113bf74e4SMarri Devender Rao #include "config.h" 213bf74e4SMarri Devender Rao 38841dbd6SMarri Devender Rao #include "certificate.hpp" 4947258dcSMarri Devender Rao #include "certs_manager.hpp" 5947258dcSMarri Devender Rao 62f3563ccSZbigniew Lukwinski #include <openssl/bio.h> 72f3563ccSZbigniew Lukwinski #include <openssl/crypto.h> 82f3563ccSZbigniew Lukwinski #include <openssl/err.h> 92f3563ccSZbigniew Lukwinski #include <openssl/evp.h> 102f3563ccSZbigniew Lukwinski #include <openssl/pem.h> 112f3563ccSZbigniew Lukwinski #include <openssl/x509v3.h> 122f3563ccSZbigniew Lukwinski 13947258dcSMarri Devender Rao #include <algorithm> 148841dbd6SMarri Devender Rao #include <filesystem> 15947258dcSMarri Devender Rao #include <fstream> 16947258dcSMarri Devender Rao #include <iterator> 17f4682712SMarri Devender Rao #include <sdeventplus/event.hpp> 18947258dcSMarri Devender Rao #include <string> 1913bf74e4SMarri Devender Rao #include <xyz/openbmc_project/Certs/error.hpp> 20947258dcSMarri Devender Rao #include <xyz/openbmc_project/Common/error.hpp> 21947258dcSMarri Devender Rao 22947258dcSMarri Devender Rao #include <gtest/gtest.h> 238841dbd6SMarri Devender Rao namespace fs = std::filesystem; 24947258dcSMarri Devender Rao using InternalFailure = 25947258dcSMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 26e6597c5bSMarri Devender Rao using InvalidCertificate = 2713bf74e4SMarri Devender Rao sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate; 288841dbd6SMarri Devender Rao using namespace phosphor::certs; 29e6597c5bSMarri Devender Rao 30ddf64866SMarri Devender Rao /** 31ddf64866SMarri Devender Rao * Class to generate certificate file and test verification of certificate file 32ddf64866SMarri Devender Rao */ 338841dbd6SMarri Devender Rao class TestCertificates : public ::testing::Test 34947258dcSMarri Devender Rao { 35947258dcSMarri Devender Rao public: 368841dbd6SMarri Devender Rao TestCertificates() : bus(sdbusplus::bus::new_default()) 37947258dcSMarri Devender Rao { 38947258dcSMarri Devender Rao } 39947258dcSMarri Devender Rao void SetUp() override 40947258dcSMarri Devender Rao { 41947258dcSMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 42947258dcSMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 43947258dcSMarri Devender Rao if (dirPtr == NULL) 44947258dcSMarri Devender Rao { 45947258dcSMarri Devender Rao throw std::bad_alloc(); 46947258dcSMarri Devender Rao } 47fe590c4eSZbigniew Lukwinski certDir = std::string(dirPtr) + "/certs"; 48fe590c4eSZbigniew Lukwinski fs::create_directories(certDir); 49db029c95SKowalski, Kamil 50db029c95SKowalski, Kamil createNewCertificate(); 51947258dcSMarri Devender Rao } 52db029c95SKowalski, Kamil 53947258dcSMarri Devender Rao void TearDown() override 54947258dcSMarri Devender Rao { 55947258dcSMarri Devender Rao fs::remove_all(certDir); 56947258dcSMarri Devender Rao fs::remove(certificateFile); 57f4682712SMarri Devender Rao fs::remove(CSRFile); 58f4682712SMarri Devender Rao fs::remove(privateKeyFile); 59*cf811c43SNan Zhou fs::remove_all("demoCA"); 60947258dcSMarri Devender Rao } 61947258dcSMarri Devender Rao 62db029c95SKowalski, Kamil void createNewCertificate(bool setNewCertId = false) 63db029c95SKowalski, Kamil { 64db029c95SKowalski, Kamil certificateFile = "cert.pem"; 65db029c95SKowalski, Kamil CSRFile = "domain.csr"; 66db029c95SKowalski, Kamil privateKeyFile = "privkey.pem"; 67db029c95SKowalski, Kamil rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem"; 68db029c95SKowalski, Kamil std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 69*cf811c43SNan Zhou cmd += "-keyout cert.pem -out cert.pem -days 365000 -nodes"; 70db029c95SKowalski, Kamil cmd += " -subj /O=openbmc-project.xyz/CN=localhost"; 71db029c95SKowalski, Kamil 72db029c95SKowalski, Kamil if (setNewCertId) 73db029c95SKowalski, Kamil { 74db029c95SKowalski, Kamil cmd += std::to_string(certId++); 75db029c95SKowalski, Kamil } 76db029c95SKowalski, Kamil 77db029c95SKowalski, Kamil auto val = std::system(cmd.c_str()); 78db029c95SKowalski, Kamil if (val) 79db029c95SKowalski, Kamil { 80db029c95SKowalski, Kamil std::cout << "COMMAND Error: " << val << std::endl; 81db029c95SKowalski, Kamil } 82db029c95SKowalski, Kamil } 83db029c95SKowalski, Kamil 84*cf811c43SNan Zhou void createNeverExpiredRootCertificate() 85*cf811c43SNan Zhou { 86*cf811c43SNan Zhou // remove the old cert 87*cf811c43SNan Zhou fs::remove(certificateFile); 88*cf811c43SNan Zhou 89*cf811c43SNan Zhou // The following routines create a cert that has NotBefore 90*cf811c43SNan Zhou // set to 1970/01/01 and NotAfter set to 9999/12/31 via the 91*cf811c43SNan Zhou // OpenSSL CA application. 92*cf811c43SNan Zhou certificateFile = "cert.pem"; 93*cf811c43SNan Zhou ASSERT_EQ(std::system("mkdir -p demoCA"), 0); 94*cf811c43SNan Zhou ASSERT_EQ(std::system("mkdir -p demoCA/private/"), 0); 95*cf811c43SNan Zhou ASSERT_EQ(std::system("mkdir -p demoCA/newcerts/"), 0); 96*cf811c43SNan Zhou ASSERT_EQ(std::system("touch demoCA/index.txt"), 0); 97*cf811c43SNan Zhou ASSERT_EQ(std::system("echo 1000 > demoCA/serial"), 0); 98*cf811c43SNan Zhou ASSERT_EQ( 99*cf811c43SNan Zhou std::system( 100*cf811c43SNan Zhou "openssl req -x509 -sha256 -newkey rsa:2048 -keyout " 101*cf811c43SNan Zhou "demoCA/private/cakey.pem -out demoCA/cacert.pem -nodes " 102*cf811c43SNan Zhou "-subj /O=openbmc-project.xyz/C=US/ST=CA/CN=localhost-ca"), 103*cf811c43SNan Zhou 0); 104*cf811c43SNan Zhou ASSERT_EQ(std::system( 105*cf811c43SNan Zhou "openssl req -new -newkey rsa:2048 -nodes -keyout " 106*cf811c43SNan Zhou "demoCA/server.key -out demoCA/server.csr -subj " 107*cf811c43SNan Zhou "/O=openbmc-project.xyz/C=US/ST=CA/CN=localhost-server"), 108*cf811c43SNan Zhou 0); 109*cf811c43SNan Zhou ASSERT_EQ( 110*cf811c43SNan Zhou std::system( 111*cf811c43SNan Zhou "openssl ca -batch -startdate 19700101000000Z -enddate " 112*cf811c43SNan Zhou "99991231235959Z -out cert.pem -infiles demoCA/server.csr"), 113*cf811c43SNan Zhou 0); 114*cf811c43SNan Zhou } 115*cf811c43SNan Zhou 116947258dcSMarri Devender Rao bool compareFiles(const std::string& file1, const std::string& file2) 117947258dcSMarri Devender Rao { 118947258dcSMarri Devender Rao std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate); 119947258dcSMarri Devender Rao std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate); 120947258dcSMarri Devender Rao 121947258dcSMarri Devender Rao if (f1.fail() || f2.fail()) 122947258dcSMarri Devender Rao { 123947258dcSMarri Devender Rao return false; // file problem 124947258dcSMarri Devender Rao } 125947258dcSMarri Devender Rao 126947258dcSMarri Devender Rao if (f1.tellg() != f2.tellg()) 127947258dcSMarri Devender Rao { 128947258dcSMarri Devender Rao return false; // size mismatch 129947258dcSMarri Devender Rao } 130947258dcSMarri Devender Rao 131947258dcSMarri Devender Rao // seek back to beginning and use std::equal to compare contents 132947258dcSMarri Devender Rao f1.seekg(0, std::ifstream::beg); 133947258dcSMarri Devender Rao f2.seekg(0, std::ifstream::beg); 134947258dcSMarri Devender Rao return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()), 135947258dcSMarri Devender Rao std::istreambuf_iterator<char>(), 136947258dcSMarri Devender Rao std::istreambuf_iterator<char>(f2.rdbuf())); 137947258dcSMarri Devender Rao } 138947258dcSMarri Devender Rao 1392f3563ccSZbigniew Lukwinski std::string getCertSubjectNameHash(const std::string& certFilePath) 1402f3563ccSZbigniew Lukwinski { 1412f3563ccSZbigniew Lukwinski std::unique_ptr<X509, decltype(&::X509_free)> cert(X509_new(), 1422f3563ccSZbigniew Lukwinski ::X509_free); 1432f3563ccSZbigniew Lukwinski if (!cert) 1442f3563ccSZbigniew Lukwinski { 1452f3563ccSZbigniew Lukwinski std::string(); 1462f3563ccSZbigniew Lukwinski } 1472f3563ccSZbigniew Lukwinski 1482f3563ccSZbigniew Lukwinski std::unique_ptr<BIO, decltype(&::BIO_free)> bioCert( 1492f3563ccSZbigniew Lukwinski BIO_new_file(certFilePath.c_str(), "rb"), ::BIO_free); 1502f3563ccSZbigniew Lukwinski if (!bioCert) 1512f3563ccSZbigniew Lukwinski { 1522f3563ccSZbigniew Lukwinski std::string(); 1532f3563ccSZbigniew Lukwinski } 1542f3563ccSZbigniew Lukwinski 1552f3563ccSZbigniew Lukwinski X509* x509 = cert.get(); 1562f3563ccSZbigniew Lukwinski if (!PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr)) 1572f3563ccSZbigniew Lukwinski { 1582f3563ccSZbigniew Lukwinski std::string(); 1592f3563ccSZbigniew Lukwinski } 1602f3563ccSZbigniew Lukwinski 1612f3563ccSZbigniew Lukwinski unsigned long hash = X509_subject_name_hash(cert.get()); 1622f3563ccSZbigniew Lukwinski static constexpr auto AUTH_CERT_HASH_LENGTH = 9; 1632f3563ccSZbigniew Lukwinski char hashBuf[AUTH_CERT_HASH_LENGTH]; 1642f3563ccSZbigniew Lukwinski sprintf(hashBuf, "%08lx", hash); 1652f3563ccSZbigniew Lukwinski return std::string(hashBuf); 1662f3563ccSZbigniew Lukwinski } 1672f3563ccSZbigniew Lukwinski 168947258dcSMarri Devender Rao protected: 169947258dcSMarri Devender Rao sdbusplus::bus::bus bus; 170c6e58c7eSRamesh Iyyar std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath; 171947258dcSMarri Devender Rao 172947258dcSMarri Devender Rao std::string certDir; 173db029c95SKowalski, Kamil uint64_t certId; 174947258dcSMarri Devender Rao }; 175947258dcSMarri Devender Rao 176947258dcSMarri Devender Rao class MainApp 177947258dcSMarri Devender Rao { 178947258dcSMarri Devender Rao public: 179f4682712SMarri Devender Rao MainApp(phosphor::certs::Manager* manager, 180f4682712SMarri Devender Rao phosphor::certs::CSR* csr = nullptr) : 181f4682712SMarri Devender Rao manager(manager), 182e129be3bSPatrick Williams csr_(csr) 183947258dcSMarri Devender Rao { 184947258dcSMarri Devender Rao } 185947258dcSMarri Devender Rao void install(std::string& path) 186947258dcSMarri Devender Rao { 187947258dcSMarri Devender Rao manager->install(path); 188947258dcSMarri Devender Rao } 1899abfae88SMarri Devender Rao void delete_() 1909abfae88SMarri Devender Rao { 191a3bb38fbSZbigniew Kurzynski manager->deleteAll(); 1929abfae88SMarri Devender Rao } 193f4682712SMarri Devender Rao 194f4682712SMarri Devender Rao std::string generateCSR(std::vector<std::string> alternativeNames, 195f4682712SMarri Devender Rao std::string challengePassword, std::string city, 196f4682712SMarri Devender Rao std::string commonName, std::string contactPerson, 197f4682712SMarri Devender Rao std::string country, std::string email, 198f4682712SMarri Devender Rao std::string givenName, std::string initials, 199f4682712SMarri Devender Rao int64_t keyBitLength, std::string keyCurveId, 200f4682712SMarri Devender Rao std::string keyPairAlgorithm, 201f4682712SMarri Devender Rao std::vector<std::string> keyUsage, 202f4682712SMarri Devender Rao std::string organization, 203f4682712SMarri Devender Rao std::string organizationalUnit, std::string state, 204f4682712SMarri Devender Rao std::string surname, std::string unstructuredName) 205f4682712SMarri Devender Rao { 206f4682712SMarri Devender Rao return (manager->generateCSR( 207f4682712SMarri Devender Rao alternativeNames, challengePassword, city, commonName, 208f4682712SMarri Devender Rao contactPerson, country, email, givenName, initials, keyBitLength, 209f4682712SMarri Devender Rao keyCurveId, keyPairAlgorithm, keyUsage, organization, 210f4682712SMarri Devender Rao organizationalUnit, state, surname, unstructuredName)); 211f4682712SMarri Devender Rao } 212e129be3bSPatrick Williams std::string csr() 213e129be3bSPatrick Williams { 214e129be3bSPatrick Williams return (csr_->csr()); 215e129be3bSPatrick Williams } 216947258dcSMarri Devender Rao phosphor::certs::Manager* manager; 217e129be3bSPatrick Williams phosphor::certs::CSR* csr_; 218947258dcSMarri Devender Rao }; 219947258dcSMarri Devender Rao 220947258dcSMarri Devender Rao /** @brief Check if server install routine is invoked for server setup 221947258dcSMarri Devender Rao */ 2228841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeServerInstall) 223947258dcSMarri Devender Rao { 224947258dcSMarri Devender Rao std::string endpoint("https"); 2258841dbd6SMarri Devender Rao std::string unit(""); 226947258dcSMarri Devender Rao std::string type("server"); 2278841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2288841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2298841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 230947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 231ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 232ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 233ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 234ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 235ffad1ef1SMarri Devender Rao std::move(installPath)); 236ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 237ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 238947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 239947258dcSMarri Devender Rao } 240947258dcSMarri Devender Rao 241947258dcSMarri Devender Rao /** @brief Check if client install routine is invoked for client setup 242947258dcSMarri Devender Rao */ 2438841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeClientInstall) 244947258dcSMarri Devender Rao { 245947258dcSMarri Devender Rao std::string endpoint("ldap"); 2468841dbd6SMarri Devender Rao std::string unit(""); 2478841dbd6SMarri Devender Rao std::string type("server"); 2488841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2498841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2508841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 251947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 252ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 253ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 254ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 255ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 256ffad1ef1SMarri Devender Rao std::move(installPath)); 257ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 258ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 259b50789ceSJayanth Othayoth EXPECT_TRUE(fs::exists(verifyPath)); 260b50789ceSJayanth Othayoth } 261b50789ceSJayanth Othayoth 262db029c95SKowalski, Kamil /** @brief Check if storage install routine is invoked for storage setup 263b50789ceSJayanth Othayoth */ 2648841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeAuthorityInstall) 265b50789ceSJayanth Othayoth { 266b50789ceSJayanth Othayoth std::string endpoint("ldap"); 2678841dbd6SMarri Devender Rao std::string unit(""); 268b50789ceSJayanth Othayoth std::string type("authority"); 269db029c95SKowalski, Kamil std::string verifyDir(certDir); 2708841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 271b50789ceSJayanth Othayoth auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 272ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 273ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 274ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 275ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 276db029c95SKowalski, Kamil std::move(certDir)); 277ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 278*cf811c43SNan Zhou // install the default certificate that's valid from today to 100 years 279*cf811c43SNan Zhou // later 280ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 281db029c95SKowalski, Kamil 282db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 283db029c95SKowalski, Kamil manager.getCertificates(); 284db029c95SKowalski, Kamil 285*cf811c43SNan Zhou ASSERT_EQ(certs.size(), 1); 286*cf811c43SNan Zhou // check some attributes as well 287*cf811c43SNan Zhou EXPECT_EQ(certs.front()->validNotAfter() - certs.front()->validNotBefore(), 288*cf811c43SNan Zhou 365000ULL * 24 * 3600); 289*cf811c43SNan Zhou EXPECT_EQ(certs.front()->subject(), "O=openbmc-project.xyz,CN=localhost"); 290*cf811c43SNan Zhou EXPECT_EQ(certs.front()->issuer(), "O=openbmc-project.xyz,CN=localhost"); 291*cf811c43SNan Zhou 292*cf811c43SNan Zhou std::string verifyPath = 293*cf811c43SNan Zhou verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 294*cf811c43SNan Zhou 295*cf811c43SNan Zhou // Check that certificate has been created at installation directory 296*cf811c43SNan Zhou EXPECT_FALSE(fs::is_empty(verifyDir)); 297*cf811c43SNan Zhou EXPECT_TRUE(fs::exists(verifyPath)); 298*cf811c43SNan Zhou 299*cf811c43SNan Zhou // Check that installed cert is identical to input one 300*cf811c43SNan Zhou EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 301*cf811c43SNan Zhou } 302*cf811c43SNan Zhou 303*cf811c43SNan Zhou /** @brief Check if storage install routine is invoked for storage setup 304*cf811c43SNan Zhou */ 305*cf811c43SNan Zhou TEST_F(TestCertificates, InvokeAuthorityInstallNeverExpiredRootCert) 306*cf811c43SNan Zhou { 307*cf811c43SNan Zhou std::string endpoint("ldap"); 308*cf811c43SNan Zhou std::string unit(""); 309*cf811c43SNan Zhou std::string type("authority"); 310*cf811c43SNan Zhou std::string verifyDir(certDir); 311*cf811c43SNan Zhou UnitsToRestart verifyUnit(unit); 312*cf811c43SNan Zhou auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 313*cf811c43SNan Zhou auto event = sdeventplus::Event::get_default(); 314*cf811c43SNan Zhou // Attach the bus to sd_event to service user requests 315*cf811c43SNan Zhou bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 316*cf811c43SNan Zhou Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 317*cf811c43SNan Zhou std::move(certDir)); 318*cf811c43SNan Zhou MainApp mainApp(&manager); 319*cf811c43SNan Zhou 320*cf811c43SNan Zhou // install the certificate that's valid from the Unix Epoch to Dec 31, 9999 321*cf811c43SNan Zhou createNeverExpiredRootCertificate(); 322*cf811c43SNan Zhou mainApp.install(certificateFile); 323*cf811c43SNan Zhou 324*cf811c43SNan Zhou std::vector<std::unique_ptr<Certificate>>& certs = 325*cf811c43SNan Zhou manager.getCertificates(); 326*cf811c43SNan Zhou 327*cf811c43SNan Zhou EXPECT_EQ(certs.front()->validNotBefore(), 0); 328*cf811c43SNan Zhou EXPECT_EQ(certs.front()->validNotAfter(), 253402300799ULL); 329db029c95SKowalski, Kamil 3302f3563ccSZbigniew Lukwinski std::string verifyPath = 3312f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 332db029c95SKowalski, Kamil 333db029c95SKowalski, Kamil // Check that certificate has been created at installation directory 334db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 335db029c95SKowalski, Kamil EXPECT_TRUE(fs::exists(verifyPath)); 336db029c95SKowalski, Kamil 337db029c95SKowalski, Kamil // Check that installed cert is identical to input one 338db029c95SKowalski, Kamil EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 339db029c95SKowalski, Kamil } 340db029c95SKowalski, Kamil 3412f3563ccSZbigniew Lukwinski /** @brief Check if in authority mode user can't install the same 3422f3563ccSZbigniew Lukwinski * certificate twice. 343db029c95SKowalski, Kamil */ 3442f3563ccSZbigniew Lukwinski TEST_F(TestCertificates, InvokeInstallSameCertTwice) 345db029c95SKowalski, Kamil { 346db029c95SKowalski, Kamil std::string endpoint("ldap"); 347db029c95SKowalski, Kamil std::string unit(""); 348db029c95SKowalski, Kamil std::string type("authority"); 349db029c95SKowalski, Kamil std::string verifyDir(certDir); 350db029c95SKowalski, Kamil UnitsToRestart verifyUnit(unit); 351db029c95SKowalski, Kamil auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 352db029c95SKowalski, Kamil auto event = sdeventplus::Event::get_default(); 353db029c95SKowalski, Kamil // Attach the bus to sd_event to service user requests 354db029c95SKowalski, Kamil bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 355db029c95SKowalski, Kamil Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 356db029c95SKowalski, Kamil std::move(certDir)); 357db029c95SKowalski, Kamil MainApp mainApp(&manager); 358db029c95SKowalski, Kamil mainApp.install(certificateFile); 359db029c95SKowalski, Kamil 360db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 361db029c95SKowalski, Kamil manager.getCertificates(); 362db029c95SKowalski, Kamil 363db029c95SKowalski, Kamil EXPECT_FALSE(certs.empty()); 364db029c95SKowalski, Kamil 365db029c95SKowalski, Kamil // Check that certificate has been created at installation directory 3662f3563ccSZbigniew Lukwinski std::string verifyPath = 3672f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 368db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 369db029c95SKowalski, Kamil EXPECT_TRUE(fs::exists(verifyPath)); 370db029c95SKowalski, Kamil 371db029c95SKowalski, Kamil // Check that installed cert is identical to input one 372db029c95SKowalski, Kamil EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 373db029c95SKowalski, Kamil 3742f3563ccSZbigniew Lukwinski using NotAllowed = 3752f3563ccSZbigniew Lukwinski sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 376db029c95SKowalski, Kamil EXPECT_THROW( 377db029c95SKowalski, Kamil { 378db029c95SKowalski, Kamil try 379db029c95SKowalski, Kamil { 3802f3563ccSZbigniew Lukwinski // Try to install the same certificate second time 381db029c95SKowalski, Kamil mainApp.install(certificateFile); 382db029c95SKowalski, Kamil } 383db029c95SKowalski, Kamil catch (const NotAllowed& e) 384db029c95SKowalski, Kamil { 385db029c95SKowalski, Kamil throw; 386db029c95SKowalski, Kamil } 387db029c95SKowalski, Kamil }, 388db029c95SKowalski, Kamil NotAllowed); 389db029c95SKowalski, Kamil 390db029c95SKowalski, Kamil // Check that the original certificate has been not removed 391db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 392947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 393947258dcSMarri Devender Rao } 394947258dcSMarri Devender Rao 39573d1fbf3SZbigniew Lukwinski /** @brief Check if in authority mode user can install a certificate with 3962f3563ccSZbigniew Lukwinski * certain subject hash twice. 3972f3563ccSZbigniew Lukwinski */ 3982f3563ccSZbigniew Lukwinski TEST_F(TestCertificates, InvokeInstallSameSubjectTwice) 3992f3563ccSZbigniew Lukwinski { 4002f3563ccSZbigniew Lukwinski std::string endpoint("ldap"); 4012f3563ccSZbigniew Lukwinski std::string unit(""); 4022f3563ccSZbigniew Lukwinski std::string type("authority"); 4032f3563ccSZbigniew Lukwinski std::string verifyDir(certDir); 4042f3563ccSZbigniew Lukwinski UnitsToRestart verifyUnit(unit); 4052f3563ccSZbigniew Lukwinski auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 4062f3563ccSZbigniew Lukwinski auto event = sdeventplus::Event::get_default(); 4072f3563ccSZbigniew Lukwinski // Attach the bus to sd_event to service user requests 4082f3563ccSZbigniew Lukwinski bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 4092f3563ccSZbigniew Lukwinski Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 4102f3563ccSZbigniew Lukwinski std::move(certDir)); 4112f3563ccSZbigniew Lukwinski MainApp mainApp(&manager); 4122f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 4132f3563ccSZbigniew Lukwinski 4142f3563ccSZbigniew Lukwinski std::vector<std::unique_ptr<Certificate>>& certs = 4152f3563ccSZbigniew Lukwinski manager.getCertificates(); 4162f3563ccSZbigniew Lukwinski 4172f3563ccSZbigniew Lukwinski EXPECT_FALSE(certs.empty()); 4182f3563ccSZbigniew Lukwinski 4192f3563ccSZbigniew Lukwinski // Check that certificate has been created at installation directory 4202f3563ccSZbigniew Lukwinski std::string verifyPath0 = 4212f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 4222f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 4232f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath0)); 4242f3563ccSZbigniew Lukwinski 4252f3563ccSZbigniew Lukwinski // Check that installed cert is identical to input one 4262f3563ccSZbigniew Lukwinski EXPECT_TRUE(compareFiles(certificateFile, verifyPath0)); 4272f3563ccSZbigniew Lukwinski 4282f3563ccSZbigniew Lukwinski // Prepare second certificate with the same subject 4292f3563ccSZbigniew Lukwinski createNewCertificate(); 4302f3563ccSZbigniew Lukwinski 4312f3563ccSZbigniew Lukwinski // Install second certificate 4322f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 4332f3563ccSZbigniew Lukwinski 4342f3563ccSZbigniew Lukwinski // Expect there are exactly two certificates in the collection 43573d1fbf3SZbigniew Lukwinski EXPECT_EQ(certs.size(), 2); 43673d1fbf3SZbigniew Lukwinski 43773d1fbf3SZbigniew Lukwinski // Check that certificate has been created at installation directory 43873d1fbf3SZbigniew Lukwinski std::string verifyPath1 = 43973d1fbf3SZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".1"; 44073d1fbf3SZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath1)); 44173d1fbf3SZbigniew Lukwinski 44273d1fbf3SZbigniew Lukwinski // Check that installed cert is identical to input one 44373d1fbf3SZbigniew Lukwinski EXPECT_TRUE(compareFiles(certificateFile, verifyPath1)); 4442f3563ccSZbigniew Lukwinski 4452f3563ccSZbigniew Lukwinski // Check that the original/first certificate has been not removed 4462f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 4472f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath0)); 4482f3563ccSZbigniew Lukwinski } 4492f3563ccSZbigniew Lukwinski 4502f3563ccSZbigniew Lukwinski /** @brief Check if in authority mode user can't install more than 4512f3563ccSZbigniew Lukwinski * AUTHORITY_CERTIFICATES_LIMIT certificates. 4522f3563ccSZbigniew Lukwinski */ 4532f3563ccSZbigniew Lukwinski TEST_F(TestCertificates, InvokeInstallAuthCertLimit) 4542f3563ccSZbigniew Lukwinski { 4552f3563ccSZbigniew Lukwinski std::string endpoint("ldap"); 4562f3563ccSZbigniew Lukwinski std::string unit(""); 4572f3563ccSZbigniew Lukwinski std::string type("authority"); 4582f3563ccSZbigniew Lukwinski std::string verifyDir(certDir); 4592f3563ccSZbigniew Lukwinski UnitsToRestart verifyUnit(unit); 4602f3563ccSZbigniew Lukwinski auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 4612f3563ccSZbigniew Lukwinski auto event = sdeventplus::Event::get_default(); 4622f3563ccSZbigniew Lukwinski // Attach the bus to sd_event to service user requests 4632f3563ccSZbigniew Lukwinski bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 4642f3563ccSZbigniew Lukwinski Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 4652f3563ccSZbigniew Lukwinski std::move(certDir)); 4662f3563ccSZbigniew Lukwinski MainApp mainApp(&manager); 4672f3563ccSZbigniew Lukwinski 4682f3563ccSZbigniew Lukwinski std::vector<std::unique_ptr<Certificate>>& certs = 4692f3563ccSZbigniew Lukwinski manager.getCertificates(); 4702f3563ccSZbigniew Lukwinski 4712f3563ccSZbigniew Lukwinski std::vector<std::string> verifyPaths; 4722f3563ccSZbigniew Lukwinski 4732f3563ccSZbigniew Lukwinski // Prepare maximum number of ceritificates 4742f3563ccSZbigniew Lukwinski for (std::size_t i = 0; i < AUTHORITY_CERTIFICATES_LIMIT; ++i) 4752f3563ccSZbigniew Lukwinski { 4762f3563ccSZbigniew Lukwinski // Prepare new certificatate 4772f3563ccSZbigniew Lukwinski createNewCertificate(true); 4782f3563ccSZbigniew Lukwinski 4792f3563ccSZbigniew Lukwinski // Install ceritificate 4802f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 4812f3563ccSZbigniew Lukwinski 4822f3563ccSZbigniew Lukwinski // Check number of certificates in the collection 4832f3563ccSZbigniew Lukwinski EXPECT_EQ(certs.size(), i + 1); 4842f3563ccSZbigniew Lukwinski 4852f3563ccSZbigniew Lukwinski // Check that certificate has been created at installation directory 4862f3563ccSZbigniew Lukwinski std::string verifyPath = 4872f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 4882f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 4892f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath)); 4902f3563ccSZbigniew Lukwinski 4912f3563ccSZbigniew Lukwinski // Check that installed cert is identical to input one 4922f3563ccSZbigniew Lukwinski EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 4932f3563ccSZbigniew Lukwinski 4942f3563ccSZbigniew Lukwinski // Save current certificate file for later check 4952f3563ccSZbigniew Lukwinski verifyPaths.push_back(verifyPath); 4962f3563ccSZbigniew Lukwinski } 4972f3563ccSZbigniew Lukwinski 4982f3563ccSZbigniew Lukwinski // Prepare new certificatate 4992f3563ccSZbigniew Lukwinski createNewCertificate(true); 5002f3563ccSZbigniew Lukwinski 5012f3563ccSZbigniew Lukwinski using NotAllowed = 5022f3563ccSZbigniew Lukwinski sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 5032f3563ccSZbigniew Lukwinski EXPECT_THROW( 5042f3563ccSZbigniew Lukwinski { 5052f3563ccSZbigniew Lukwinski try 5062f3563ccSZbigniew Lukwinski { 5072f3563ccSZbigniew Lukwinski // Try to install one more certificate 5082f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 5092f3563ccSZbigniew Lukwinski } 5102f3563ccSZbigniew Lukwinski catch (const NotAllowed& e) 5112f3563ccSZbigniew Lukwinski { 5122f3563ccSZbigniew Lukwinski throw; 5132f3563ccSZbigniew Lukwinski } 5142f3563ccSZbigniew Lukwinski }, 5152f3563ccSZbigniew Lukwinski NotAllowed); 5162f3563ccSZbigniew Lukwinski 5172f3563ccSZbigniew Lukwinski // Check that the original certificate has been not removed 5182f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 5192f3563ccSZbigniew Lukwinski for (int i = 0; i < AUTHORITY_CERTIFICATES_LIMIT; ++i) 5202f3563ccSZbigniew Lukwinski { 5212f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPaths[i])); 5222f3563ccSZbigniew Lukwinski } 5232f3563ccSZbigniew Lukwinski } 5242f3563ccSZbigniew Lukwinski 525947258dcSMarri Devender Rao /** @brief Compare the installed certificate with the copied certificate 526947258dcSMarri Devender Rao */ 5278841dbd6SMarri Devender Rao TEST_F(TestCertificates, CompareInstalledCertificate) 528947258dcSMarri Devender Rao { 529947258dcSMarri Devender Rao std::string endpoint("ldap"); 5308841dbd6SMarri Devender Rao std::string unit(""); 531947258dcSMarri Devender Rao std::string type("client"); 5328841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 5338841dbd6SMarri Devender Rao std::string verifyPath(installPath); 5348841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 535947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 536ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 537ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 538ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 539ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 540ffad1ef1SMarri Devender Rao std::move(installPath)); 541ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 542ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 543947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 544947258dcSMarri Devender Rao EXPECT_TRUE(compareFiles(verifyPath, certificateFile)); 545947258dcSMarri Devender Rao } 546e6597c5bSMarri Devender Rao 547e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is not found 548e6597c5bSMarri Devender Rao */ 5498841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestNoCertificateFile) 550e6597c5bSMarri Devender Rao { 551e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 5528841dbd6SMarri Devender Rao std::string unit(""); 553e6597c5bSMarri Devender Rao std::string type("client"); 5548841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 5558841dbd6SMarri Devender Rao std::string verifyPath(installPath); 556b50789ceSJayanth Othayoth std::string verifyUnit(unit); 557e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 5588841dbd6SMarri Devender Rao std::string uploadFile = "nofile.pem"; 559e6597c5bSMarri Devender Rao EXPECT_THROW( 560e6597c5bSMarri Devender Rao { 561e6597c5bSMarri Devender Rao try 562e6597c5bSMarri Devender Rao { 563ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 564ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 565ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 566ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 567ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 568ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 569ffad1ef1SMarri Devender Rao mainApp.install(uploadFile); 570e6597c5bSMarri Devender Rao } 571e6597c5bSMarri Devender Rao catch (const InternalFailure& e) 572e6597c5bSMarri Devender Rao { 573e6597c5bSMarri Devender Rao throw; 574e6597c5bSMarri Devender Rao } 575e6597c5bSMarri Devender Rao }, 576e6597c5bSMarri Devender Rao InternalFailure); 577e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 578e6597c5bSMarri Devender Rao } 579e6597c5bSMarri Devender Rao 580ffad1ef1SMarri Devender Rao /** @brief Test replacing existing certificate 581ffad1ef1SMarri Devender Rao */ 582ffad1ef1SMarri Devender Rao TEST_F(TestCertificates, TestReplaceCertificate) 583ffad1ef1SMarri Devender Rao { 584ffad1ef1SMarri Devender Rao std::string endpoint("ldap"); 585ffad1ef1SMarri Devender Rao std::string unit(""); 586ffad1ef1SMarri Devender Rao std::string type("server"); 587ffad1ef1SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 588ffad1ef1SMarri Devender Rao std::string verifyPath(installPath); 589ffad1ef1SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 590ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 591ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 592ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 593ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 594ffad1ef1SMarri Devender Rao std::move(installPath)); 595ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 596ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 597ffad1ef1SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 598db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 599db029c95SKowalski, Kamil manager.getCertificates(); 600db029c95SKowalski, Kamil EXPECT_FALSE(certs.empty()); 601db029c95SKowalski, Kamil EXPECT_NE(certs[0], nullptr); 602db029c95SKowalski, Kamil certs[0]->replace(certificateFile); 603ffad1ef1SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 604db029c95SKowalski, Kamil } 605db029c95SKowalski, Kamil 606db029c95SKowalski, Kamil /** @brief Test replacing existing certificate 607db029c95SKowalski, Kamil */ 608db029c95SKowalski, Kamil TEST_F(TestCertificates, TestAuthorityReplaceCertificate) 609db029c95SKowalski, Kamil { 610db029c95SKowalski, Kamil std::string endpoint("ldap"); 611db029c95SKowalski, Kamil std::string unit(""); 612db029c95SKowalski, Kamil std::string type("authority"); 613db029c95SKowalski, Kamil std::string verifyDir(certDir); 614db029c95SKowalski, Kamil UnitsToRestart verifyUnit(unit); 615db029c95SKowalski, Kamil auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 616db029c95SKowalski, Kamil auto event = sdeventplus::Event::get_default(); 617db029c95SKowalski, Kamil // Attach the bus to sd_event to service user requests 618db029c95SKowalski, Kamil bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 619db029c95SKowalski, Kamil Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 620db029c95SKowalski, Kamil std::move(certDir)); 621db029c95SKowalski, Kamil MainApp mainApp(&manager); 622db029c95SKowalski, Kamil mainApp.install(certificateFile); 623db029c95SKowalski, Kamil 624db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 625db029c95SKowalski, Kamil manager.getCertificates(); 626db029c95SKowalski, Kamil constexpr const unsigned int REPLACE_ITERATIONS = 10; 627db029c95SKowalski, Kamil 628db029c95SKowalski, Kamil for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++) 629db029c95SKowalski, Kamil { 630db029c95SKowalski, Kamil // Certificate successfully installed 631db029c95SKowalski, Kamil EXPECT_FALSE(certs.empty()); 632db029c95SKowalski, Kamil 6332f3563ccSZbigniew Lukwinski std::string verifyPath = 6342f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 635db029c95SKowalski, Kamil 636db029c95SKowalski, Kamil // Check that certificate has been created at installation directory 637db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 638ffad1ef1SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 639db029c95SKowalski, Kamil 640db029c95SKowalski, Kamil // Check that installed cert is identical to input one 641db029c95SKowalski, Kamil EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 642db029c95SKowalski, Kamil 643db029c95SKowalski, Kamil // Create new certificate 644db029c95SKowalski, Kamil createNewCertificate(true); 645db029c95SKowalski, Kamil 646db029c95SKowalski, Kamil certs[0]->replace(certificateFile); 647db029c95SKowalski, Kamil 648db029c95SKowalski, Kamil // Verify that old certificate has been removed 649db029c95SKowalski, Kamil EXPECT_FALSE(fs::exists(verifyPath)); 650db029c95SKowalski, Kamil } 651ffad1ef1SMarri Devender Rao } 652ffad1ef1SMarri Devender Rao 653a3bb38fbSZbigniew Kurzynski /** @brief Test verifiing if delete function works. 654a3bb38fbSZbigniew Kurzynski */ 655a3bb38fbSZbigniew Kurzynski TEST_F(TestCertificates, TestStorageDeleteCertificate) 656a3bb38fbSZbigniew Kurzynski { 657a3bb38fbSZbigniew Kurzynski std::string endpoint("ldap"); 658a3bb38fbSZbigniew Kurzynski std::string unit(""); 659a3bb38fbSZbigniew Kurzynski std::string type("authority"); 660a3bb38fbSZbigniew Kurzynski std::string verifyDir(certDir); 661a3bb38fbSZbigniew Kurzynski UnitsToRestart verifyUnit(unit); 662a3bb38fbSZbigniew Kurzynski auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 663a3bb38fbSZbigniew Kurzynski auto event = sdeventplus::Event::get_default(); 664a3bb38fbSZbigniew Kurzynski // Attach the bus to sd_event to service user requests 665a3bb38fbSZbigniew Kurzynski bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 666a3bb38fbSZbigniew Kurzynski Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 667a3bb38fbSZbigniew Kurzynski std::move(certDir)); 668a3bb38fbSZbigniew Kurzynski MainApp mainApp(&manager); 669a3bb38fbSZbigniew Kurzynski 670a3bb38fbSZbigniew Kurzynski // Check if certificate placeholder dir is empty 671a3bb38fbSZbigniew Kurzynski EXPECT_TRUE(fs::is_empty(verifyDir)); 672a3bb38fbSZbigniew Kurzynski mainApp.install(certificateFile); 673a3bb38fbSZbigniew Kurzynski 674a3bb38fbSZbigniew Kurzynski // Create new certificate 675a3bb38fbSZbigniew Kurzynski createNewCertificate(true); 676a3bb38fbSZbigniew Kurzynski mainApp.install(certificateFile); 677a3bb38fbSZbigniew Kurzynski 678a3bb38fbSZbigniew Kurzynski createNewCertificate(true); 679a3bb38fbSZbigniew Kurzynski mainApp.install(certificateFile); 680a3bb38fbSZbigniew Kurzynski 681a3bb38fbSZbigniew Kurzynski std::vector<std::unique_ptr<Certificate>>& certs = 682a3bb38fbSZbigniew Kurzynski manager.getCertificates(); 683a3bb38fbSZbigniew Kurzynski 684a3bb38fbSZbigniew Kurzynski // All 3 certificates successfully installed and added to manager 685a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 3); 686a3bb38fbSZbigniew Kurzynski 687a3bb38fbSZbigniew Kurzynski // Check if certificate placeholder is not empty, there should be 3 688a3bb38fbSZbigniew Kurzynski // certificates 689a3bb38fbSZbigniew Kurzynski EXPECT_FALSE(fs::is_empty(verifyDir)); 690a3bb38fbSZbigniew Kurzynski 691a3bb38fbSZbigniew Kurzynski certs[0]->delete_(); 692a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 2); 693a3bb38fbSZbigniew Kurzynski 694a3bb38fbSZbigniew Kurzynski certs[0]->delete_(); 695a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 1); 696a3bb38fbSZbigniew Kurzynski 697a3bb38fbSZbigniew Kurzynski certs[0]->delete_(); 698a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 0); 699a3bb38fbSZbigniew Kurzynski 700a3bb38fbSZbigniew Kurzynski // Check if certificate placeholder is empty. 701a3bb38fbSZbigniew Kurzynski EXPECT_TRUE(fs::is_empty(verifyDir)); 702a3bb38fbSZbigniew Kurzynski } 703a3bb38fbSZbigniew Kurzynski 704e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is empty 705e6597c5bSMarri Devender Rao */ 7068841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestEmptyCertificateFile) 707e6597c5bSMarri Devender Rao { 708e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 7098841dbd6SMarri Devender Rao std::string unit(""); 710e6597c5bSMarri Devender Rao std::string type("client"); 7118841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 7128841dbd6SMarri Devender Rao std::string verifyPath(installPath); 7138841dbd6SMarri Devender Rao std::string verifyUnit(unit); 7148841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 715ddf64866SMarri Devender Rao std::string emptyFile("emptycert.pem"); 716e6597c5bSMarri Devender Rao std::ofstream ofs; 717e6597c5bSMarri Devender Rao ofs.open(emptyFile, std::ofstream::out); 718e6597c5bSMarri Devender Rao ofs.close(); 719e6597c5bSMarri Devender Rao EXPECT_THROW( 720e6597c5bSMarri Devender Rao { 721e6597c5bSMarri Devender Rao try 722e6597c5bSMarri Devender Rao { 723ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 724ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 725ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 726ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 727ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 728ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 729ffad1ef1SMarri Devender Rao mainApp.install(emptyFile); 730e6597c5bSMarri Devender Rao } 731e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 732e6597c5bSMarri Devender Rao { 733e6597c5bSMarri Devender Rao throw; 734e6597c5bSMarri Devender Rao } 735e6597c5bSMarri Devender Rao }, 736e6597c5bSMarri Devender Rao InvalidCertificate); 737e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 738e6597c5bSMarri Devender Rao fs::remove(emptyFile); 739e6597c5bSMarri Devender Rao } 740e6597c5bSMarri Devender Rao 741ddf64866SMarri Devender Rao /** @brief Check if install fails if certificate file is corrupted 742e6597c5bSMarri Devender Rao */ 7438841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestInvalidCertificateFile) 744e6597c5bSMarri Devender Rao { 745e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 7468841dbd6SMarri Devender Rao std::string unit(""); 747e6597c5bSMarri Devender Rao std::string type("client"); 748e6597c5bSMarri Devender Rao 749e6597c5bSMarri Devender Rao std::ofstream ofs; 750ddf64866SMarri Devender Rao ofs.open(certificateFile, std::ofstream::out); 751ddf64866SMarri Devender Rao ofs << "-----BEGIN CERTIFICATE-----"; 752ddf64866SMarri Devender Rao ofs << "ADD_SOME_INVALID_DATA_INTO_FILE"; 753ddf64866SMarri Devender Rao ofs << "-----END CERTIFICATE-----"; 754e6597c5bSMarri Devender Rao ofs.close(); 755e6597c5bSMarri Devender Rao 7568841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 7578841dbd6SMarri Devender Rao std::string verifyPath(installPath); 758b50789ceSJayanth Othayoth std::string verifyUnit(unit); 759e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 760e6597c5bSMarri Devender Rao EXPECT_THROW( 761e6597c5bSMarri Devender Rao { 762e6597c5bSMarri Devender Rao try 763e6597c5bSMarri Devender Rao { 764ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 765ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 766ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 767ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 768ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 769ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 770ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 771e6597c5bSMarri Devender Rao } 772e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 773e6597c5bSMarri Devender Rao { 774e6597c5bSMarri Devender Rao throw; 775e6597c5bSMarri Devender Rao } 776e6597c5bSMarri Devender Rao }, 777e6597c5bSMarri Devender Rao InvalidCertificate); 778e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 779ddf64866SMarri Devender Rao } 780ddf64866SMarri Devender Rao 781ddf64866SMarri Devender Rao /** 782ddf64866SMarri Devender Rao * Class to generate private and certificate only file and test verification 783ddf64866SMarri Devender Rao */ 7848841dbd6SMarri Devender Rao class TestInvalidCertificate : public ::testing::Test 785ddf64866SMarri Devender Rao { 786ddf64866SMarri Devender Rao public: 7878841dbd6SMarri Devender Rao TestInvalidCertificate() : bus(sdbusplus::bus::new_default()) 788ddf64866SMarri Devender Rao { 789ddf64866SMarri Devender Rao } 790ddf64866SMarri Devender Rao void SetUp() override 791ddf64866SMarri Devender Rao { 792ddf64866SMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 793ddf64866SMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 794ddf64866SMarri Devender Rao if (dirPtr == NULL) 795ddf64866SMarri Devender Rao { 796ddf64866SMarri Devender Rao throw std::bad_alloc(); 797ddf64866SMarri Devender Rao } 798fe590c4eSZbigniew Lukwinski certDir = std::string(dirPtr) + "/certs"; 799fe590c4eSZbigniew Lukwinski fs::create_directories(certDir); 800ddf64866SMarri Devender Rao certificateFile = "cert.pem"; 801ddf64866SMarri Devender Rao keyFile = "key.pem"; 802ddf64866SMarri Devender Rao std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 803ddf64866SMarri Devender Rao cmd += "-keyout key.pem -out cert.pem -days 3650 "; 804ddf64866SMarri Devender Rao cmd += "-subj " 805ddf64866SMarri Devender Rao "/O=openbmc-project.xyz/CN=localhost" 806ddf64866SMarri Devender Rao " -nodes"; 807ddf64866SMarri Devender Rao 808ddf64866SMarri Devender Rao auto val = std::system(cmd.c_str()); 809ddf64866SMarri Devender Rao if (val) 810ddf64866SMarri Devender Rao { 811ddf64866SMarri Devender Rao std::cout << "command Error: " << val << std::endl; 812ddf64866SMarri Devender Rao } 813ddf64866SMarri Devender Rao } 814ddf64866SMarri Devender Rao void TearDown() override 815ddf64866SMarri Devender Rao { 816ddf64866SMarri Devender Rao fs::remove_all(certDir); 817ddf64866SMarri Devender Rao fs::remove(certificateFile); 818ddf64866SMarri Devender Rao fs::remove(keyFile); 819ddf64866SMarri Devender Rao } 820ddf64866SMarri Devender Rao 821ddf64866SMarri Devender Rao protected: 822ddf64866SMarri Devender Rao sdbusplus::bus::bus bus; 823ddf64866SMarri Devender Rao std::string certificateFile; 824ddf64866SMarri Devender Rao std::string keyFile; 825ddf64866SMarri Devender Rao std::string certDir; 826ddf64866SMarri Devender Rao }; 827ddf64866SMarri Devender Rao 828ddf64866SMarri Devender Rao /** @brief Check install fails if private key is missing in certificate file 829ddf64866SMarri Devender Rao */ 8308841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestMissingPrivateKey) 831ddf64866SMarri Devender Rao { 832ddf64866SMarri Devender Rao std::string endpoint("ldap"); 8338841dbd6SMarri Devender Rao std::string unit(""); 834ddf64866SMarri Devender Rao std::string type("client"); 8358841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 8368841dbd6SMarri Devender Rao std::string verifyPath(installPath); 837b50789ceSJayanth Othayoth std::string verifyUnit(unit); 838ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 8398841dbd6SMarri Devender Rao EXPECT_THROW( 8408841dbd6SMarri Devender Rao { 8418841dbd6SMarri Devender Rao try 8428841dbd6SMarri Devender Rao { 843ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 844ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 845ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 846ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 847ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 848ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 849ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 8508841dbd6SMarri Devender Rao } 851cd30c496SMarri Devender Rao catch (const InternalFailure& e) 8528841dbd6SMarri Devender Rao { 8538841dbd6SMarri Devender Rao throw; 8548841dbd6SMarri Devender Rao } 8558841dbd6SMarri Devender Rao }, 856cd30c496SMarri Devender Rao InternalFailure); 8578841dbd6SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 8588841dbd6SMarri Devender Rao } 8598841dbd6SMarri Devender Rao 8608841dbd6SMarri Devender Rao /** @brief Check install fails if ceritificate is missing in certificate file 8618841dbd6SMarri Devender Rao */ 8628841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestMissingCeritificate) 8638841dbd6SMarri Devender Rao { 8648841dbd6SMarri Devender Rao std::string endpoint("ldap"); 8658841dbd6SMarri Devender Rao std::string unit(""); 8668841dbd6SMarri Devender Rao std::string type("client"); 8678841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + keyFile); 8688841dbd6SMarri Devender Rao std::string verifyPath(installPath); 8698841dbd6SMarri Devender Rao std::string verifyUnit(unit); 8708841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 8718841dbd6SMarri Devender Rao EXPECT_THROW( 8728841dbd6SMarri Devender Rao { 8738841dbd6SMarri Devender Rao try 8748841dbd6SMarri Devender Rao { 875f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 876ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 877ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 878ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 879ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 880ddf64866SMarri Devender Rao MainApp mainApp(&manager); 881ffad1ef1SMarri Devender Rao mainApp.install(keyFile); 882ddf64866SMarri Devender Rao } 883cd30c496SMarri Devender Rao catch (const InternalFailure& e) 884ddf64866SMarri Devender Rao { 885ddf64866SMarri Devender Rao throw; 886ddf64866SMarri Devender Rao } 887ddf64866SMarri Devender Rao }, 888ddf64866SMarri Devender Rao InvalidCertificate); 889ddf64866SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 890ddf64866SMarri Devender Rao } 891ddf64866SMarri Devender Rao 8928841dbd6SMarri Devender Rao /** @brief Check if error is thrown when multiple certificates are installed 8938841dbd6SMarri Devender Rao * At present only one certificate per service is allowed 894ddf64866SMarri Devender Rao */ 8958841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestCertInstallNotAllowed) 896ddf64866SMarri Devender Rao { 8978841dbd6SMarri Devender Rao using NotAllowed = 8988841dbd6SMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 899ddf64866SMarri Devender Rao std::string endpoint("ldap"); 9008841dbd6SMarri Devender Rao std::string unit(""); 901ddf64866SMarri Devender Rao std::string type("client"); 9028841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 9038841dbd6SMarri Devender Rao std::string verifyPath(installPath); 904ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 905f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 906ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 907ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 908f4682712SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 9098841dbd6SMarri Devender Rao std::move(installPath)); 910ddf64866SMarri Devender Rao MainApp mainApp(&manager); 9118841dbd6SMarri Devender Rao mainApp.install(certificateFile); 9128841dbd6SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 913ddf64866SMarri Devender Rao EXPECT_THROW( 914ddf64866SMarri Devender Rao { 915ddf64866SMarri Devender Rao try 916ddf64866SMarri Devender Rao { 9178841dbd6SMarri Devender Rao // install second certificate 9188841dbd6SMarri Devender Rao mainApp.install(certificateFile); 919ddf64866SMarri Devender Rao } 9208841dbd6SMarri Devender Rao catch (const NotAllowed& e) 921ddf64866SMarri Devender Rao { 922ddf64866SMarri Devender Rao throw; 923ddf64866SMarri Devender Rao } 924ddf64866SMarri Devender Rao }, 9258841dbd6SMarri Devender Rao NotAllowed); 926e6597c5bSMarri Devender Rao } 927f4682712SMarri Devender Rao 928f4682712SMarri Devender Rao TEST_F(TestCertificates, TestGenerateCSR) 929f4682712SMarri Devender Rao { 930f4682712SMarri Devender Rao std::string endpoint("https"); 931f4682712SMarri Devender Rao std::string unit(""); 932f4682712SMarri Devender Rao std::string type("Server"); 933f4682712SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 934f4682712SMarri Devender Rao std::string verifyPath(installPath); 935f4682712SMarri Devender Rao std::string CSRPath(certDir + "/" + CSRFile); 936f4682712SMarri Devender Rao std::string privateKeyPath(certDir + "/" + privateKeyFile); 937f4682712SMarri Devender Rao std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 9388a09b52aSRamesh Iyyar std::string challengePassword("Password"); 939f4682712SMarri Devender Rao std::string city("HYB"); 940f4682712SMarri Devender Rao std::string commonName("abc.com"); 941f4682712SMarri Devender Rao std::string contactPerson("Admin"); 942f4682712SMarri Devender Rao std::string country("IN"); 943f4682712SMarri Devender Rao std::string email("admin@in.ibm.com"); 944f4682712SMarri Devender Rao std::string givenName("givenName"); 945f4682712SMarri Devender Rao std::string initials("G"); 946f4682712SMarri Devender Rao int64_t keyBitLength(2048); 947f4682712SMarri Devender Rao std::string keyCurveId("0"); 948f4682712SMarri Devender Rao std::string keyPairAlgorithm("RSA"); 949f4682712SMarri Devender Rao std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 950f4682712SMarri Devender Rao std::string organization("IBM"); 9518a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 952f4682712SMarri Devender Rao std::string state("TS"); 953f4682712SMarri Devender Rao std::string surname("surname"); 954f4682712SMarri Devender Rao std::string unstructuredName("unstructuredName"); 955f4682712SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 956f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 957ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 958ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 959f4682712SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 960f4682712SMarri Devender Rao std::move(installPath)); 961f4682712SMarri Devender Rao Status status; 962f4682712SMarri Devender Rao CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 963f4682712SMarri Devender Rao MainApp mainApp(&manager, &csr); 964f4682712SMarri Devender Rao mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 965f4682712SMarri Devender Rao contactPerson, country, email, givenName, initials, 966f4682712SMarri Devender Rao keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 967f4682712SMarri Devender Rao organization, organizationalUnit, state, surname, 968f4682712SMarri Devender Rao unstructuredName); 969f4682712SMarri Devender Rao std::string csrData(""); 970f4682712SMarri Devender Rao // generateCSR takes considerable time to create CSR and privateKey Files 971f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(CSRPath)); 972f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(privateKeyPath)); 973f4682712SMarri Devender Rao EXPECT_THROW( 974f4682712SMarri Devender Rao { 975f4682712SMarri Devender Rao try 976f4682712SMarri Devender Rao { 977e129be3bSPatrick Williams csrData = csr.csr(); 978f4682712SMarri Devender Rao } 979f4682712SMarri Devender Rao catch (const InternalFailure& e) 980f4682712SMarri Devender Rao { 981f4682712SMarri Devender Rao throw; 982f4682712SMarri Devender Rao } 983f4682712SMarri Devender Rao }, 984f4682712SMarri Devender Rao InternalFailure); 985f4682712SMarri Devender Rao // wait for 10 sec to get CSR and privateKey Files generated 986f4682712SMarri Devender Rao sleep(10); 987f4682712SMarri Devender Rao EXPECT_TRUE(fs::exists(CSRPath)); 988f4682712SMarri Devender Rao EXPECT_TRUE(fs::exists(privateKeyPath)); 989e129be3bSPatrick Williams csrData = csr.csr(); 990f4682712SMarri Devender Rao ASSERT_NE("", csrData.c_str()); 991f4682712SMarri Devender Rao } 992f4682712SMarri Devender Rao 9938a09b52aSRamesh Iyyar /** @brief Check if ECC key pair is generated when user is not given algorithm 9948a09b52aSRamesh Iyyar * type. At present RSA and EC key pair algorithm are supported 9958a09b52aSRamesh Iyyar */ 9968a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm) 9978a09b52aSRamesh Iyyar { 9988a09b52aSRamesh Iyyar std::string endpoint("https"); 9998a09b52aSRamesh Iyyar std::string unit(""); 10008a09b52aSRamesh Iyyar std::string type("Server"); 10018a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 10028a09b52aSRamesh Iyyar std::string verifyPath(installPath); 10038a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 10048a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 10058a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 10068a09b52aSRamesh Iyyar std::string challengePassword("Password"); 10078a09b52aSRamesh Iyyar std::string city("HYB"); 10088a09b52aSRamesh Iyyar std::string commonName("abc.com"); 10098a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 10108a09b52aSRamesh Iyyar std::string country("IN"); 10118a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 10128a09b52aSRamesh Iyyar std::string givenName("givenName"); 10138a09b52aSRamesh Iyyar std::string initials("G"); 10148a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 10158a09b52aSRamesh Iyyar std::string keyCurveId(""); 10168a09b52aSRamesh Iyyar std::string keyPairAlgorithm(""); 10178a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 10188a09b52aSRamesh Iyyar std::string organization("IBM"); 10198a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 10208a09b52aSRamesh Iyyar std::string state("TS"); 10218a09b52aSRamesh Iyyar std::string surname("surname"); 10228a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1023f4682712SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1024f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 1025f4682712SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1026f4682712SMarri Devender Rao std::move(installPath)); 1027f4682712SMarri Devender Rao Status status; 1028f4682712SMarri Devender Rao CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1029f4682712SMarri Devender Rao MainApp mainApp(&manager, &csr); 1030f4682712SMarri Devender Rao mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1031f4682712SMarri Devender Rao contactPerson, country, email, givenName, initials, 1032f4682712SMarri Devender Rao keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1033f4682712SMarri Devender Rao organization, organizationalUnit, state, surname, 1034f4682712SMarri Devender Rao unstructuredName); 1035f4682712SMarri Devender Rao sleep(10); 10368a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 10378a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 10388a09b52aSRamesh Iyyar } 10398a09b52aSRamesh Iyyar 10408a09b52aSRamesh Iyyar /** @brief Check if error is thrown when giving un supported key pair 10418a09b52aSRamesh Iyyar * algorithm. At present RSA and EC key pair algorithm are supported 10428a09b52aSRamesh Iyyar */ 10438a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm) 10448a09b52aSRamesh Iyyar { 10458a09b52aSRamesh Iyyar std::string endpoint("https"); 10468a09b52aSRamesh Iyyar std::string unit(""); 10478a09b52aSRamesh Iyyar std::string type("Server"); 10488a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 10498a09b52aSRamesh Iyyar std::string verifyPath(installPath); 10508a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 10518a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 10528a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 10538a09b52aSRamesh Iyyar std::string challengePassword("Password"); 10548a09b52aSRamesh Iyyar std::string city("HYB"); 10558a09b52aSRamesh Iyyar std::string commonName("abc.com"); 10568a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 10578a09b52aSRamesh Iyyar std::string country("IN"); 10588a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 10598a09b52aSRamesh Iyyar std::string givenName("givenName"); 10608a09b52aSRamesh Iyyar std::string initials("G"); 10618a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 10628a09b52aSRamesh Iyyar std::string keyCurveId("secp521r1"); 10638a09b52aSRamesh Iyyar std::string keyPairAlgorithm("UnSupportedAlgorithm"); 10648a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 10658a09b52aSRamesh Iyyar std::string organization("IBM"); 10668a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 10678a09b52aSRamesh Iyyar std::string state("TS"); 10688a09b52aSRamesh Iyyar std::string surname("surname"); 10698a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 10708a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 10718a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 10728a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 10738a09b52aSRamesh Iyyar std::move(installPath)); 10748a09b52aSRamesh Iyyar Status status; 10758a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 10768a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 10778a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 10788a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 10798a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 10808a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 10818a09b52aSRamesh Iyyar unstructuredName); 1082f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(CSRPath)); 1083f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(privateKeyPath)); 1084f4682712SMarri Devender Rao } 10858a09b52aSRamesh Iyyar 10868a09b52aSRamesh Iyyar /** @brief Check if error is thrown when NID_undef is returned for given key 10878a09b52aSRamesh Iyyar * curve id 10888a09b52aSRamesh Iyyar */ 10898a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase) 10908a09b52aSRamesh Iyyar { 10918a09b52aSRamesh Iyyar std::string endpoint("https"); 10928a09b52aSRamesh Iyyar std::string unit(""); 10938a09b52aSRamesh Iyyar std::string type("Server"); 10948a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 10958a09b52aSRamesh Iyyar std::string verifyPath(installPath); 10968a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 10978a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 10988a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 10998a09b52aSRamesh Iyyar std::string challengePassword("Password"); 11008a09b52aSRamesh Iyyar std::string city("BLR"); 11018a09b52aSRamesh Iyyar std::string commonName("abc.com"); 11028a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 11038a09b52aSRamesh Iyyar std::string country("IN"); 11048a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 11058a09b52aSRamesh Iyyar std::string givenName("givenName"); 11068a09b52aSRamesh Iyyar std::string initials("G"); 11078a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 11088a09b52aSRamesh Iyyar std::string keyCurveId("DummyCurveName"); 11098a09b52aSRamesh Iyyar std::string keyPairAlgorithm("EC"); 11108a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 11118a09b52aSRamesh Iyyar std::string organization("IBM"); 11128a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 11138a09b52aSRamesh Iyyar std::string state("TS"); 11148a09b52aSRamesh Iyyar std::string surname("surname"); 11158a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 11168a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 11178a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 11188a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 11198a09b52aSRamesh Iyyar std::move(installPath)); 11208a09b52aSRamesh Iyyar Status status; 11218a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 11228a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 11238a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 11248a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 11258a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 11268a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 11278a09b52aSRamesh Iyyar unstructuredName); 11288a09b52aSRamesh Iyyar EXPECT_FALSE(fs::exists(CSRPath)); 11298a09b52aSRamesh Iyyar EXPECT_FALSE(fs::exists(privateKeyPath)); 11308a09b52aSRamesh Iyyar } 11318a09b52aSRamesh Iyyar 11328a09b52aSRamesh Iyyar /** @brief Check default Key Curve Id is used if given curve id is empty 11338a09b52aSRamesh Iyyar */ 11348a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId) 11358a09b52aSRamesh Iyyar { 11368a09b52aSRamesh Iyyar std::string endpoint("https"); 11378a09b52aSRamesh Iyyar std::string unit(""); 11388a09b52aSRamesh Iyyar std::string type("Server"); 11398a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 11408a09b52aSRamesh Iyyar std::string verifyPath(installPath); 11418a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 11428a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 11438a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 11448a09b52aSRamesh Iyyar std::string challengePassword("Password"); 11458a09b52aSRamesh Iyyar std::string city("BLR"); 11468a09b52aSRamesh Iyyar std::string commonName("abc.com"); 11478a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 11488a09b52aSRamesh Iyyar std::string country("IN"); 11498a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 11508a09b52aSRamesh Iyyar std::string givenName("givenName"); 11518a09b52aSRamesh Iyyar std::string initials("G"); 11528a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 11538a09b52aSRamesh Iyyar std::string keyCurveId(""); 11548a09b52aSRamesh Iyyar std::string keyPairAlgorithm("EC"); 11558a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 11568a09b52aSRamesh Iyyar std::string organization("IBM"); 11578a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 11588a09b52aSRamesh Iyyar std::string state("TS"); 11598a09b52aSRamesh Iyyar std::string surname("surname"); 11608a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 11618a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 11628a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 11638a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 11648a09b52aSRamesh Iyyar std::move(installPath)); 11658a09b52aSRamesh Iyyar Status status; 11668a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 11678a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 11688a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 11698a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 11708a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 11718a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 11728a09b52aSRamesh Iyyar unstructuredName); 11738a09b52aSRamesh Iyyar sleep(10); 11748a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 11758a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 11768a09b52aSRamesh Iyyar } 11778a09b52aSRamesh Iyyar 11788a09b52aSRamesh Iyyar /** @brief Check if error is not thrown to generate EC key pair 11798a09b52aSRamesh Iyyar */ 11808a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestECKeyGeneration) 11818a09b52aSRamesh Iyyar { 11828a09b52aSRamesh Iyyar std::string endpoint("https"); 11838a09b52aSRamesh Iyyar std::string unit(""); 11848a09b52aSRamesh Iyyar std::string type("Server"); 11858a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 11868a09b52aSRamesh Iyyar std::string verifyPath(installPath); 11878a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 11888a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 11898a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 11908a09b52aSRamesh Iyyar std::string challengePassword("Password"); 11918a09b52aSRamesh Iyyar std::string city("BLR"); 11928a09b52aSRamesh Iyyar std::string commonName("abc.com"); 11938a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 11948a09b52aSRamesh Iyyar std::string country("IN"); 11958a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 11968a09b52aSRamesh Iyyar std::string givenName("givenName"); 11978a09b52aSRamesh Iyyar std::string initials("G"); 11988a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 11998a09b52aSRamesh Iyyar std::string keyCurveId("secp521r1"); 12008a09b52aSRamesh Iyyar std::string keyPairAlgorithm("EC"); 12018a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 12028a09b52aSRamesh Iyyar std::string organization("IBM"); 12038a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 12048a09b52aSRamesh Iyyar std::string state("TS"); 12058a09b52aSRamesh Iyyar std::string surname("surname"); 12068a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 12078a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 12088a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 12098a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 12108a09b52aSRamesh Iyyar std::move(installPath)); 12118a09b52aSRamesh Iyyar Status status; 12128a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 12138a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 12148a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 12158a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 12168a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 12178a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 12188a09b52aSRamesh Iyyar unstructuredName); 12198a09b52aSRamesh Iyyar std::cout << "CSRPath: " << CSRPath << std::endl 12208a09b52aSRamesh Iyyar << "privateKeyPath: " << privateKeyPath << std::endl; 12218a09b52aSRamesh Iyyar sleep(10); 12228a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 12238a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 12248a09b52aSRamesh Iyyar } 1225c6e58c7eSRamesh Iyyar 1226c6e58c7eSRamesh Iyyar /** @brief Check error is thrown if giving unsupported ket bit length to 1227c6e58c7eSRamesh Iyyar * generate rsa key 1228c6e58c7eSRamesh Iyyar */ 1229c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength) 1230c6e58c7eSRamesh Iyyar { 1231c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1232c6e58c7eSRamesh Iyyar std::string unit(""); 1233c6e58c7eSRamesh Iyyar std::string type("Server"); 1234c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1235c6e58c7eSRamesh Iyyar std::string verifyPath(installPath); 1236c6e58c7eSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 1237c6e58c7eSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 1238c6e58c7eSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1239c6e58c7eSRamesh Iyyar std::string challengePassword("Password"); 1240c6e58c7eSRamesh Iyyar std::string city("BLR"); 1241c6e58c7eSRamesh Iyyar std::string commonName("abc.com"); 1242c6e58c7eSRamesh Iyyar std::string contactPerson("Admin"); 1243c6e58c7eSRamesh Iyyar std::string country("IN"); 1244c6e58c7eSRamesh Iyyar std::string email("admin@in.ibm.com"); 1245c6e58c7eSRamesh Iyyar std::string givenName("givenName"); 1246c6e58c7eSRamesh Iyyar std::string initials("G"); 1247c6e58c7eSRamesh Iyyar int64_t keyBitLength(4096); 1248c6e58c7eSRamesh Iyyar std::string keyCurveId("secp521r1"); 1249c6e58c7eSRamesh Iyyar std::string keyPairAlgorithm("RSA"); 1250c6e58c7eSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1251c6e58c7eSRamesh Iyyar std::string organization("IBM"); 1252c6e58c7eSRamesh Iyyar std::string organizationalUnit("orgUnit"); 1253c6e58c7eSRamesh Iyyar std::string state("TS"); 1254c6e58c7eSRamesh Iyyar std::string surname("surname"); 1255c6e58c7eSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1256c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1257c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1258c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1259c6e58c7eSRamesh Iyyar std::move(installPath)); 1260c6e58c7eSRamesh Iyyar Status status; 1261c6e58c7eSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1262c6e58c7eSRamesh Iyyar MainApp mainApp(&manager, &csr); 1263c6e58c7eSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1264c6e58c7eSRamesh Iyyar contactPerson, country, email, givenName, initials, 1265c6e58c7eSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1266c6e58c7eSRamesh Iyyar organization, organizationalUnit, state, surname, 1267c6e58c7eSRamesh Iyyar unstructuredName); 1268c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(CSRPath)); 1269c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(privateKeyPath)); 1270c6e58c7eSRamesh Iyyar } 1271c6e58c7eSRamesh Iyyar 1272c6e58c7eSRamesh Iyyar /** @brief Check error is thrown if generated rsa key file is not present 1273c6e58c7eSRamesh Iyyar */ 1274c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase) 1275c6e58c7eSRamesh Iyyar { 1276c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1277c6e58c7eSRamesh Iyyar std::string unit(""); 1278c6e58c7eSRamesh Iyyar std::string type("Server"); 1279c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1280c6e58c7eSRamesh Iyyar std::string verifyPath(installPath); 1281c6e58c7eSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 1282c6e58c7eSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 1283c6e58c7eSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1284c6e58c7eSRamesh Iyyar std::string challengePassword("Password"); 1285c6e58c7eSRamesh Iyyar std::string city("BLR"); 1286c6e58c7eSRamesh Iyyar std::string commonName("abc.com"); 1287c6e58c7eSRamesh Iyyar std::string contactPerson("Admin"); 1288c6e58c7eSRamesh Iyyar std::string country("IN"); 1289c6e58c7eSRamesh Iyyar std::string email("admin@in.ibm.com"); 1290c6e58c7eSRamesh Iyyar std::string givenName("givenName"); 1291c6e58c7eSRamesh Iyyar std::string initials("G"); 1292c6e58c7eSRamesh Iyyar int64_t keyBitLength(2048); 1293c6e58c7eSRamesh Iyyar std::string keyCurveId("secp521r1"); 1294c6e58c7eSRamesh Iyyar std::string keyPairAlgorithm("RSA"); 1295c6e58c7eSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1296c6e58c7eSRamesh Iyyar std::string organization("IBM"); 1297c6e58c7eSRamesh Iyyar std::string organizationalUnit("orgUnit"); 1298c6e58c7eSRamesh Iyyar std::string state("TS"); 1299c6e58c7eSRamesh Iyyar std::string surname("surname"); 1300c6e58c7eSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1301c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1302c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1303c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1304c6e58c7eSRamesh Iyyar std::move(installPath)); 1305c6e58c7eSRamesh Iyyar 1306c6e58c7eSRamesh Iyyar // Removing generated RSA key file 1307c6e58c7eSRamesh Iyyar fs::remove(rsaPrivateKeyFilePath); 1308c6e58c7eSRamesh Iyyar 1309c6e58c7eSRamesh Iyyar Status status; 1310c6e58c7eSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1311c6e58c7eSRamesh Iyyar MainApp mainApp(&manager, &csr); 1312c6e58c7eSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1313c6e58c7eSRamesh Iyyar contactPerson, country, email, givenName, initials, 1314c6e58c7eSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1315c6e58c7eSRamesh Iyyar organization, organizationalUnit, state, surname, 1316c6e58c7eSRamesh Iyyar unstructuredName); 1317c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(CSRPath)); 1318c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(privateKeyPath)); 1319c6e58c7eSRamesh Iyyar } 1320c6e58c7eSRamesh Iyyar 1321c6e58c7eSRamesh Iyyar /** @brief Check private key file is created from generated rsa key file is 1322c6e58c7eSRamesh Iyyar * `present 1323c6e58c7eSRamesh Iyyar */ 1324c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile) 1325c6e58c7eSRamesh Iyyar { 1326c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1327c6e58c7eSRamesh Iyyar std::string unit(""); 1328c6e58c7eSRamesh Iyyar std::string type("Server"); 1329c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1330c6e58c7eSRamesh Iyyar std::string verifyPath(installPath); 1331c6e58c7eSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 1332c6e58c7eSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 1333c6e58c7eSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1334c6e58c7eSRamesh Iyyar std::string challengePassword("Password"); 1335c6e58c7eSRamesh Iyyar std::string city("BLR"); 1336c6e58c7eSRamesh Iyyar std::string commonName("abc.com"); 1337c6e58c7eSRamesh Iyyar std::string contactPerson("Admin"); 1338c6e58c7eSRamesh Iyyar std::string country("IN"); 1339c6e58c7eSRamesh Iyyar std::string email("admin@in.ibm.com"); 1340c6e58c7eSRamesh Iyyar std::string givenName("givenName"); 1341c6e58c7eSRamesh Iyyar std::string initials("G"); 1342c6e58c7eSRamesh Iyyar int64_t keyBitLength(2048); 1343c6e58c7eSRamesh Iyyar std::string keyCurveId("secp521r1"); 1344c6e58c7eSRamesh Iyyar std::string keyPairAlgorithm("RSA"); 1345c6e58c7eSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1346c6e58c7eSRamesh Iyyar std::string organization("IBM"); 1347c6e58c7eSRamesh Iyyar std::string organizationalUnit("orgUnit"); 1348c6e58c7eSRamesh Iyyar std::string state("TS"); 1349c6e58c7eSRamesh Iyyar std::string surname("surname"); 1350c6e58c7eSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1351c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1352c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1353c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1354c6e58c7eSRamesh Iyyar std::move(installPath)); 1355c6e58c7eSRamesh Iyyar Status status; 1356c6e58c7eSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1357c6e58c7eSRamesh Iyyar MainApp mainApp(&manager, &csr); 1358c6e58c7eSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1359c6e58c7eSRamesh Iyyar contactPerson, country, email, givenName, initials, 1360c6e58c7eSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1361c6e58c7eSRamesh Iyyar organization, organizationalUnit, state, surname, 1362c6e58c7eSRamesh Iyyar unstructuredName); 1363c6e58c7eSRamesh Iyyar sleep(10); 1364c6e58c7eSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 1365c6e58c7eSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 1366c6e58c7eSRamesh Iyyar } 1367c6e58c7eSRamesh Iyyar 1368c6e58c7eSRamesh Iyyar /** @brief Check RSA key is generted during application startup*/ 1369c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile) 1370c6e58c7eSRamesh Iyyar { 1371c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1372c6e58c7eSRamesh Iyyar std::string unit(""); 1373c6e58c7eSRamesh Iyyar std::string type("Server"); 1374c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1375c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1376c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1377c6e58c7eSRamesh Iyyar 1378c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath)); 1379c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1380c6e58c7eSRamesh Iyyar std::move(installPath)); 1381c6e58c7eSRamesh Iyyar EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath)); 1382c6e58c7eSRamesh Iyyar } 1383