113bf74e4SMarri Devender Rao #include "config.h" 213bf74e4SMarri Devender Rao 38841dbd6SMarri Devender Rao #include "certificate.hpp" 4947258dcSMarri Devender Rao #include "certs_manager.hpp" 5947258dcSMarri Devender Rao 62f3563ccSZbigniew Lukwinski #include <openssl/bio.h> 72f3563ccSZbigniew Lukwinski #include <openssl/crypto.h> 82f3563ccSZbigniew Lukwinski #include <openssl/err.h> 92f3563ccSZbigniew Lukwinski #include <openssl/evp.h> 102f3563ccSZbigniew Lukwinski #include <openssl/pem.h> 112f3563ccSZbigniew Lukwinski #include <openssl/x509v3.h> 122f3563ccSZbigniew Lukwinski 13947258dcSMarri Devender Rao #include <algorithm> 148841dbd6SMarri Devender Rao #include <filesystem> 15947258dcSMarri Devender Rao #include <fstream> 16947258dcSMarri Devender Rao #include <iterator> 17f4682712SMarri Devender Rao #include <sdeventplus/event.hpp> 18947258dcSMarri Devender Rao #include <string> 1913bf74e4SMarri Devender Rao #include <xyz/openbmc_project/Certs/error.hpp> 20947258dcSMarri Devender Rao #include <xyz/openbmc_project/Common/error.hpp> 21947258dcSMarri Devender Rao 22947258dcSMarri Devender Rao #include <gtest/gtest.h> 23*e1289adfSNan Zhou 24*e1289adfSNan Zhou namespace phosphor::certs 25*e1289adfSNan Zhou { 26*e1289adfSNan Zhou namespace 27*e1289adfSNan Zhou { 288841dbd6SMarri Devender Rao namespace fs = std::filesystem; 29947258dcSMarri Devender Rao using InternalFailure = 30947258dcSMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 31e6597c5bSMarri Devender Rao using InvalidCertificate = 3213bf74e4SMarri Devender Rao sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate; 33e6597c5bSMarri Devender Rao 34ddf64866SMarri Devender Rao /** 35ddf64866SMarri Devender Rao * Class to generate certificate file and test verification of certificate file 36ddf64866SMarri Devender Rao */ 378841dbd6SMarri Devender Rao class TestCertificates : public ::testing::Test 38947258dcSMarri Devender Rao { 39947258dcSMarri Devender Rao public: 408841dbd6SMarri Devender Rao TestCertificates() : bus(sdbusplus::bus::new_default()) 41947258dcSMarri Devender Rao { 42947258dcSMarri Devender Rao } 43947258dcSMarri Devender Rao void SetUp() override 44947258dcSMarri Devender Rao { 45947258dcSMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 46947258dcSMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 47cfb5802aSNan Zhou if (dirPtr == nullptr) 48947258dcSMarri Devender Rao { 49947258dcSMarri Devender Rao throw std::bad_alloc(); 50947258dcSMarri Devender Rao } 51fe590c4eSZbigniew Lukwinski certDir = std::string(dirPtr) + "/certs"; 52fe590c4eSZbigniew Lukwinski fs::create_directories(certDir); 53db029c95SKowalski, Kamil 54db029c95SKowalski, Kamil createNewCertificate(); 55947258dcSMarri Devender Rao } 56db029c95SKowalski, Kamil 57947258dcSMarri Devender Rao void TearDown() override 58947258dcSMarri Devender Rao { 59947258dcSMarri Devender Rao fs::remove_all(certDir); 60947258dcSMarri Devender Rao fs::remove(certificateFile); 61f4682712SMarri Devender Rao fs::remove(CSRFile); 62f4682712SMarri Devender Rao fs::remove(privateKeyFile); 63cf811c43SNan Zhou fs::remove_all("demoCA"); 64947258dcSMarri Devender Rao } 65947258dcSMarri Devender Rao 66db029c95SKowalski, Kamil void createNewCertificate(bool setNewCertId = false) 67db029c95SKowalski, Kamil { 68db029c95SKowalski, Kamil certificateFile = "cert.pem"; 69db029c95SKowalski, Kamil CSRFile = "domain.csr"; 70db029c95SKowalski, Kamil privateKeyFile = "privkey.pem"; 71db029c95SKowalski, Kamil rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem"; 72db029c95SKowalski, Kamil std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 73cf811c43SNan Zhou cmd += "-keyout cert.pem -out cert.pem -days 365000 -nodes"; 74db029c95SKowalski, Kamil cmd += " -subj /O=openbmc-project.xyz/CN=localhost"; 75db029c95SKowalski, Kamil 76db029c95SKowalski, Kamil if (setNewCertId) 77db029c95SKowalski, Kamil { 78db029c95SKowalski, Kamil cmd += std::to_string(certId++); 79db029c95SKowalski, Kamil } 80db029c95SKowalski, Kamil 81db029c95SKowalski, Kamil auto val = std::system(cmd.c_str()); 82db029c95SKowalski, Kamil if (val) 83db029c95SKowalski, Kamil { 84db029c95SKowalski, Kamil std::cout << "COMMAND Error: " << val << std::endl; 85db029c95SKowalski, Kamil } 86db029c95SKowalski, Kamil } 87db029c95SKowalski, Kamil 88cf811c43SNan Zhou void createNeverExpiredRootCertificate() 89cf811c43SNan Zhou { 90cf811c43SNan Zhou // remove the old cert 91cf811c43SNan Zhou fs::remove(certificateFile); 92cf811c43SNan Zhou 93cf811c43SNan Zhou // The following routines create a cert that has NotBefore 94cf811c43SNan Zhou // set to 1970/01/01 and NotAfter set to 9999/12/31 via the 95cf811c43SNan Zhou // OpenSSL CA application. 96cf811c43SNan Zhou certificateFile = "cert.pem"; 97cf811c43SNan Zhou ASSERT_EQ(std::system("mkdir -p demoCA"), 0); 98cf811c43SNan Zhou ASSERT_EQ(std::system("mkdir -p demoCA/private/"), 0); 99cf811c43SNan Zhou ASSERT_EQ(std::system("mkdir -p demoCA/newcerts/"), 0); 100cf811c43SNan Zhou ASSERT_EQ(std::system("touch demoCA/index.txt"), 0); 101cf811c43SNan Zhou ASSERT_EQ(std::system("echo 1000 > demoCA/serial"), 0); 102cf811c43SNan Zhou ASSERT_EQ( 103cf811c43SNan Zhou std::system( 104cf811c43SNan Zhou "openssl req -x509 -sha256 -newkey rsa:2048 -keyout " 105cf811c43SNan Zhou "demoCA/private/cakey.pem -out demoCA/cacert.pem -nodes " 106cf811c43SNan Zhou "-subj /O=openbmc-project.xyz/C=US/ST=CA/CN=localhost-ca"), 107cf811c43SNan Zhou 0); 108cf811c43SNan Zhou ASSERT_EQ(std::system( 109cf811c43SNan Zhou "openssl req -new -newkey rsa:2048 -nodes -keyout " 110cf811c43SNan Zhou "demoCA/server.key -out demoCA/server.csr -subj " 111cf811c43SNan Zhou "/O=openbmc-project.xyz/C=US/ST=CA/CN=localhost-server"), 112cf811c43SNan Zhou 0); 113cf811c43SNan Zhou ASSERT_EQ( 114cf811c43SNan Zhou std::system( 115cf811c43SNan Zhou "openssl ca -batch -startdate 19700101000000Z -enddate " 116cf811c43SNan Zhou "99991231235959Z -out cert.pem -infiles demoCA/server.csr"), 117cf811c43SNan Zhou 0); 118cf811c43SNan Zhou } 119cf811c43SNan Zhou 120947258dcSMarri Devender Rao bool compareFiles(const std::string& file1, const std::string& file2) 121947258dcSMarri Devender Rao { 122947258dcSMarri Devender Rao std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate); 123947258dcSMarri Devender Rao std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate); 124947258dcSMarri Devender Rao 125947258dcSMarri Devender Rao if (f1.fail() || f2.fail()) 126947258dcSMarri Devender Rao { 127947258dcSMarri Devender Rao return false; // file problem 128947258dcSMarri Devender Rao } 129947258dcSMarri Devender Rao 130947258dcSMarri Devender Rao if (f1.tellg() != f2.tellg()) 131947258dcSMarri Devender Rao { 132947258dcSMarri Devender Rao return false; // size mismatch 133947258dcSMarri Devender Rao } 134947258dcSMarri Devender Rao 135947258dcSMarri Devender Rao // seek back to beginning and use std::equal to compare contents 136947258dcSMarri Devender Rao f1.seekg(0, std::ifstream::beg); 137947258dcSMarri Devender Rao f2.seekg(0, std::ifstream::beg); 138947258dcSMarri Devender Rao return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()), 139947258dcSMarri Devender Rao std::istreambuf_iterator<char>(), 140947258dcSMarri Devender Rao std::istreambuf_iterator<char>(f2.rdbuf())); 141947258dcSMarri Devender Rao } 142947258dcSMarri Devender Rao 1432f3563ccSZbigniew Lukwinski std::string getCertSubjectNameHash(const std::string& certFilePath) 1442f3563ccSZbigniew Lukwinski { 1452f3563ccSZbigniew Lukwinski std::unique_ptr<X509, decltype(&::X509_free)> cert(X509_new(), 1462f3563ccSZbigniew Lukwinski ::X509_free); 1472f3563ccSZbigniew Lukwinski if (!cert) 1482f3563ccSZbigniew Lukwinski { 1492f3563ccSZbigniew Lukwinski std::string(); 1502f3563ccSZbigniew Lukwinski } 1512f3563ccSZbigniew Lukwinski 1522f3563ccSZbigniew Lukwinski std::unique_ptr<BIO, decltype(&::BIO_free)> bioCert( 1532f3563ccSZbigniew Lukwinski BIO_new_file(certFilePath.c_str(), "rb"), ::BIO_free); 1542f3563ccSZbigniew Lukwinski if (!bioCert) 1552f3563ccSZbigniew Lukwinski { 1562f3563ccSZbigniew Lukwinski std::string(); 1572f3563ccSZbigniew Lukwinski } 1582f3563ccSZbigniew Lukwinski 1592f3563ccSZbigniew Lukwinski X509* x509 = cert.get(); 1602f3563ccSZbigniew Lukwinski if (!PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr)) 1612f3563ccSZbigniew Lukwinski { 1622f3563ccSZbigniew Lukwinski std::string(); 1632f3563ccSZbigniew Lukwinski } 1642f3563ccSZbigniew Lukwinski 1652f3563ccSZbigniew Lukwinski unsigned long hash = X509_subject_name_hash(cert.get()); 1662f3563ccSZbigniew Lukwinski static constexpr auto AUTH_CERT_HASH_LENGTH = 9; 1672f3563ccSZbigniew Lukwinski char hashBuf[AUTH_CERT_HASH_LENGTH]; 1682f3563ccSZbigniew Lukwinski sprintf(hashBuf, "%08lx", hash); 1692f3563ccSZbigniew Lukwinski return std::string(hashBuf); 1702f3563ccSZbigniew Lukwinski } 1712f3563ccSZbigniew Lukwinski 172947258dcSMarri Devender Rao protected: 173947258dcSMarri Devender Rao sdbusplus::bus::bus bus; 174c6e58c7eSRamesh Iyyar std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath; 175947258dcSMarri Devender Rao 176947258dcSMarri Devender Rao std::string certDir; 177db029c95SKowalski, Kamil uint64_t certId; 178947258dcSMarri Devender Rao }; 179947258dcSMarri Devender Rao 180947258dcSMarri Devender Rao class MainApp 181947258dcSMarri Devender Rao { 182947258dcSMarri Devender Rao public: 183f4682712SMarri Devender Rao MainApp(phosphor::certs::Manager* manager, 184f4682712SMarri Devender Rao phosphor::certs::CSR* csr = nullptr) : 185f4682712SMarri Devender Rao manager(manager), 186e129be3bSPatrick Williams csr_(csr) 187947258dcSMarri Devender Rao { 188947258dcSMarri Devender Rao } 189947258dcSMarri Devender Rao void install(std::string& path) 190947258dcSMarri Devender Rao { 191947258dcSMarri Devender Rao manager->install(path); 192947258dcSMarri Devender Rao } 1939abfae88SMarri Devender Rao void delete_() 1949abfae88SMarri Devender Rao { 195a3bb38fbSZbigniew Kurzynski manager->deleteAll(); 1969abfae88SMarri Devender Rao } 197f4682712SMarri Devender Rao 198f4682712SMarri Devender Rao std::string generateCSR(std::vector<std::string> alternativeNames, 199f4682712SMarri Devender Rao std::string challengePassword, std::string city, 200f4682712SMarri Devender Rao std::string commonName, std::string contactPerson, 201f4682712SMarri Devender Rao std::string country, std::string email, 202f4682712SMarri Devender Rao std::string givenName, std::string initials, 203f4682712SMarri Devender Rao int64_t keyBitLength, std::string keyCurveId, 204f4682712SMarri Devender Rao std::string keyPairAlgorithm, 205f4682712SMarri Devender Rao std::vector<std::string> keyUsage, 206f4682712SMarri Devender Rao std::string organization, 207f4682712SMarri Devender Rao std::string organizationalUnit, std::string state, 208f4682712SMarri Devender Rao std::string surname, std::string unstructuredName) 209f4682712SMarri Devender Rao { 210f4682712SMarri Devender Rao return (manager->generateCSR( 211f4682712SMarri Devender Rao alternativeNames, challengePassword, city, commonName, 212f4682712SMarri Devender Rao contactPerson, country, email, givenName, initials, keyBitLength, 213f4682712SMarri Devender Rao keyCurveId, keyPairAlgorithm, keyUsage, organization, 214f4682712SMarri Devender Rao organizationalUnit, state, surname, unstructuredName)); 215f4682712SMarri Devender Rao } 216e129be3bSPatrick Williams std::string csr() 217e129be3bSPatrick Williams { 218e129be3bSPatrick Williams return (csr_->csr()); 219e129be3bSPatrick Williams } 220947258dcSMarri Devender Rao phosphor::certs::Manager* manager; 221e129be3bSPatrick Williams phosphor::certs::CSR* csr_; 222947258dcSMarri Devender Rao }; 223947258dcSMarri Devender Rao 224947258dcSMarri Devender Rao /** @brief Check if server install routine is invoked for server setup 225947258dcSMarri Devender Rao */ 2268841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeServerInstall) 227947258dcSMarri Devender Rao { 228947258dcSMarri Devender Rao std::string endpoint("https"); 2298841dbd6SMarri Devender Rao std::string unit(""); 230947258dcSMarri Devender Rao std::string type("server"); 2318841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2328841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2338841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 234947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 235ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 236ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 237ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 238ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 239ffad1ef1SMarri Devender Rao std::move(installPath)); 240ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 241ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 242947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 243947258dcSMarri Devender Rao } 244947258dcSMarri Devender Rao 245947258dcSMarri Devender Rao /** @brief Check if client install routine is invoked for client setup 246947258dcSMarri Devender Rao */ 2478841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeClientInstall) 248947258dcSMarri Devender Rao { 249947258dcSMarri Devender Rao std::string endpoint("ldap"); 2508841dbd6SMarri Devender Rao std::string unit(""); 2518841dbd6SMarri Devender Rao std::string type("server"); 2528841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 2538841dbd6SMarri Devender Rao std::string verifyPath(installPath); 2548841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 255947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 256ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 257ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 258ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 259ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 260ffad1ef1SMarri Devender Rao std::move(installPath)); 261ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 262ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 263b50789ceSJayanth Othayoth EXPECT_TRUE(fs::exists(verifyPath)); 264b50789ceSJayanth Othayoth } 265b50789ceSJayanth Othayoth 266db029c95SKowalski, Kamil /** @brief Check if storage install routine is invoked for storage setup 267b50789ceSJayanth Othayoth */ 2688841dbd6SMarri Devender Rao TEST_F(TestCertificates, InvokeAuthorityInstall) 269b50789ceSJayanth Othayoth { 270b50789ceSJayanth Othayoth std::string endpoint("ldap"); 2718841dbd6SMarri Devender Rao std::string unit(""); 272b50789ceSJayanth Othayoth std::string type("authority"); 273db029c95SKowalski, Kamil std::string verifyDir(certDir); 2748841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 275b50789ceSJayanth Othayoth auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 276ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 277ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 278ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 279ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 280db029c95SKowalski, Kamil std::move(certDir)); 281ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 282cf811c43SNan Zhou // install the default certificate that's valid from today to 100 years 283cf811c43SNan Zhou // later 284ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 285db029c95SKowalski, Kamil 286db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 287db029c95SKowalski, Kamil manager.getCertificates(); 288db029c95SKowalski, Kamil 289cf811c43SNan Zhou ASSERT_EQ(certs.size(), 1); 290cf811c43SNan Zhou // check some attributes as well 291cf811c43SNan Zhou EXPECT_EQ(certs.front()->validNotAfter() - certs.front()->validNotBefore(), 292cf811c43SNan Zhou 365000ULL * 24 * 3600); 293cf811c43SNan Zhou EXPECT_EQ(certs.front()->subject(), "O=openbmc-project.xyz,CN=localhost"); 294cf811c43SNan Zhou EXPECT_EQ(certs.front()->issuer(), "O=openbmc-project.xyz,CN=localhost"); 295cf811c43SNan Zhou 296cf811c43SNan Zhou std::string verifyPath = 297cf811c43SNan Zhou verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 298cf811c43SNan Zhou 299cf811c43SNan Zhou // Check that certificate has been created at installation directory 300cf811c43SNan Zhou EXPECT_FALSE(fs::is_empty(verifyDir)); 301cf811c43SNan Zhou EXPECT_TRUE(fs::exists(verifyPath)); 302cf811c43SNan Zhou 303cf811c43SNan Zhou // Check that installed cert is identical to input one 304cf811c43SNan Zhou EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 305cf811c43SNan Zhou } 306cf811c43SNan Zhou 307cf811c43SNan Zhou /** @brief Check if storage install routine is invoked for storage setup 308cf811c43SNan Zhou */ 309cf811c43SNan Zhou TEST_F(TestCertificates, InvokeAuthorityInstallNeverExpiredRootCert) 310cf811c43SNan Zhou { 311cf811c43SNan Zhou std::string endpoint("ldap"); 312cf811c43SNan Zhou std::string unit(""); 313cf811c43SNan Zhou std::string type("authority"); 314cf811c43SNan Zhou std::string verifyDir(certDir); 315cf811c43SNan Zhou UnitsToRestart verifyUnit(unit); 316cf811c43SNan Zhou auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 317cf811c43SNan Zhou auto event = sdeventplus::Event::get_default(); 318cf811c43SNan Zhou // Attach the bus to sd_event to service user requests 319cf811c43SNan Zhou bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 320cf811c43SNan Zhou Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 321cf811c43SNan Zhou std::move(certDir)); 322cf811c43SNan Zhou MainApp mainApp(&manager); 323cf811c43SNan Zhou 324cf811c43SNan Zhou // install the certificate that's valid from the Unix Epoch to Dec 31, 9999 325cf811c43SNan Zhou createNeverExpiredRootCertificate(); 326cf811c43SNan Zhou mainApp.install(certificateFile); 327cf811c43SNan Zhou 328cf811c43SNan Zhou std::vector<std::unique_ptr<Certificate>>& certs = 329cf811c43SNan Zhou manager.getCertificates(); 330cf811c43SNan Zhou 331cf811c43SNan Zhou EXPECT_EQ(certs.front()->validNotBefore(), 0); 332cf811c43SNan Zhou EXPECT_EQ(certs.front()->validNotAfter(), 253402300799ULL); 333db029c95SKowalski, Kamil 3342f3563ccSZbigniew Lukwinski std::string verifyPath = 3352f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 336db029c95SKowalski, Kamil 337db029c95SKowalski, Kamil // Check that certificate has been created at installation directory 338db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 339db029c95SKowalski, Kamil EXPECT_TRUE(fs::exists(verifyPath)); 340db029c95SKowalski, Kamil 341db029c95SKowalski, Kamil // Check that installed cert is identical to input one 342db029c95SKowalski, Kamil EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 343db029c95SKowalski, Kamil } 344db029c95SKowalski, Kamil 3452f3563ccSZbigniew Lukwinski /** @brief Check if in authority mode user can't install the same 3462f3563ccSZbigniew Lukwinski * certificate twice. 347db029c95SKowalski, Kamil */ 3482f3563ccSZbigniew Lukwinski TEST_F(TestCertificates, InvokeInstallSameCertTwice) 349db029c95SKowalski, Kamil { 350db029c95SKowalski, Kamil std::string endpoint("ldap"); 351db029c95SKowalski, Kamil std::string unit(""); 352db029c95SKowalski, Kamil std::string type("authority"); 353db029c95SKowalski, Kamil std::string verifyDir(certDir); 354db029c95SKowalski, Kamil UnitsToRestart verifyUnit(unit); 355db029c95SKowalski, Kamil auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 356db029c95SKowalski, Kamil auto event = sdeventplus::Event::get_default(); 357db029c95SKowalski, Kamil // Attach the bus to sd_event to service user requests 358db029c95SKowalski, Kamil bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 359db029c95SKowalski, Kamil Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 360db029c95SKowalski, Kamil std::move(certDir)); 361db029c95SKowalski, Kamil MainApp mainApp(&manager); 362db029c95SKowalski, Kamil mainApp.install(certificateFile); 363db029c95SKowalski, Kamil 364db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 365db029c95SKowalski, Kamil manager.getCertificates(); 366db029c95SKowalski, Kamil 367db029c95SKowalski, Kamil EXPECT_FALSE(certs.empty()); 368db029c95SKowalski, Kamil 369db029c95SKowalski, Kamil // Check that certificate has been created at installation directory 3702f3563ccSZbigniew Lukwinski std::string verifyPath = 3712f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 372db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 373db029c95SKowalski, Kamil EXPECT_TRUE(fs::exists(verifyPath)); 374db029c95SKowalski, Kamil 375db029c95SKowalski, Kamil // Check that installed cert is identical to input one 376db029c95SKowalski, Kamil EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 377db029c95SKowalski, Kamil 3782f3563ccSZbigniew Lukwinski using NotAllowed = 3792f3563ccSZbigniew Lukwinski sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 380db029c95SKowalski, Kamil EXPECT_THROW( 381db029c95SKowalski, Kamil { 382db029c95SKowalski, Kamil try 383db029c95SKowalski, Kamil { 3842f3563ccSZbigniew Lukwinski // Try to install the same certificate second time 385db029c95SKowalski, Kamil mainApp.install(certificateFile); 386db029c95SKowalski, Kamil } 387db029c95SKowalski, Kamil catch (const NotAllowed& e) 388db029c95SKowalski, Kamil { 389db029c95SKowalski, Kamil throw; 390db029c95SKowalski, Kamil } 391db029c95SKowalski, Kamil }, 392db029c95SKowalski, Kamil NotAllowed); 393db029c95SKowalski, Kamil 394db029c95SKowalski, Kamil // Check that the original certificate has been not removed 395db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 396947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 397947258dcSMarri Devender Rao } 398947258dcSMarri Devender Rao 39973d1fbf3SZbigniew Lukwinski /** @brief Check if in authority mode user can install a certificate with 4002f3563ccSZbigniew Lukwinski * certain subject hash twice. 4012f3563ccSZbigniew Lukwinski */ 4022f3563ccSZbigniew Lukwinski TEST_F(TestCertificates, InvokeInstallSameSubjectTwice) 4032f3563ccSZbigniew Lukwinski { 4042f3563ccSZbigniew Lukwinski std::string endpoint("ldap"); 4052f3563ccSZbigniew Lukwinski std::string unit(""); 4062f3563ccSZbigniew Lukwinski std::string type("authority"); 4072f3563ccSZbigniew Lukwinski std::string verifyDir(certDir); 4082f3563ccSZbigniew Lukwinski UnitsToRestart verifyUnit(unit); 4092f3563ccSZbigniew Lukwinski auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 4102f3563ccSZbigniew Lukwinski auto event = sdeventplus::Event::get_default(); 4112f3563ccSZbigniew Lukwinski // Attach the bus to sd_event to service user requests 4122f3563ccSZbigniew Lukwinski bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 4132f3563ccSZbigniew Lukwinski Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 4142f3563ccSZbigniew Lukwinski std::move(certDir)); 4152f3563ccSZbigniew Lukwinski MainApp mainApp(&manager); 4162f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 4172f3563ccSZbigniew Lukwinski 4182f3563ccSZbigniew Lukwinski std::vector<std::unique_ptr<Certificate>>& certs = 4192f3563ccSZbigniew Lukwinski manager.getCertificates(); 4202f3563ccSZbigniew Lukwinski 4212f3563ccSZbigniew Lukwinski EXPECT_FALSE(certs.empty()); 4222f3563ccSZbigniew Lukwinski 4232f3563ccSZbigniew Lukwinski // Check that certificate has been created at installation directory 4242f3563ccSZbigniew Lukwinski std::string verifyPath0 = 4252f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 4262f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 4272f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath0)); 4282f3563ccSZbigniew Lukwinski 4292f3563ccSZbigniew Lukwinski // Check that installed cert is identical to input one 4302f3563ccSZbigniew Lukwinski EXPECT_TRUE(compareFiles(certificateFile, verifyPath0)); 4312f3563ccSZbigniew Lukwinski 4322f3563ccSZbigniew Lukwinski // Prepare second certificate with the same subject 4332f3563ccSZbigniew Lukwinski createNewCertificate(); 4342f3563ccSZbigniew Lukwinski 4352f3563ccSZbigniew Lukwinski // Install second certificate 4362f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 4372f3563ccSZbigniew Lukwinski 4382f3563ccSZbigniew Lukwinski // Expect there are exactly two certificates in the collection 43973d1fbf3SZbigniew Lukwinski EXPECT_EQ(certs.size(), 2); 44073d1fbf3SZbigniew Lukwinski 44173d1fbf3SZbigniew Lukwinski // Check that certificate has been created at installation directory 44273d1fbf3SZbigniew Lukwinski std::string verifyPath1 = 44373d1fbf3SZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".1"; 44473d1fbf3SZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath1)); 44573d1fbf3SZbigniew Lukwinski 44673d1fbf3SZbigniew Lukwinski // Check that installed cert is identical to input one 44773d1fbf3SZbigniew Lukwinski EXPECT_TRUE(compareFiles(certificateFile, verifyPath1)); 4482f3563ccSZbigniew Lukwinski 4492f3563ccSZbigniew Lukwinski // Check that the original/first certificate has been not removed 4502f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 4512f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath0)); 4522f3563ccSZbigniew Lukwinski } 4532f3563ccSZbigniew Lukwinski 4542f3563ccSZbigniew Lukwinski /** @brief Check if in authority mode user can't install more than 4552f3563ccSZbigniew Lukwinski * AUTHORITY_CERTIFICATES_LIMIT certificates. 4562f3563ccSZbigniew Lukwinski */ 4572f3563ccSZbigniew Lukwinski TEST_F(TestCertificates, InvokeInstallAuthCertLimit) 4582f3563ccSZbigniew Lukwinski { 4592f3563ccSZbigniew Lukwinski std::string endpoint("ldap"); 4602f3563ccSZbigniew Lukwinski std::string unit(""); 4612f3563ccSZbigniew Lukwinski std::string type("authority"); 4622f3563ccSZbigniew Lukwinski std::string verifyDir(certDir); 4632f3563ccSZbigniew Lukwinski UnitsToRestart verifyUnit(unit); 4642f3563ccSZbigniew Lukwinski auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 4652f3563ccSZbigniew Lukwinski auto event = sdeventplus::Event::get_default(); 4662f3563ccSZbigniew Lukwinski // Attach the bus to sd_event to service user requests 4672f3563ccSZbigniew Lukwinski bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 4682f3563ccSZbigniew Lukwinski Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 4692f3563ccSZbigniew Lukwinski std::move(certDir)); 4702f3563ccSZbigniew Lukwinski MainApp mainApp(&manager); 4712f3563ccSZbigniew Lukwinski 4722f3563ccSZbigniew Lukwinski std::vector<std::unique_ptr<Certificate>>& certs = 4732f3563ccSZbigniew Lukwinski manager.getCertificates(); 4742f3563ccSZbigniew Lukwinski 4752f3563ccSZbigniew Lukwinski std::vector<std::string> verifyPaths; 4762f3563ccSZbigniew Lukwinski 4772f3563ccSZbigniew Lukwinski // Prepare maximum number of ceritificates 4782f3563ccSZbigniew Lukwinski for (std::size_t i = 0; i < AUTHORITY_CERTIFICATES_LIMIT; ++i) 4792f3563ccSZbigniew Lukwinski { 4802f3563ccSZbigniew Lukwinski // Prepare new certificatate 4812f3563ccSZbigniew Lukwinski createNewCertificate(true); 4822f3563ccSZbigniew Lukwinski 4832f3563ccSZbigniew Lukwinski // Install ceritificate 4842f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 4852f3563ccSZbigniew Lukwinski 4862f3563ccSZbigniew Lukwinski // Check number of certificates in the collection 4872f3563ccSZbigniew Lukwinski EXPECT_EQ(certs.size(), i + 1); 4882f3563ccSZbigniew Lukwinski 4892f3563ccSZbigniew Lukwinski // Check that certificate has been created at installation directory 4902f3563ccSZbigniew Lukwinski std::string verifyPath = 4912f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 4922f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 4932f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPath)); 4942f3563ccSZbigniew Lukwinski 4952f3563ccSZbigniew Lukwinski // Check that installed cert is identical to input one 4962f3563ccSZbigniew Lukwinski EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 4972f3563ccSZbigniew Lukwinski 4982f3563ccSZbigniew Lukwinski // Save current certificate file for later check 4992f3563ccSZbigniew Lukwinski verifyPaths.push_back(verifyPath); 5002f3563ccSZbigniew Lukwinski } 5012f3563ccSZbigniew Lukwinski 5022f3563ccSZbigniew Lukwinski // Prepare new certificatate 5032f3563ccSZbigniew Lukwinski createNewCertificate(true); 5042f3563ccSZbigniew Lukwinski 5052f3563ccSZbigniew Lukwinski using NotAllowed = 5062f3563ccSZbigniew Lukwinski sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 5072f3563ccSZbigniew Lukwinski EXPECT_THROW( 5082f3563ccSZbigniew Lukwinski { 5092f3563ccSZbigniew Lukwinski try 5102f3563ccSZbigniew Lukwinski { 5112f3563ccSZbigniew Lukwinski // Try to install one more certificate 5122f3563ccSZbigniew Lukwinski mainApp.install(certificateFile); 5132f3563ccSZbigniew Lukwinski } 5142f3563ccSZbigniew Lukwinski catch (const NotAllowed& e) 5152f3563ccSZbigniew Lukwinski { 5162f3563ccSZbigniew Lukwinski throw; 5172f3563ccSZbigniew Lukwinski } 5182f3563ccSZbigniew Lukwinski }, 5192f3563ccSZbigniew Lukwinski NotAllowed); 5202f3563ccSZbigniew Lukwinski 5212f3563ccSZbigniew Lukwinski // Check that the original certificate has been not removed 5222f3563ccSZbigniew Lukwinski EXPECT_FALSE(fs::is_empty(verifyDir)); 5232f3563ccSZbigniew Lukwinski for (int i = 0; i < AUTHORITY_CERTIFICATES_LIMIT; ++i) 5242f3563ccSZbigniew Lukwinski { 5252f3563ccSZbigniew Lukwinski EXPECT_TRUE(fs::exists(verifyPaths[i])); 5262f3563ccSZbigniew Lukwinski } 5272f3563ccSZbigniew Lukwinski } 5282f3563ccSZbigniew Lukwinski 529947258dcSMarri Devender Rao /** @brief Compare the installed certificate with the copied certificate 530947258dcSMarri Devender Rao */ 5318841dbd6SMarri Devender Rao TEST_F(TestCertificates, CompareInstalledCertificate) 532947258dcSMarri Devender Rao { 533947258dcSMarri Devender Rao std::string endpoint("ldap"); 5348841dbd6SMarri Devender Rao std::string unit(""); 535947258dcSMarri Devender Rao std::string type("client"); 5368841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 5378841dbd6SMarri Devender Rao std::string verifyPath(installPath); 5388841dbd6SMarri Devender Rao UnitsToRestart verifyUnit(unit); 539947258dcSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 540ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 541ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 542ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 543ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 544ffad1ef1SMarri Devender Rao std::move(installPath)); 545ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 546ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 547947258dcSMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 548947258dcSMarri Devender Rao EXPECT_TRUE(compareFiles(verifyPath, certificateFile)); 549947258dcSMarri Devender Rao } 550e6597c5bSMarri Devender Rao 551e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is not found 552e6597c5bSMarri Devender Rao */ 5538841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestNoCertificateFile) 554e6597c5bSMarri Devender Rao { 555e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 5568841dbd6SMarri Devender Rao std::string unit(""); 557e6597c5bSMarri Devender Rao std::string type("client"); 5588841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 5598841dbd6SMarri Devender Rao std::string verifyPath(installPath); 560b50789ceSJayanth Othayoth std::string verifyUnit(unit); 561e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 5628841dbd6SMarri Devender Rao std::string uploadFile = "nofile.pem"; 563e6597c5bSMarri Devender Rao EXPECT_THROW( 564e6597c5bSMarri Devender Rao { 565e6597c5bSMarri Devender Rao try 566e6597c5bSMarri Devender Rao { 567ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 568ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 569ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 570ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 571ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 572ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 573ffad1ef1SMarri Devender Rao mainApp.install(uploadFile); 574e6597c5bSMarri Devender Rao } 575e6597c5bSMarri Devender Rao catch (const InternalFailure& e) 576e6597c5bSMarri Devender Rao { 577e6597c5bSMarri Devender Rao throw; 578e6597c5bSMarri Devender Rao } 579e6597c5bSMarri Devender Rao }, 580e6597c5bSMarri Devender Rao InternalFailure); 581e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 582e6597c5bSMarri Devender Rao } 583e6597c5bSMarri Devender Rao 584ffad1ef1SMarri Devender Rao /** @brief Test replacing existing certificate 585ffad1ef1SMarri Devender Rao */ 586ffad1ef1SMarri Devender Rao TEST_F(TestCertificates, TestReplaceCertificate) 587ffad1ef1SMarri Devender Rao { 588ffad1ef1SMarri Devender Rao std::string endpoint("ldap"); 589ffad1ef1SMarri Devender Rao std::string unit(""); 590ffad1ef1SMarri Devender Rao std::string type("server"); 591ffad1ef1SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 592ffad1ef1SMarri Devender Rao std::string verifyPath(installPath); 593ffad1ef1SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 594ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 595ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 596ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 597ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 598ffad1ef1SMarri Devender Rao std::move(installPath)); 599ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 600ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 601ffad1ef1SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 602db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 603db029c95SKowalski, Kamil manager.getCertificates(); 604db029c95SKowalski, Kamil EXPECT_FALSE(certs.empty()); 605db029c95SKowalski, Kamil EXPECT_NE(certs[0], nullptr); 606db029c95SKowalski, Kamil certs[0]->replace(certificateFile); 607ffad1ef1SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 608db029c95SKowalski, Kamil } 609db029c95SKowalski, Kamil 610db029c95SKowalski, Kamil /** @brief Test replacing existing certificate 611db029c95SKowalski, Kamil */ 612db029c95SKowalski, Kamil TEST_F(TestCertificates, TestAuthorityReplaceCertificate) 613db029c95SKowalski, Kamil { 614db029c95SKowalski, Kamil std::string endpoint("ldap"); 615db029c95SKowalski, Kamil std::string unit(""); 616db029c95SKowalski, Kamil std::string type("authority"); 617db029c95SKowalski, Kamil std::string verifyDir(certDir); 618db029c95SKowalski, Kamil UnitsToRestart verifyUnit(unit); 619db029c95SKowalski, Kamil auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 620db029c95SKowalski, Kamil auto event = sdeventplus::Event::get_default(); 621db029c95SKowalski, Kamil // Attach the bus to sd_event to service user requests 622db029c95SKowalski, Kamil bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 623db029c95SKowalski, Kamil Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 624db029c95SKowalski, Kamil std::move(certDir)); 625db029c95SKowalski, Kamil MainApp mainApp(&manager); 626db029c95SKowalski, Kamil mainApp.install(certificateFile); 627db029c95SKowalski, Kamil 628db029c95SKowalski, Kamil std::vector<std::unique_ptr<Certificate>>& certs = 629db029c95SKowalski, Kamil manager.getCertificates(); 630db029c95SKowalski, Kamil constexpr const unsigned int REPLACE_ITERATIONS = 10; 631db029c95SKowalski, Kamil 632db029c95SKowalski, Kamil for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++) 633db029c95SKowalski, Kamil { 634db029c95SKowalski, Kamil // Certificate successfully installed 635db029c95SKowalski, Kamil EXPECT_FALSE(certs.empty()); 636db029c95SKowalski, Kamil 6372f3563ccSZbigniew Lukwinski std::string verifyPath = 6382f3563ccSZbigniew Lukwinski verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 639db029c95SKowalski, Kamil 640db029c95SKowalski, Kamil // Check that certificate has been created at installation directory 641db029c95SKowalski, Kamil EXPECT_FALSE(fs::is_empty(verifyDir)); 642ffad1ef1SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 643db029c95SKowalski, Kamil 644db029c95SKowalski, Kamil // Check that installed cert is identical to input one 645db029c95SKowalski, Kamil EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 646db029c95SKowalski, Kamil 647db029c95SKowalski, Kamil // Create new certificate 648db029c95SKowalski, Kamil createNewCertificate(true); 649db029c95SKowalski, Kamil 650db029c95SKowalski, Kamil certs[0]->replace(certificateFile); 651db029c95SKowalski, Kamil 652db029c95SKowalski, Kamil // Verify that old certificate has been removed 653db029c95SKowalski, Kamil EXPECT_FALSE(fs::exists(verifyPath)); 654db029c95SKowalski, Kamil } 655ffad1ef1SMarri Devender Rao } 656ffad1ef1SMarri Devender Rao 657a3bb38fbSZbigniew Kurzynski /** @brief Test verifiing if delete function works. 658a3bb38fbSZbigniew Kurzynski */ 659a3bb38fbSZbigniew Kurzynski TEST_F(TestCertificates, TestStorageDeleteCertificate) 660a3bb38fbSZbigniew Kurzynski { 661a3bb38fbSZbigniew Kurzynski std::string endpoint("ldap"); 662a3bb38fbSZbigniew Kurzynski std::string unit(""); 663a3bb38fbSZbigniew Kurzynski std::string type("authority"); 664a3bb38fbSZbigniew Kurzynski std::string verifyDir(certDir); 665a3bb38fbSZbigniew Kurzynski UnitsToRestart verifyUnit(unit); 666a3bb38fbSZbigniew Kurzynski auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 667a3bb38fbSZbigniew Kurzynski auto event = sdeventplus::Event::get_default(); 668a3bb38fbSZbigniew Kurzynski // Attach the bus to sd_event to service user requests 669a3bb38fbSZbigniew Kurzynski bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 670a3bb38fbSZbigniew Kurzynski Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 671a3bb38fbSZbigniew Kurzynski std::move(certDir)); 672a3bb38fbSZbigniew Kurzynski MainApp mainApp(&manager); 673a3bb38fbSZbigniew Kurzynski 674a3bb38fbSZbigniew Kurzynski // Check if certificate placeholder dir is empty 675a3bb38fbSZbigniew Kurzynski EXPECT_TRUE(fs::is_empty(verifyDir)); 676a3bb38fbSZbigniew Kurzynski mainApp.install(certificateFile); 677a3bb38fbSZbigniew Kurzynski 678a3bb38fbSZbigniew Kurzynski // Create new certificate 679a3bb38fbSZbigniew Kurzynski createNewCertificate(true); 680a3bb38fbSZbigniew Kurzynski mainApp.install(certificateFile); 681a3bb38fbSZbigniew Kurzynski 682a3bb38fbSZbigniew Kurzynski createNewCertificate(true); 683a3bb38fbSZbigniew Kurzynski mainApp.install(certificateFile); 684a3bb38fbSZbigniew Kurzynski 685a3bb38fbSZbigniew Kurzynski std::vector<std::unique_ptr<Certificate>>& certs = 686a3bb38fbSZbigniew Kurzynski manager.getCertificates(); 687a3bb38fbSZbigniew Kurzynski 688a3bb38fbSZbigniew Kurzynski // All 3 certificates successfully installed and added to manager 689a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 3); 690a3bb38fbSZbigniew Kurzynski 691a3bb38fbSZbigniew Kurzynski // Check if certificate placeholder is not empty, there should be 3 692a3bb38fbSZbigniew Kurzynski // certificates 693a3bb38fbSZbigniew Kurzynski EXPECT_FALSE(fs::is_empty(verifyDir)); 694a3bb38fbSZbigniew Kurzynski 695a3bb38fbSZbigniew Kurzynski certs[0]->delete_(); 696a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 2); 697a3bb38fbSZbigniew Kurzynski 698a3bb38fbSZbigniew Kurzynski certs[0]->delete_(); 699a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 1); 700a3bb38fbSZbigniew Kurzynski 701a3bb38fbSZbigniew Kurzynski certs[0]->delete_(); 702a3bb38fbSZbigniew Kurzynski EXPECT_EQ(certs.size(), 0); 703a3bb38fbSZbigniew Kurzynski 704a3bb38fbSZbigniew Kurzynski // Check if certificate placeholder is empty. 705a3bb38fbSZbigniew Kurzynski EXPECT_TRUE(fs::is_empty(verifyDir)); 706a3bb38fbSZbigniew Kurzynski } 707a3bb38fbSZbigniew Kurzynski 708e6597c5bSMarri Devender Rao /** @brief Check if install fails if certificate file is empty 709e6597c5bSMarri Devender Rao */ 7108841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestEmptyCertificateFile) 711e6597c5bSMarri Devender Rao { 712e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 7138841dbd6SMarri Devender Rao std::string unit(""); 714e6597c5bSMarri Devender Rao std::string type("client"); 7158841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 7168841dbd6SMarri Devender Rao std::string verifyPath(installPath); 7178841dbd6SMarri Devender Rao std::string verifyUnit(unit); 7188841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 719ddf64866SMarri Devender Rao std::string emptyFile("emptycert.pem"); 720e6597c5bSMarri Devender Rao std::ofstream ofs; 721e6597c5bSMarri Devender Rao ofs.open(emptyFile, std::ofstream::out); 722e6597c5bSMarri Devender Rao ofs.close(); 723e6597c5bSMarri Devender Rao EXPECT_THROW( 724e6597c5bSMarri Devender Rao { 725e6597c5bSMarri Devender Rao try 726e6597c5bSMarri Devender Rao { 727ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 728ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 729ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 730ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 731ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 732ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 733ffad1ef1SMarri Devender Rao mainApp.install(emptyFile); 734e6597c5bSMarri Devender Rao } 735e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 736e6597c5bSMarri Devender Rao { 737e6597c5bSMarri Devender Rao throw; 738e6597c5bSMarri Devender Rao } 739e6597c5bSMarri Devender Rao }, 740e6597c5bSMarri Devender Rao InvalidCertificate); 741e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 742e6597c5bSMarri Devender Rao fs::remove(emptyFile); 743e6597c5bSMarri Devender Rao } 744e6597c5bSMarri Devender Rao 745ddf64866SMarri Devender Rao /** @brief Check if install fails if certificate file is corrupted 746e6597c5bSMarri Devender Rao */ 7478841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestInvalidCertificateFile) 748e6597c5bSMarri Devender Rao { 749e6597c5bSMarri Devender Rao std::string endpoint("ldap"); 7508841dbd6SMarri Devender Rao std::string unit(""); 751e6597c5bSMarri Devender Rao std::string type("client"); 752e6597c5bSMarri Devender Rao 753e6597c5bSMarri Devender Rao std::ofstream ofs; 754ddf64866SMarri Devender Rao ofs.open(certificateFile, std::ofstream::out); 755ddf64866SMarri Devender Rao ofs << "-----BEGIN CERTIFICATE-----"; 756ddf64866SMarri Devender Rao ofs << "ADD_SOME_INVALID_DATA_INTO_FILE"; 757ddf64866SMarri Devender Rao ofs << "-----END CERTIFICATE-----"; 758e6597c5bSMarri Devender Rao ofs.close(); 759e6597c5bSMarri Devender Rao 7608841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 7618841dbd6SMarri Devender Rao std::string verifyPath(installPath); 762b50789ceSJayanth Othayoth std::string verifyUnit(unit); 763e6597c5bSMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 764e6597c5bSMarri Devender Rao EXPECT_THROW( 765e6597c5bSMarri Devender Rao { 766e6597c5bSMarri Devender Rao try 767e6597c5bSMarri Devender Rao { 768ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 769ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 770ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 771ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 772ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 773ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 774ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 775e6597c5bSMarri Devender Rao } 776e6597c5bSMarri Devender Rao catch (const InvalidCertificate& e) 777e6597c5bSMarri Devender Rao { 778e6597c5bSMarri Devender Rao throw; 779e6597c5bSMarri Devender Rao } 780e6597c5bSMarri Devender Rao }, 781e6597c5bSMarri Devender Rao InvalidCertificate); 782e6597c5bSMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 783ddf64866SMarri Devender Rao } 784ddf64866SMarri Devender Rao 785ddf64866SMarri Devender Rao /** 786ddf64866SMarri Devender Rao * Class to generate private and certificate only file and test verification 787ddf64866SMarri Devender Rao */ 7888841dbd6SMarri Devender Rao class TestInvalidCertificate : public ::testing::Test 789ddf64866SMarri Devender Rao { 790ddf64866SMarri Devender Rao public: 7918841dbd6SMarri Devender Rao TestInvalidCertificate() : bus(sdbusplus::bus::new_default()) 792ddf64866SMarri Devender Rao { 793ddf64866SMarri Devender Rao } 794ddf64866SMarri Devender Rao void SetUp() override 795ddf64866SMarri Devender Rao { 796ddf64866SMarri Devender Rao char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 797ddf64866SMarri Devender Rao auto dirPtr = mkdtemp(dirTemplate); 798cfb5802aSNan Zhou if (dirPtr == nullptr) 799ddf64866SMarri Devender Rao { 800ddf64866SMarri Devender Rao throw std::bad_alloc(); 801ddf64866SMarri Devender Rao } 802fe590c4eSZbigniew Lukwinski certDir = std::string(dirPtr) + "/certs"; 803fe590c4eSZbigniew Lukwinski fs::create_directories(certDir); 804ddf64866SMarri Devender Rao certificateFile = "cert.pem"; 805ddf64866SMarri Devender Rao keyFile = "key.pem"; 806ddf64866SMarri Devender Rao std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 807ddf64866SMarri Devender Rao cmd += "-keyout key.pem -out cert.pem -days 3650 "; 808ddf64866SMarri Devender Rao cmd += "-subj " 809ddf64866SMarri Devender Rao "/O=openbmc-project.xyz/CN=localhost" 810ddf64866SMarri Devender Rao " -nodes"; 811ddf64866SMarri Devender Rao 812ddf64866SMarri Devender Rao auto val = std::system(cmd.c_str()); 813ddf64866SMarri Devender Rao if (val) 814ddf64866SMarri Devender Rao { 815ddf64866SMarri Devender Rao std::cout << "command Error: " << val << std::endl; 816ddf64866SMarri Devender Rao } 817ddf64866SMarri Devender Rao } 818ddf64866SMarri Devender Rao void TearDown() override 819ddf64866SMarri Devender Rao { 820ddf64866SMarri Devender Rao fs::remove_all(certDir); 821ddf64866SMarri Devender Rao fs::remove(certificateFile); 822ddf64866SMarri Devender Rao fs::remove(keyFile); 823ddf64866SMarri Devender Rao } 824ddf64866SMarri Devender Rao 825ddf64866SMarri Devender Rao protected: 826ddf64866SMarri Devender Rao sdbusplus::bus::bus bus; 827ddf64866SMarri Devender Rao std::string certificateFile; 828ddf64866SMarri Devender Rao std::string keyFile; 829ddf64866SMarri Devender Rao std::string certDir; 830ddf64866SMarri Devender Rao }; 831ddf64866SMarri Devender Rao 832ddf64866SMarri Devender Rao /** @brief Check install fails if private key is missing in certificate file 833ddf64866SMarri Devender Rao */ 8348841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestMissingPrivateKey) 835ddf64866SMarri Devender Rao { 836ddf64866SMarri Devender Rao std::string endpoint("ldap"); 8378841dbd6SMarri Devender Rao std::string unit(""); 838ddf64866SMarri Devender Rao std::string type("client"); 8398841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 8408841dbd6SMarri Devender Rao std::string verifyPath(installPath); 841b50789ceSJayanth Othayoth std::string verifyUnit(unit); 842ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 8438841dbd6SMarri Devender Rao EXPECT_THROW( 8448841dbd6SMarri Devender Rao { 8458841dbd6SMarri Devender Rao try 8468841dbd6SMarri Devender Rao { 847ffad1ef1SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 848ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 849ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 850ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 851ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 852ffad1ef1SMarri Devender Rao MainApp mainApp(&manager); 853ffad1ef1SMarri Devender Rao mainApp.install(certificateFile); 8548841dbd6SMarri Devender Rao } 855cd30c496SMarri Devender Rao catch (const InternalFailure& e) 8568841dbd6SMarri Devender Rao { 8578841dbd6SMarri Devender Rao throw; 8588841dbd6SMarri Devender Rao } 8598841dbd6SMarri Devender Rao }, 860cd30c496SMarri Devender Rao InternalFailure); 8618841dbd6SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 8628841dbd6SMarri Devender Rao } 8638841dbd6SMarri Devender Rao 8648841dbd6SMarri Devender Rao /** @brief Check install fails if ceritificate is missing in certificate file 8658841dbd6SMarri Devender Rao */ 8668841dbd6SMarri Devender Rao TEST_F(TestInvalidCertificate, TestMissingCeritificate) 8678841dbd6SMarri Devender Rao { 8688841dbd6SMarri Devender Rao std::string endpoint("ldap"); 8698841dbd6SMarri Devender Rao std::string unit(""); 8708841dbd6SMarri Devender Rao std::string type("client"); 8718841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + keyFile); 8728841dbd6SMarri Devender Rao std::string verifyPath(installPath); 8738841dbd6SMarri Devender Rao std::string verifyUnit(unit); 8748841dbd6SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 8758841dbd6SMarri Devender Rao EXPECT_THROW( 8768841dbd6SMarri Devender Rao { 8778841dbd6SMarri Devender Rao try 8788841dbd6SMarri Devender Rao { 879f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 880ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 881ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 882ffad1ef1SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, 883ffad1ef1SMarri Devender Rao std::move(unit), std::move(installPath)); 884ddf64866SMarri Devender Rao MainApp mainApp(&manager); 885ffad1ef1SMarri Devender Rao mainApp.install(keyFile); 886ddf64866SMarri Devender Rao } 887cd30c496SMarri Devender Rao catch (const InternalFailure& e) 888ddf64866SMarri Devender Rao { 889ddf64866SMarri Devender Rao throw; 890ddf64866SMarri Devender Rao } 891ddf64866SMarri Devender Rao }, 892ddf64866SMarri Devender Rao InvalidCertificate); 893ddf64866SMarri Devender Rao EXPECT_FALSE(fs::exists(verifyPath)); 894ddf64866SMarri Devender Rao } 895ddf64866SMarri Devender Rao 8968841dbd6SMarri Devender Rao /** @brief Check if error is thrown when multiple certificates are installed 8978841dbd6SMarri Devender Rao * At present only one certificate per service is allowed 898ddf64866SMarri Devender Rao */ 8998841dbd6SMarri Devender Rao TEST_F(TestCertificates, TestCertInstallNotAllowed) 900ddf64866SMarri Devender Rao { 9018841dbd6SMarri Devender Rao using NotAllowed = 9028841dbd6SMarri Devender Rao sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 903ddf64866SMarri Devender Rao std::string endpoint("ldap"); 9048841dbd6SMarri Devender Rao std::string unit(""); 905ddf64866SMarri Devender Rao std::string type("client"); 9068841dbd6SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 9078841dbd6SMarri Devender Rao std::string verifyPath(installPath); 908ddf64866SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 909f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 910ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 911ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 912f4682712SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 9138841dbd6SMarri Devender Rao std::move(installPath)); 914ddf64866SMarri Devender Rao MainApp mainApp(&manager); 9158841dbd6SMarri Devender Rao mainApp.install(certificateFile); 9168841dbd6SMarri Devender Rao EXPECT_TRUE(fs::exists(verifyPath)); 917ddf64866SMarri Devender Rao EXPECT_THROW( 918ddf64866SMarri Devender Rao { 919ddf64866SMarri Devender Rao try 920ddf64866SMarri Devender Rao { 9218841dbd6SMarri Devender Rao // install second certificate 9228841dbd6SMarri Devender Rao mainApp.install(certificateFile); 923ddf64866SMarri Devender Rao } 9248841dbd6SMarri Devender Rao catch (const NotAllowed& e) 925ddf64866SMarri Devender Rao { 926ddf64866SMarri Devender Rao throw; 927ddf64866SMarri Devender Rao } 928ddf64866SMarri Devender Rao }, 9298841dbd6SMarri Devender Rao NotAllowed); 930e6597c5bSMarri Devender Rao } 931f4682712SMarri Devender Rao 932f4682712SMarri Devender Rao TEST_F(TestCertificates, TestGenerateCSR) 933f4682712SMarri Devender Rao { 934f4682712SMarri Devender Rao std::string endpoint("https"); 935f4682712SMarri Devender Rao std::string unit(""); 936f4682712SMarri Devender Rao std::string type("Server"); 937f4682712SMarri Devender Rao std::string installPath(certDir + "/" + certificateFile); 938f4682712SMarri Devender Rao std::string verifyPath(installPath); 939f4682712SMarri Devender Rao std::string CSRPath(certDir + "/" + CSRFile); 940f4682712SMarri Devender Rao std::string privateKeyPath(certDir + "/" + privateKeyFile); 941f4682712SMarri Devender Rao std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 9428a09b52aSRamesh Iyyar std::string challengePassword("Password"); 943f4682712SMarri Devender Rao std::string city("HYB"); 944f4682712SMarri Devender Rao std::string commonName("abc.com"); 945f4682712SMarri Devender Rao std::string contactPerson("Admin"); 946f4682712SMarri Devender Rao std::string country("IN"); 947f4682712SMarri Devender Rao std::string email("admin@in.ibm.com"); 948f4682712SMarri Devender Rao std::string givenName("givenName"); 949f4682712SMarri Devender Rao std::string initials("G"); 950f4682712SMarri Devender Rao int64_t keyBitLength(2048); 951f4682712SMarri Devender Rao std::string keyCurveId("0"); 952f4682712SMarri Devender Rao std::string keyPairAlgorithm("RSA"); 953f4682712SMarri Devender Rao std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 954f4682712SMarri Devender Rao std::string organization("IBM"); 9558a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 956f4682712SMarri Devender Rao std::string state("TS"); 957f4682712SMarri Devender Rao std::string surname("surname"); 958f4682712SMarri Devender Rao std::string unstructuredName("unstructuredName"); 959f4682712SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 960f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 961ffad1ef1SMarri Devender Rao // Attach the bus to sd_event to service user requests 962ffad1ef1SMarri Devender Rao bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 963f4682712SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 964f4682712SMarri Devender Rao std::move(installPath)); 965f4682712SMarri Devender Rao Status status; 966f4682712SMarri Devender Rao CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 967f4682712SMarri Devender Rao MainApp mainApp(&manager, &csr); 968f4682712SMarri Devender Rao mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 969f4682712SMarri Devender Rao contactPerson, country, email, givenName, initials, 970f4682712SMarri Devender Rao keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 971f4682712SMarri Devender Rao organization, organizationalUnit, state, surname, 972f4682712SMarri Devender Rao unstructuredName); 973f4682712SMarri Devender Rao std::string csrData(""); 974f4682712SMarri Devender Rao // generateCSR takes considerable time to create CSR and privateKey Files 975f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(CSRPath)); 976f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(privateKeyPath)); 977f4682712SMarri Devender Rao EXPECT_THROW( 978f4682712SMarri Devender Rao { 979f4682712SMarri Devender Rao try 980f4682712SMarri Devender Rao { 981e129be3bSPatrick Williams csrData = csr.csr(); 982f4682712SMarri Devender Rao } 983f4682712SMarri Devender Rao catch (const InternalFailure& e) 984f4682712SMarri Devender Rao { 985f4682712SMarri Devender Rao throw; 986f4682712SMarri Devender Rao } 987f4682712SMarri Devender Rao }, 988f4682712SMarri Devender Rao InternalFailure); 989f4682712SMarri Devender Rao // wait for 10 sec to get CSR and privateKey Files generated 990f4682712SMarri Devender Rao sleep(10); 991f4682712SMarri Devender Rao EXPECT_TRUE(fs::exists(CSRPath)); 992f4682712SMarri Devender Rao EXPECT_TRUE(fs::exists(privateKeyPath)); 993e129be3bSPatrick Williams csrData = csr.csr(); 994f4682712SMarri Devender Rao ASSERT_NE("", csrData.c_str()); 995f4682712SMarri Devender Rao } 996f4682712SMarri Devender Rao 9978a09b52aSRamesh Iyyar /** @brief Check if ECC key pair is generated when user is not given algorithm 9988a09b52aSRamesh Iyyar * type. At present RSA and EC key pair algorithm are supported 9998a09b52aSRamesh Iyyar */ 10008a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm) 10018a09b52aSRamesh Iyyar { 10028a09b52aSRamesh Iyyar std::string endpoint("https"); 10038a09b52aSRamesh Iyyar std::string unit(""); 10048a09b52aSRamesh Iyyar std::string type("Server"); 10058a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 10068a09b52aSRamesh Iyyar std::string verifyPath(installPath); 10078a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 10088a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 10098a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 10108a09b52aSRamesh Iyyar std::string challengePassword("Password"); 10118a09b52aSRamesh Iyyar std::string city("HYB"); 10128a09b52aSRamesh Iyyar std::string commonName("abc.com"); 10138a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 10148a09b52aSRamesh Iyyar std::string country("IN"); 10158a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 10168a09b52aSRamesh Iyyar std::string givenName("givenName"); 10178a09b52aSRamesh Iyyar std::string initials("G"); 10188a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 10198a09b52aSRamesh Iyyar std::string keyCurveId(""); 10208a09b52aSRamesh Iyyar std::string keyPairAlgorithm(""); 10218a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 10228a09b52aSRamesh Iyyar std::string organization("IBM"); 10238a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 10248a09b52aSRamesh Iyyar std::string state("TS"); 10258a09b52aSRamesh Iyyar std::string surname("surname"); 10268a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1027f4682712SMarri Devender Rao auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1028f4682712SMarri Devender Rao auto event = sdeventplus::Event::get_default(); 1029f4682712SMarri Devender Rao Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1030f4682712SMarri Devender Rao std::move(installPath)); 1031f4682712SMarri Devender Rao Status status; 1032f4682712SMarri Devender Rao CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1033f4682712SMarri Devender Rao MainApp mainApp(&manager, &csr); 1034f4682712SMarri Devender Rao mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1035f4682712SMarri Devender Rao contactPerson, country, email, givenName, initials, 1036f4682712SMarri Devender Rao keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1037f4682712SMarri Devender Rao organization, organizationalUnit, state, surname, 1038f4682712SMarri Devender Rao unstructuredName); 1039f4682712SMarri Devender Rao sleep(10); 10408a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 10418a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 10428a09b52aSRamesh Iyyar } 10438a09b52aSRamesh Iyyar 10448a09b52aSRamesh Iyyar /** @brief Check if error is thrown when giving un supported key pair 10458a09b52aSRamesh Iyyar * algorithm. At present RSA and EC key pair algorithm are supported 10468a09b52aSRamesh Iyyar */ 10478a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm) 10488a09b52aSRamesh Iyyar { 10498a09b52aSRamesh Iyyar std::string endpoint("https"); 10508a09b52aSRamesh Iyyar std::string unit(""); 10518a09b52aSRamesh Iyyar std::string type("Server"); 10528a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 10538a09b52aSRamesh Iyyar std::string verifyPath(installPath); 10548a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 10558a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 10568a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 10578a09b52aSRamesh Iyyar std::string challengePassword("Password"); 10588a09b52aSRamesh Iyyar std::string city("HYB"); 10598a09b52aSRamesh Iyyar std::string commonName("abc.com"); 10608a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 10618a09b52aSRamesh Iyyar std::string country("IN"); 10628a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 10638a09b52aSRamesh Iyyar std::string givenName("givenName"); 10648a09b52aSRamesh Iyyar std::string initials("G"); 10658a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 10668a09b52aSRamesh Iyyar std::string keyCurveId("secp521r1"); 10678a09b52aSRamesh Iyyar std::string keyPairAlgorithm("UnSupportedAlgorithm"); 10688a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 10698a09b52aSRamesh Iyyar std::string organization("IBM"); 10708a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 10718a09b52aSRamesh Iyyar std::string state("TS"); 10728a09b52aSRamesh Iyyar std::string surname("surname"); 10738a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 10748a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 10758a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 10768a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 10778a09b52aSRamesh Iyyar std::move(installPath)); 10788a09b52aSRamesh Iyyar Status status; 10798a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 10808a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 10818a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 10828a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 10838a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 10848a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 10858a09b52aSRamesh Iyyar unstructuredName); 1086f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(CSRPath)); 1087f4682712SMarri Devender Rao EXPECT_FALSE(fs::exists(privateKeyPath)); 1088f4682712SMarri Devender Rao } 10898a09b52aSRamesh Iyyar 10908a09b52aSRamesh Iyyar /** @brief Check if error is thrown when NID_undef is returned for given key 10918a09b52aSRamesh Iyyar * curve id 10928a09b52aSRamesh Iyyar */ 10938a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase) 10948a09b52aSRamesh Iyyar { 10958a09b52aSRamesh Iyyar std::string endpoint("https"); 10968a09b52aSRamesh Iyyar std::string unit(""); 10978a09b52aSRamesh Iyyar std::string type("Server"); 10988a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 10998a09b52aSRamesh Iyyar std::string verifyPath(installPath); 11008a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 11018a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 11028a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 11038a09b52aSRamesh Iyyar std::string challengePassword("Password"); 11048a09b52aSRamesh Iyyar std::string city("BLR"); 11058a09b52aSRamesh Iyyar std::string commonName("abc.com"); 11068a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 11078a09b52aSRamesh Iyyar std::string country("IN"); 11088a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 11098a09b52aSRamesh Iyyar std::string givenName("givenName"); 11108a09b52aSRamesh Iyyar std::string initials("G"); 11118a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 11128a09b52aSRamesh Iyyar std::string keyCurveId("DummyCurveName"); 11138a09b52aSRamesh Iyyar std::string keyPairAlgorithm("EC"); 11148a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 11158a09b52aSRamesh Iyyar std::string organization("IBM"); 11168a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 11178a09b52aSRamesh Iyyar std::string state("TS"); 11188a09b52aSRamesh Iyyar std::string surname("surname"); 11198a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 11208a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 11218a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 11228a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 11238a09b52aSRamesh Iyyar std::move(installPath)); 11248a09b52aSRamesh Iyyar Status status; 11258a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 11268a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 11278a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 11288a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 11298a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 11308a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 11318a09b52aSRamesh Iyyar unstructuredName); 11328a09b52aSRamesh Iyyar EXPECT_FALSE(fs::exists(CSRPath)); 11338a09b52aSRamesh Iyyar EXPECT_FALSE(fs::exists(privateKeyPath)); 11348a09b52aSRamesh Iyyar } 11358a09b52aSRamesh Iyyar 11368a09b52aSRamesh Iyyar /** @brief Check default Key Curve Id is used if given curve id is empty 11378a09b52aSRamesh Iyyar */ 11388a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId) 11398a09b52aSRamesh Iyyar { 11408a09b52aSRamesh Iyyar std::string endpoint("https"); 11418a09b52aSRamesh Iyyar std::string unit(""); 11428a09b52aSRamesh Iyyar std::string type("Server"); 11438a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 11448a09b52aSRamesh Iyyar std::string verifyPath(installPath); 11458a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 11468a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 11478a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 11488a09b52aSRamesh Iyyar std::string challengePassword("Password"); 11498a09b52aSRamesh Iyyar std::string city("BLR"); 11508a09b52aSRamesh Iyyar std::string commonName("abc.com"); 11518a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 11528a09b52aSRamesh Iyyar std::string country("IN"); 11538a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 11548a09b52aSRamesh Iyyar std::string givenName("givenName"); 11558a09b52aSRamesh Iyyar std::string initials("G"); 11568a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 11578a09b52aSRamesh Iyyar std::string keyCurveId(""); 11588a09b52aSRamesh Iyyar std::string keyPairAlgorithm("EC"); 11598a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 11608a09b52aSRamesh Iyyar std::string organization("IBM"); 11618a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 11628a09b52aSRamesh Iyyar std::string state("TS"); 11638a09b52aSRamesh Iyyar std::string surname("surname"); 11648a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 11658a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 11668a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 11678a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 11688a09b52aSRamesh Iyyar std::move(installPath)); 11698a09b52aSRamesh Iyyar Status status; 11708a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 11718a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 11728a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 11738a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 11748a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 11758a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 11768a09b52aSRamesh Iyyar unstructuredName); 11778a09b52aSRamesh Iyyar sleep(10); 11788a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 11798a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 11808a09b52aSRamesh Iyyar } 11818a09b52aSRamesh Iyyar 11828a09b52aSRamesh Iyyar /** @brief Check if error is not thrown to generate EC key pair 11838a09b52aSRamesh Iyyar */ 11848a09b52aSRamesh Iyyar TEST_F(TestCertificates, TestECKeyGeneration) 11858a09b52aSRamesh Iyyar { 11868a09b52aSRamesh Iyyar std::string endpoint("https"); 11878a09b52aSRamesh Iyyar std::string unit(""); 11888a09b52aSRamesh Iyyar std::string type("Server"); 11898a09b52aSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 11908a09b52aSRamesh Iyyar std::string verifyPath(installPath); 11918a09b52aSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 11928a09b52aSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 11938a09b52aSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 11948a09b52aSRamesh Iyyar std::string challengePassword("Password"); 11958a09b52aSRamesh Iyyar std::string city("BLR"); 11968a09b52aSRamesh Iyyar std::string commonName("abc.com"); 11978a09b52aSRamesh Iyyar std::string contactPerson("Admin"); 11988a09b52aSRamesh Iyyar std::string country("IN"); 11998a09b52aSRamesh Iyyar std::string email("admin@in.ibm.com"); 12008a09b52aSRamesh Iyyar std::string givenName("givenName"); 12018a09b52aSRamesh Iyyar std::string initials("G"); 12028a09b52aSRamesh Iyyar int64_t keyBitLength(2048); 12038a09b52aSRamesh Iyyar std::string keyCurveId("secp521r1"); 12048a09b52aSRamesh Iyyar std::string keyPairAlgorithm("EC"); 12058a09b52aSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 12068a09b52aSRamesh Iyyar std::string organization("IBM"); 12078a09b52aSRamesh Iyyar std::string organizationalUnit("orgUnit"); 12088a09b52aSRamesh Iyyar std::string state("TS"); 12098a09b52aSRamesh Iyyar std::string surname("surname"); 12108a09b52aSRamesh Iyyar std::string unstructuredName("unstructuredName"); 12118a09b52aSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 12128a09b52aSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 12138a09b52aSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 12148a09b52aSRamesh Iyyar std::move(installPath)); 12158a09b52aSRamesh Iyyar Status status; 12168a09b52aSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 12178a09b52aSRamesh Iyyar MainApp mainApp(&manager, &csr); 12188a09b52aSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 12198a09b52aSRamesh Iyyar contactPerson, country, email, givenName, initials, 12208a09b52aSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 12218a09b52aSRamesh Iyyar organization, organizationalUnit, state, surname, 12228a09b52aSRamesh Iyyar unstructuredName); 12238a09b52aSRamesh Iyyar std::cout << "CSRPath: " << CSRPath << std::endl 12248a09b52aSRamesh Iyyar << "privateKeyPath: " << privateKeyPath << std::endl; 12258a09b52aSRamesh Iyyar sleep(10); 12268a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 12278a09b52aSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 12288a09b52aSRamesh Iyyar } 1229c6e58c7eSRamesh Iyyar 1230bf3cf751SNan Zhou /** @brief Check error is thrown if giving unsupported key bit length to 1231c6e58c7eSRamesh Iyyar * generate rsa key 1232c6e58c7eSRamesh Iyyar */ 1233c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength) 1234c6e58c7eSRamesh Iyyar { 1235c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1236c6e58c7eSRamesh Iyyar std::string unit(""); 1237c6e58c7eSRamesh Iyyar std::string type("Server"); 1238c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1239c6e58c7eSRamesh Iyyar std::string verifyPath(installPath); 1240c6e58c7eSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 1241c6e58c7eSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 1242c6e58c7eSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1243c6e58c7eSRamesh Iyyar std::string challengePassword("Password"); 1244c6e58c7eSRamesh Iyyar std::string city("BLR"); 1245c6e58c7eSRamesh Iyyar std::string commonName("abc.com"); 1246c6e58c7eSRamesh Iyyar std::string contactPerson("Admin"); 1247c6e58c7eSRamesh Iyyar std::string country("IN"); 1248c6e58c7eSRamesh Iyyar std::string email("admin@in.ibm.com"); 1249c6e58c7eSRamesh Iyyar std::string givenName("givenName"); 1250c6e58c7eSRamesh Iyyar std::string initials("G"); 1251c6e58c7eSRamesh Iyyar int64_t keyBitLength(4096); 1252c6e58c7eSRamesh Iyyar std::string keyCurveId("secp521r1"); 1253c6e58c7eSRamesh Iyyar std::string keyPairAlgorithm("RSA"); 1254c6e58c7eSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1255c6e58c7eSRamesh Iyyar std::string organization("IBM"); 1256c6e58c7eSRamesh Iyyar std::string organizationalUnit("orgUnit"); 1257c6e58c7eSRamesh Iyyar std::string state("TS"); 1258c6e58c7eSRamesh Iyyar std::string surname("surname"); 1259c6e58c7eSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1260c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1261c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1262c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1263c6e58c7eSRamesh Iyyar std::move(installPath)); 1264c6e58c7eSRamesh Iyyar Status status; 1265c6e58c7eSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1266c6e58c7eSRamesh Iyyar MainApp mainApp(&manager, &csr); 1267c6e58c7eSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1268c6e58c7eSRamesh Iyyar contactPerson, country, email, givenName, initials, 1269c6e58c7eSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1270c6e58c7eSRamesh Iyyar organization, organizationalUnit, state, surname, 1271c6e58c7eSRamesh Iyyar unstructuredName); 1272c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(CSRPath)); 1273c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(privateKeyPath)); 1274c6e58c7eSRamesh Iyyar } 1275c6e58c7eSRamesh Iyyar 1276c6e58c7eSRamesh Iyyar /** @brief Check error is thrown if generated rsa key file is not present 1277c6e58c7eSRamesh Iyyar */ 1278c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase) 1279c6e58c7eSRamesh Iyyar { 1280c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1281c6e58c7eSRamesh Iyyar std::string unit(""); 1282c6e58c7eSRamesh Iyyar std::string type("Server"); 1283c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1284c6e58c7eSRamesh Iyyar std::string verifyPath(installPath); 1285c6e58c7eSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 1286c6e58c7eSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 1287c6e58c7eSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1288c6e58c7eSRamesh Iyyar std::string challengePassword("Password"); 1289c6e58c7eSRamesh Iyyar std::string city("BLR"); 1290c6e58c7eSRamesh Iyyar std::string commonName("abc.com"); 1291c6e58c7eSRamesh Iyyar std::string contactPerson("Admin"); 1292c6e58c7eSRamesh Iyyar std::string country("IN"); 1293c6e58c7eSRamesh Iyyar std::string email("admin@in.ibm.com"); 1294c6e58c7eSRamesh Iyyar std::string givenName("givenName"); 1295c6e58c7eSRamesh Iyyar std::string initials("G"); 1296c6e58c7eSRamesh Iyyar int64_t keyBitLength(2048); 1297c6e58c7eSRamesh Iyyar std::string keyCurveId("secp521r1"); 1298c6e58c7eSRamesh Iyyar std::string keyPairAlgorithm("RSA"); 1299c6e58c7eSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1300c6e58c7eSRamesh Iyyar std::string organization("IBM"); 1301c6e58c7eSRamesh Iyyar std::string organizationalUnit("orgUnit"); 1302c6e58c7eSRamesh Iyyar std::string state("TS"); 1303c6e58c7eSRamesh Iyyar std::string surname("surname"); 1304c6e58c7eSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1305c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1306c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1307c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1308c6e58c7eSRamesh Iyyar std::move(installPath)); 1309c6e58c7eSRamesh Iyyar 1310c6e58c7eSRamesh Iyyar // Removing generated RSA key file 1311c6e58c7eSRamesh Iyyar fs::remove(rsaPrivateKeyFilePath); 1312c6e58c7eSRamesh Iyyar 1313c6e58c7eSRamesh Iyyar Status status; 1314c6e58c7eSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1315c6e58c7eSRamesh Iyyar MainApp mainApp(&manager, &csr); 1316c6e58c7eSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1317c6e58c7eSRamesh Iyyar contactPerson, country, email, givenName, initials, 1318c6e58c7eSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1319c6e58c7eSRamesh Iyyar organization, organizationalUnit, state, surname, 1320c6e58c7eSRamesh Iyyar unstructuredName); 1321c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(CSRPath)); 1322c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(privateKeyPath)); 1323c6e58c7eSRamesh Iyyar } 1324c6e58c7eSRamesh Iyyar 1325c6e58c7eSRamesh Iyyar /** @brief Check private key file is created from generated rsa key file is 1326c6e58c7eSRamesh Iyyar * `present 1327c6e58c7eSRamesh Iyyar */ 1328c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile) 1329c6e58c7eSRamesh Iyyar { 1330c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1331c6e58c7eSRamesh Iyyar std::string unit(""); 1332c6e58c7eSRamesh Iyyar std::string type("Server"); 1333c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1334c6e58c7eSRamesh Iyyar std::string verifyPath(installPath); 1335c6e58c7eSRamesh Iyyar std::string CSRPath(certDir + "/" + CSRFile); 1336c6e58c7eSRamesh Iyyar std::string privateKeyPath(certDir + "/" + privateKeyFile); 1337c6e58c7eSRamesh Iyyar std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1338c6e58c7eSRamesh Iyyar std::string challengePassword("Password"); 1339c6e58c7eSRamesh Iyyar std::string city("BLR"); 1340c6e58c7eSRamesh Iyyar std::string commonName("abc.com"); 1341c6e58c7eSRamesh Iyyar std::string contactPerson("Admin"); 1342c6e58c7eSRamesh Iyyar std::string country("IN"); 1343c6e58c7eSRamesh Iyyar std::string email("admin@in.ibm.com"); 1344c6e58c7eSRamesh Iyyar std::string givenName("givenName"); 1345c6e58c7eSRamesh Iyyar std::string initials("G"); 1346c6e58c7eSRamesh Iyyar int64_t keyBitLength(2048); 1347c6e58c7eSRamesh Iyyar std::string keyCurveId("secp521r1"); 1348c6e58c7eSRamesh Iyyar std::string keyPairAlgorithm("RSA"); 1349c6e58c7eSRamesh Iyyar std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1350c6e58c7eSRamesh Iyyar std::string organization("IBM"); 1351c6e58c7eSRamesh Iyyar std::string organizationalUnit("orgUnit"); 1352c6e58c7eSRamesh Iyyar std::string state("TS"); 1353c6e58c7eSRamesh Iyyar std::string surname("surname"); 1354c6e58c7eSRamesh Iyyar std::string unstructuredName("unstructuredName"); 1355c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1356c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1357c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1358c6e58c7eSRamesh Iyyar std::move(installPath)); 1359c6e58c7eSRamesh Iyyar Status status; 1360c6e58c7eSRamesh Iyyar CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1361c6e58c7eSRamesh Iyyar MainApp mainApp(&manager, &csr); 1362c6e58c7eSRamesh Iyyar mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1363c6e58c7eSRamesh Iyyar contactPerson, country, email, givenName, initials, 1364c6e58c7eSRamesh Iyyar keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1365c6e58c7eSRamesh Iyyar organization, organizationalUnit, state, surname, 1366c6e58c7eSRamesh Iyyar unstructuredName); 1367c6e58c7eSRamesh Iyyar sleep(10); 1368c6e58c7eSRamesh Iyyar EXPECT_TRUE(fs::exists(CSRPath)); 1369c6e58c7eSRamesh Iyyar EXPECT_TRUE(fs::exists(privateKeyPath)); 1370c6e58c7eSRamesh Iyyar } 1371c6e58c7eSRamesh Iyyar 1372bf3cf751SNan Zhou /** @brief Check RSA key is generated during application startup*/ 1373c6e58c7eSRamesh Iyyar TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile) 1374c6e58c7eSRamesh Iyyar { 1375c6e58c7eSRamesh Iyyar std::string endpoint("https"); 1376c6e58c7eSRamesh Iyyar std::string unit(""); 1377c6e58c7eSRamesh Iyyar std::string type("Server"); 1378c6e58c7eSRamesh Iyyar std::string installPath(certDir + "/" + certificateFile); 1379c6e58c7eSRamesh Iyyar auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1380c6e58c7eSRamesh Iyyar auto event = sdeventplus::Event::get_default(); 1381c6e58c7eSRamesh Iyyar 1382c6e58c7eSRamesh Iyyar EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath)); 1383c6e58c7eSRamesh Iyyar Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1384c6e58c7eSRamesh Iyyar std::move(installPath)); 1385c6e58c7eSRamesh Iyyar EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath)); 1386c6e58c7eSRamesh Iyyar } 1387*e1289adfSNan Zhou } // namespace 1388*e1289adfSNan Zhou } // namespace phosphor::certs 1389