1947258dcSMarri Devender Rao #include "certs_manager.hpp" 2947258dcSMarri Devender Rao 3947258dcSMarri Devender Rao #include <algorithm> 4947258dcSMarri Devender Rao #include <experimental/filesystem> 5947258dcSMarri Devender Rao #include <fstream> 6947258dcSMarri Devender Rao #include <iterator> 7947258dcSMarri Devender Rao #include <string> 8947258dcSMarri Devender Rao #include <xyz/openbmc_project/Certs/Install/error.hpp> 9947258dcSMarri Devender Rao #include <xyz/openbmc_project/Common/error.hpp> 10947258dcSMarri Devender Rao 11947258dcSMarri Devender Rao #include <gmock/gmock.h> 12947258dcSMarri Devender Rao #include <gtest/gtest.h> 13947258dcSMarri Devender Rao 14947258dcSMarri Devender Rao namespace fs = std::experimental::filesystem; 15947258dcSMarri Devender Rao static constexpr auto BUSNAME = "xyz.openbmc_project.Certs.Manager"; 16947258dcSMarri Devender Rao static constexpr auto OBJPATH = "/xyz/openbmc_project/certs"; 17947258dcSMarri Devender Rao using InternalFailure = 18947258dcSMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 19947258dcSMarri Devender Rao 20e6597c5bSMarri Devender Rao using InvalidCertificate = 21e6597c5bSMarri Devender Rao sdbusplus::xyz::openbmc_project::Certs::Install::Error::InvalidCertificate; 22e6597c5bSMarri Devender Rao 23ddf64866SMarri Devender Rao /** 24ddf64866SMarri Devender Rao * Class to generate certificate file and test verification of certificate file 25ddf64866SMarri Devender Rao */ 26947258dcSMarri Devender Rao class TestCertsManager : public ::testing::Test 27947258dcSMarri Devender Rao { 28947258dcSMarri Devender Rao public: 29947258dcSMarri Devender Rao TestCertsManager() : bus(sdbusplus::bus::new_default()) 30947258dcSMarri Devender Rao { 31947258dcSMarri Devender Rao } 32947258dcSMarri Devender Rao void SetUp() override 33947258dcSMarri Devender Rao { 34947258dcSMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 35947258dcSMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 36947258dcSMarri Devender Rao if (dirPtr == NULL) 37947258dcSMarri Devender Rao { 38947258dcSMarri Devender Rao throw std::bad_alloc(); 39947258dcSMarri Devender Rao } 40947258dcSMarri Devender Rao certDir = dirPtr; 41947258dcSMarri Devender Rao certificateFile = "cert.pem"; 42947258dcSMarri Devender Rao std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 43947258dcSMarri Devender Rao cmd += "-keyout cert.pem -out cert.pem -days 3650 "; 44947258dcSMarri Devender Rao cmd += "-subj " 45947258dcSMarri Devender Rao "/O=openbmc-project.xyz/CN=localhost" 46947258dcSMarri Devender Rao " -nodes"; 47947258dcSMarri Devender Rao auto val = std::system(cmd.c_str()); 48947258dcSMarri Devender Rao if (val) 49947258dcSMarri Devender Rao { 50947258dcSMarri Devender Rao std::cout << "COMMAND Error: " << val << std::endl; 51947258dcSMarri Devender Rao } 52947258dcSMarri Devender Rao } 53947258dcSMarri Devender Rao void TearDown() override 54947258dcSMarri Devender Rao { 55947258dcSMarri Devender Rao fs::remove_all(certDir); 56947258dcSMarri Devender Rao fs::remove(certificateFile); 57947258dcSMarri Devender Rao } 58947258dcSMarri Devender Rao 59947258dcSMarri Devender Rao bool compareFiles(const std::string& file1, const std::string& file2) 60947258dcSMarri Devender Rao { 61947258dcSMarri Devender Rao std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate); 62947258dcSMarri Devender Rao std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate); 63947258dcSMarri Devender Rao 64947258dcSMarri Devender Rao if (f1.fail() || f2.fail()) 65947258dcSMarri Devender Rao { 66947258dcSMarri Devender Rao return false; // file problem 67947258dcSMarri Devender Rao } 68947258dcSMarri Devender Rao 69947258dcSMarri Devender Rao if (f1.tellg() != f2.tellg()) 70947258dcSMarri Devender Rao { 71947258dcSMarri Devender Rao return false; // size mismatch 72947258dcSMarri Devender Rao } 73947258dcSMarri Devender Rao 74947258dcSMarri Devender Rao // seek back to beginning and use std::equal to compare contents 75947258dcSMarri Devender Rao f1.seekg(0, std::ifstream::beg); 76947258dcSMarri Devender Rao f2.seekg(0, std::ifstream::beg); 77947258dcSMarri Devender Rao return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()), 78947258dcSMarri Devender Rao std::istreambuf_iterator<char>(), 79947258dcSMarri Devender Rao std::istreambuf_iterator<char>(f2.rdbuf())); 80947258dcSMarri Devender Rao } 81947258dcSMarri Devender Rao 82947258dcSMarri Devender Rao protected: 83947258dcSMarri Devender Rao sdbusplus::bus::bus bus; 84947258dcSMarri Devender Rao std::string certificateFile; 85947258dcSMarri Devender Rao 86947258dcSMarri Devender Rao std::string certDir; 87947258dcSMarri Devender Rao }; 88947258dcSMarri Devender Rao 89947258dcSMarri Devender Rao class MainApp 90947258dcSMarri Devender Rao { 91947258dcSMarri Devender Rao public: 92947258dcSMarri Devender Rao MainApp(phosphor::certs::Manager* manager) : manager(manager) 93947258dcSMarri Devender Rao { 94947258dcSMarri Devender Rao } 95947258dcSMarri Devender Rao void install(std::string& path) 96947258dcSMarri Devender Rao { 97947258dcSMarri Devender Rao manager->install(path); 98947258dcSMarri Devender Rao } 999abfae88SMarri Devender Rao void delete_() 1009abfae88SMarri Devender Rao { 1019abfae88SMarri Devender Rao manager->delete_(); 1029abfae88SMarri Devender Rao } 103947258dcSMarri Devender Rao phosphor::certs::Manager* manager; 104947258dcSMarri Devender Rao }; 105947258dcSMarri Devender Rao 106947258dcSMarri Devender Rao class MockCertManager : public phosphor::certs::Manager 107947258dcSMarri Devender Rao { 108947258dcSMarri Devender Rao public: 109947258dcSMarri Devender Rao MockCertManager(sdbusplus::bus::bus& bus, const char* path, 110947258dcSMarri Devender Rao std::string& type, std::string&& unit, 111947258dcSMarri Devender Rao std::string&& certPath) : 112947258dcSMarri Devender Rao Manager(bus, path, type, std::forward<std::string>(unit), 113947258dcSMarri Devender Rao std::forward<std::string>(certPath)) 114947258dcSMarri Devender Rao { 115947258dcSMarri Devender Rao } 116947258dcSMarri Devender Rao virtual ~MockCertManager() 117947258dcSMarri Devender Rao { 118947258dcSMarri Devender Rao } 119947258dcSMarri Devender Rao }; 120947258dcSMarri Devender Rao 121947258dcSMarri Devender Rao /** @brief Check if server install routine is invoked for server setup 122947258dcSMarri Devender Rao */ 123947258dcSMarri Devender Rao TEST_F(TestCertsManager, InvokeServerInstall) 124947258dcSMarri Devender Rao { 125*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 126*6ceec40bSMarri Devender Rao // in the patch set 127*6ceec40bSMarri Devender Rao /* 128947258dcSMarri Devender Rao std::string endpoint("https"); 129947258dcSMarri Devender Rao std::string unit("nginx.service"); 130947258dcSMarri Devender Rao std::string type("server"); 131947258dcSMarri Devender Rao std::string path(certDir + "/" + certificateFile); 132947258dcSMarri Devender Rao std::string verifyPath(path); 133b50789ceSJayanth Othayoth std::string verifyUnit(unit); 134947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 135947258dcSMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 136947258dcSMarri Devender Rao std::move(path)); 137b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(1); 138947258dcSMarri Devender Rao 139947258dcSMarri Devender Rao MainApp mainApp(&manager); 140947258dcSMarri Devender Rao EXPECT_NO_THROW({ mainApp.install(certificateFile); }); 141947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 142*6ceec40bSMarri Devender Rao */ 143947258dcSMarri Devender Rao } 144947258dcSMarri Devender Rao 145947258dcSMarri Devender Rao /** @brief Check if client install routine is invoked for client setup 146947258dcSMarri Devender Rao */ 147947258dcSMarri Devender Rao TEST_F(TestCertsManager, InvokeClientInstall) 148947258dcSMarri Devender Rao { 149*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 150*6ceec40bSMarri Devender Rao // in the patch set 151*6ceec40bSMarri Devender Rao /* 152947258dcSMarri Devender Rao std::string endpoint("ldap"); 153947258dcSMarri Devender Rao std::string unit("nslcd.service"); 154947258dcSMarri Devender Rao std::string type("client"); 155947258dcSMarri Devender Rao std::string path(certDir + "/" + certificateFile); 156947258dcSMarri Devender Rao std::string verifyPath(path); 157b50789ceSJayanth Othayoth std::string verifyUnit(unit); 158947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 159947258dcSMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 160947258dcSMarri Devender Rao std::move(path)); 161b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(1); 162b50789ceSJayanth Othayoth MainApp mainApp(&manager); 163b50789ceSJayanth Othayoth EXPECT_NO_THROW({ mainApp.install(certificateFile); }); 164b50789ceSJayanth Othayoth EXPECT_TRUE(fs::exists(verifyPath)); 165*6ceec40bSMarri Devender Rao */ 166b50789ceSJayanth Othayoth } 167b50789ceSJayanth Othayoth 168b50789ceSJayanth Othayoth /** @brief Check if authority install routine is invoked for authority setup 169b50789ceSJayanth Othayoth */ 170b50789ceSJayanth Othayoth TEST_F(TestCertsManager, InvokeAuthorityInstall) 171b50789ceSJayanth Othayoth { 172*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 173*6ceec40bSMarri Devender Rao // in the patch set 174*6ceec40bSMarri Devender Rao /* 175b50789ceSJayanth Othayoth std::string endpoint("ldap"); 176b50789ceSJayanth Othayoth std::string unit("nslcd.service"); 177b50789ceSJayanth Othayoth std::string type("authority"); 178b50789ceSJayanth Othayoth std::string path(certDir + "/" + certificateFile); 179b50789ceSJayanth Othayoth std::string verifyPath(path); 180b50789ceSJayanth Othayoth std::string verifyUnit(unit); 181b50789ceSJayanth Othayoth auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 182b50789ceSJayanth Othayoth MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 183b50789ceSJayanth Othayoth std::move(path)); 184b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(1); 185b50789ceSJayanth Othayoth 186947258dcSMarri Devender Rao MainApp mainApp(&manager); 187947258dcSMarri Devender Rao EXPECT_NO_THROW({ mainApp.install(certificateFile); }); 188947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 189*6ceec40bSMarri Devender Rao */ 190947258dcSMarri Devender Rao } 191947258dcSMarri Devender Rao 192947258dcSMarri Devender Rao /** @brief Compare the installed certificate with the copied certificate 193947258dcSMarri Devender Rao */ 194947258dcSMarri Devender Rao TEST_F(TestCertsManager, CompareInstalledCertificate) 195947258dcSMarri Devender Rao { 196*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 197*6ceec40bSMarri Devender Rao // in the patch set 198*6ceec40bSMarri Devender Rao /* 199947258dcSMarri Devender Rao std::string endpoint("ldap"); 200947258dcSMarri Devender Rao std::string unit("nslcd.service"); 201947258dcSMarri Devender Rao std::string type("client"); 202947258dcSMarri Devender Rao std::string path(certDir + "/" + certificateFile); 203947258dcSMarri Devender Rao std::string verifyPath(path); 204b50789ceSJayanth Othayoth std::string verifyUnit(unit); 205947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 206947258dcSMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 207947258dcSMarri Devender Rao std::move(path)); 208b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(1); 209947258dcSMarri Devender Rao MainApp mainApp(&manager); 210947258dcSMarri Devender Rao EXPECT_NO_THROW({ mainApp.install(certificateFile); }); 211947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 212947258dcSMarri Devender Rao EXPECT_TRUE(compareFiles(verifyPath, certificateFile)); 213*6ceec40bSMarri Devender Rao */ 214947258dcSMarri Devender Rao } 215e6597c5bSMarri Devender Rao 216e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is not found 217e6597c5bSMarri Devender Rao */ 218e6597c5bSMarri Devender Rao TEST_F(TestCertsManager, TestNoCertificateFile) 219e6597c5bSMarri Devender Rao { 220*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 221*6ceec40bSMarri Devender Rao // in the patch set 222*6ceec40bSMarri Devender Rao /* 223e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 224e6597c5bSMarri Devender Rao std::string unit("nslcd.service"); 225e6597c5bSMarri Devender Rao std::string type("client"); 226e6597c5bSMarri Devender Rao std::string path(certDir + "/" + certificateFile); 227e6597c5bSMarri Devender Rao std::string verifyPath(path); 228b50789ceSJayanth Othayoth std::string verifyUnit(unit); 229e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 230e6597c5bSMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 231e6597c5bSMarri Devender Rao std::move(path)); 232b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(0); 233e6597c5bSMarri Devender Rao MainApp mainApp(&manager); 234e6597c5bSMarri Devender Rao std::string certpath = "nofile.pem"; 235e6597c5bSMarri Devender Rao EXPECT_THROW( 236e6597c5bSMarri Devender Rao { 237e6597c5bSMarri Devender Rao try 238e6597c5bSMarri Devender Rao { 239e6597c5bSMarri Devender Rao mainApp.install(certpath); 240e6597c5bSMarri Devender Rao } 241e6597c5bSMarri Devender Rao catch (const InternalFailure& e) 242e6597c5bSMarri Devender Rao { 243e6597c5bSMarri Devender Rao throw; 244e6597c5bSMarri Devender Rao } 245e6597c5bSMarri Devender Rao }, 246e6597c5bSMarri Devender Rao InternalFailure); 247e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 248*6ceec40bSMarri Devender Rao */ 249e6597c5bSMarri Devender Rao } 250e6597c5bSMarri Devender Rao 251e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is empty 252e6597c5bSMarri Devender Rao */ 253e6597c5bSMarri Devender Rao TEST_F(TestCertsManager, TestEmptyCertificateFile) 254e6597c5bSMarri Devender Rao { 255*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 256*6ceec40bSMarri Devender Rao // in the patch set 257*6ceec40bSMarri Devender Rao /* 258e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 259e6597c5bSMarri Devender Rao std::string unit("nslcd.service"); 260e6597c5bSMarri Devender Rao std::string type("client"); 261e6597c5bSMarri Devender Rao 262ddf64866SMarri Devender Rao std::string emptyFile("emptycert.pem"); 263e6597c5bSMarri Devender Rao std::ofstream ofs; 264e6597c5bSMarri Devender Rao ofs.open(emptyFile, std::ofstream::out); 265e6597c5bSMarri Devender Rao ofs.close(); 266e6597c5bSMarri Devender Rao 267e6597c5bSMarri Devender Rao std::string path(certDir + "/" + emptyFile); 268e6597c5bSMarri Devender Rao std::string verifyPath(path); 269b50789ceSJayanth Othayoth std::string verifyUnit(unit); 270e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 271e6597c5bSMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 272e6597c5bSMarri Devender Rao std::move(path)); 273b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(0); 274e6597c5bSMarri Devender Rao MainApp mainApp(&manager); 275e6597c5bSMarri Devender Rao EXPECT_THROW( 276e6597c5bSMarri Devender Rao { 277e6597c5bSMarri Devender Rao try 278e6597c5bSMarri Devender Rao { 279e6597c5bSMarri Devender Rao mainApp.install(emptyFile); 280e6597c5bSMarri Devender Rao } 281e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 282e6597c5bSMarri Devender Rao { 283e6597c5bSMarri Devender Rao throw; 284e6597c5bSMarri Devender Rao } 285e6597c5bSMarri Devender Rao }, 286e6597c5bSMarri Devender Rao InvalidCertificate); 287e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 288e6597c5bSMarri Devender Rao fs::remove(emptyFile); 289*6ceec40bSMarri Devender Rao */ 290e6597c5bSMarri Devender Rao } 291e6597c5bSMarri Devender Rao 292ddf64866SMarri Devender Rao /** @brief Check if install fails if certificate file is corrupted 293e6597c5bSMarri Devender Rao */ 294e6597c5bSMarri Devender Rao TEST_F(TestCertsManager, TestInvalidCertificateFile) 295e6597c5bSMarri Devender Rao { 296*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 297*6ceec40bSMarri Devender Rao // in the patch set 298*6ceec40bSMarri Devender Rao /* 299e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 300e6597c5bSMarri Devender Rao std::string unit("nslcd.service"); 301e6597c5bSMarri Devender Rao std::string type("client"); 302e6597c5bSMarri Devender Rao 303e6597c5bSMarri Devender Rao std::ofstream ofs; 304ddf64866SMarri Devender Rao ofs.open(certificateFile, std::ofstream::out); 305ddf64866SMarri Devender Rao ofs << "-----BEGIN CERTIFICATE-----"; 306ddf64866SMarri Devender Rao ofs << "ADD_SOME_INVALID_DATA_INTO_FILE"; 307ddf64866SMarri Devender Rao ofs << "-----END CERTIFICATE-----"; 308e6597c5bSMarri Devender Rao ofs.close(); 309e6597c5bSMarri Devender Rao 310ddf64866SMarri Devender Rao std::string path(certDir + "/" + certificateFile); 311e6597c5bSMarri Devender Rao std::string verifyPath(path); 312b50789ceSJayanth Othayoth std::string verifyUnit(unit); 313e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 314e6597c5bSMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 315e6597c5bSMarri Devender Rao std::move(path)); 316b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(0); 317e6597c5bSMarri Devender Rao MainApp mainApp(&manager); 318e6597c5bSMarri Devender Rao EXPECT_THROW( 319e6597c5bSMarri Devender Rao { 320e6597c5bSMarri Devender Rao try 321e6597c5bSMarri Devender Rao { 322ddf64866SMarri Devender Rao mainApp.install(certificateFile); 323e6597c5bSMarri Devender Rao } 324e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 325e6597c5bSMarri Devender Rao { 326e6597c5bSMarri Devender Rao throw; 327e6597c5bSMarri Devender Rao } 328e6597c5bSMarri Devender Rao }, 329e6597c5bSMarri Devender Rao InvalidCertificate); 330e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 331*6ceec40bSMarri Devender Rao */ 332ddf64866SMarri Devender Rao } 333ddf64866SMarri Devender Rao 3349abfae88SMarri Devender Rao TEST_F(TestCertsManager, TestDeleteCertificate) 3359abfae88SMarri Devender Rao { 336*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 337*6ceec40bSMarri Devender Rao // in the patch set 338*6ceec40bSMarri Devender Rao /* 3399abfae88SMarri Devender Rao std::string endpoint("ldap"); 3409abfae88SMarri Devender Rao std::string unit("nslcd.service"); 3419abfae88SMarri Devender Rao std::string type("client"); 3429abfae88SMarri Devender Rao std::string path(certDir + "/" + certificateFile); 3439abfae88SMarri Devender Rao std::string verifyPath(path); 3449abfae88SMarri Devender Rao std::string verifyUnit(unit); 3459abfae88SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 346b50789ceSJayanth Othayoth MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 3479abfae88SMarri Devender Rao std::move(path)); 3489abfae88SMarri Devender Rao EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(2); 3499abfae88SMarri Devender Rao MainApp mainApp(&manager); 3509abfae88SMarri Devender Rao EXPECT_NO_THROW({ mainApp.install(certificateFile); }); 3519abfae88SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 3529abfae88SMarri Devender Rao 3539abfae88SMarri Devender Rao // delete certificate file and verify file is deleted 3549abfae88SMarri Devender Rao mainApp.delete_(); 3559abfae88SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 356*6ceec40bSMarri Devender Rao */ 3579abfae88SMarri Devender Rao } 3589abfae88SMarri Devender Rao 359ddf64866SMarri Devender Rao /** 360ddf64866SMarri Devender Rao * Class to generate private and certificate only file and test verification 361ddf64866SMarri Devender Rao */ 362ddf64866SMarri Devender Rao class TestInvalidCertsManager : public ::testing::Test 363ddf64866SMarri Devender Rao { 364ddf64866SMarri Devender Rao public: 365ddf64866SMarri Devender Rao TestInvalidCertsManager() : bus(sdbusplus::bus::new_default()) 366ddf64866SMarri Devender Rao { 367ddf64866SMarri Devender Rao } 368ddf64866SMarri Devender Rao void SetUp() override 369ddf64866SMarri Devender Rao { 370ddf64866SMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 371ddf64866SMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 372ddf64866SMarri Devender Rao if (dirPtr == NULL) 373ddf64866SMarri Devender Rao { 374ddf64866SMarri Devender Rao throw std::bad_alloc(); 375ddf64866SMarri Devender Rao } 376ddf64866SMarri Devender Rao certDir = dirPtr; 377ddf64866SMarri Devender Rao certificateFile = "cert.pem"; 378ddf64866SMarri Devender Rao keyFile = "key.pem"; 379ddf64866SMarri Devender Rao std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 380ddf64866SMarri Devender Rao cmd += "-keyout key.pem -out cert.pem -days 3650 "; 381ddf64866SMarri Devender Rao cmd += "-subj " 382ddf64866SMarri Devender Rao "/O=openbmc-project.xyz/CN=localhost" 383ddf64866SMarri Devender Rao " -nodes"; 384ddf64866SMarri Devender Rao 385ddf64866SMarri Devender Rao auto val = std::system(cmd.c_str()); 386ddf64866SMarri Devender Rao if (val) 387ddf64866SMarri Devender Rao { 388ddf64866SMarri Devender Rao std::cout << "command Error: " << val << std::endl; 389ddf64866SMarri Devender Rao } 390ddf64866SMarri Devender Rao } 391ddf64866SMarri Devender Rao void TearDown() override 392ddf64866SMarri Devender Rao { 393ddf64866SMarri Devender Rao fs::remove_all(certDir); 394ddf64866SMarri Devender Rao fs::remove(certificateFile); 395ddf64866SMarri Devender Rao fs::remove(keyFile); 396ddf64866SMarri Devender Rao } 397ddf64866SMarri Devender Rao 398ddf64866SMarri Devender Rao protected: 399ddf64866SMarri Devender Rao sdbusplus::bus::bus bus; 400ddf64866SMarri Devender Rao std::string certificateFile; 401ddf64866SMarri Devender Rao std::string keyFile; 402ddf64866SMarri Devender Rao std::string certDir; 403ddf64866SMarri Devender Rao }; 404ddf64866SMarri Devender Rao 405ddf64866SMarri Devender Rao /** @brief Check install fails if private key is missing in certificate file 406ddf64866SMarri Devender Rao */ 407ddf64866SMarri Devender Rao TEST_F(TestInvalidCertsManager, TestMissingPrivateKey) 408ddf64866SMarri Devender Rao { 409*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 410*6ceec40bSMarri Devender Rao // in the patch set 411*6ceec40bSMarri Devender Rao /* 412ddf64866SMarri Devender Rao std::string endpoint("ldap"); 413ddf64866SMarri Devender Rao std::string unit("nslcd.service"); 414ddf64866SMarri Devender Rao std::string type("client"); 415ddf64866SMarri Devender Rao std::string path(certDir + "/" + certificateFile); 416ddf64866SMarri Devender Rao std::string verifyPath(path); 417b50789ceSJayanth Othayoth std::string verifyUnit(unit); 418ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 419ddf64866SMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 420ddf64866SMarri Devender Rao std::move(path)); 421b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(0); 422ddf64866SMarri Devender Rao MainApp mainApp(&manager); 423ddf64866SMarri Devender Rao EXPECT_THROW( 424ddf64866SMarri Devender Rao { 425ddf64866SMarri Devender Rao try 426ddf64866SMarri Devender Rao { 427ddf64866SMarri Devender Rao mainApp.install(certificateFile); 428ddf64866SMarri Devender Rao } 429ddf64866SMarri Devender Rao catch (const InvalidCertificate& e) 430ddf64866SMarri Devender Rao { 431ddf64866SMarri Devender Rao throw; 432ddf64866SMarri Devender Rao } 433ddf64866SMarri Devender Rao }, 434ddf64866SMarri Devender Rao InvalidCertificate); 435ddf64866SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 436*6ceec40bSMarri Devender Rao */ 437ddf64866SMarri Devender Rao } 438ddf64866SMarri Devender Rao 439ddf64866SMarri Devender Rao /** @brief Check install fails if ceritificate is missing in certificate file 440ddf64866SMarri Devender Rao */ 441ddf64866SMarri Devender Rao TEST_F(TestInvalidCertsManager, TestMissingCeritificate) 442ddf64866SMarri Devender Rao { 443*6ceec40bSMarri Devender Rao // TODO due to refactoring test cases will be pushed as last patch 444*6ceec40bSMarri Devender Rao // in the patch set 445*6ceec40bSMarri Devender Rao /* 446ddf64866SMarri Devender Rao std::string endpoint("ldap"); 447ddf64866SMarri Devender Rao std::string unit("nslcd.service"); 448ddf64866SMarri Devender Rao std::string type("client"); 449ddf64866SMarri Devender Rao std::string path(certDir + "/" + keyFile); 450ddf64866SMarri Devender Rao std::string verifyPath(path); 451b50789ceSJayanth Othayoth std::string verifyUnit(unit); 452ddf64866SMarri Devender Rao 453ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 454ddf64866SMarri Devender Rao MockCertManager manager(bus, objPath.c_str(), type, std::move(unit), 455ddf64866SMarri Devender Rao std::move(path)); 456b50789ceSJayanth Othayoth EXPECT_CALL(manager, reloadOrReset(verifyUnit)).Times(0); 457ddf64866SMarri Devender Rao MainApp mainApp(&manager); 458ddf64866SMarri Devender Rao EXPECT_THROW( 459ddf64866SMarri Devender Rao { 460ddf64866SMarri Devender Rao try 461ddf64866SMarri Devender Rao { 462ddf64866SMarri Devender Rao mainApp.install(keyFile); 463ddf64866SMarri Devender Rao } 464ddf64866SMarri Devender Rao catch (const InvalidCertificate& e) 465ddf64866SMarri Devender Rao { 466ddf64866SMarri Devender Rao throw; 467ddf64866SMarri Devender Rao } 468ddf64866SMarri Devender Rao }, 469ddf64866SMarri Devender Rao InvalidCertificate); 470ddf64866SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 471*6ceec40bSMarri Devender Rao */ 472e6597c5bSMarri Devender Rao } 473