Aktualizr
C++ SOTA Client
cert_provider_shared_cred_test.cc
1 #include <gtest/gtest.h>
2 
3 #include <boost/format.hpp>
4 
5 #include "cert_provider_test.h"
6 #include "libaktualizr/config.h"
7 #include "utilities/utils.h"
8 
9 static boost::filesystem::path CERT_PROVIDER_PATH;
10 static boost::filesystem::path CREDENTIALS_PATH;
11 
12 class AktualizrCertProviderTest : public ::testing::Test {
13  protected:
14  struct TestArgs {
15  TestArgs(const TemporaryDirectory& tmp_dir, const std::string& cred_path_in)
16  : test_dir{tmp_dir.PathString()}, credentials_path(tmp_dir.Path() / "credentials.zip") {
17  boost::filesystem::copy_file(cred_path_in, credentials_path);
18  }
19 
20  const std::string test_dir;
21  const std::string fleet_ca_cert = "tests/test_data/CAcert.pem";
22  const std::string fleet_ca_private_key = "tests/test_data/CApkey.pem";
23  const boost::filesystem::path credentials_path;
24  };
25 
26  TemporaryDirectory tmp_dir_;
27  TestArgs test_args_{tmp_dir_, CREDENTIALS_PATH.string()};
28  DeviceCredGenerator device_cred_gen_{CERT_PROVIDER_PATH.string()};
29 };
30 
31 /**
32  * Verifies that cert-provider works when given shared provisioning credentials
33  * and the fleet CA and private key are not specified.
34  *
35  * - [x] Use shared provisioning credentials if fleet CA and private key are not provided
36  * - [x] Provision with shared credentials
37  * - [x] Read server root CA from p12
38  * - [x] Provide root CA if requested
39  * - [x] Provide server URL if requested
40  */
41 TEST_F(AktualizrCertProviderTest, SharedCredProvisioning) {
42  DeviceCredGenerator::ArgSet args;
43 
44  args.credentialFile = test_args_.credentials_path.string();
45  args.localDir = test_args_.test_dir;
46  args.provideRootCA.set();
47  args.provideServerURL.set();
48 
49  device_cred_gen_.run(args);
50  ASSERT_EQ(device_cred_gen_.lastExitCode(), 0) << device_cred_gen_.lastStdErr();
51 
52  DeviceCredGenerator::OutputPath device_cred_path(test_args_.test_dir);
53 
54  ASSERT_TRUE(boost::filesystem::exists(device_cred_path.privateKeyFileFullPath))
55  << device_cred_path.privateKeyFileFullPath;
56  ASSERT_TRUE(boost::filesystem::exists(device_cred_path.certFileFullPath)) << device_cred_path.certFileFullPath;
57 
58  ASSERT_TRUE(boost::filesystem::exists(device_cred_path.serverRootCAFullPath))
59  << device_cred_path.serverRootCAFullPath;
60  ASSERT_TRUE(boost::filesystem::exists(device_cred_path.gtwURLFileFullPath)) << device_cred_path.gtwURLFileFullPath;
61 
62  Process openssl("/usr/bin/openssl");
63 
64  openssl.run({"verify", "-verbose", "-CAfile", device_cred_path.serverRootCAFullPath.string(),
65  device_cred_path.certFileFullPath.string()});
66  ASSERT_EQ(openssl.lastExitCode(), 0) << openssl.lastStdErr();
67  ASSERT_EQ(openssl.lastStdOut(), str(boost::format("%1%: OK\n") % device_cred_path.certFileFullPath.string()));
68 }
69 
70 #ifndef __NO_MAIN__
71 int main(int argc, char** argv) {
72  ::testing::InitGoogleTest(&argc, argv);
73 
74  if (argc < 3) {
75  std::cerr << "Two arguments are required: <path-to-cert-provider> <path-to-credentials>" << std::endl;
76  return EXIT_FAILURE;
77  }
78 
79  CERT_PROVIDER_PATH = argv[1];
80  std::cout << "Path to the cert-provider executable: " << CERT_PROVIDER_PATH << std::endl;
81 
82  CREDENTIALS_PATH = argv[2];
83  std::cout << "Path to the shared provisioning credentials: " << CREDENTIALS_PATH << std::endl;
84 
85  int test_run_res = RUN_ALL_TESTS();
86 
87  return test_run_res;
88 }
89 #endif
DeviceCredGenerator::OutputPath
Definition: cert_provider_test.h:79
DeviceCredGenerator
Definition: cert_provider_test.h:9
Process
Definition: test_utils.h:19
AktualizrCertProviderTest::TestArgs
Definition: cert_provider_shared_cred_test.cc:14
TemporaryDirectory
Definition: utils.h:82
DeviceCredGenerator::ArgSet
Definition: cert_provider_test.h:13
AktualizrCertProviderTest
Definition: cert_provider_shared_cred_test.cc:12
Generated by   doxygen 1.8.17