1 #include "config.h" 2 3 #include "certificate.hpp" 4 #include "certs_manager.hpp" 5 6 #include <openssl/bio.h> 7 #include <openssl/crypto.h> 8 #include <openssl/err.h> 9 #include <openssl/evp.h> 10 #include <openssl/pem.h> 11 #include <openssl/x509v3.h> 12 13 #include <algorithm> 14 #include <filesystem> 15 #include <fstream> 16 #include <iterator> 17 #include <sdeventplus/event.hpp> 18 #include <string> 19 #include <xyz/openbmc_project/Certs/error.hpp> 20 #include <xyz/openbmc_project/Common/error.hpp> 21 22 #include <gtest/gtest.h> 23 namespace fs = std::filesystem; 24 using InternalFailure = 25 sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure; 26 using InvalidCertificate = 27 sdbusplus::xyz::openbmc_project::Certs::Error::InvalidCertificate; 28 using namespace phosphor::certs; 29 30 /** 31 * Class to generate certificate file and test verification of certificate file 32 */ 33 class TestCertificates : public ::testing::Test 34 { 35 public: 36 TestCertificates() : bus(sdbusplus::bus::new_default()) 37 { 38 } 39 void SetUp() override 40 { 41 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 42 auto dirPtr = mkdtemp(dirTemplate); 43 if (dirPtr == NULL) 44 { 45 throw std::bad_alloc(); 46 } 47 certDir = std::string(dirPtr) + "/certs"; 48 fs::create_directories(certDir); 49 50 createNewCertificate(); 51 } 52 53 void TearDown() override 54 { 55 fs::remove_all(certDir); 56 fs::remove(certificateFile); 57 fs::remove(CSRFile); 58 fs::remove(privateKeyFile); 59 } 60 61 void createNewCertificate(bool setNewCertId = false) 62 { 63 certificateFile = "cert.pem"; 64 CSRFile = "domain.csr"; 65 privateKeyFile = "privkey.pem"; 66 rsaPrivateKeyFilePath = certDir + "/.rsaprivkey.pem"; 67 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 68 cmd += "-keyout cert.pem -out cert.pem -days 3650 -nodes"; 69 cmd += " -subj /O=openbmc-project.xyz/CN=localhost"; 70 71 if (setNewCertId) 72 { 73 cmd += std::to_string(certId++); 74 } 75 76 auto val = std::system(cmd.c_str()); 77 if (val) 78 { 79 std::cout << "COMMAND Error: " << val << std::endl; 80 } 81 } 82 83 bool compareFiles(const std::string& file1, const std::string& file2) 84 { 85 std::ifstream f1(file1, std::ifstream::binary | std::ifstream::ate); 86 std::ifstream f2(file2, std::ifstream::binary | std::ifstream::ate); 87 88 if (f1.fail() || f2.fail()) 89 { 90 return false; // file problem 91 } 92 93 if (f1.tellg() != f2.tellg()) 94 { 95 return false; // size mismatch 96 } 97 98 // seek back to beginning and use std::equal to compare contents 99 f1.seekg(0, std::ifstream::beg); 100 f2.seekg(0, std::ifstream::beg); 101 return std::equal(std::istreambuf_iterator<char>(f1.rdbuf()), 102 std::istreambuf_iterator<char>(), 103 std::istreambuf_iterator<char>(f2.rdbuf())); 104 } 105 106 std::string getCertSubjectNameHash(const std::string& certFilePath) 107 { 108 std::unique_ptr<X509, decltype(&::X509_free)> cert(X509_new(), 109 ::X509_free); 110 if (!cert) 111 { 112 std::string(); 113 } 114 115 std::unique_ptr<BIO, decltype(&::BIO_free)> bioCert( 116 BIO_new_file(certFilePath.c_str(), "rb"), ::BIO_free); 117 if (!bioCert) 118 { 119 std::string(); 120 } 121 122 X509* x509 = cert.get(); 123 if (!PEM_read_bio_X509(bioCert.get(), &x509, nullptr, nullptr)) 124 { 125 std::string(); 126 } 127 128 unsigned long hash = X509_subject_name_hash(cert.get()); 129 static constexpr auto AUTH_CERT_HASH_LENGTH = 9; 130 char hashBuf[AUTH_CERT_HASH_LENGTH]; 131 sprintf(hashBuf, "%08lx", hash); 132 return std::string(hashBuf); 133 } 134 135 protected: 136 sdbusplus::bus::bus bus; 137 std::string certificateFile, CSRFile, privateKeyFile, rsaPrivateKeyFilePath; 138 139 std::string certDir; 140 uint64_t certId; 141 }; 142 143 class MainApp 144 { 145 public: 146 MainApp(phosphor::certs::Manager* manager, 147 phosphor::certs::CSR* csr = nullptr) : 148 manager(manager), 149 csr_(csr) 150 { 151 } 152 void install(std::string& path) 153 { 154 manager->install(path); 155 } 156 void delete_() 157 { 158 manager->deleteAll(); 159 } 160 161 std::string generateCSR(std::vector<std::string> alternativeNames, 162 std::string challengePassword, std::string city, 163 std::string commonName, std::string contactPerson, 164 std::string country, std::string email, 165 std::string givenName, std::string initials, 166 int64_t keyBitLength, std::string keyCurveId, 167 std::string keyPairAlgorithm, 168 std::vector<std::string> keyUsage, 169 std::string organization, 170 std::string organizationalUnit, std::string state, 171 std::string surname, std::string unstructuredName) 172 { 173 return (manager->generateCSR( 174 alternativeNames, challengePassword, city, commonName, 175 contactPerson, country, email, givenName, initials, keyBitLength, 176 keyCurveId, keyPairAlgorithm, keyUsage, organization, 177 organizationalUnit, state, surname, unstructuredName)); 178 } 179 #ifdef SDBUSPP_NEW_CAMELCASE 180 std::string csr() 181 { 182 return (csr_->csr()); 183 } 184 #else 185 std::string cSR() 186 { 187 return (csr_->cSR()); 188 } 189 #endif 190 phosphor::certs::Manager* manager; 191 phosphor::certs::CSR* csr_; 192 }; 193 194 /** @brief Check if server install routine is invoked for server setup 195 */ 196 TEST_F(TestCertificates, InvokeServerInstall) 197 { 198 std::string endpoint("https"); 199 std::string unit(""); 200 std::string type("server"); 201 std::string installPath(certDir + "/" + certificateFile); 202 std::string verifyPath(installPath); 203 UnitsToRestart verifyUnit(unit); 204 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 205 auto event = sdeventplus::Event::get_default(); 206 // Attach the bus to sd_event to service user requests 207 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 208 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 209 std::move(installPath)); 210 MainApp mainApp(&manager); 211 mainApp.install(certificateFile); 212 EXPECT_TRUE(fs::exists(verifyPath)); 213 } 214 215 /** @brief Check if client install routine is invoked for client setup 216 */ 217 TEST_F(TestCertificates, InvokeClientInstall) 218 { 219 std::string endpoint("ldap"); 220 std::string unit(""); 221 std::string type("server"); 222 std::string installPath(certDir + "/" + certificateFile); 223 std::string verifyPath(installPath); 224 UnitsToRestart verifyUnit(unit); 225 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 226 auto event = sdeventplus::Event::get_default(); 227 // Attach the bus to sd_event to service user requests 228 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 229 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 230 std::move(installPath)); 231 MainApp mainApp(&manager); 232 mainApp.install(certificateFile); 233 EXPECT_TRUE(fs::exists(verifyPath)); 234 } 235 236 /** @brief Check if storage install routine is invoked for storage setup 237 */ 238 TEST_F(TestCertificates, InvokeAuthorityInstall) 239 { 240 std::string endpoint("ldap"); 241 std::string unit(""); 242 std::string type("authority"); 243 std::string verifyDir(certDir); 244 UnitsToRestart verifyUnit(unit); 245 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 246 auto event = sdeventplus::Event::get_default(); 247 // Attach the bus to sd_event to service user requests 248 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 249 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 250 std::move(certDir)); 251 MainApp mainApp(&manager); 252 mainApp.install(certificateFile); 253 254 std::vector<std::unique_ptr<Certificate>>& certs = 255 manager.getCertificates(); 256 257 EXPECT_FALSE(certs.empty()); 258 259 std::string verifyPath = 260 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 261 262 // Check that certificate has been created at installation directory 263 EXPECT_FALSE(fs::is_empty(verifyDir)); 264 EXPECT_TRUE(fs::exists(verifyPath)); 265 266 // Check that installed cert is identical to input one 267 EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 268 } 269 270 /** @brief Check if in authority mode user can't install the same 271 * certificate twice. 272 */ 273 TEST_F(TestCertificates, InvokeInstallSameCertTwice) 274 { 275 std::string endpoint("ldap"); 276 std::string unit(""); 277 std::string type("authority"); 278 std::string verifyDir(certDir); 279 UnitsToRestart verifyUnit(unit); 280 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 281 auto event = sdeventplus::Event::get_default(); 282 // Attach the bus to sd_event to service user requests 283 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 284 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 285 std::move(certDir)); 286 MainApp mainApp(&manager); 287 mainApp.install(certificateFile); 288 289 std::vector<std::unique_ptr<Certificate>>& certs = 290 manager.getCertificates(); 291 292 EXPECT_FALSE(certs.empty()); 293 294 // Check that certificate has been created at installation directory 295 std::string verifyPath = 296 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 297 EXPECT_FALSE(fs::is_empty(verifyDir)); 298 EXPECT_TRUE(fs::exists(verifyPath)); 299 300 // Check that installed cert is identical to input one 301 EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 302 303 using NotAllowed = 304 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 305 EXPECT_THROW( 306 { 307 try 308 { 309 // Try to install the same certificate second time 310 mainApp.install(certificateFile); 311 } 312 catch (const NotAllowed& e) 313 { 314 throw; 315 } 316 }, 317 NotAllowed); 318 319 // Check that the original certificate has been not removed 320 EXPECT_FALSE(fs::is_empty(verifyDir)); 321 EXPECT_TRUE(fs::exists(verifyPath)); 322 } 323 324 /** @brief Check if in authority mode user can install a certificate with 325 * certain subject hash twice. 326 */ 327 TEST_F(TestCertificates, InvokeInstallSameSubjectTwice) 328 { 329 std::string endpoint("ldap"); 330 std::string unit(""); 331 std::string type("authority"); 332 std::string verifyDir(certDir); 333 UnitsToRestart verifyUnit(unit); 334 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 335 auto event = sdeventplus::Event::get_default(); 336 // Attach the bus to sd_event to service user requests 337 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 338 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 339 std::move(certDir)); 340 MainApp mainApp(&manager); 341 mainApp.install(certificateFile); 342 343 std::vector<std::unique_ptr<Certificate>>& certs = 344 manager.getCertificates(); 345 346 EXPECT_FALSE(certs.empty()); 347 348 // Check that certificate has been created at installation directory 349 std::string verifyPath0 = 350 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 351 EXPECT_FALSE(fs::is_empty(verifyDir)); 352 EXPECT_TRUE(fs::exists(verifyPath0)); 353 354 // Check that installed cert is identical to input one 355 EXPECT_TRUE(compareFiles(certificateFile, verifyPath0)); 356 357 // Prepare second certificate with the same subject 358 createNewCertificate(); 359 360 // Install second certificate 361 mainApp.install(certificateFile); 362 363 // Expect there are exactly two certificates in the collection 364 EXPECT_EQ(certs.size(), 2); 365 366 // Check that certificate has been created at installation directory 367 std::string verifyPath1 = 368 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".1"; 369 EXPECT_TRUE(fs::exists(verifyPath1)); 370 371 // Check that installed cert is identical to input one 372 EXPECT_TRUE(compareFiles(certificateFile, verifyPath1)); 373 374 // Check that the original/first certificate has been not removed 375 EXPECT_FALSE(fs::is_empty(verifyDir)); 376 EXPECT_TRUE(fs::exists(verifyPath0)); 377 } 378 379 /** @brief Check if in authority mode user can't install more than 380 * AUTHORITY_CERTIFICATES_LIMIT certificates. 381 */ 382 TEST_F(TestCertificates, InvokeInstallAuthCertLimit) 383 { 384 std::string endpoint("ldap"); 385 std::string unit(""); 386 std::string type("authority"); 387 std::string verifyDir(certDir); 388 UnitsToRestart verifyUnit(unit); 389 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 390 auto event = sdeventplus::Event::get_default(); 391 // Attach the bus to sd_event to service user requests 392 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 393 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 394 std::move(certDir)); 395 MainApp mainApp(&manager); 396 397 std::vector<std::unique_ptr<Certificate>>& certs = 398 manager.getCertificates(); 399 400 std::vector<std::string> verifyPaths; 401 402 // Prepare maximum number of ceritificates 403 for (std::size_t i = 0; i < AUTHORITY_CERTIFICATES_LIMIT; ++i) 404 { 405 // Prepare new certificatate 406 createNewCertificate(true); 407 408 // Install ceritificate 409 mainApp.install(certificateFile); 410 411 // Check number of certificates in the collection 412 EXPECT_EQ(certs.size(), i + 1); 413 414 // Check that certificate has been created at installation directory 415 std::string verifyPath = 416 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 417 EXPECT_FALSE(fs::is_empty(verifyDir)); 418 EXPECT_TRUE(fs::exists(verifyPath)); 419 420 // Check that installed cert is identical to input one 421 EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 422 423 // Save current certificate file for later check 424 verifyPaths.push_back(verifyPath); 425 } 426 427 // Prepare new certificatate 428 createNewCertificate(true); 429 430 using NotAllowed = 431 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 432 EXPECT_THROW( 433 { 434 try 435 { 436 // Try to install one more certificate 437 mainApp.install(certificateFile); 438 } 439 catch (const NotAllowed& e) 440 { 441 throw; 442 } 443 }, 444 NotAllowed); 445 446 // Check that the original certificate has been not removed 447 EXPECT_FALSE(fs::is_empty(verifyDir)); 448 for (int i = 0; i < AUTHORITY_CERTIFICATES_LIMIT; ++i) 449 { 450 EXPECT_TRUE(fs::exists(verifyPaths[i])); 451 } 452 } 453 454 /** @brief Compare the installed certificate with the copied certificate 455 */ 456 TEST_F(TestCertificates, CompareInstalledCertificate) 457 { 458 std::string endpoint("ldap"); 459 std::string unit(""); 460 std::string type("client"); 461 std::string installPath(certDir + "/" + certificateFile); 462 std::string verifyPath(installPath); 463 UnitsToRestart verifyUnit(unit); 464 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 465 auto event = sdeventplus::Event::get_default(); 466 // Attach the bus to sd_event to service user requests 467 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 468 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 469 std::move(installPath)); 470 MainApp mainApp(&manager); 471 mainApp.install(certificateFile); 472 EXPECT_TRUE(fs::exists(verifyPath)); 473 EXPECT_TRUE(compareFiles(verifyPath, certificateFile)); 474 } 475 476 /** @brief Check if install fails if certificate file is not found 477 */ 478 TEST_F(TestCertificates, TestNoCertificateFile) 479 { 480 std::string endpoint("ldap"); 481 std::string unit(""); 482 std::string type("client"); 483 std::string installPath(certDir + "/" + certificateFile); 484 std::string verifyPath(installPath); 485 std::string verifyUnit(unit); 486 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 487 std::string uploadFile = "nofile.pem"; 488 EXPECT_THROW( 489 { 490 try 491 { 492 auto event = sdeventplus::Event::get_default(); 493 // Attach the bus to sd_event to service user requests 494 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 495 Manager manager(bus, event, objPath.c_str(), type, 496 std::move(unit), std::move(installPath)); 497 MainApp mainApp(&manager); 498 mainApp.install(uploadFile); 499 } 500 catch (const InternalFailure& e) 501 { 502 throw; 503 } 504 }, 505 InternalFailure); 506 EXPECT_FALSE(fs::exists(verifyPath)); 507 } 508 509 /** @brief Test replacing existing certificate 510 */ 511 TEST_F(TestCertificates, TestReplaceCertificate) 512 { 513 std::string endpoint("ldap"); 514 std::string unit(""); 515 std::string type("server"); 516 std::string installPath(certDir + "/" + certificateFile); 517 std::string verifyPath(installPath); 518 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 519 auto event = sdeventplus::Event::get_default(); 520 // Attach the bus to sd_event to service user requests 521 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 522 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 523 std::move(installPath)); 524 MainApp mainApp(&manager); 525 mainApp.install(certificateFile); 526 EXPECT_TRUE(fs::exists(verifyPath)); 527 std::vector<std::unique_ptr<Certificate>>& certs = 528 manager.getCertificates(); 529 EXPECT_FALSE(certs.empty()); 530 EXPECT_NE(certs[0], nullptr); 531 certs[0]->replace(certificateFile); 532 EXPECT_TRUE(fs::exists(verifyPath)); 533 } 534 535 /** @brief Test replacing existing certificate 536 */ 537 TEST_F(TestCertificates, TestAuthorityReplaceCertificate) 538 { 539 std::string endpoint("ldap"); 540 std::string unit(""); 541 std::string type("authority"); 542 std::string verifyDir(certDir); 543 UnitsToRestart verifyUnit(unit); 544 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 545 auto event = sdeventplus::Event::get_default(); 546 // Attach the bus to sd_event to service user requests 547 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 548 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 549 std::move(certDir)); 550 MainApp mainApp(&manager); 551 mainApp.install(certificateFile); 552 553 std::vector<std::unique_ptr<Certificate>>& certs = 554 manager.getCertificates(); 555 constexpr const unsigned int REPLACE_ITERATIONS = 10; 556 557 for (unsigned int i = 0; i < REPLACE_ITERATIONS; i++) 558 { 559 // Certificate successfully installed 560 EXPECT_FALSE(certs.empty()); 561 562 std::string verifyPath = 563 verifyDir + "/" + getCertSubjectNameHash(certificateFile) + ".0"; 564 565 // Check that certificate has been created at installation directory 566 EXPECT_FALSE(fs::is_empty(verifyDir)); 567 EXPECT_TRUE(fs::exists(verifyPath)); 568 569 // Check that installed cert is identical to input one 570 EXPECT_TRUE(compareFiles(certificateFile, verifyPath)); 571 572 // Create new certificate 573 createNewCertificate(true); 574 575 certs[0]->replace(certificateFile); 576 577 // Verify that old certificate has been removed 578 EXPECT_FALSE(fs::exists(verifyPath)); 579 } 580 } 581 582 /** @brief Test verifiing if delete function works. 583 */ 584 TEST_F(TestCertificates, TestStorageDeleteCertificate) 585 { 586 std::string endpoint("ldap"); 587 std::string unit(""); 588 std::string type("authority"); 589 std::string verifyDir(certDir); 590 UnitsToRestart verifyUnit(unit); 591 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 592 auto event = sdeventplus::Event::get_default(); 593 // Attach the bus to sd_event to service user requests 594 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 595 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 596 std::move(certDir)); 597 MainApp mainApp(&manager); 598 599 // Check if certificate placeholder dir is empty 600 EXPECT_TRUE(fs::is_empty(verifyDir)); 601 mainApp.install(certificateFile); 602 603 // Create new certificate 604 createNewCertificate(true); 605 mainApp.install(certificateFile); 606 607 createNewCertificate(true); 608 mainApp.install(certificateFile); 609 610 std::vector<std::unique_ptr<Certificate>>& certs = 611 manager.getCertificates(); 612 613 // All 3 certificates successfully installed and added to manager 614 EXPECT_EQ(certs.size(), 3); 615 616 // Check if certificate placeholder is not empty, there should be 3 617 // certificates 618 EXPECT_FALSE(fs::is_empty(verifyDir)); 619 620 certs[0]->delete_(); 621 EXPECT_EQ(certs.size(), 2); 622 623 certs[0]->delete_(); 624 EXPECT_EQ(certs.size(), 1); 625 626 certs[0]->delete_(); 627 EXPECT_EQ(certs.size(), 0); 628 629 // Check if certificate placeholder is empty. 630 EXPECT_TRUE(fs::is_empty(verifyDir)); 631 } 632 633 /** @brief Check if install fails if certificate file is empty 634 */ 635 TEST_F(TestCertificates, TestEmptyCertificateFile) 636 { 637 std::string endpoint("ldap"); 638 std::string unit(""); 639 std::string type("client"); 640 std::string installPath(certDir + "/" + certificateFile); 641 std::string verifyPath(installPath); 642 std::string verifyUnit(unit); 643 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 644 std::string emptyFile("emptycert.pem"); 645 std::ofstream ofs; 646 ofs.open(emptyFile, std::ofstream::out); 647 ofs.close(); 648 EXPECT_THROW( 649 { 650 try 651 { 652 auto event = sdeventplus::Event::get_default(); 653 // Attach the bus to sd_event to service user requests 654 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 655 Manager manager(bus, event, objPath.c_str(), type, 656 std::move(unit), std::move(installPath)); 657 MainApp mainApp(&manager); 658 mainApp.install(emptyFile); 659 } 660 catch (const InvalidCertificate& e) 661 { 662 throw; 663 } 664 }, 665 InvalidCertificate); 666 EXPECT_FALSE(fs::exists(verifyPath)); 667 fs::remove(emptyFile); 668 } 669 670 /** @brief Check if install fails if certificate file is corrupted 671 */ 672 TEST_F(TestCertificates, TestInvalidCertificateFile) 673 { 674 std::string endpoint("ldap"); 675 std::string unit(""); 676 std::string type("client"); 677 678 std::ofstream ofs; 679 ofs.open(certificateFile, std::ofstream::out); 680 ofs << "-----BEGIN CERTIFICATE-----"; 681 ofs << "ADD_SOME_INVALID_DATA_INTO_FILE"; 682 ofs << "-----END CERTIFICATE-----"; 683 ofs.close(); 684 685 std::string installPath(certDir + "/" + certificateFile); 686 std::string verifyPath(installPath); 687 std::string verifyUnit(unit); 688 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 689 EXPECT_THROW( 690 { 691 try 692 { 693 auto event = sdeventplus::Event::get_default(); 694 // Attach the bus to sd_event to service user requests 695 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 696 Manager manager(bus, event, objPath.c_str(), type, 697 std::move(unit), std::move(installPath)); 698 MainApp mainApp(&manager); 699 mainApp.install(certificateFile); 700 } 701 catch (const InvalidCertificate& e) 702 { 703 throw; 704 } 705 }, 706 InvalidCertificate); 707 EXPECT_FALSE(fs::exists(verifyPath)); 708 } 709 710 /** 711 * Class to generate private and certificate only file and test verification 712 */ 713 class TestInvalidCertificate : public ::testing::Test 714 { 715 public: 716 TestInvalidCertificate() : bus(sdbusplus::bus::new_default()) 717 { 718 } 719 void SetUp() override 720 { 721 char dirTemplate[] = "/tmp/FakeCerts.XXXXXX"; 722 auto dirPtr = mkdtemp(dirTemplate); 723 if (dirPtr == NULL) 724 { 725 throw std::bad_alloc(); 726 } 727 certDir = std::string(dirPtr) + "/certs"; 728 fs::create_directories(certDir); 729 certificateFile = "cert.pem"; 730 keyFile = "key.pem"; 731 std::string cmd = "openssl req -x509 -sha256 -newkey rsa:2048 "; 732 cmd += "-keyout key.pem -out cert.pem -days 3650 "; 733 cmd += "-subj " 734 "/O=openbmc-project.xyz/CN=localhost" 735 " -nodes"; 736 737 auto val = std::system(cmd.c_str()); 738 if (val) 739 { 740 std::cout << "command Error: " << val << std::endl; 741 } 742 } 743 void TearDown() override 744 { 745 fs::remove_all(certDir); 746 fs::remove(certificateFile); 747 fs::remove(keyFile); 748 } 749 750 protected: 751 sdbusplus::bus::bus bus; 752 std::string certificateFile; 753 std::string keyFile; 754 std::string certDir; 755 }; 756 757 /** @brief Check install fails if private key is missing in certificate file 758 */ 759 TEST_F(TestInvalidCertificate, TestMissingPrivateKey) 760 { 761 std::string endpoint("ldap"); 762 std::string unit(""); 763 std::string type("client"); 764 std::string installPath(certDir + "/" + certificateFile); 765 std::string verifyPath(installPath); 766 std::string verifyUnit(unit); 767 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 768 EXPECT_THROW( 769 { 770 try 771 { 772 auto event = sdeventplus::Event::get_default(); 773 // Attach the bus to sd_event to service user requests 774 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 775 Manager manager(bus, event, objPath.c_str(), type, 776 std::move(unit), std::move(installPath)); 777 MainApp mainApp(&manager); 778 mainApp.install(certificateFile); 779 } 780 catch (const InternalFailure& e) 781 { 782 throw; 783 } 784 }, 785 InternalFailure); 786 EXPECT_FALSE(fs::exists(verifyPath)); 787 } 788 789 /** @brief Check install fails if ceritificate is missing in certificate file 790 */ 791 TEST_F(TestInvalidCertificate, TestMissingCeritificate) 792 { 793 std::string endpoint("ldap"); 794 std::string unit(""); 795 std::string type("client"); 796 std::string installPath(certDir + "/" + keyFile); 797 std::string verifyPath(installPath); 798 std::string verifyUnit(unit); 799 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 800 EXPECT_THROW( 801 { 802 try 803 { 804 auto event = sdeventplus::Event::get_default(); 805 // Attach the bus to sd_event to service user requests 806 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 807 Manager manager(bus, event, objPath.c_str(), type, 808 std::move(unit), std::move(installPath)); 809 MainApp mainApp(&manager); 810 mainApp.install(keyFile); 811 } 812 catch (const InternalFailure& e) 813 { 814 throw; 815 } 816 }, 817 InvalidCertificate); 818 EXPECT_FALSE(fs::exists(verifyPath)); 819 } 820 821 /** @brief Check if error is thrown when multiple certificates are installed 822 * At present only one certificate per service is allowed 823 */ 824 TEST_F(TestCertificates, TestCertInstallNotAllowed) 825 { 826 using NotAllowed = 827 sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 828 std::string endpoint("ldap"); 829 std::string unit(""); 830 std::string type("client"); 831 std::string installPath(certDir + "/" + certificateFile); 832 std::string verifyPath(installPath); 833 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 834 auto event = sdeventplus::Event::get_default(); 835 // Attach the bus to sd_event to service user requests 836 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 837 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 838 std::move(installPath)); 839 MainApp mainApp(&manager); 840 mainApp.install(certificateFile); 841 EXPECT_TRUE(fs::exists(verifyPath)); 842 EXPECT_THROW( 843 { 844 try 845 { 846 // install second certificate 847 mainApp.install(certificateFile); 848 } 849 catch (const NotAllowed& e) 850 { 851 throw; 852 } 853 }, 854 NotAllowed); 855 } 856 857 TEST_F(TestCertificates, TestGenerateCSR) 858 { 859 std::string endpoint("https"); 860 std::string unit(""); 861 std::string type("Server"); 862 std::string installPath(certDir + "/" + certificateFile); 863 std::string verifyPath(installPath); 864 std::string CSRPath(certDir + "/" + CSRFile); 865 std::string privateKeyPath(certDir + "/" + privateKeyFile); 866 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 867 std::string challengePassword("Password"); 868 std::string city("HYB"); 869 std::string commonName("abc.com"); 870 std::string contactPerson("Admin"); 871 std::string country("IN"); 872 std::string email("admin@in.ibm.com"); 873 std::string givenName("givenName"); 874 std::string initials("G"); 875 int64_t keyBitLength(2048); 876 std::string keyCurveId("0"); 877 std::string keyPairAlgorithm("RSA"); 878 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 879 std::string organization("IBM"); 880 std::string organizationalUnit("orgUnit"); 881 std::string state("TS"); 882 std::string surname("surname"); 883 std::string unstructuredName("unstructuredName"); 884 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 885 auto event = sdeventplus::Event::get_default(); 886 // Attach the bus to sd_event to service user requests 887 bus.attach_event(event.get(), SD_EVENT_PRIORITY_NORMAL); 888 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 889 std::move(installPath)); 890 Status status; 891 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 892 MainApp mainApp(&manager, &csr); 893 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 894 contactPerson, country, email, givenName, initials, 895 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 896 organization, organizationalUnit, state, surname, 897 unstructuredName); 898 std::string csrData(""); 899 // generateCSR takes considerable time to create CSR and privateKey Files 900 EXPECT_FALSE(fs::exists(CSRPath)); 901 EXPECT_FALSE(fs::exists(privateKeyPath)); 902 EXPECT_THROW( 903 { 904 try 905 { 906 #ifdef SDBUSPP_NEW_CAMELCASE 907 csrData = csr.csr(); 908 #else 909 csrData = csr.cSR(); 910 #endif 911 } 912 catch (const InternalFailure& e) 913 { 914 throw; 915 } 916 }, 917 InternalFailure); 918 // wait for 10 sec to get CSR and privateKey Files generated 919 sleep(10); 920 EXPECT_TRUE(fs::exists(CSRPath)); 921 EXPECT_TRUE(fs::exists(privateKeyPath)); 922 #ifdef SDBUSPP_NEW_CAMELCASE 923 csrData = csr.csr(); 924 #else 925 csrData = csr.cSR(); 926 #endif 927 ASSERT_NE("", csrData.c_str()); 928 } 929 930 /** @brief Check if ECC key pair is generated when user is not given algorithm 931 * type. At present RSA and EC key pair algorithm are supported 932 */ 933 TEST_F(TestCertificates, TestGenerateCSRwithEmptyKeyPairAlgorithm) 934 { 935 std::string endpoint("https"); 936 std::string unit(""); 937 std::string type("Server"); 938 std::string installPath(certDir + "/" + certificateFile); 939 std::string verifyPath(installPath); 940 std::string CSRPath(certDir + "/" + CSRFile); 941 std::string privateKeyPath(certDir + "/" + privateKeyFile); 942 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 943 std::string challengePassword("Password"); 944 std::string city("HYB"); 945 std::string commonName("abc.com"); 946 std::string contactPerson("Admin"); 947 std::string country("IN"); 948 std::string email("admin@in.ibm.com"); 949 std::string givenName("givenName"); 950 std::string initials("G"); 951 int64_t keyBitLength(2048); 952 std::string keyCurveId(""); 953 std::string keyPairAlgorithm(""); 954 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 955 std::string organization("IBM"); 956 std::string organizationalUnit("orgUnit"); 957 std::string state("TS"); 958 std::string surname("surname"); 959 std::string unstructuredName("unstructuredName"); 960 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 961 auto event = sdeventplus::Event::get_default(); 962 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 963 std::move(installPath)); 964 Status status; 965 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 966 MainApp mainApp(&manager, &csr); 967 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 968 contactPerson, country, email, givenName, initials, 969 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 970 organization, organizationalUnit, state, surname, 971 unstructuredName); 972 sleep(10); 973 EXPECT_TRUE(fs::exists(CSRPath)); 974 EXPECT_TRUE(fs::exists(privateKeyPath)); 975 } 976 977 /** @brief Check if error is thrown when giving un supported key pair 978 * algorithm. At present RSA and EC key pair algorithm are supported 979 */ 980 TEST_F(TestCertificates, TestGenerateCSRwithUnsupportedKeyPairAlgorithm) 981 { 982 std::string endpoint("https"); 983 std::string unit(""); 984 std::string type("Server"); 985 std::string installPath(certDir + "/" + certificateFile); 986 std::string verifyPath(installPath); 987 std::string CSRPath(certDir + "/" + CSRFile); 988 std::string privateKeyPath(certDir + "/" + privateKeyFile); 989 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 990 std::string challengePassword("Password"); 991 std::string city("HYB"); 992 std::string commonName("abc.com"); 993 std::string contactPerson("Admin"); 994 std::string country("IN"); 995 std::string email("admin@in.ibm.com"); 996 std::string givenName("givenName"); 997 std::string initials("G"); 998 int64_t keyBitLength(2048); 999 std::string keyCurveId("secp521r1"); 1000 std::string keyPairAlgorithm("UnSupportedAlgorithm"); 1001 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1002 std::string organization("IBM"); 1003 std::string organizationalUnit("orgUnit"); 1004 std::string state("TS"); 1005 std::string surname("surname"); 1006 std::string unstructuredName("unstructuredName"); 1007 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1008 auto event = sdeventplus::Event::get_default(); 1009 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1010 std::move(installPath)); 1011 Status status; 1012 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1013 MainApp mainApp(&manager, &csr); 1014 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1015 contactPerson, country, email, givenName, initials, 1016 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1017 organization, organizationalUnit, state, surname, 1018 unstructuredName); 1019 EXPECT_FALSE(fs::exists(CSRPath)); 1020 EXPECT_FALSE(fs::exists(privateKeyPath)); 1021 } 1022 1023 /** @brief Check if error is thrown when NID_undef is returned for given key 1024 * curve id 1025 */ 1026 TEST_F(TestCertificates, TestECKeyGenerationwithNIDundefCase) 1027 { 1028 std::string endpoint("https"); 1029 std::string unit(""); 1030 std::string type("Server"); 1031 std::string installPath(certDir + "/" + certificateFile); 1032 std::string verifyPath(installPath); 1033 std::string CSRPath(certDir + "/" + CSRFile); 1034 std::string privateKeyPath(certDir + "/" + privateKeyFile); 1035 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1036 std::string challengePassword("Password"); 1037 std::string city("BLR"); 1038 std::string commonName("abc.com"); 1039 std::string contactPerson("Admin"); 1040 std::string country("IN"); 1041 std::string email("admin@in.ibm.com"); 1042 std::string givenName("givenName"); 1043 std::string initials("G"); 1044 int64_t keyBitLength(2048); 1045 std::string keyCurveId("DummyCurveName"); 1046 std::string keyPairAlgorithm("EC"); 1047 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1048 std::string organization("IBM"); 1049 std::string organizationalUnit("orgUnit"); 1050 std::string state("TS"); 1051 std::string surname("surname"); 1052 std::string unstructuredName("unstructuredName"); 1053 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1054 auto event = sdeventplus::Event::get_default(); 1055 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1056 std::move(installPath)); 1057 Status status; 1058 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1059 MainApp mainApp(&manager, &csr); 1060 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1061 contactPerson, country, email, givenName, initials, 1062 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1063 organization, organizationalUnit, state, surname, 1064 unstructuredName); 1065 EXPECT_FALSE(fs::exists(CSRPath)); 1066 EXPECT_FALSE(fs::exists(privateKeyPath)); 1067 } 1068 1069 /** @brief Check default Key Curve Id is used if given curve id is empty 1070 */ 1071 TEST_F(TestCertificates, TestECKeyGenerationwithDefaultKeyCurveId) 1072 { 1073 std::string endpoint("https"); 1074 std::string unit(""); 1075 std::string type("Server"); 1076 std::string installPath(certDir + "/" + certificateFile); 1077 std::string verifyPath(installPath); 1078 std::string CSRPath(certDir + "/" + CSRFile); 1079 std::string privateKeyPath(certDir + "/" + privateKeyFile); 1080 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1081 std::string challengePassword("Password"); 1082 std::string city("BLR"); 1083 std::string commonName("abc.com"); 1084 std::string contactPerson("Admin"); 1085 std::string country("IN"); 1086 std::string email("admin@in.ibm.com"); 1087 std::string givenName("givenName"); 1088 std::string initials("G"); 1089 int64_t keyBitLength(2048); 1090 std::string keyCurveId(""); 1091 std::string keyPairAlgorithm("EC"); 1092 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1093 std::string organization("IBM"); 1094 std::string organizationalUnit("orgUnit"); 1095 std::string state("TS"); 1096 std::string surname("surname"); 1097 std::string unstructuredName("unstructuredName"); 1098 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1099 auto event = sdeventplus::Event::get_default(); 1100 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1101 std::move(installPath)); 1102 Status status; 1103 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1104 MainApp mainApp(&manager, &csr); 1105 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1106 contactPerson, country, email, givenName, initials, 1107 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1108 organization, organizationalUnit, state, surname, 1109 unstructuredName); 1110 sleep(10); 1111 EXPECT_TRUE(fs::exists(CSRPath)); 1112 EXPECT_TRUE(fs::exists(privateKeyPath)); 1113 } 1114 1115 /** @brief Check if error is not thrown to generate EC key pair 1116 */ 1117 TEST_F(TestCertificates, TestECKeyGeneration) 1118 { 1119 std::string endpoint("https"); 1120 std::string unit(""); 1121 std::string type("Server"); 1122 std::string installPath(certDir + "/" + certificateFile); 1123 std::string verifyPath(installPath); 1124 std::string CSRPath(certDir + "/" + CSRFile); 1125 std::string privateKeyPath(certDir + "/" + privateKeyFile); 1126 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1127 std::string challengePassword("Password"); 1128 std::string city("BLR"); 1129 std::string commonName("abc.com"); 1130 std::string contactPerson("Admin"); 1131 std::string country("IN"); 1132 std::string email("admin@in.ibm.com"); 1133 std::string givenName("givenName"); 1134 std::string initials("G"); 1135 int64_t keyBitLength(2048); 1136 std::string keyCurveId("secp521r1"); 1137 std::string keyPairAlgorithm("EC"); 1138 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1139 std::string organization("IBM"); 1140 std::string organizationalUnit("orgUnit"); 1141 std::string state("TS"); 1142 std::string surname("surname"); 1143 std::string unstructuredName("unstructuredName"); 1144 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1145 auto event = sdeventplus::Event::get_default(); 1146 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1147 std::move(installPath)); 1148 Status status; 1149 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1150 MainApp mainApp(&manager, &csr); 1151 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1152 contactPerson, country, email, givenName, initials, 1153 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1154 organization, organizationalUnit, state, surname, 1155 unstructuredName); 1156 std::cout << "CSRPath: " << CSRPath << std::endl 1157 << "privateKeyPath: " << privateKeyPath << std::endl; 1158 sleep(10); 1159 EXPECT_TRUE(fs::exists(CSRPath)); 1160 EXPECT_TRUE(fs::exists(privateKeyPath)); 1161 } 1162 1163 /** @brief Check error is thrown if giving unsupported ket bit length to 1164 * generate rsa key 1165 */ 1166 TEST_F(TestCertificates, TestRSAKeyWithUnsupportedKeyBitLength) 1167 { 1168 std::string endpoint("https"); 1169 std::string unit(""); 1170 std::string type("Server"); 1171 std::string installPath(certDir + "/" + certificateFile); 1172 std::string verifyPath(installPath); 1173 std::string CSRPath(certDir + "/" + CSRFile); 1174 std::string privateKeyPath(certDir + "/" + privateKeyFile); 1175 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1176 std::string challengePassword("Password"); 1177 std::string city("BLR"); 1178 std::string commonName("abc.com"); 1179 std::string contactPerson("Admin"); 1180 std::string country("IN"); 1181 std::string email("admin@in.ibm.com"); 1182 std::string givenName("givenName"); 1183 std::string initials("G"); 1184 int64_t keyBitLength(4096); 1185 std::string keyCurveId("secp521r1"); 1186 std::string keyPairAlgorithm("RSA"); 1187 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1188 std::string organization("IBM"); 1189 std::string organizationalUnit("orgUnit"); 1190 std::string state("TS"); 1191 std::string surname("surname"); 1192 std::string unstructuredName("unstructuredName"); 1193 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1194 auto event = sdeventplus::Event::get_default(); 1195 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1196 std::move(installPath)); 1197 Status status; 1198 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1199 MainApp mainApp(&manager, &csr); 1200 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1201 contactPerson, country, email, givenName, initials, 1202 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1203 organization, organizationalUnit, state, surname, 1204 unstructuredName); 1205 EXPECT_FALSE(fs::exists(CSRPath)); 1206 EXPECT_FALSE(fs::exists(privateKeyPath)); 1207 } 1208 1209 /** @brief Check error is thrown if generated rsa key file is not present 1210 */ 1211 TEST_F(TestCertificates, TestRSAKeyFileNotPresentCase) 1212 { 1213 std::string endpoint("https"); 1214 std::string unit(""); 1215 std::string type("Server"); 1216 std::string installPath(certDir + "/" + certificateFile); 1217 std::string verifyPath(installPath); 1218 std::string CSRPath(certDir + "/" + CSRFile); 1219 std::string privateKeyPath(certDir + "/" + privateKeyFile); 1220 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1221 std::string challengePassword("Password"); 1222 std::string city("BLR"); 1223 std::string commonName("abc.com"); 1224 std::string contactPerson("Admin"); 1225 std::string country("IN"); 1226 std::string email("admin@in.ibm.com"); 1227 std::string givenName("givenName"); 1228 std::string initials("G"); 1229 int64_t keyBitLength(2048); 1230 std::string keyCurveId("secp521r1"); 1231 std::string keyPairAlgorithm("RSA"); 1232 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1233 std::string organization("IBM"); 1234 std::string organizationalUnit("orgUnit"); 1235 std::string state("TS"); 1236 std::string surname("surname"); 1237 std::string unstructuredName("unstructuredName"); 1238 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1239 auto event = sdeventplus::Event::get_default(); 1240 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1241 std::move(installPath)); 1242 1243 // Removing generated RSA key file 1244 fs::remove(rsaPrivateKeyFilePath); 1245 1246 Status status; 1247 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1248 MainApp mainApp(&manager, &csr); 1249 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1250 contactPerson, country, email, givenName, initials, 1251 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1252 organization, organizationalUnit, state, surname, 1253 unstructuredName); 1254 EXPECT_FALSE(fs::exists(CSRPath)); 1255 EXPECT_FALSE(fs::exists(privateKeyPath)); 1256 } 1257 1258 /** @brief Check private key file is created from generated rsa key file is 1259 * `present 1260 */ 1261 TEST_F(TestCertificates, TestRSAKeyFromRSAKeyFileIsWrittenIntoPrivateKeyFile) 1262 { 1263 std::string endpoint("https"); 1264 std::string unit(""); 1265 std::string type("Server"); 1266 std::string installPath(certDir + "/" + certificateFile); 1267 std::string verifyPath(installPath); 1268 std::string CSRPath(certDir + "/" + CSRFile); 1269 std::string privateKeyPath(certDir + "/" + privateKeyFile); 1270 std::vector<std::string> alternativeNames{"localhost1", "localhost2"}; 1271 std::string challengePassword("Password"); 1272 std::string city("BLR"); 1273 std::string commonName("abc.com"); 1274 std::string contactPerson("Admin"); 1275 std::string country("IN"); 1276 std::string email("admin@in.ibm.com"); 1277 std::string givenName("givenName"); 1278 std::string initials("G"); 1279 int64_t keyBitLength(2048); 1280 std::string keyCurveId("secp521r1"); 1281 std::string keyPairAlgorithm("RSA"); 1282 std::vector<std::string> keyUsage{"serverAuth", "clientAuth"}; 1283 std::string organization("IBM"); 1284 std::string organizationalUnit("orgUnit"); 1285 std::string state("TS"); 1286 std::string surname("surname"); 1287 std::string unstructuredName("unstructuredName"); 1288 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1289 auto event = sdeventplus::Event::get_default(); 1290 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1291 std::move(installPath)); 1292 Status status; 1293 CSR csr(bus, objPath.c_str(), CSRPath.c_str(), status); 1294 MainApp mainApp(&manager, &csr); 1295 mainApp.generateCSR(alternativeNames, challengePassword, city, commonName, 1296 contactPerson, country, email, givenName, initials, 1297 keyBitLength, keyCurveId, keyPairAlgorithm, keyUsage, 1298 organization, organizationalUnit, state, surname, 1299 unstructuredName); 1300 sleep(10); 1301 EXPECT_TRUE(fs::exists(CSRPath)); 1302 EXPECT_TRUE(fs::exists(privateKeyPath)); 1303 } 1304 1305 /** @brief Check RSA key is generted during application startup*/ 1306 TEST_F(TestCertificates, TestGenerateRSAPrivateKeyFile) 1307 { 1308 std::string endpoint("https"); 1309 std::string unit(""); 1310 std::string type("Server"); 1311 std::string installPath(certDir + "/" + certificateFile); 1312 auto objPath = std::string(OBJPATH) + '/' + type + '/' + endpoint; 1313 auto event = sdeventplus::Event::get_default(); 1314 1315 EXPECT_FALSE(fs::exists(rsaPrivateKeyFilePath)); 1316 Manager manager(bus, event, objPath.c_str(), type, std::move(unit), 1317 std::move(installPath)); 1318 EXPECT_TRUE(fs::exists(rsaPrivateKeyFilePath)); 1319 } 1320