

std::string organizationalUnit("orgUnit");

772

std::string state("TS");

773

std::string surname("surname");

774

std::string unstructuredName("unstructuredName");

775

auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;

776

auto event = sdeventplus::Event::get_default();

777

Manager manager(bus, event, objPath.c_str(), type, std::move(unit),

778

std::move(installPath));

779

Status status;

780

CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);

781

MainApp mainApp(&manager, &csr);

782

mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,

783

contactPerson, country, email, givenName, initials,

784

keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,

785

organization, organizationalUnit, state, surname,

786

unstructuredName);

Marri Devender Rao

2019-03-19 05:00:28 -0500

[diff] [blame]

787

EXPECT_FALSE(fs::exists(CSRPath));

788

EXPECT_FALSE(fs::exists(privateKeyPath));

789

}

Ramesh Iyyar