Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-certificate-manager / fe590c4e28e28f611162f5766681d6396d6fd59b / . / test / certs_manager_test.cpp
blob: 4a3c6a41b6a3d8ca0f6ab7da35e8d27525c4c52f [file] [log] [blame]
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]1#include "config.h"
2
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]3#include "certificate.hpp"
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]4#include "certs_manager.hpp"
5
6#include <algorithm>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]7#include <filesystem>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]8#include <fstream>
9#include <iterator>
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]10#include <sdeventplus/event.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]11#include <string>
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]12#include <xyz/openbmc_project/Certs/error.hpp>
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]13#include <xyz/openbmc_project/Common/error.hpp>
14
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]15#include <gtest/gtest.h>
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]16namespace fs = std::filesystem;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]17using InternalFailure =
18 sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]19using InvalidCertificate =
Marri Devender Rao13bf74e2019-03-26 01:52:17 -0500[diff] [blame]20 sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]21using namespace phosphor::certs;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]22
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]23/**
24 * Class to generate certificate file and test verification of certificate file
25 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]26class TestCertificates : public ::testing::Test
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]27{
28 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]29 TestCertificates() : bus(sdbusplus::bus::new_default())
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]30 {
31 }
32 void SetUp() override
33 {
34 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
35 auto dirPtr = mkdtemp(dirTemplate);
36 if (dirPtr == NULL)
37 {
38 throw std::bad_alloc();
39 }
Zbigniew Lukwinskife590c42019-12-10 12:33:50 +0100[diff] [blame^]40 certDir = std::string(dirPtr) + "/certs";
41 fs::create_directories(certDir);
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]42
43 createNewCertificate();
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]44 }
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]45
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]46 void TearDown() override
47 {
48 fs::remove_all(certDir);
49 fs::remove(certificateFile);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]50 fs::remove(CSRFile);
51 fs::remove(privateKeyFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]52 }
53
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]54 void createNewCertificate(bool setNewCertId = false)
55 {
56 certificateFile = "cert.pem";
57 CSRFile = "domain.csr";
58 privateKeyFile = "privkey.pem";
59 rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem";
60 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
61 cmd += "-keyout cert.pem -out cert.pem -days 3650 -nodes";
62 cmd += " -subj /O=openbmc-project.xyz/CN=localhost";
63
64 if (setNewCertId)
65 {
66 cmd += std::to_string(certId++);
67 }
68
69 auto val = std::system(cmd.c_str());
70 if (val)
71 {
72 std::cout << "COMMAND Error: " << val << std::endl;
73 }
74 }
75
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]76 bool compareFiles(const std::string& file1, const std::string& file2)
77 {
78 std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate);
79 std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate);
80
81 if (f1.fail() || f2.fail())
82 {
83 return false; // file problem
84 }
85
86 if (f1.tellg() != f2.tellg())
87 {
88 return false; // size mismatch
89 }
90
91 // seek back to beginning and use std::equal to compare contents
92 f1.seekg(0, std::ifstream::beg);
93 f2.seekg(0, std::ifstream::beg);
94 return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()),
95 std::istreambuf_iterator<char>(),
96 std::istreambuf_iterator<char>(f2.rdbuf()));
97 }
98
99 protected:
100 sdbusplus::bus::bus bus;
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]101 std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]102
103 std::string certDir;
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]104 uint64_t certId;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]105};
106
107class MainApp
108{
109 public:
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]110 MainApp(phosphor::certs::Manager* manager,
111 phosphor::certs::CSR* csr = nullptr) :
112 manager(manager),
113 csr(csr)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]114 {
115 }
116 void install(std::string& path)
117 {
118 manager->install(path);
119 }
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]120 void delete_()
121 {
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame]122 manager->deleteAll();
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]123 }
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]124
125 std::string generateCSR(std::vector<std::string> alternativeNames,
126 std::string challengePassword, std::string city,
127 std::string commonName, std::string contactPerson,
128 std::string country, std::string email,
129 std::string givenName, std::string initials,
130 int64_t keyBitLength, std::string keyCurveId,
131 std::string keyPairAlgorithm,
132 std::vector<std::string> keyUsage,
133 std::string organization,
134 std::string organizationalUnit, std::string state,
135 std::string surname, std::string unstructuredName)
136 {
137 return (manager->generateCSR(
138 alternativeNames, challengePassword, city, commonName,
139 contactPerson, country, email, givenName, initials, keyBitLength,
140 keyCurveId, keyPairAlgorithm, keyUsage, organization,
141 organizationalUnit, state, surname, unstructuredName));
142 }
143 std::string cSR()
144 {
145 return (csr->cSR());
146 }
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]147 phosphor::certs::Manager* manager;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]148 phosphor::certs::CSR* csr;
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]149};
150
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]151/** @brief Check if server install routine is invoked for server setup
152 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]153TEST_F(TestCertificates, InvokeServerInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]154{
155 std::string endpoint("https");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]156 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]157 std::string type("server");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]158 std::string installPath(certDir + "/" + certificateFile);
159 std::string verifyPath(installPath);
160 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]161 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]162 auto event = sdeventplus::Event::get_default();
163 // Attach the bus to sd_event to service user requests
164 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
165 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
166 std::move(installPath));
167 MainApp mainApp(&manager);
168 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]169 EXPECT_TRUE(fs::exists(verifyPath));
170}
171
172/** @brief Check if client install routine is invoked for client setup
173 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]174TEST_F(TestCertificates, InvokeClientInstall)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]175{
176 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]177 std::string unit("");
178 std::string type("server");
179 std::string installPath(certDir + "/" + certificateFile);
180 std::string verifyPath(installPath);
181 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]182 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]183 auto event = sdeventplus::Event::get_default();
184 // Attach the bus to sd_event to service user requests
185 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
186 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
187 std::move(installPath));
188 MainApp mainApp(&manager);
189 mainApp.install(certificateFile);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]190 EXPECT_TRUE(fs::exists(verifyPath));
191}
192
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]193/** @brief Check if storage install routine is invoked for storage setup
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]194 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]195TEST_F(TestCertificates, InvokeAuthorityInstall)
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]196{
197 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]198 std::string unit("");
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]199 std::string type("authority");
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]200 std::string verifyDir(certDir);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]201 UnitsToRestart verifyUnit(unit);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]202 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]203 auto event = sdeventplus::Event::get_default();
204 // Attach the bus to sd_event to service user requests
205 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
206 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]207 std::move(certDir));
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]208 MainApp mainApp(&manager);
209 mainApp.install(certificateFile);
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]210
211 std::vector<std::unique_ptr<Certificate>>& certs =
212 manager.getCertificates();
213
214 EXPECT_FALSE(certs.empty());
215
216 std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";
217
218 // Check that certificate has been created at installation directory
219 EXPECT_FALSE(fs::is_empty(verifyDir));
220 EXPECT_TRUE(fs::exists(verifyPath));
221
222 // Check that installed cert is identical to input one
223 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
224}
225
226/** @brief Check if in athority mode user can install a certificate with certain
227 * subject hash once, but cannot install another one with the same hash
228 */
229TEST_F(TestCertificates, InvokeInstallSameSubjectTwice)
230{
231 using NotAllowed =
232 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
233
234 std::string endpoint("ldap");
235 std::string unit("");
236 std::string type("authority");
237 std::string verifyDir(certDir);
238 UnitsToRestart verifyUnit(unit);
239 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
240 auto event = sdeventplus::Event::get_default();
241 // Attach the bus to sd_event to service user requests
242 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
243 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
244 std::move(certDir));
245 MainApp mainApp(&manager);
246 mainApp.install(certificateFile);
247
248 std::vector<std::unique_ptr<Certificate>>& certs =
249 manager.getCertificates();
250
251 EXPECT_FALSE(certs.empty());
252
253 std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";
254
255 // Check that certificate has been created at installation directory
256 EXPECT_FALSE(fs::is_empty(verifyDir));
257 EXPECT_TRUE(fs::exists(verifyPath));
258
259 // Check that installed cert is identical to input one
260 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
261
262 // Try to install another one with the same subject
263 createNewCertificate(false);
264
265 EXPECT_THROW(
266 {
267 try
268 {
269 // install second certificate
270 mainApp.install(certificateFile);
271 }
272 catch (const NotAllowed& e)
273 {
274 throw;
275 }
276 },
277 NotAllowed);
278
279 // Check that the original certificate has been not removed
280 EXPECT_FALSE(fs::is_empty(verifyDir));
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]281 EXPECT_TRUE(fs::exists(verifyPath));
282}
283
284/** @brief Compare the installed certificate with the copied certificate
285 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]286TEST_F(TestCertificates, CompareInstalledCertificate)
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]287{
288 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]289 std::string unit("");
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]290 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]291 std::string installPath(certDir + "/" + certificateFile);
292 std::string verifyPath(installPath);
293 UnitsToRestart verifyUnit(unit);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]294 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]295 auto event = sdeventplus::Event::get_default();
296 // Attach the bus to sd_event to service user requests
297 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
298 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
299 std::move(installPath));
300 MainApp mainApp(&manager);
301 mainApp.install(certificateFile);
Marri Devender Rao947258d2018-09-25 10:52:24 -0500[diff] [blame]302 EXPECT_TRUE(fs::exists(verifyPath));
303 EXPECT_TRUE(compareFiles(verifyPath, certificateFile));
304}
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]305
306/** @brief Check if install fails if certificate file is not found
307 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]308TEST_F(TestCertificates, TestNoCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]309{
310 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]311 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]312 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]313 std::string installPath(certDir + "/" + certificateFile);
314 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]315 std::string verifyUnit(unit);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]316 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]317 std::string uploadFile = "nofile.pem";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]318 EXPECT_THROW(
319 {
320 try
321 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]322 auto event = sdeventplus::Event::get_default();
323 // Attach the bus to sd_event to service user requests
324 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
325 Manager manager(bus, event, objPath.c_str(), type,
326 std::move(unit), std::move(installPath));
327 MainApp mainApp(&manager);
328 mainApp.install(uploadFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]329 }
330 catch (const InternalFailure& e)
331 {
332 throw;
333 }
334 },
335 InternalFailure);
336 EXPECT_FALSE(fs::exists(verifyPath));
337}
338
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]339/** @brief Test replacing existing certificate
340 */
341TEST_F(TestCertificates, TestReplaceCertificate)
342{
343 std::string endpoint("ldap");
344 std::string unit("");
345 std::string type("server");
346 std::string installPath(certDir + "/" + certificateFile);
347 std::string verifyPath(installPath);
348 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
349 auto event = sdeventplus::Event::get_default();
350 // Attach the bus to sd_event to service user requests
351 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
352 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
353 std::move(installPath));
354 MainApp mainApp(&manager);
355 mainApp.install(certificateFile);
356 EXPECT_TRUE(fs::exists(verifyPath));
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]357 std::vector<std::unique_ptr<Certificate>>& certs =
358 manager.getCertificates();
359 EXPECT_FALSE(certs.empty());
360 EXPECT_NE(certs[0], nullptr);
361 certs[0]->replace(certificateFile);
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]362 EXPECT_TRUE(fs::exists(verifyPath));
Kowalski, Kamildb029c92019-07-08 17:09:39 +0200[diff] [blame]363}
364
365/** @brief Test replacing existing certificate
366 */
367TEST_F(TestCertificates, TestAuthorityReplaceCertificate)
368{
369 std::string endpoint("ldap");
370 std::string unit("");
371 std::string type("authority");
372 std::string verifyDir(certDir);
373 UnitsToRestart verifyUnit(unit);
374 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
375 auto event = sdeventplus::Event::get_default();
376 // Attach the bus to sd_event to service user requests
377 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
378 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
379 std::move(certDir));
380 MainApp mainApp(&manager);
381 mainApp.install(certificateFile);
382
383 std::vector<std::unique_ptr<Certificate>>& certs =
384 manager.getCertificates();
385 constexpr const unsigned int REPLACE_ITERATIONS = 10;
386
387 for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++)
388 {
389 // Certificate successfully installed
390 EXPECT_FALSE(certs.empty());
391
392 std::string verifyPath = verifyDir + "/" + certs[0]->getHash() + ".0";
393
394 // Check that certificate has been created at installation directory
395 EXPECT_FALSE(fs::is_empty(verifyDir));
396 EXPECT_TRUE(fs::exists(verifyPath));
397
398 // Check that installed cert is identical to input one
399 EXPECT_TRUE(compareFiles(certificateFile, verifyPath));
400
401 // Create new certificate
402 createNewCertificate(true);
403
404 certs[0]->replace(certificateFile);
405
406 // Verify that old certificate has been removed
407 EXPECT_FALSE(fs::exists(verifyPath));
408 }
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]409}
410
Zbigniew Kurzynskia3bb38f2019-09-17 13:34:25 +0200[diff] [blame]411/** @brief Test verifiing if delete function works.
412 */
413TEST_F(TestCertificates, TestStorageDeleteCertificate)
414{
415 std::string endpoint("ldap");
416 std::string unit("");
417 std::string type("authority");
418 std::string verifyDir(certDir);
419 UnitsToRestart verifyUnit(unit);
420 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
421 auto event = sdeventplus::Event::get_default();
422 // Attach the bus to sd_event to service user requests
423 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
424 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
425 std::move(certDir));
426 MainApp mainApp(&manager);
427
428 // Check if certificate placeholder dir is empty
429 EXPECT_TRUE(fs::is_empty(verifyDir));
430 mainApp.install(certificateFile);
431
432 // Create new certificate
433 createNewCertificate(true);
434 mainApp.install(certificateFile);
435
436 createNewCertificate(true);
437 mainApp.install(certificateFile);
438
439 std::vector<std::unique_ptr<Certificate>>& certs =
440 manager.getCertificates();
441
442 // All 3 certificates successfully installed and added to manager
443 EXPECT_EQ(certs.size(), 3);
444
445 // Check if certificate placeholder is not empty, there should be 3
446 // certificates
447 EXPECT_FALSE(fs::is_empty(verifyDir));
448
449 certs[0]->delete_();
450 EXPECT_EQ(certs.size(), 2);
451
452 certs[0]->delete_();
453 EXPECT_EQ(certs.size(), 1);
454
455 certs[0]->delete_();
456 EXPECT_EQ(certs.size(), 0);
457
458 // Check if certificate placeholder is empty.
459 EXPECT_TRUE(fs::is_empty(verifyDir));
460}
461
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]462/** @brief Check if install fails if certificate file is empty
463 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]464TEST_F(TestCertificates, TestEmptyCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]465{
466 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]467 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]468 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]469 std::string installPath(certDir + "/" + certificateFile);
470 std::string verifyPath(installPath);
471 std::string verifyUnit(unit);
472 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]473 std::string emptyFile("emptycert.pem");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]474 std::ofstream ofs;
475 ofs.open(emptyFile, std::ofstream::out);
476 ofs.close();
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]477 EXPECT_THROW(
478 {
479 try
480 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]481 auto event = sdeventplus::Event::get_default();
482 // Attach the bus to sd_event to service user requests
483 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
484 Manager manager(bus, event, objPath.c_str(), type,
485 std::move(unit), std::move(installPath));
486 MainApp mainApp(&manager);
487 mainApp.install(emptyFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]488 }
489 catch (const InvalidCertificate& e)
490 {
491 throw;
492 }
493 },
494 InvalidCertificate);
495 EXPECT_FALSE(fs::exists(verifyPath));
496 fs::remove(emptyFile);
497}
498
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]499/** @brief Check if install fails if certificate file is corrupted
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]500 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]501TEST_F(TestCertificates, TestInvalidCertificateFile)
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]502{
503 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]504 std::string unit("");
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]505 std::string type("client");
506
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]507 std::ofstream ofs;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]508 ofs.open(certificateFile, std::ofstream::out);
509 ofs << "-----BEGIN CERTIFICATE-----";
510 ofs << "ADD_SOME_INVALID_DATA_INTO_FILE";
511 ofs << "-----END CERTIFICATE-----";
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]512 ofs.close();
513
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]514 std::string installPath(certDir + "/" + certificateFile);
515 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]516 std::string verifyUnit(unit);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]517 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]518 EXPECT_THROW(
519 {
520 try
521 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]522 auto event = sdeventplus::Event::get_default();
523 // Attach the bus to sd_event to service user requests
524 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
525 Manager manager(bus, event, objPath.c_str(), type,
526 std::move(unit), std::move(installPath));
527 MainApp mainApp(&manager);
528 mainApp.install(certificateFile);
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]529 }
530 catch (const InvalidCertificate& e)
531 {
532 throw;
533 }
534 },
535 InvalidCertificate);
536 EXPECT_FALSE(fs::exists(verifyPath));
Marri Devender Raoe6597c52018-10-01 06:36:55 -0500[diff] [blame]537}
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]538
539/**
540 * Class to generate private and certificate only file and test verification
541 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]542class TestInvalidCertificate : public ::testing::Test
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]543{
544 public:
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]545 TestInvalidCertificate() : bus(sdbusplus::bus::new_default())
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]546 {
547 }
548 void SetUp() override
549 {
550 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX";
551 auto dirPtr = mkdtemp(dirTemplate);
552 if (dirPtr == NULL)
553 {
554 throw std::bad_alloc();
555 }
Zbigniew Lukwinskife590c42019-12-10 12:33:50 +0100[diff] [blame^]556 certDir = std::string(dirPtr) + "/certs";
557 fs::create_directories(certDir);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]558 certificateFile = "cert.pem";
559 keyFile = "key.pem";
560 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 ";
561 cmd += "-keyout key.pem -out cert.pem -days 3650 ";
562 cmd += "-subj "
563 "/O=openbmc-project.xyz/CN=localhost"
564 " -nodes";
565
566 auto val = std::system(cmd.c_str());
567 if (val)
568 {
569 std::cout << "command Error: " << val << std::endl;
570 }
571 }
572 void TearDown() override
573 {
574 fs::remove_all(certDir);
575 fs::remove(certificateFile);
576 fs::remove(keyFile);
577 }
578
579 protected:
580 sdbusplus::bus::bus bus;
581 std::string certificateFile;
582 std::string keyFile;
583 std::string certDir;
584};
585
586/** @brief Check install fails if private key is missing in certificate file
587 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]588TEST_F(TestInvalidCertificate, TestMissingPrivateKey)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]589{
590 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]591 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]592 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]593 std::string installPath(certDir + "/" + certificateFile);
594 std::string verifyPath(installPath);
Jayanth Othayothb50789c2018-10-09 07:13:54 -0500[diff] [blame]595 std::string verifyUnit(unit);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]596 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]597 EXPECT_THROW(
598 {
599 try
600 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]601 auto event = sdeventplus::Event::get_default();
602 // Attach the bus to sd_event to service user requests
603 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
604 Manager manager(bus, event, objPath.c_str(), type,
605 std::move(unit), std::move(installPath));
606 MainApp mainApp(&manager);
607 mainApp.install(certificateFile);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]608 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]609 catch (const InternalFailure& e)
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]610 {
611 throw;
612 }
613 },
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]614 InternalFailure);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]615 EXPECT_FALSE(fs::exists(verifyPath));
616}
617
618/** @brief Check install fails if ceritificate is missing in certificate file
619 */
620TEST_F(TestInvalidCertificate, TestMissingCeritificate)
621{
622 std::string endpoint("ldap");
623 std::string unit("");
624 std::string type("client");
625 std::string installPath(certDir + "/" + keyFile);
626 std::string verifyPath(installPath);
627 std::string verifyUnit(unit);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]628 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
629 EXPECT_THROW(
630 {
631 try
632 {
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]633 auto event = sdeventplus::Event::get_default();
634 // Attach the bus to sd_event to service user requests
635 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
636 Manager manager(bus, event, objPath.c_str(), type,
637 std::move(unit), std::move(installPath));
638 MainApp mainApp(&manager);
639 mainApp.install(keyFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]640 }
Marri Devender Raocd30c492019-06-12 01:40:17 -0500[diff] [blame]641 catch (const InternalFailure& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]642 {
643 throw;
644 }
645 },
646 InvalidCertificate);
647 EXPECT_FALSE(fs::exists(verifyPath));
648}
649
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]650/** @brief Check if error is thrown when multiple certificates are installed
651 * At present only one certificate per service is allowed
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]652 */
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]653TEST_F(TestCertificates, TestCertInstallNotAllowed)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]654{
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]655 using NotAllowed =
656 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]657 std::string endpoint("ldap");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]658 std::string unit("");
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]659 std::string type("client");
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]660 std::string installPath(certDir + "/" + certificateFile);
661 std::string verifyPath(installPath);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]662 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]663 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]664 // Attach the bus to sd_event to service user requests
665 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]666 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]667 std::move(installPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]668 MainApp mainApp(&manager);
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]669 mainApp.install(certificateFile);
670 EXPECT_TRUE(fs::exists(verifyPath));
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]671 EXPECT_THROW(
672 {
673 try
674 {
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]675 // install second certificate
676 mainApp.install(certificateFile);
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]677 }
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]678 catch (const NotAllowed& e)
Marri Devender Raoddf64862018-10-03 07:11:02 -0500[diff] [blame]679 {
680 throw;
681 }
682 },
Marri Devender Rao8841dbd2019-03-04 05:43:55 -0600[diff] [blame]683 NotAllowed);
Marri Devender Rao9abfae82018-10-03 08:10:35 -0500[diff] [blame]684}
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]685
686TEST_F(TestCertificates, TestGenerateCSR)
687{
688 std::string endpoint("https");
689 std::string unit("");
690 std::string type("Server");
691 std::string installPath(certDir + "/" + certificateFile);
692 std::string verifyPath(installPath);
693 std::string CSRPath(certDir + "/" + CSRFile);
694 std::string privateKeyPath(certDir + "/" + privateKeyFile);
695 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]696 std::string challengePassword("Password");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]697 std::string city("HYB");
698 std::string commonName("abc.com");
699 std::string contactPerson("Admin");
700 std::string country("IN");
701 std::string email("admin@in.ibm.com");
702 std::string givenName("givenName");
703 std::string initials("G");
704 int64_t keyBitLength(2048);
705 std::string keyCurveId("0");
706 std::string keyPairAlgorithm("RSA");
707 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
708 std::string organization("IBM");
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]709 std::string organizationalUnit("orgUnit");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]710 std::string state("TS");
711 std::string surname("surname");
712 std::string unstructuredName("unstructuredName");
713 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
714 auto event = sdeventplus::Event::get_default();
Marri Devender Raoffad1ef2019-06-03 04:54:12 -0500[diff] [blame]715 // Attach the bus to sd_event to service user requests
716 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]717 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
718 std::move(installPath));
719 Status status;
720 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
721 MainApp mainApp(&manager, &csr);
722 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
723 contactPerson, country, email, givenName, initials,
724 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
725 organization, organizationalUnit, state, surname,
726 unstructuredName);
727 std::string csrData("");
728 // generateCSR takes considerable time to create CSR and privateKey Files
729 EXPECT_FALSE(fs::exists(CSRPath));
730 EXPECT_FALSE(fs::exists(privateKeyPath));
731 EXPECT_THROW(
732 {
733 try
734 {
735 csrData = csr.cSR();
736 }
737 catch (const InternalFailure& e)
738 {
739 throw;
740 }
741 },
742 InternalFailure);
743 // wait for 10 sec to get CSR and privateKey Files generated
744 sleep(10);
745 EXPECT_TRUE(fs::exists(CSRPath));
746 EXPECT_TRUE(fs::exists(privateKeyPath));
747 csrData = csr.cSR();
748 ASSERT_NE("", csrData.c_str());
749}
750
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]751/** @brief Check if ECC key pair is generated when user is not given algorithm
752 * type. At present RSA and EC key pair algorithm are supported
753 */
754TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm)
755{
756 std::string endpoint("https");
757 std::string unit("");
758 std::string type("Server");
759 std::string installPath(certDir + "/" + certificateFile);
760 std::string verifyPath(installPath);
761 std::string CSRPath(certDir + "/" + CSRFile);
762 std::string privateKeyPath(certDir + "/" + privateKeyFile);
763 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
764 std::string challengePassword("Password");
765 std::string city("HYB");
766 std::string commonName("abc.com");
767 std::string contactPerson("Admin");
768 std::string country("IN");
769 std::string email("admin@in.ibm.com");
770 std::string givenName("givenName");
771 std::string initials("G");
772 int64_t keyBitLength(2048);
773 std::string keyCurveId("");
774 std::string keyPairAlgorithm("");
775 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
776 std::string organization("IBM");
777 std::string organizationalUnit("orgUnit");
778 std::string state("TS");
779 std::string surname("surname");
780 std::string unstructuredName("unstructuredName");
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]781 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
782 auto event = sdeventplus::Event::get_default();
783 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
784 std::move(installPath));
785 Status status;
786 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
787 MainApp mainApp(&manager, &csr);
788 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
789 contactPerson, country, email, givenName, initials,
790 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
791 organization, organizationalUnit, state, surname,
792 unstructuredName);
793 sleep(10);
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]794 EXPECT_TRUE(fs::exists(CSRPath));
795 EXPECT_TRUE(fs::exists(privateKeyPath));
796}
797
798/** @brief Check if error is thrown when giving un supported key pair
799 * algorithm. At present RSA and EC key pair algorithm are supported
800 */
801TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm)
802{
803 std::string endpoint("https");
804 std::string unit("");
805 std::string type("Server");
806 std::string installPath(certDir + "/" + certificateFile);
807 std::string verifyPath(installPath);
808 std::string CSRPath(certDir + "/" + CSRFile);
809 std::string privateKeyPath(certDir + "/" + privateKeyFile);
810 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
811 std::string challengePassword("Password");
812 std::string city("HYB");
813 std::string commonName("abc.com");
814 std::string contactPerson("Admin");
815 std::string country("IN");
816 std::string email("admin@in.ibm.com");
817 std::string givenName("givenName");
818 std::string initials("G");
819 int64_t keyBitLength(2048);
820 std::string keyCurveId("secp521r1");
821 std::string keyPairAlgorithm("UnSupportedAlgorithm");
822 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
823 std::string organization("IBM");
824 std::string organizationalUnit("orgUnit");
825 std::string state("TS");
826 std::string surname("surname");
827 std::string unstructuredName("unstructuredName");
828 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
829 auto event = sdeventplus::Event::get_default();
830 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
831 std::move(installPath));
832 Status status;
833 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
834 MainApp mainApp(&manager, &csr);
835 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
836 contactPerson, country, email, givenName, initials,
837 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
838 organization, organizationalUnit, state, surname,
839 unstructuredName);
Marri Devender Raof4682712019-03-19 05:00:28 -0500[diff] [blame]840 EXPECT_FALSE(fs::exists(CSRPath));
841 EXPECT_FALSE(fs::exists(privateKeyPath));
842}
Ramesh Iyyar8a09b522019-06-07 05:23:29 -0500[diff] [blame]843
844/** @brief Check if error is thrown when NID_undef is returned for given key
845 * curve id
846 */
847TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase)
848{
849 std::string endpoint("https");
850 std::string unit("");
851 std::string type("Server");
852 std::string installPath(certDir + "/" + certificateFile);
853 std::string verifyPath(installPath);
854 std::string CSRPath(certDir + "/" + CSRFile);
855 std::string privateKeyPath(certDir + "/" + privateKeyFile);
856 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
857 std::string challengePassword("Password");
858 std::string city("BLR");
859 std::string commonName("abc.com");
860 std::string contactPerson("Admin");
861 std::string country("IN");
862 std::string email("admin@in.ibm.com");
863 std::string givenName("givenName");
864 std::string initials("G");
865 int64_t keyBitLength(2048);
866 std::string keyCurveId("DummyCurveName");
867 std::string keyPairAlgorithm("EC");
868 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
869 std::string organization("IBM");
870 std::string organizationalUnit("orgUnit");
871 std::string state("TS");
872 std::string surname("surname");
873 std::string unstructuredName("unstructuredName");
874 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
875 auto event = sdeventplus::Event::get_default();
876 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
877 std::move(installPath));
878 Status status;
879 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
880 MainApp mainApp(&manager, &csr);
881 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
882 contactPerson, country, email, givenName, initials,
883 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
884 organization, organizationalUnit, state, surname,
885 unstructuredName);
886 EXPECT_FALSE(fs::exists(CSRPath));
887 EXPECT_FALSE(fs::exists(privateKeyPath));
888}
889
890/** @brief Check default Key Curve Id is used if given curve id is empty
891 */
892TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId)
893{
894 std::string endpoint("https");
895 std::string unit("");
896 std::string type("Server");
897 std::string installPath(certDir + "/" + certificateFile);
898 std::string verifyPath(installPath);
899 std::string CSRPath(certDir + "/" + CSRFile);
900 std::string privateKeyPath(certDir + "/" + privateKeyFile);
901 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
902 std::string challengePassword("Password");
903 std::string city("BLR");
904 std::string commonName("abc.com");
905 std::string contactPerson("Admin");
906 std::string country("IN");
907 std::string email("admin@in.ibm.com");
908 std::string givenName("givenName");
909 std::string initials("G");
910 int64_t keyBitLength(2048);
911 std::string keyCurveId("");
912 std::string keyPairAlgorithm("EC");
913 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
914 std::string organization("IBM");
915 std::string organizationalUnit("orgUnit");
916 std::string state("TS");
917 std::string surname("surname");
918 std::string unstructuredName("unstructuredName");
919 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
920 auto event = sdeventplus::Event::get_default();
921 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
922 std::move(installPath));
923 Status status;
924 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
925 MainApp mainApp(&manager, &csr);
926 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
927 contactPerson, country, email, givenName, initials,
928 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
929 organization, organizationalUnit, state, surname,
930 unstructuredName);
931 sleep(10);
932 EXPECT_TRUE(fs::exists(CSRPath));
933 EXPECT_TRUE(fs::exists(privateKeyPath));
934}
935
936/** @brief Check if error is not thrown to generate EC key pair
937 */
938TEST_F(TestCertificates, TestECKeyGeneration)
939{
940 std::string endpoint("https");
941 std::string unit("");
942 std::string type("Server");
943 std::string installPath(certDir + "/" + certificateFile);
944 std::string verifyPath(installPath);
945 std::string CSRPath(certDir + "/" + CSRFile);
946 std::string privateKeyPath(certDir + "/" + privateKeyFile);
947 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
948 std::string challengePassword("Password");
949 std::string city("BLR");
950 std::string commonName("abc.com");
951 std::string contactPerson("Admin");
952 std::string country("IN");
953 std::string email("admin@in.ibm.com");
954 std::string givenName("givenName");
955 std::string initials("G");
956 int64_t keyBitLength(2048);
957 std::string keyCurveId("secp521r1");
958 std::string keyPairAlgorithm("EC");
959 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
960 std::string organization("IBM");
961 std::string organizationalUnit("orgUnit");
962 std::string state("TS");
963 std::string surname("surname");
964 std::string unstructuredName("unstructuredName");
965 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
966 auto event = sdeventplus::Event::get_default();
967 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
968 std::move(installPath));
969 Status status;
970 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
971 MainApp mainApp(&manager, &csr);
972 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
973 contactPerson, country, email, givenName, initials,
974 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
975 organization, organizationalUnit, state, surname,
976 unstructuredName);
977 std::cout << "CSRPath: " << CSRPath << std::endl
978 << "privateKeyPath: " << privateKeyPath << std::endl;
979 sleep(10);
980 EXPECT_TRUE(fs::exists(CSRPath));
981 EXPECT_TRUE(fs::exists(privateKeyPath));
982}
Ramesh Iyyarc6e58c72019-07-16 08:52:47 -0500[diff] [blame]983
984/** @brief Check error is thrown if giving unsupported ket bit length to
985 * generate rsa key
986 */
987TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength)
988{
989 std::string endpoint("https");
990 std::string unit("");
991 std::string type("Server");
992 std::string installPath(certDir + "/" + certificateFile);
993 std::string verifyPath(installPath);
994 std::string CSRPath(certDir + "/" + CSRFile);
995 std::string privateKeyPath(certDir + "/" + privateKeyFile);
996 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
997 std::string challengePassword("Password");
998 std::string city("BLR");
999 std::string commonName("abc.com");
1000 std::string contactPerson("Admin");
1001 std::string country("IN");
1002 std::string email("admin@in.ibm.com");
1003 std::string givenName("givenName");
1004 std::string initials("G");
1005 int64_t keyBitLength(4096);
1006 std::string keyCurveId("secp521r1");
1007 std::string keyPairAlgorithm("RSA");
1008 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1009 std::string organization("IBM");
1010 std::string organizationalUnit("orgUnit");
1011 std::string state("TS");
1012 std::string surname("surname");
1013 std::string unstructuredName("unstructuredName");
1014 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1015 auto event = sdeventplus::Event::get_default();
1016 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1017 std::move(installPath));
1018 Status status;
1019 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1020 MainApp mainApp(&manager, &csr);
1021 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1022 contactPerson, country, email, givenName, initials,
1023 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1024 organization, organizationalUnit, state, surname,
1025 unstructuredName);
1026 EXPECT_FALSE(fs::exists(CSRPath));
1027 EXPECT_FALSE(fs::exists(privateKeyPath));
1028}
1029
1030/** @brief Check error is thrown if generated rsa key file is not present
1031 */
1032TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase)
1033{
1034 std::string endpoint("https");
1035 std::string unit("");
1036 std::string type("Server");
1037 std::string installPath(certDir + "/" + certificateFile);
1038 std::string verifyPath(installPath);
1039 std::string CSRPath(certDir + "/" + CSRFile);
1040 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1041 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1042 std::string challengePassword("Password");
1043 std::string city("BLR");
1044 std::string commonName("abc.com");
1045 std::string contactPerson("Admin");
1046 std::string country("IN");
1047 std::string email("admin@in.ibm.com");
1048 std::string givenName("givenName");
1049 std::string initials("G");
1050 int64_t keyBitLength(2048);
1051 std::string keyCurveId("secp521r1");
1052 std::string keyPairAlgorithm("RSA");
1053 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1054 std::string organization("IBM");
1055 std::string organizationalUnit("orgUnit");
1056 std::string state("TS");
1057 std::string surname("surname");
1058 std::string unstructuredName("unstructuredName");
1059 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1060 auto event = sdeventplus::Event::get_default();
1061 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1062 std::move(installPath));
1063
1064 // Removing generated RSA key file
1065 fs::remove(rsaPrivateKeyFilePath);
1066
1067 Status status;
1068 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1069 MainApp mainApp(&manager, &csr);
1070 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1071 contactPerson, country, email, givenName, initials,
1072 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1073 organization, organizationalUnit, state, surname,
1074 unstructuredName);
1075 EXPECT_FALSE(fs::exists(CSRPath));
1076 EXPECT_FALSE(fs::exists(privateKeyPath));
1077}
1078
1079/** @brief Check private key file is created from generated rsa key file is
1080 * `present
1081 */
1082TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile)
1083{
1084 std::string endpoint("https");
1085 std::string unit("");
1086 std::string type("Server");
1087 std::string installPath(certDir + "/" + certificateFile);
1088 std::string verifyPath(installPath);
1089 std::string CSRPath(certDir + "/" + CSRFile);
1090 std::string privateKeyPath(certDir + "/" + privateKeyFile);
1091 std::vector<std::string> alternativeNames{"localhost1", "localhost2"};
1092 std::string challengePassword("Password");
1093 std::string city("BLR");
1094 std::string commonName("abc.com");
1095 std::string contactPerson("Admin");
1096 std::string country("IN");
1097 std::string email("admin@in.ibm.com");
1098 std::string givenName("givenName");
1099 std::string initials("G");
1100 int64_t keyBitLength(2048);
1101 std::string keyCurveId("secp521r1");
1102 std::string keyPairAlgorithm("RSA");
1103 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"};
1104 std::string organization("IBM");
1105 std::string organizationalUnit("orgUnit");
1106 std::string state("TS");
1107 std::string surname("surname");
1108 std::string unstructuredName("unstructuredName");
1109 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1110 auto event = sdeventplus::Event::get_default();
1111 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1112 std::move(installPath));
1113 Status status;
1114 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status);
1115 MainApp mainApp(&manager, &csr);
1116 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName,
1117 contactPerson, country, email, givenName, initials,
1118 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage,
1119 organization, organizationalUnit, state, surname,
1120 unstructuredName);
1121 sleep(10);
1122 EXPECT_TRUE(fs::exists(CSRPath));
1123 EXPECT_TRUE(fs::exists(privateKeyPath));
1124}
1125
1126/** @brief Check RSA key is generted during application startup*/
1127TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile)
1128{
1129 std::string endpoint("https");
1130 std::string unit("");
1131 std::string type("Server");
1132 std::string installPath(certDir + "/" + certificateFile);
1133 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint;
1134 auto event = sdeventplus::Event::get_default();
1135
1136 EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath));
1137 Manager manager(bus, event, objPath.c_str(), type, std::move(unit),
1138 std::move(installPath));
1139 EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath));
1140}