diff options
author | Sergey Levchenko (GitHub) <slevchenko.work@gmail.com> | 2017-03-21 12:07:26 +0200 |
---|---|---|
committer | Andriy Byzhynar <AByzhynar@luxoft.com> | 2017-06-23 11:28:48 +0300 |
commit | 661e26609e4c6ba2bb6b6241e9d8fcbba4e52c27 (patch) | |
tree | 0b01776e64e20a67bcf3775aa689190347f81506 /src | |
parent | 22a014b3746b28d2b8a3a4049c60bb76db6a0861 (diff) | |
download | sdl_core-661e26609e4c6ba2bb6b6241e9d8fcbba4e52c27.tar.gz |
Update generate_test_certificates.py script
Previously SDL was implemented in the way to support certificate in PKCS12
Now it has been changed to simple PEM format according to the new requirements.
- generate_test_certificates.py updated
- unit tests updated
Diffstat (limited to 'src')
4 files changed, 25 insertions, 45 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index f44198953b..a8a77cc5a1 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -300,36 +300,20 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { return false; } - BIO* bio = BIO_new(BIO_f_base64()); - BIO* bmem = BIO_new_mem_buf((char*)cert_data.c_str(), cert_data.length()); - bmem = BIO_push(bio, bmem); - - char* buf = new char[cert_data.length()]; - int len = BIO_read(bmem, buf, cert_data.length()); - - BIO* bio_cert = BIO_new(BIO_s_mem()); - if (NULL == bio_cert) { - LOG4CXX_WARN(logger_, "Unable to update certificate. BIO not created"); - return false; - } + BIO* bio_cert = BIO_new_mem_buf(const_cast<char*>(cert_data.c_str()), cert_data.length()); utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_cert); UNUSED(bio_guard) - int k = 0; - if ((k = BIO_write(bio_cert, buf, len)) <= 0) { - LOG4CXX_WARN(logger_, "Unable to write into BIO"); - return false; - } - PKCS12* p12 = d2i_PKCS12_bio(bio_cert, NULL); - if (NULL == p12) { - LOG4CXX_ERROR(logger_, "Unable to parse certificate"); - return false; - } + X509* cert = NULL; + PEM_read_bio_X509(bio_cert, &cert,0, 0); EVP_PKEY* pkey = NULL; - X509* cert = NULL; - PKCS12_parse(p12, NULL, &pkey, &cert, NULL); + if (1 == BIO_reset(bio_cert)) { + PEM_read_bio_PrivateKey(bio_cert, &pkey, 0,0); + } else { + LOG4CXX_WARN(logger_, "Unabled to reset BIO in order to read private key, " << LastError()); + } if (NULL == cert || NULL == pkey) { LOG4CXX_WARN(logger_, "Either certificate or key not valid."); diff --git a/src/components/security_manager/test/crypto_manager_impl_test.cc b/src/components/security_manager/test/crypto_manager_impl_test.cc index 7fef33f1df..b30684e5f6 100644 --- a/src/components/security_manager/test/crypto_manager_impl_test.cc +++ b/src/components/security_manager/test/crypto_manager_impl_test.cc @@ -39,6 +39,7 @@ #include <fstream> #include <sstream> +#include "utils/make_shared.h" #include "gtest/gtest.h" #include "security_manager/crypto_manager_impl.h" #include "security_manager/mock_security_manager_settings.h" @@ -64,10 +65,14 @@ namespace test { namespace components { namespace crypto_manager_test { +using security_manager::CryptoManagerImpl; + class CryptoManagerTest : public testing::Test { protected: + typedef NiceMock<security_manager_test::MockCryptoManagerSettings> + MockCryptoManagerSettings; static void SetUpTestCase() { - std::ifstream certificate_file("server/spt_credential.p12.enc"); + std::ifstream certificate_file("server/spt_credential.pem"); ASSERT_TRUE(certificate_file.is_open()) << "Could not open certificate data file"; @@ -81,16 +86,9 @@ class CryptoManagerTest : public testing::Test { void SetUp() OVERRIDE { ASSERT_FALSE(certificate_data_base64_.empty()); mock_security_manager_settings_ = - new NiceMock<security_manager_test::MockCryptoManagerSettings>(); - utils::SharedPtr<security_manager::CryptoManagerSettings> scrypto = - utils::SharedPtr<security_manager::CryptoManagerSettings>:: - static_pointer_cast<security_manager::CryptoManagerSettings>( - mock_security_manager_settings_); - crypto_manager_ = new security_manager::CryptoManagerImpl(scrypto); - } - - void TearDown() OVERRIDE { - delete mock_security_manager_settings_; + utils::MakeShared<MockCryptoManagerSettings>(); + crypto_manager_ = + utils::MakeShared<CryptoManagerImpl>(mock_security_manager_settings_); } void InitSecurityManager() { @@ -117,11 +115,9 @@ class CryptoManagerTest : public testing::Test { .WillByDefault(Return(false)); } - security_manager::CryptoManager* crypto_manager_; + utils::SharedPtr<CryptoManagerImpl> crypto_manager_; + utils::SharedPtr<MockCryptoManagerSettings> mock_security_manager_settings_; static std::string certificate_data_base64_; - - NiceMock<security_manager_test::MockCryptoManagerSettings>* - mock_security_manager_settings_; }; std::string CryptoManagerTest::certificate_data_base64_; diff --git a/src/components/security_manager/test/ssl_certificate_handshake_test.cc b/src/components/security_manager/test/ssl_certificate_handshake_test.cc index 3d62dd5d6a..9375d6cc32 100644 --- a/src/components/security_manager/test/ssl_certificate_handshake_test.cc +++ b/src/components/security_manager/test/ssl_certificate_handshake_test.cc @@ -56,12 +56,12 @@ namespace custom_str = utils::custom_string; namespace { const std::string server_ca_cert_filename = "server"; const std::string client_ca_cert_filename = "client"; -const std::string client_certificate = "client/client_credential.p12.enc"; -const std::string server_certificate = "server/spt_credential.p12.enc"; +const std::string client_certificate = "client/client_credential.pem"; +const std::string server_certificate = "server/spt_credential.pem"; const std::string server_unsigned_cert_file = - "server/spt_credential_unsigned.p12.enc"; + "server/spt_credential_unsigned.pem"; const std::string server_expired_cert_file = - "server/spt_credential_expired.p12.enc"; + "server/spt_credential_expired.pem"; const bool verify_peer = true; const bool skip_peer_verification = false; diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index 9223a74505..945059e58c 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -88,9 +88,9 @@ struct ProtocolAndCipher { class SSLTest : public testing::Test { protected: static void SetUpTestCase() { - SetCertificate("server/spt_credential_unsigned.p12.enc", + SetCertificate("server/spt_credential_unsigned.pem", server_certificate_data_base64_); - SetCertificate("client/client_credential_unsigned.p12.enc", + SetCertificate("client/client_credential_unsigned.pem", client_certificate_data_base64_); } |