diff --git a/src/cert/ssl_cert_provider.cpp b/src/cert/ssl_cert_provider.cpp index 1921e78693..99cf7c4e0f 100644 --- a/src/cert/ssl_cert_provider.cpp +++ b/src/cert/ssl_cert_provider.cpp @@ -44,7 +44,8 @@ class WritableFile explicit WritableFile(const QString& file_path) : fp{fopen(file_path.toStdString().c_str(), "wb"), fclose} { if (fp == nullptr) - throw std::runtime_error(fmt::format("failed to open file '{}': {}({})", file_path, strerror(errno), errno)); + throw std::runtime_error( + fmt::format("failed to open file '{}': {}({})", file_path, strerror(errno), errno)); } FILE* get() const diff --git a/tests/mock_cert_provider.h b/tests/mock_cert_provider.h index 289a2da504..16d4025ee1 100644 --- a/tests/mock_cert_provider.h +++ b/tests/mock_cert_provider.h @@ -37,48 +37,32 @@ constexpr auto root_cert = "-----BEGIN CERTIFICATE-----\n" "xgvZMY2ColjLunUiNG8H096n\n" "-----END CERTIFICATE-----\n"; -constexpr auto client_cert = "-----BEGIN CERTIFICATE-----\n" - "MIIByjCCAXCgAwIBAgIENvdePTAKBggqhkjOPQQDAjA9MQswCQYDVQQGEwJVUzES\n" - "MBAGA1UECgwJQ2Fub25pY2FsMRowGAYDVQQDDBFNdWx0aXBhc3MgUm9vdCBDQTAe\n" - "Fw0yNTAxMjkxMzAzNDBaFw0yNjAxMjkxMzAzNDBaMDUxCzAJBgNVBAYTAlVTMRIw\n" - "EAYDVQQKDAlDYW5vbmljYWwxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49\n" - "AgEGCCqGSM49AwEHA0IABGAw4mRhGqCg7uSIsVgBIzMOoGnlEFWga2dxUzA1YwNe\n" - "8SB679smyb7KVsPg4fK/P7XS4ORxSnMVnKWvTAfYKXWjZjBkMBQGA1UdEQQNMAuC\n" - "CWxvY2FsaG9zdDAdBgNVHQ4EFgQU++FdgRpFokGT+7Fdgqe4SxmSD9UwHwYDVR0j\n" - "BBgwFoAUBiVDL5AyFI6H+AAKyBJ1Zsgfk2gwDAYDVR0TAQH/BAIwADAKBggqhkjO\n" - "PQQDAgNIADBFAiAesF7z8ItZVxK6fgUwhWfgN5rUFzCO5tBGJFDHU7eIZgIhALdl\n" - "2mAn2oocQZfHohrbVUIuWDiUr0SxOkdGUISX0ElJ\n" - "-----END CERTIFICATE-----\n"; +// cert and key are used as both server certificate and client certificate in the unit test environment +constexpr auto cert = "-----BEGIN CERTIFICATE-----\n" + "MIIByjCCAXCgAwIBAgIENvdePTAKBggqhkjOPQQDAjA9MQswCQYDVQQGEwJVUzES\n" + "MBAGA1UECgwJQ2Fub25pY2FsMRowGAYDVQQDDBFNdWx0aXBhc3MgUm9vdCBDQTAe\n" + "Fw0yNTAxMjkxMzAzNDBaFw0yNjAxMjkxMzAzNDBaMDUxCzAJBgNVBAYTAlVTMRIw\n" + "EAYDVQQKDAlDYW5vbmljYWwxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49\n" + "AgEGCCqGSM49AwEHA0IABGAw4mRhGqCg7uSIsVgBIzMOoGnlEFWga2dxUzA1YwNe\n" + "8SB679smyb7KVsPg4fK/P7XS4ORxSnMVnKWvTAfYKXWjZjBkMBQGA1UdEQQNMAuC\n" + "CWxvY2FsaG9zdDAdBgNVHQ4EFgQU++FdgRpFokGT+7Fdgqe4SxmSD9UwHwYDVR0j\n" + "BBgwFoAUBiVDL5AyFI6H+AAKyBJ1Zsgfk2gwDAYDVR0TAQH/BAIwADAKBggqhkjO\n" + "PQQDAgNIADBFAiAesF7z8ItZVxK6fgUwhWfgN5rUFzCO5tBGJFDHU7eIZgIhALdl\n" + "2mAn2oocQZfHohrbVUIuWDiUr0SxOkdGUISX0ElJ\n" + "-----END CERTIFICATE-----\n"; -constexpr auto client_key = "-----BEGIN PRIVATE KEY-----\n" - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgwRNA3VMqakM32i0C\n" - "PHE5i4qRNGdvgXtCWwpp0gXv+oGhRANCAARgMOJkYRqgoO7kiLFYASMzDqBp5RBV\n" - "oGtncVMwNWMDXvEgeu/bJsm+ylbD4OHyvz+10uDkcUpzFZylr0wH2Cl1\n" - "-----END PRIVATE KEY-----\n"; - -constexpr auto daemon_cert = "-----BEGIN CERTIFICATE-----\n" - "MIIBUjCB+AIBKjAKBggqhkjOPQQDAjA1MQswCQYDVQQGEwJDQTESMBAGA1UECgwJ\n" - "Q2Fub25pY2FsMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTgwNjIxMTM0MjI5WhcN\n" - "MTkwNjIxMTM0MjI5WjA1MQswCQYDVQQGEwJDQTESMBAGA1UECgwJQ2Fub25pY2Fs\n" - "MRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQA\n" - "FGNAqq7c5IMDeQ/cV4+EmogmkfpbTLSPfXgXVLHRsvL04xUAkqGpL+eyGFVE6dqa\n" - "J7sAPJJwlVj1xD0r5DX5MAoGCCqGSM49BAMCA0kAMEYCIQCvI0PYv9f201fbe4LP\n" - "BowTeYWSqMQtLNjvZgd++AAGhgIhALNPW+NRSKCXwadiIFgpbjPInLPqXPskLWSc\n" - "aXByaQyt\n" - "-----END CERTIFICATE-----\n"; - -constexpr auto daemon_key = "-----BEGIN PRIVATE KEY-----\n" - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsSAz5ggzrLjai0I/\n" - "F0hYg5oG/shpXJiBQtJdBCG3lUShRANCAAQAFGNAqq7c5IMDeQ/cV4+Emogmkfpb\n" - "TLSPfXgXVLHRsvL04xUAkqGpL+eyGFVE6dqaJ7sAPJJwlVj1xD0r5DX5\n" - "-----END PRIVATE KEY-----\n"; +constexpr auto key = "-----BEGIN PRIVATE KEY-----\n" + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgwRNA3VMqakM32i0C\n" + "PHE5i4qRNGdvgXtCWwpp0gXv+oGhRANCAARgMOJkYRqgoO7kiLFYASMzDqBp5RBV\n" + "oGtncVMwNWMDXvEgeu/bJsm+ylbD4OHyvz+10uDkcUpzFZylr0wH2Cl1\n" + "-----END PRIVATE KEY-----\n"; struct MockCertProvider : public CertProvider { MockCertProvider() { - ON_CALL(*this, PEM_certificate).WillByDefault(Return(client_cert)); - ON_CALL(*this, PEM_signing_key).WillByDefault(Return(client_key)); + ON_CALL(*this, PEM_certificate).WillByDefault(Return(cert)); + ON_CALL(*this, PEM_signing_key).WillByDefault(Return(key)); } MOCK_METHOD(std::string, PEM_certificate, (), (override, const)); diff --git a/tests/test_client_common.cpp b/tests/test_client_common.cpp index 8c90e62134..46733aa1e7 100644 --- a/tests/test_client_common.cpp +++ b/tests/test_client_common.cpp @@ -57,8 +57,8 @@ struct TestClientCommon : public mpt::DaemonTestFixture mpt::MockDaemon make_secure_server() { - EXPECT_CALL(*mock_cert_provider, PEM_certificate()).WillOnce(Return(mpt::daemon_cert)); - EXPECT_CALL(*mock_cert_provider, PEM_signing_key()).WillOnce(Return(mpt::daemon_key)); + EXPECT_CALL(*mock_cert_provider, PEM_certificate()).Times(1); + EXPECT_CALL(*mock_cert_provider, PEM_signing_key()).Times(1); config_builder.server_address = server_address; config_builder.cert_provider = std::move(mock_cert_provider); @@ -83,8 +83,8 @@ TEST_F(TestClientCommon, usesCommonCertWhenItExists) const auto common_client_cert_file = common_cert_dir + "/" + mp::client_cert_file; const auto common_client_key_file = common_cert_dir + "/" + mp::client_key_file; - mpt::make_file_with_content(common_client_cert_file, mpt::client_cert); - mpt::make_file_with_content(common_client_key_file, mpt::client_key); + mpt::make_file_with_content(common_client_cert_file, mpt::cert); + mpt::make_file_with_content(common_client_key_file, mpt::key); EXPECT_TRUE(mp::client::make_channel(server_address, *mp::client::get_cert_provider())); } diff --git a/tests/unix/test_daemon_rpc.cpp b/tests/unix/test_daemon_rpc.cpp index f086b91e28..7d4f616e6e 100644 --- a/tests/unix/test_daemon_rpc.cpp +++ b/tests/unix/test_daemon_rpc.cpp @@ -48,8 +48,8 @@ struct TestDaemonRpc : public mpt::DaemonTestFixture auto opts = grpc::SslCredentialsOptions(); opts.pem_root_certs = mpt::root_cert; opts.server_certificate_request = GRPC_SSL_REQUEST_SERVER_CERTIFICATE_AND_VERIFY; - opts.pem_cert_chain = mpt::client_cert; - opts.pem_private_key = mpt::client_key; + opts.pem_cert_chain = mpt::cert; + opts.pem_private_key = mpt::key; auto channel = grpc::CreateChannel(server_address, grpc::SslCredentials(opts)); @@ -110,7 +110,7 @@ TEST_F(TestDaemonRpc, authenticateCompletesSuccessfully) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, false)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).WillOnce(Return(true)); - EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::client_cert))).Times(1); + EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::cert))).Times(1); mpt::MockDaemon daemon{make_secure_server()}; EXPECT_CALL(daemon, authenticate(_, _, _)).WillOnce([](auto, auto, auto* status_promise) { @@ -160,7 +160,7 @@ TEST_F(TestDaemonRpc, pingReturnsOkWhenCertIsVerified) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, false)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).WillOnce(Return(false)); - EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::client_cert))).WillOnce(Return(true)); + EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::cert))).WillOnce(Return(true)); mpt::MockDaemon daemon{make_secure_server()}; mp::Rpc::Stub stub{make_secure_stub()}; @@ -177,7 +177,7 @@ TEST_F(TestDaemonRpc, pingReturnsUnauthenticatedWhenCertIsNotVerified) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, false)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).WillOnce(Return(false)); - EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::client_cert))).WillOnce(Return(false)); + EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::cert))).WillOnce(Return(false)); mpt::MockDaemon daemon{make_secure_server()}; mp::Rpc::Stub stub{make_secure_stub()}; @@ -195,7 +195,7 @@ TEST_F(TestDaemonRpc, listCertExistsCompletesSuccessfully) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, false)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).Times(2).WillRepeatedly(Return(false)); - EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::client_cert))).WillOnce(Return(true)); + EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::cert))).WillOnce(Return(true)); mpt::MockDaemon daemon{make_secure_server()}; mock_empty_list_reply(daemon); @@ -209,7 +209,7 @@ TEST_F(TestDaemonRpc, listNoCertsExistWillVerifyAndComplete) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, false)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).Times(2).WillRepeatedly(Return(true)); - EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::client_cert))).Times(1); + EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::cert))).Times(1); mpt::MockDaemon daemon{make_secure_server()}; mock_empty_list_reply(daemon); @@ -222,7 +222,7 @@ TEST_F(TestDaemonRpc, listCertNotVerifiedHasError) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, false)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).Times(2).WillRepeatedly(Return(false)); - EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::client_cert))).WillOnce(Return(false)); + EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::cert))).WillOnce(Return(false)); mpt::MockDaemon daemon{make_secure_server()}; @@ -242,8 +242,8 @@ TEST_F(TestDaemonRpc, listTCPSocketNoCertsExistHasError) EXPECT_CALL(*mock_platform, set_server_socket_restrictions).Times(1); EXPECT_CALL(*mock_cert_store, empty()).Times(1); - EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::client_cert))).Times(0); - EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::client_cert))).WillOnce(Return(false)); + EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::cert))).Times(0); + EXPECT_CALL(*mock_cert_store, verify_cert(StrEq(mpt::cert))).WillOnce(Return(false)); mpt::MockDaemon daemon{make_secure_server()}; @@ -262,7 +262,7 @@ TEST_F(TestDaemonRpc, listAcceptCertFailsHasError) EXPECT_CALL(*mock_platform, set_server_socket_restrictions(_, true)).Times(1); EXPECT_CALL(*mock_cert_store, empty()).Times(2).WillRepeatedly(Return(true)); - EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::client_cert))).WillOnce(Throw(std::runtime_error(error_msg))); + EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::cert))).WillOnce(Throw(std::runtime_error(error_msg))); mpt::MockDaemon daemon{make_secure_server()}; @@ -282,7 +282,7 @@ TEST_F(TestDaemonRpc, listSettingServerPermissionsFailLogsErrorAndExits) .WillOnce(Throw(std::runtime_error(error_msg))); EXPECT_CALL(*mock_cert_store, empty()).Times(2).WillRepeatedly(Return(true)); - EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::client_cert))).Times(1); + EXPECT_CALL(*mock_cert_store, add_cert(StrEq(mpt::cert))).Times(1); // Detects if the daemon would actually exit EXPECT_CALL(*mock_utils, exit(EXIT_FAILURE)).Times(1);