summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/components/security_manager/src/crypto_manager_impl.cc32
-rw-r--r--src/components/security_manager/test/crypto_manager_impl_test.cc26
-rw-r--r--src/components/security_manager/test/ssl_certificate_handshake_test.cc8
-rw-r--r--src/components/security_manager/test/ssl_context_test.cc4
-rwxr-xr-xtools/Utils/generate_test_certificates.py31
5 files changed, 44 insertions, 57 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index f44198953b..a8a77cc5a1 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -300,36 +300,20 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
return false;
}
- BIO* bio = BIO_new(BIO_f_base64());
- BIO* bmem = BIO_new_mem_buf((char*)cert_data.c_str(), cert_data.length());
- bmem = BIO_push(bio, bmem);
-
- char* buf = new char[cert_data.length()];
- int len = BIO_read(bmem, buf, cert_data.length());
-
- BIO* bio_cert = BIO_new(BIO_s_mem());
- if (NULL == bio_cert) {
- LOG4CXX_WARN(logger_, "Unable to update certificate. BIO not created");
- return false;
- }
+ BIO* bio_cert = BIO_new_mem_buf(const_cast<char*>(cert_data.c_str()), cert_data.length());
utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_cert);
UNUSED(bio_guard)
- int k = 0;
- if ((k = BIO_write(bio_cert, buf, len)) <= 0) {
- LOG4CXX_WARN(logger_, "Unable to write into BIO");
- return false;
- }
- PKCS12* p12 = d2i_PKCS12_bio(bio_cert, NULL);
- if (NULL == p12) {
- LOG4CXX_ERROR(logger_, "Unable to parse certificate");
- return false;
- }
+ X509* cert = NULL;
+ PEM_read_bio_X509(bio_cert, &cert,0, 0);
EVP_PKEY* pkey = NULL;
- X509* cert = NULL;
- PKCS12_parse(p12, NULL, &pkey, &cert, NULL);
+ if (1 == BIO_reset(bio_cert)) {
+ PEM_read_bio_PrivateKey(bio_cert, &pkey, 0,0);
+ } else {
+ LOG4CXX_WARN(logger_, "Unabled to reset BIO in order to read private key, " << LastError());
+ }
if (NULL == cert || NULL == pkey) {
LOG4CXX_WARN(logger_, "Either certificate or key not valid.");
diff --git a/src/components/security_manager/test/crypto_manager_impl_test.cc b/src/components/security_manager/test/crypto_manager_impl_test.cc
index 7fef33f1df..b30684e5f6 100644
--- a/src/components/security_manager/test/crypto_manager_impl_test.cc
+++ b/src/components/security_manager/test/crypto_manager_impl_test.cc
@@ -39,6 +39,7 @@
#include <fstream>
#include <sstream>
+#include "utils/make_shared.h"
#include "gtest/gtest.h"
#include "security_manager/crypto_manager_impl.h"
#include "security_manager/mock_security_manager_settings.h"
@@ -64,10 +65,14 @@ namespace test {
namespace components {
namespace crypto_manager_test {
+using security_manager::CryptoManagerImpl;
+
class CryptoManagerTest : public testing::Test {
protected:
+ typedef NiceMock<security_manager_test::MockCryptoManagerSettings>
+ MockCryptoManagerSettings;
static void SetUpTestCase() {
- std::ifstream certificate_file("server/spt_credential.p12.enc");
+ std::ifstream certificate_file("server/spt_credential.pem");
ASSERT_TRUE(certificate_file.is_open())
<< "Could not open certificate data file";
@@ -81,16 +86,9 @@ class CryptoManagerTest : public testing::Test {
void SetUp() OVERRIDE {
ASSERT_FALSE(certificate_data_base64_.empty());
mock_security_manager_settings_ =
- new NiceMock<security_manager_test::MockCryptoManagerSettings>();
- utils::SharedPtr<security_manager::CryptoManagerSettings> scrypto =
- utils::SharedPtr<security_manager::CryptoManagerSettings>::
- static_pointer_cast<security_manager::CryptoManagerSettings>(
- mock_security_manager_settings_);
- crypto_manager_ = new security_manager::CryptoManagerImpl(scrypto);
- }
-
- void TearDown() OVERRIDE {
- delete mock_security_manager_settings_;
+ utils::MakeShared<MockCryptoManagerSettings>();
+ crypto_manager_ =
+ utils::MakeShared<CryptoManagerImpl>(mock_security_manager_settings_);
}
void InitSecurityManager() {
@@ -117,11 +115,9 @@ class CryptoManagerTest : public testing::Test {
.WillByDefault(Return(false));
}
- security_manager::CryptoManager* crypto_manager_;
+ utils::SharedPtr<CryptoManagerImpl> crypto_manager_;
+ utils::SharedPtr<MockCryptoManagerSettings> mock_security_manager_settings_;
static std::string certificate_data_base64_;
-
- NiceMock<security_manager_test::MockCryptoManagerSettings>*
- mock_security_manager_settings_;
};
std::string CryptoManagerTest::certificate_data_base64_;
diff --git a/src/components/security_manager/test/ssl_certificate_handshake_test.cc b/src/components/security_manager/test/ssl_certificate_handshake_test.cc
index 3d62dd5d6a..9375d6cc32 100644
--- a/src/components/security_manager/test/ssl_certificate_handshake_test.cc
+++ b/src/components/security_manager/test/ssl_certificate_handshake_test.cc
@@ -56,12 +56,12 @@ namespace custom_str = utils::custom_string;
namespace {
const std::string server_ca_cert_filename = "server";
const std::string client_ca_cert_filename = "client";
-const std::string client_certificate = "client/client_credential.p12.enc";
-const std::string server_certificate = "server/spt_credential.p12.enc";
+const std::string client_certificate = "client/client_credential.pem";
+const std::string server_certificate = "server/spt_credential.pem";
const std::string server_unsigned_cert_file =
- "server/spt_credential_unsigned.p12.enc";
+ "server/spt_credential_unsigned.pem";
const std::string server_expired_cert_file =
- "server/spt_credential_expired.p12.enc";
+ "server/spt_credential_expired.pem";
const bool verify_peer = true;
const bool skip_peer_verification = false;
diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc
index 9223a74505..945059e58c 100644
--- a/src/components/security_manager/test/ssl_context_test.cc
+++ b/src/components/security_manager/test/ssl_context_test.cc
@@ -88,9 +88,9 @@ struct ProtocolAndCipher {
class SSLTest : public testing::Test {
protected:
static void SetUpTestCase() {
- SetCertificate("server/spt_credential_unsigned.p12.enc",
+ SetCertificate("server/spt_credential_unsigned.pem",
server_certificate_data_base64_);
- SetCertificate("client/client_credential_unsigned.p12.enc",
+ SetCertificate("client/client_credential_unsigned.pem",
client_certificate_data_base64_);
}
diff --git a/tools/Utils/generate_test_certificates.py b/tools/Utils/generate_test_certificates.py
index 73b6f53cc8..2c1d2cddbf 100755
--- a/tools/Utils/generate_test_certificates.py
+++ b/tools/Utils/generate_test_certificates.py
@@ -118,12 +118,13 @@ def gen_pkcs12(out, key_file, cert_file, verification_certificate) :
"-name 'SPT key and certificates'", "-CAfile ", verification_certificate, \
" -passout pass:")
- """
- Encode certificate $out to base 64
- """
- with open(out, "rb") as cert:
- with open(out + ".enc", "wb") as enc_cert:
- enc_cert.write(cert.read().encode("base64"))
+def gen_pem_file(out, key_file, cert_file, verification_certificate) :
+ """Join $key_file, $cert_file, $verification_certificate in pem file named $out"""
+ files = [key_file, cert_file, verification_certificate]
+ with open(out, "wb") as cert:
+ for fl in files:
+ with open(fl) as infile:
+ cert.write(infile.read())
def answers(name, app_id, country, state, locality, organization, unit, email) :
"""Answer string generator
@@ -228,47 +229,53 @@ def main():
server_key_file = os.path.join(server_dir, "server.key")
server_cert_file = os.path.join(server_dir, "server.crt")
server_pkcs12_file = os.path.join(server_dir, "spt_credential.p12")
+ server_pem_file = os.path.join(server_dir, "spt_credential.pem")
gen_rsa_key(server_key_file, 2048)
gen_cert(server_cert_file, server_key_file, ford_server_cert_file, ford_server_key_file, days, server_answer)
gen_pkcs12(server_pkcs12_file, server_key_file, server_cert_file, client_verification_ca_cert_file)
+ gen_pem_file(server_pem_file, server_key_file, server_cert_file, client_verification_ca_cert_file)
print
print " --== Server unsigned certificate generating ==-- "
server_unsigned_cert_file = os.path.join(server_dir, "server_unsigned.crt")
server_pkcs12_unsigned_file = os.path.join(server_dir, "spt_credential_unsigned.p12")
+ server_pem_unsigned_file = os.path.join(server_dir, "spt_credential_unsigned.pem")
gen_root_cert(server_unsigned_cert_file, server_key_file, days, server_unsigned_answer)
gen_pkcs12(server_pkcs12_unsigned_file, server_key_file, server_unsigned_cert_file, client_verification_ca_cert_file)
+ gen_pem_file(server_pem_unsigned_file, server_key_file, server_unsigned_cert_file, client_verification_ca_cert_file)
print
print " --== Server expired certificate generating ==-- "
server_expired_cert_file = os.path.join(server_dir, "server_expired.crt")
server_pkcs12_expired_file = os.path.join(server_dir, "spt_credential_expired.p12")
+ server_pem_expired_file = os.path.join(server_dir, "spt_credential_expired.pem")
gen_expire_cert(server_expired_cert_file, server_key_file, ford_server_cert_file, ford_server_key_file, days, server_expired_answer)
gen_pkcs12(server_pkcs12_expired_file, server_key_file, server_expired_cert_file, client_verification_ca_cert_file)
+ gen_pem_file(server_pem_expired_file, server_key_file, server_expired_cert_file, client_verification_ca_cert_file)
print
print " --== Client pkcs12 certificate generating ==-- "
client_key_file = os.path.join(client_dir, "client.key")
client_cert_file = os.path.join(client_dir, "client.crt")
- client_pkcs12_file = os.path.join(client_dir, "client_credential.p12")
+ client_pkcs12_file = os.path.join(client_dir, "client_credential.pem")
gen_rsa_key(client_key_file, 2048)
gen_cert(client_cert_file, client_key_file, ford_client_cert_file, ford_client_key_file, days, client_answer)
- gen_pkcs12(client_pkcs12_file, client_key_file, client_cert_file, server_verification_ca_cert_file)
+ gen_pem_file(client_pkcs12_file, client_key_file, client_cert_file, server_verification_ca_cert_file)
print
print " --== Client pkcs12 unsigned certificate generating ==-- "
client_unsigned_cert_file = os.path.join(client_dir, "client_unsigned.crt")
- client_pkcs12_unsigned_file = os.path.join(client_dir, "client_credential_unsigned.p12")
+ client_pkcs12_unsigned_file = os.path.join(client_dir, "client_credential_unsigned.pem")
gen_root_cert(client_unsigned_cert_file, client_key_file, days, client_unsigned_answer)
- gen_pkcs12(client_pkcs12_unsigned_file, client_key_file, client_unsigned_cert_file, server_verification_ca_cert_file)
+ gen_pem_file(client_pkcs12_unsigned_file, client_key_file, client_unsigned_cert_file, server_verification_ca_cert_file)
print
print " --== Client pkcs12 expired certificate generating ==-- "
client_expired_cert_file = os.path.join(client_dir, "client_expired.crt")
- client_pkcs12_expired_file = os.path.join(client_dir, "client_credential_expired.p12")
+ client_pkcs12_expired_file = os.path.join(client_dir, "client_credential_expired.pem")
gen_expire_cert(client_expired_cert_file, client_key_file, ford_client_cert_file, ford_client_key_file, days, client_expired_answer)
- gen_pkcs12(client_pkcs12_expired_file, client_key_file, client_expired_cert_file, server_verification_ca_cert_file)
+ gen_pem_file(client_pkcs12_expired_file, client_key_file, client_expired_cert_file, server_verification_ca_cert_file)
subprocess.call(["c_rehash", server_dir])
subprocess.call(["c_rehash", client_dir])
View Lorry Controller Status