113bf74e4SMarri Devender Rao #include "config.h" 213bf74e4SMarri Devender Rao 38841dbd6SMarri Devender Rao #include "certificate.hpp" 4947258dcSMarri Devender Rao #include "certs_manager.hpp" 5947258dcSMarri Devender Rao 6947258dcSMarri Devender Rao #include <algorithm> 78841dbd6SMarri Devender Rao #include <filesystem> 8947258dcSMarri Devender Rao #include <fstream> 9947258dcSMarri Devender Rao #include <iterator> 10947258dcSMarri Devender Rao #include <string> 1113bf74e4SMarri Devender Rao #include <xyz/openbmc_project/Certs/error.hpp> 12947258dcSMarri Devender Rao #include <xyz/openbmc_project/Common/error.hpp> 13947258dcSMarri Devender Rao 14947258dcSMarri Devender Rao #include <gtest/gtest.h> 158841dbd6SMarri Devender Rao namespace fs = std::filesystem; 16947258dcSMarri Devender Rao using InternalFailure = 17947258dcSMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 18e6597c5bSMarri Devender Rao using InvalidCertificate = 1913bf74e4SMarri Devender Rao sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate; 208841dbd6SMarri Devender Rao using namespace phosphor::certs; 21e6597c5bSMarri Devender Rao 22ddf64866SMarri Devender Rao /** 23ddf64866SMarri Devender Rao * Class to generate certificate file and test verification of certificate file 24ddf64866SMarri Devender Rao */ 258841dbd6SMarri Devender Rao class TestCertificates : public ::testing::Test 26947258dcSMarri Devender Rao { 27947258dcSMarri Devender Rao public: 288841dbd6SMarri Devender Rao TestCertificates() : bus(sdbusplus::bus::new_default()) 29947258dcSMarri Devender Rao { 30947258dcSMarri Devender Rao } 31947258dcSMarri Devender Rao void SetUp() override 32947258dcSMarri Devender Rao { 33947258dcSMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 34947258dcSMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 35947258dcSMarri Devender Rao if (dirPtr == NULL) 36947258dcSMarri Devender Rao { 37947258dcSMarri Devender Rao throw std::bad_alloc(); 38947258dcSMarri Devender Rao } 39947258dcSMarri Devender Rao certDir = dirPtr; 40947258dcSMarri Devender Rao certificateFile = "cert.pem"; 41947258dcSMarri Devender Rao std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 42947258dcSMarri Devender Rao cmd += "-keyout cert.pem -out cert.pem -days 3650 "; 43947258dcSMarri Devender Rao cmd += "-subj " 44947258dcSMarri Devender Rao "/O=openbmc-project.xyz/CN=localhost" 45947258dcSMarri Devender Rao " -nodes"; 46947258dcSMarri Devender Rao auto val = std::system(cmd.c_str()); 47947258dcSMarri Devender Rao if (val) 48947258dcSMarri Devender Rao { 49947258dcSMarri Devender Rao std::cout << "COMMAND Error: " << val << std::endl; 50947258dcSMarri Devender Rao } 51947258dcSMarri Devender Rao } 52947258dcSMarri Devender Rao void TearDown() override 53947258dcSMarri Devender Rao { 54947258dcSMarri Devender Rao fs::remove_all(certDir); 55947258dcSMarri Devender Rao fs::remove(certificateFile); 56947258dcSMarri Devender Rao } 57947258dcSMarri Devender Rao 58947258dcSMarri Devender Rao bool compareFiles(const std::string& file1, const std::string& file2) 59947258dcSMarri Devender Rao { 60947258dcSMarri Devender Rao std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate); 61947258dcSMarri Devender Rao std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate); 62947258dcSMarri Devender Rao 63947258dcSMarri Devender Rao if (f1.fail() || f2.fail()) 64947258dcSMarri Devender Rao { 65947258dcSMarri Devender Rao return false; // file problem 66947258dcSMarri Devender Rao } 67947258dcSMarri Devender Rao 68947258dcSMarri Devender Rao if (f1.tellg() != f2.tellg()) 69947258dcSMarri Devender Rao { 70947258dcSMarri Devender Rao return false; // size mismatch 71947258dcSMarri Devender Rao } 72947258dcSMarri Devender Rao 73947258dcSMarri Devender Rao // seek back to beginning and use std::equal to compare contents 74947258dcSMarri Devender Rao f1.seekg(0, std::ifstream::beg); 75947258dcSMarri Devender Rao f2.seekg(0, std::ifstream::beg); 76947258dcSMarri Devender Rao return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()), 77947258dcSMarri Devender Rao std::istreambuf_iterator<char>(), 78947258dcSMarri Devender Rao std::istreambuf_iterator<char>(f2.rdbuf())); 79947258dcSMarri Devender Rao } 80947258dcSMarri Devender Rao 81947258dcSMarri Devender Rao protected: 82947258dcSMarri Devender Rao sdbusplus::bus::bus bus; 83947258dcSMarri Devender Rao std::string certificateFile; 84947258dcSMarri Devender Rao 85947258dcSMarri Devender Rao std::string certDir; 86947258dcSMarri Devender Rao }; 87947258dcSMarri Devender Rao 88947258dcSMarri Devender Rao class MainApp 89947258dcSMarri Devender Rao { 90947258dcSMarri Devender Rao public: 91947258dcSMarri Devender Rao MainApp(phosphor::certs::Manager* manager) : manager(manager) 92947258dcSMarri Devender Rao { 93947258dcSMarri Devender Rao } 94947258dcSMarri Devender Rao void install(std::string& path) 95947258dcSMarri Devender Rao { 96947258dcSMarri Devender Rao manager->install(path); 97947258dcSMarri Devender Rao } 989abfae88SMarri Devender Rao void delete_() 999abfae88SMarri Devender Rao { 1009abfae88SMarri Devender Rao manager->delete_(); 1019abfae88SMarri Devender Rao } 102947258dcSMarri Devender Rao phosphor::certs::Manager* manager; 103947258dcSMarri Devender Rao }; 104947258dcSMarri Devender Rao 105947258dcSMarri Devender Rao /** @brief Check if server install routine is invoked for server setup 106947258dcSMarri Devender Rao */ 1078841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeServerInstall) 108947258dcSMarri Devender Rao { 109947258dcSMarri Devender Rao std::string endpoint("https"); 1108841dbd6SMarri Devender Rao std::string unit(""); 111947258dcSMarri Devender Rao std::string type("server"); 1128841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 1138841dbd6SMarri Devender Rao std::string verifyPath(installPath); 1148841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 115947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1168841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 117*8f80c35bSMarri Devender Rao certificateFile, false); 118947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 119947258dcSMarri Devender Rao } 120947258dcSMarri Devender Rao 121947258dcSMarri Devender Rao /** @brief Check if client install routine is invoked for client setup 122947258dcSMarri Devender Rao */ 1238841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeClientInstall) 124947258dcSMarri Devender Rao { 125947258dcSMarri Devender Rao std::string endpoint("ldap"); 1268841dbd6SMarri Devender Rao std::string unit(""); 1278841dbd6SMarri Devender Rao std::string type("server"); 1288841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 1298841dbd6SMarri Devender Rao std::string verifyPath(installPath); 1308841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 131947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1328841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 133*8f80c35bSMarri Devender Rao certificateFile, false); 134b50789ceSJayanth Othayoth EXPECT_TRUE(fs::exists(verifyPath)); 135b50789ceSJayanth Othayoth } 136b50789ceSJayanth Othayoth 137b50789ceSJayanth Othayoth /** @brief Check if authority install routine is invoked for authority setup 138b50789ceSJayanth Othayoth */ 1398841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeAuthorityInstall) 140b50789ceSJayanth Othayoth { 141b50789ceSJayanth Othayoth std::string endpoint("ldap"); 1428841dbd6SMarri Devender Rao std::string unit(""); 143b50789ceSJayanth Othayoth std::string type("authority"); 1448841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 1458841dbd6SMarri Devender Rao std::string verifyPath(installPath); 1468841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 147b50789ceSJayanth Othayoth auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1488841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 149*8f80c35bSMarri Devender Rao certificateFile, false); 150947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 151947258dcSMarri Devender Rao } 152947258dcSMarri Devender Rao 153947258dcSMarri Devender Rao /** @brief Compare the installed certificate with the copied certificate 154947258dcSMarri Devender Rao */ 1558841dbd6SMarri Devender Rao TEST_F(TestCertificates, CompareInstalledCertificate) 156947258dcSMarri Devender Rao { 157947258dcSMarri Devender Rao std::string endpoint("ldap"); 1588841dbd6SMarri Devender Rao std::string unit(""); 159947258dcSMarri Devender Rao std::string type("client"); 1608841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 1618841dbd6SMarri Devender Rao std::string verifyPath(installPath); 1628841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 163947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1648841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 165*8f80c35bSMarri Devender Rao certificateFile, false); 166947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 167947258dcSMarri Devender Rao EXPECT_TRUE(compareFiles(verifyPath, certificateFile)); 168947258dcSMarri Devender Rao } 169e6597c5bSMarri Devender Rao 170e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is not found 171e6597c5bSMarri Devender Rao */ 1728841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestNoCertificateFile) 173e6597c5bSMarri Devender Rao { 174e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 1758841dbd6SMarri Devender Rao std::string unit(""); 176e6597c5bSMarri Devender Rao std::string type("client"); 1778841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 1788841dbd6SMarri Devender Rao std::string verifyPath(installPath); 179b50789ceSJayanth Othayoth std::string verifyUnit(unit); 180e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1818841dbd6SMarri Devender Rao std::string uploadFile = "nofile.pem"; 182e6597c5bSMarri Devender Rao EXPECT_THROW( 183e6597c5bSMarri Devender Rao { 184e6597c5bSMarri Devender Rao try 185e6597c5bSMarri Devender Rao { 1868841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 187*8f80c35bSMarri Devender Rao uploadFile, false); 188e6597c5bSMarri Devender Rao } 189e6597c5bSMarri Devender Rao catch (const InternalFailure& e) 190e6597c5bSMarri Devender Rao { 191e6597c5bSMarri Devender Rao throw; 192e6597c5bSMarri Devender Rao } 193e6597c5bSMarri Devender Rao }, 194e6597c5bSMarri Devender Rao InternalFailure); 195e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 196e6597c5bSMarri Devender Rao } 197e6597c5bSMarri Devender Rao 198e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is empty 199e6597c5bSMarri Devender Rao */ 2008841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestEmptyCertificateFile) 201e6597c5bSMarri Devender Rao { 202e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 2038841dbd6SMarri Devender Rao std::string unit(""); 204e6597c5bSMarri Devender Rao std::string type("client"); 2058841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2068841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2078841dbd6SMarri Devender Rao std::string verifyUnit(unit); 2088841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 209ddf64866SMarri Devender Rao std::string emptyFile("emptycert.pem"); 210e6597c5bSMarri Devender Rao std::ofstream ofs; 211e6597c5bSMarri Devender Rao ofs.open(emptyFile, std::ofstream::out); 212e6597c5bSMarri Devender Rao ofs.close(); 213e6597c5bSMarri Devender Rao EXPECT_THROW( 214e6597c5bSMarri Devender Rao { 215e6597c5bSMarri Devender Rao try 216e6597c5bSMarri Devender Rao { 2178841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 218*8f80c35bSMarri Devender Rao emptyFile, false); 219e6597c5bSMarri Devender Rao } 220e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 221e6597c5bSMarri Devender Rao { 222e6597c5bSMarri Devender Rao throw; 223e6597c5bSMarri Devender Rao } 224e6597c5bSMarri Devender Rao }, 225e6597c5bSMarri Devender Rao InvalidCertificate); 226e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 227e6597c5bSMarri Devender Rao fs::remove(emptyFile); 228e6597c5bSMarri Devender Rao } 229e6597c5bSMarri Devender Rao 230ddf64866SMarri Devender Rao /** @brief Check if install fails if certificate file is corrupted 231e6597c5bSMarri Devender Rao */ 2328841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestInvalidCertificateFile) 233e6597c5bSMarri Devender Rao { 234e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 2358841dbd6SMarri Devender Rao std::string unit(""); 236e6597c5bSMarri Devender Rao std::string type("client"); 237e6597c5bSMarri Devender Rao 238e6597c5bSMarri Devender Rao std::ofstream ofs; 239ddf64866SMarri Devender Rao ofs.open(certificateFile, std::ofstream::out); 240ddf64866SMarri Devender Rao ofs << "-----BEGIN CERTIFICATE-----"; 241ddf64866SMarri Devender Rao ofs << "ADD_SOME_INVALID_DATA_INTO_FILE"; 242ddf64866SMarri Devender Rao ofs << "-----END CERTIFICATE-----"; 243e6597c5bSMarri Devender Rao ofs.close(); 244e6597c5bSMarri Devender Rao 2458841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2468841dbd6SMarri Devender Rao std::string verifyPath(installPath); 247b50789ceSJayanth Othayoth std::string verifyUnit(unit); 248e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 249e6597c5bSMarri Devender Rao EXPECT_THROW( 250e6597c5bSMarri Devender Rao { 251e6597c5bSMarri Devender Rao try 252e6597c5bSMarri Devender Rao { 2538841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 254*8f80c35bSMarri Devender Rao certificateFile, false); 255e6597c5bSMarri Devender Rao } 256e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 257e6597c5bSMarri Devender Rao { 258e6597c5bSMarri Devender Rao throw; 259e6597c5bSMarri Devender Rao } 260e6597c5bSMarri Devender Rao }, 261e6597c5bSMarri Devender Rao InvalidCertificate); 262e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 263ddf64866SMarri Devender Rao } 264ddf64866SMarri Devender Rao 2658841dbd6SMarri Devender Rao /** @brief check certificate delete at manager level 2668841dbd6SMarri Devender Rao */ 2678841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestCertManagerDelete) 2689abfae88SMarri Devender Rao { 2699abfae88SMarri Devender Rao std::string endpoint("ldap"); 2708841dbd6SMarri Devender Rao std::string unit(""); 2719abfae88SMarri Devender Rao std::string type("client"); 2728841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2738841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2749abfae88SMarri Devender Rao std::string verifyUnit(unit); 2759abfae88SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 2768841dbd6SMarri Devender Rao Manager manager(bus, objPath.c_str(), type, std::move(unit), 2778841dbd6SMarri Devender Rao std::move(installPath)); 2789abfae88SMarri Devender Rao MainApp mainApp(&manager); 2799abfae88SMarri Devender Rao // delete certificate file and verify file is deleted 2809abfae88SMarri Devender Rao mainApp.delete_(); 2819abfae88SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 2828841dbd6SMarri Devender Rao } 2838841dbd6SMarri Devender Rao 2848841dbd6SMarri Devender Rao /** @brief check certificate install at manager level 2856ceec40bSMarri Devender Rao */ 2868841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestCertManagerInstall) 2878841dbd6SMarri Devender Rao { 2888841dbd6SMarri Devender Rao std::string endpoint("ldap"); 2898841dbd6SMarri Devender Rao std::string unit(""); 2908841dbd6SMarri Devender Rao std::string type("client"); 2918841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2928841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2938841dbd6SMarri Devender Rao std::string verifyUnit(unit); 2948841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 2958841dbd6SMarri Devender Rao Manager manager(bus, objPath.c_str(), type, std::move(unit), 2968841dbd6SMarri Devender Rao std::move(installPath)); 2978841dbd6SMarri Devender Rao MainApp mainApp(&manager); 2988841dbd6SMarri Devender Rao mainApp.install(certificateFile); 2998841dbd6SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 3009abfae88SMarri Devender Rao } 3019abfae88SMarri Devender Rao 302ddf64866SMarri Devender Rao /** 303ddf64866SMarri Devender Rao * Class to generate private and certificate only file and test verification 304ddf64866SMarri Devender Rao */ 3058841dbd6SMarri Devender Rao class TestInvalidCertificate : public ::testing::Test 306ddf64866SMarri Devender Rao { 307ddf64866SMarri Devender Rao public: 3088841dbd6SMarri Devender Rao TestInvalidCertificate() : bus(sdbusplus::bus::new_default()) 309ddf64866SMarri Devender Rao { 310ddf64866SMarri Devender Rao } 311ddf64866SMarri Devender Rao void SetUp() override 312ddf64866SMarri Devender Rao { 313ddf64866SMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 314ddf64866SMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 315ddf64866SMarri Devender Rao if (dirPtr == NULL) 316ddf64866SMarri Devender Rao { 317ddf64866SMarri Devender Rao throw std::bad_alloc(); 318ddf64866SMarri Devender Rao } 319ddf64866SMarri Devender Rao certDir = dirPtr; 320ddf64866SMarri Devender Rao certificateFile = "cert.pem"; 321ddf64866SMarri Devender Rao keyFile = "key.pem"; 322ddf64866SMarri Devender Rao std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 323ddf64866SMarri Devender Rao cmd += "-keyout key.pem -out cert.pem -days 3650 "; 324ddf64866SMarri Devender Rao cmd += "-subj " 325ddf64866SMarri Devender Rao "/O=openbmc-project.xyz/CN=localhost" 326ddf64866SMarri Devender Rao " -nodes"; 327ddf64866SMarri Devender Rao 328ddf64866SMarri Devender Rao auto val = std::system(cmd.c_str()); 329ddf64866SMarri Devender Rao if (val) 330ddf64866SMarri Devender Rao { 331ddf64866SMarri Devender Rao std::cout << "command Error: " << val << std::endl; 332ddf64866SMarri Devender Rao } 333ddf64866SMarri Devender Rao } 334ddf64866SMarri Devender Rao void TearDown() override 335ddf64866SMarri Devender Rao { 336ddf64866SMarri Devender Rao fs::remove_all(certDir); 337ddf64866SMarri Devender Rao fs::remove(certificateFile); 338ddf64866SMarri Devender Rao fs::remove(keyFile); 339ddf64866SMarri Devender Rao } 340ddf64866SMarri Devender Rao 341ddf64866SMarri Devender Rao protected: 342ddf64866SMarri Devender Rao sdbusplus::bus::bus bus; 343ddf64866SMarri Devender Rao std::string certificateFile; 344ddf64866SMarri Devender Rao std::string keyFile; 345ddf64866SMarri Devender Rao std::string certDir; 346ddf64866SMarri Devender Rao }; 347ddf64866SMarri Devender Rao 348ddf64866SMarri Devender Rao /** @brief Check install fails if private key is missing in certificate file 349ddf64866SMarri Devender Rao */ 3508841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestMissingPrivateKey) 351ddf64866SMarri Devender Rao { 352ddf64866SMarri Devender Rao std::string endpoint("ldap"); 3538841dbd6SMarri Devender Rao std::string unit(""); 354ddf64866SMarri Devender Rao std::string type("client"); 3558841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 3568841dbd6SMarri Devender Rao std::string verifyPath(installPath); 357b50789ceSJayanth Othayoth std::string verifyUnit(unit); 358ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 3598841dbd6SMarri Devender Rao EXPECT_THROW( 3608841dbd6SMarri Devender Rao { 3618841dbd6SMarri Devender Rao try 3628841dbd6SMarri Devender Rao { 3638841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 364*8f80c35bSMarri Devender Rao certificateFile, false); 3658841dbd6SMarri Devender Rao } 3668841dbd6SMarri Devender Rao catch (const InvalidCertificate& e) 3678841dbd6SMarri Devender Rao { 3688841dbd6SMarri Devender Rao throw; 3698841dbd6SMarri Devender Rao } 3708841dbd6SMarri Devender Rao }, 3718841dbd6SMarri Devender Rao InvalidCertificate); 3728841dbd6SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 3738841dbd6SMarri Devender Rao } 3748841dbd6SMarri Devender Rao 3758841dbd6SMarri Devender Rao /** @brief Check install fails if ceritificate is missing in certificate file 3768841dbd6SMarri Devender Rao */ 3778841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestMissingCeritificate) 3788841dbd6SMarri Devender Rao { 3798841dbd6SMarri Devender Rao std::string endpoint("ldap"); 3808841dbd6SMarri Devender Rao std::string unit(""); 3818841dbd6SMarri Devender Rao std::string type("client"); 3828841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + keyFile); 3838841dbd6SMarri Devender Rao std::string verifyPath(installPath); 3848841dbd6SMarri Devender Rao std::string verifyUnit(unit); 3858841dbd6SMarri Devender Rao 3868841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 3878841dbd6SMarri Devender Rao EXPECT_THROW( 3888841dbd6SMarri Devender Rao { 3898841dbd6SMarri Devender Rao try 3908841dbd6SMarri Devender Rao { 3918841dbd6SMarri Devender Rao Certificate certificate(bus, objPath, type, unit, installPath, 392*8f80c35bSMarri Devender Rao keyFile, false); 3938841dbd6SMarri Devender Rao } 3948841dbd6SMarri Devender Rao catch (const InvalidCertificate& e) 3958841dbd6SMarri Devender Rao { 3968841dbd6SMarri Devender Rao throw; 3978841dbd6SMarri Devender Rao } 3988841dbd6SMarri Devender Rao }, 3998841dbd6SMarri Devender Rao InvalidCertificate); 4008841dbd6SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 4018841dbd6SMarri Devender Rao } 4028841dbd6SMarri Devender Rao 4038841dbd6SMarri Devender Rao /** @brief Check if Manager install method fails for invalid certificate file 4048841dbd6SMarri Devender Rao */ 4058841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestCertManagerInstall) 4068841dbd6SMarri Devender Rao { 4078841dbd6SMarri Devender Rao std::string endpoint("ldap"); 4088841dbd6SMarri Devender Rao std::string unit(""); 4098841dbd6SMarri Devender Rao std::string type("client"); 4108841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 4118841dbd6SMarri Devender Rao std::string verifyPath(installPath); 4128841dbd6SMarri Devender Rao std::string verifyUnit(unit); 4138841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 4148841dbd6SMarri Devender Rao Manager manager(bus, objPath.c_str(), type, std::move(unit), 4158841dbd6SMarri Devender Rao std::move(installPath)); 416ddf64866SMarri Devender Rao MainApp mainApp(&manager); 417ddf64866SMarri Devender Rao EXPECT_THROW( 418ddf64866SMarri Devender Rao { 419ddf64866SMarri Devender Rao try 420ddf64866SMarri Devender Rao { 421ddf64866SMarri Devender Rao mainApp.install(certificateFile); 422ddf64866SMarri Devender Rao } 423ddf64866SMarri Devender Rao catch (const InvalidCertificate& e) 424ddf64866SMarri Devender Rao { 425ddf64866SMarri Devender Rao throw; 426ddf64866SMarri Devender Rao } 427ddf64866SMarri Devender Rao }, 428ddf64866SMarri Devender Rao InvalidCertificate); 429ddf64866SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 430ddf64866SMarri Devender Rao } 431ddf64866SMarri Devender Rao 4328841dbd6SMarri Devender Rao /** @brief Check if error is thrown when multiple certificates are installed 4338841dbd6SMarri Devender Rao * At present only one certificate per service is allowed 434ddf64866SMarri Devender Rao */ 4358841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestCertInstallNotAllowed) 436ddf64866SMarri Devender Rao { 4378841dbd6SMarri Devender Rao using NotAllowed = 4388841dbd6SMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 439ddf64866SMarri Devender Rao std::string endpoint("ldap"); 4408841dbd6SMarri Devender Rao std::string unit(""); 441ddf64866SMarri Devender Rao std::string type("client"); 4428841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 4438841dbd6SMarri Devender Rao std::string verifyPath(installPath); 444b50789ceSJayanth Othayoth std::string verifyUnit(unit); 445ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 4468841dbd6SMarri Devender Rao Manager manager(bus, objPath.c_str(), type, std::move(unit), 4478841dbd6SMarri Devender Rao std::move(installPath)); 448ddf64866SMarri Devender Rao MainApp mainApp(&manager); 4498841dbd6SMarri Devender Rao mainApp.install(certificateFile); 4508841dbd6SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 451ddf64866SMarri Devender Rao EXPECT_THROW( 452ddf64866SMarri Devender Rao { 453ddf64866SMarri Devender Rao try 454ddf64866SMarri Devender Rao { 4558841dbd6SMarri Devender Rao // install second certificate 4568841dbd6SMarri Devender Rao mainApp.install(certificateFile); 457ddf64866SMarri Devender Rao } 4588841dbd6SMarri Devender Rao catch (const NotAllowed& e) 459ddf64866SMarri Devender Rao { 460ddf64866SMarri Devender Rao throw; 461ddf64866SMarri Devender Rao } 462ddf64866SMarri Devender Rao }, 4638841dbd6SMarri Devender Rao NotAllowed); 464e6597c5bSMarri Devender Rao } 465