Add positive and negative test cases for certsvc_certificate_is_root_ca and certsvc_c...

Change-Id: I109a8022aa6821f357bb63c4a905784e5bb717e1

diff --git a/unit-tests/CMakeLists.txt b/unit-tests/CMakeLists.txt
index 93d66c6..82707d1 100644 (file)
--- a/unit-tests/CMakeLists.txt
+++ b/unit-tests/CMakeLists.txt
@@ -119,8 +119,10 @@ INSTALL(
         data/cert_without_pass.p12
         data/empty_cert.pem
         data/end_user.p12
+        data/intermediate_cert.pem
         data/invalid_cert.p12
         data/invalid_cert.pem
+        data/root_cert.pem
         data/server_without_pass_cert.pem
         data/signer_cert.pem
         data/trusted_cert.pem

diff --git a/unit-tests/data/intermediate_cert.pem b/unit-tests/data/intermediate_cert.pem
new file mode 100644 (file)
index 0000000..6f96e49
--- /dev/null
+++ b/unit-tests/data/intermediate_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKDCCApGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCVk4x
+DjAMBgNVBAgMBUhhTm9pMRIwEAYDVQQHDAlOYW1UdUxpZW0xEDAOBgNVBAoMB1Nh
+bXN1bmcxEzARBgNVBAsMClRpemVuIFRlc3QxEjAQBgNVBAMMCVRlc3QgUm9vdDEi
+MCAGCSqGSIb3DQEJARYTcm9vdC50ZXN0QGdtYWlsLmNvbTAeFw0yNDA3MDQwOTA3
+MDRaFw0yNTA3MDQwOTA3MDRaMIGZMQswCQYDVQQGEwJWTjEOMAwGA1UECAwFSGFO
+b2kxEjAQBgNVBAcMCU5hbVR1TGllbTEQMA4GA1UECgwHU2Ftc3VuZzETMBEGA1UE
+CwwKVGl6ZW4gVGVzdDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUxIzAhBgkq
+hkiG9w0BCQEWFGludGVyLnRlc3RAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDD04OksdW6xu0+1ccSbJzPibO2apyvKJqMaVwJvofdMC1q+DgV
+GP8Ro3qq0H1knmNeQtPZj3iN8Ds9wYLJ5kvxnTaVeb327QXxNQwnm8+2G4UoFSdt
+WXC3kfGn/uLuWHjneViajA50HjhZArtraZg6fi2rWPIpqiijzwxtOxNBDQIDAQAB
+o4GGMIGDMHMGCCsGAQUFBwEBBGcwZTAhBggrBgEFBQcwAYYVaHR0cDovLzEyNy4w
+LjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRwOi8vU1ZSU2VjdXJlLUczLWFpYS52
+ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2VyMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADgYEAfSzeCYbEw7YswuOR2o2MRkTmGpMYFiNADHROnDxKbMceoZCp
+kHy4M37/dcT7sfyQu8ZxQIDYOwEk9QvCJD3mdu7t7VA0x1QgqWU3p9oiHTuAezQ8
+K/RstKuIhhd6L6JKLskxXP37OnpCWsMT0iIrHs8pvuV+JKEss91a30k0nro=
+-----END CERTIFICATE-----

diff --git a/unit-tests/data/root_cert.pem b/unit-tests/data/root_cert.pem
new file mode 100644 (file)
index 0000000..82fd99c
--- /dev/null
+++ b/unit-tests/data/root_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAsugAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCVk4x
+DjAMBgNVBAgMBUhhTm9pMRIwEAYDVQQHDAlOYW1UdUxpZW0xEDAOBgNVBAoMB1Nh
+bXN1bmcxEzARBgNVBAsMClRpemVuIFRlc3QxEjAQBgNVBAMMCVRlc3QgUm9vdDEi
+MCAGCSqGSIb3DQEJARYTcm9vdC50ZXN0QGdtYWlsLmNvbTAeFw0yNDA3MDQwOTA3
+MDRaFw0yNTA3MDQwOTA3MDRaMIGQMQswCQYDVQQGEwJWTjEOMAwGA1UECAwFSGFO
+b2kxEjAQBgNVBAcMCU5hbVR1TGllbTEQMA4GA1UECgwHU2Ftc3VuZzETMBEGA1UE
+CwwKVGl6ZW4gVGVzdDESMBAGA1UEAwwJVGVzdCBSb290MSIwIAYJKoZIhvcNAQkB
+FhNyb290LnRlc3RAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQC3jFf/mj2bGKo7Loq01uTG1svNifVVXkk9aNMhzqUWrMEOFqd8GRawuAO7/cjs
+i6BCiwCyoi6ZIXpZqNtOQbuOvbTxOtBSYtDWrEJwL7uzJ1/mtZG0C0TLEV6KLzbI
+MNKIGbCzrfvdslp6KXBNkCSafMcVg9eKDxB9eLS17Tnd7wIDAQABo4HJMIHGMB0G
+A1UdDgQWBBQEz1SfPSsvAcDFwamJQHUN9XtOhDAfBgNVHSMEGDAWgBQEz1SfPSsv
+AcDFwamJQHUN9XtOhDAPBgNVHRMBAf8EBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAh
+BggrBgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRo
+dHRwOi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMu
+Y2VyMA0GCSqGSIb3DQEBCwUAA4GBAKD5sPXVJDsFKPaJc5M2zQ9NPoNMqt939Lsn
+uwhhu399DpYIFqPpCDItaMWG521ZqDGMEXzCWBZWmyut1AyOU28qjyYHhyN/4UHr
+Aa9o877fDMY28IE1Sg/7n0b2s/zybOy8AC65A70nJJY9cV12FcUZlbC22HYBbEBP
+Vi/aKCs+
+-----END CERTIFICATE-----

diff --git a/unit-tests/test_constant.cpp b/unit-tests/test_constant.cpp
index e5b36b0..5798d88 100644 (file)
--- a/unit-tests/test_constant.cpp
+++ b/unit-tests/test_constant.cpp
@@ -279,6 +279,29 @@ namespace StoreType {
        const CertStoreType InvalidStore = (CertStoreType)(1 << 4);
 }
 
+namespace CertChain {
+       namespace Signer {
+               const std::string Path =
+                       std::string(TESTAPP_RES_DIR) + "unit_test_data/signer_cert.pem";
+
+               const std::string SubjectCommonName = "Test Signer";
+       }
+
+       namespace Intermediate {
+               const std::string Path =
+                       std::string(TESTAPP_RES_DIR) + "unit_test_data/intermediate_cert.pem";
+
+               const std::string SubjectCommonName = "Test Intermediate";
+       }
+
+       namespace Root {
+               const std::string Path =
+                       std::string(TESTAPP_RES_DIR) + "unit_test_data/root_cert.pem";
+
+               const std::string SubjectCommonName = "Test Root";
+       }
+}
+
 const std::map<std::string, CertStoreType> storeTypeMap =
 {
        {"vpn_", VPN_STORE},

diff --git a/unit-tests/test_constant.h b/unit-tests/test_constant.h
index 25e9c4a..d16e30b 100644 (file)
--- a/unit-tests/test_constant.h
+++ b/unit-tests/test_constant.h
@@ -85,6 +85,22 @@ namespace ServerCert {
        extern const std::string ServerPass;
 }
 
+namespace CertChain {
+       namespace Signer {
+               extern const std::string Path;
+               extern const std::string SubjectCommonName;
+       }
+
+       namespace Intermediate {
+               extern const std::string Path;
+               extern const std::string SubjectCommonName;
+       }
+
+       namespace Root {
+               extern const std::string Path;
+               extern const std::string SubjectCommonName;
+       }
+}
 namespace StoreType {
        extern const CertStoreType IndividualStore;
        extern const CertStoreType InvalidStore;

diff --git a/unit-tests/test_vcore_api_cert.cpp b/unit-tests/test_vcore_api_cert.cpp
index 7c79fbe..813fb4d 100644 (file)
--- a/unit-tests/test_vcore_api_cert.cpp
+++ b/unit-tests/test_vcore_api_cert.cpp
@@ -84,7 +84,6 @@ void makeCertificateFromFile(
        int result;
        result = certsvc_certificate_new_from_file(instance, location.c_str(), &certificate);
        BOOST_CHECK_EQUAL(result, CERTSVC_SUCCESS);
-       BOOST_CHECK_EQUAL(certificate.privateHandler, 0);
 
        checkCertificateField(certificate, CERTSVC_SUBJECT_COMMON_NAME, subjectCommonName);
 }
@@ -543,6 +542,179 @@ NEGATIVE_TEST_CASE(T_certsvc_certificate_get_not_before_wrong_argument)
        certsvc_instance_free(instance);
 }
 
+POSITIVE_TEST_CASE(T_certsvc_certificate_is_root_ca)
+{
+       int result;
+       CertSvcCertificate certificate;
+       int status;
+
+       BOOST_REQUIRE_EQUAL(certsvc_instance_new(&instance), CERTSVC_SUCCESS);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Root::Path,
+               certificate,
+               CertChain::Root::SubjectCommonName);
+
+       result = certsvc_certificate_is_root_ca(certificate, &status);
+       BOOST_CHECK_EQUAL(result, CERTSVC_SUCCESS);
+       BOOST_CHECK_EQUAL(status, CERTSVC_TRUE);
+
+       certsvc_certificate_free(certificate);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Intermediate::Path,
+               certificate,
+               CertChain::Intermediate::SubjectCommonName);
+
+       result = certsvc_certificate_is_root_ca(certificate, &status);
+       BOOST_CHECK_EQUAL(result, CERTSVC_SUCCESS);
+       BOOST_CHECK_EQUAL(status, CERTSVC_FALSE);
+
+       certsvc_certificate_free(certificate);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Signer::Path,
+               certificate,
+               CertChain::Signer::SubjectCommonName);
+
+       result = certsvc_certificate_is_root_ca(certificate, &status);
+       BOOST_CHECK_EQUAL(result, CERTSVC_SUCCESS);
+       BOOST_CHECK_EQUAL(status, CERTSVC_FALSE);
+
+       certsvc_certificate_free(certificate);
+       certsvc_instance_free(instance);
+}
+
+NEGATIVE_TEST_CASE(T_certsvc_certificate_is_root_ca_wrong_argument){
+       int result;
+       CertSvcCertificate certificate;
+       int status = -1;
+
+       BOOST_REQUIRE_EQUAL(certsvc_instance_new(&instance), CERTSVC_SUCCESS);
+
+       certificate.privateInstance = instance;
+       certificate.privateHandler = 0;
+       result = certsvc_certificate_is_root_ca(certificate, &status);
+       BOOST_CHECK_EQUAL(result, CERTSVC_WRONG_ARGUMENT);
+       BOOST_CHECK_EQUAL(status, -1);
+
+       certsvc_instance_free(instance);
+}
+
+POSITIVE_TEST_CASE(T_certsvc_certificate_chain_sort)
+{
+       int result;
+       CertSvcCertificate certificate_array[3];
+       CertSvcCertificate cert1, cert2, cert3;
+       size_t size = 3;
+
+       BOOST_REQUIRE_EQUAL(certsvc_instance_new(&instance), CERTSVC_SUCCESS);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Root::Path,
+               cert1,
+               CertChain::Root::SubjectCommonName);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Intermediate::Path,
+               cert2,
+               CertChain::Intermediate::SubjectCommonName);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Signer::Path,
+               cert3,
+               CertChain::Signer::SubjectCommonName);
+
+       certificate_array[0] = cert1;
+       certificate_array[1] = cert2;
+       certificate_array[2] = cert3;
+
+       result = certsvc_certificate_chain_sort(certificate_array, size);
+       BOOST_CHECK_EQUAL(result, CERTSVC_SUCCESS);
+
+       certsvc_certificate_free(cert1);
+       certsvc_certificate_free(cert2);
+       certsvc_certificate_free(cert3);
+       certsvc_instance_free(instance);
+}
+
+NEGATIVE_TEST_CASE(T_certsvc_certificate_chain_sort_wrong_argument)
+{
+       int result;
+       CertSvcCertificate certificate_array[2];
+       CertSvcCertificate cert;
+       size_t size = 2;
+
+       BOOST_REQUIRE_EQUAL(certsvc_instance_new(&instance), CERTSVC_SUCCESS);
+
+       result = certsvc_certificate_chain_sort(nullptr, size);
+       BOOST_CHECK_EQUAL(result, CERTSVC_WRONG_ARGUMENT);
+
+       result = certsvc_certificate_chain_sort(certificate_array, 1);
+       BOOST_CHECK_EQUAL(result, CERTSVC_WRONG_ARGUMENT);
+
+       CertSvcCertificate certInvalid;
+       certInvalid.privateHandler = -1;
+       certInvalid.privateInstance = instance;
+
+       certificate_array[1] = certInvalid;
+       result = certsvc_certificate_chain_sort(certificate_array, size);
+       BOOST_CHECK_EQUAL(result, CERTSVC_WRONG_ARGUMENT);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Signer::Path,
+               cert,
+               CertChain::Signer::SubjectCommonName);
+
+       certificate_array[1] = cert;
+       certificate_array[0] = certInvalid;
+
+       result = certsvc_certificate_chain_sort(certificate_array, size);
+       BOOST_CHECK_EQUAL(result, CERTSVC_WRONG_ARGUMENT);
+
+       certsvc_certificate_free(cert);
+       certsvc_instance_free(instance);
+}
+
+NEGATIVE_TEST_CASE(T_certsvc_certificate_chain_sort_failed)
+{
+       int result;
+       CertSvcCertificate certificate_array[3];
+       CertSvcCertificate cert1, cert2;
+       size_t size = 3;
+
+       BOOST_REQUIRE_EQUAL(certsvc_instance_new(&instance), CERTSVC_SUCCESS);
+
+       makeCertificateFromFile(
+               instance,
+               CertChain::Signer::Path,
+               cert1,
+               CertChain::Signer::SubjectCommonName);
+
+       makeCertificateFromFile(
+               instance,
+               ServerCertInfo::ServerCertPemPath,
+               cert2,
+               ServerCertInfo::SubjectCommonName);
+
+       certificate_array[0] = cert1;
+       certificate_array[1] = cert2;
+       certificate_array[2] = cert1;
+       result = certsvc_certificate_chain_sort(certificate_array, size);
+       BOOST_CHECK_EQUAL(result, CERTSVC_FAIL);
+
+       certsvc_certificate_free(cert1);
+       certsvc_certificate_free(cert2);
+       certsvc_instance_free(instance);
+}
+
 POSITIVE_TEST_CASE(T_certsvc_certificate_dup_x509)
 {
        int result;