Merge pull request #46 from relangovan/master

Implement get_cert_validity API
Comcast · Aug 6, 2024 · 4a7b9fc · 4a7b9fc
2 parents 6aba143 + 4f923e5
commit 4a7b9fc
Show file tree

Hide file tree

Showing 7 changed files with 179 additions and 9 deletions.
diff --git a/daemon/daemon.c b/daemon/daemon.c
@@ -340,8 +340,8 @@ static void try_renew_certificates(Certifier * certifier)
         case CERTIFIER_ERR_GET_CERT_STATUS_REVOKED:
             syslog(LOG_INFO, "Certificate from file %s status: Revoked. Not renewing it.", s_list_of_certs[list_of_certs_idx]);
             continue;
-        case CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN | CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
-        case CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN:
+        case CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN | CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
+        case CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN:
         default:
             syslog(LOG_INFO, "Certificate from file %s status: Unknown. Not renewing it.", s_list_of_certs[list_of_certs_idx]);
             continue;

diff --git a/include/certifier/xpki_client.h b/include/certifier/xpki_client.h
@@ -170,6 +170,19 @@ typedef struct
     bool static_certifier;
 } get_cert_status_param_t;
 
+/** @struct get_cert_validity_param_t
+ *  @brief This structure contains all parameters required for getting certificate validity.
+ *  @var get_cert_validity_param_t::p12_path
+ *  Contains the path to the PKCS12 File.
+ *  @var get_cert_validity_param_t::p12_password
+ *  Contains the password for the PKCS12 File.
+ */
+typedef struct
+{
+    const char * p12_path;
+    const char * p12_password;
+} get_cert_validity_param_t;
+
 typedef get_cert_status_param_t renew_cert_param_t;
 
 XPKI_CLIENT_ERROR_CODE xc_get_default_cert_param(get_cert_param_t * params);
@@ -178,12 +191,16 @@ XPKI_CLIENT_ERROR_CODE xc_get_default_cert_status_param(get_cert_status_param_t
 
 XPKI_CLIENT_ERROR_CODE xc_get_default_renew_cert_param(renew_cert_param_t * params);
 
+XPKI_CLIENT_ERROR_CODE xc_get_default_cert_validity_param(get_cert_validity_param_t * params);
+
 XPKI_CLIENT_ERROR_CODE xc_get_cert(get_cert_param_t * params);
 
 XPKI_CLIENT_ERROR_CODE xc_renew_cert(renew_cert_param_t * params);
 
 XPKI_CLIENT_ERROR_CODE xc_get_cert_status(get_cert_status_param_t * params, XPKI_CLIENT_CERT_STATUS * status);
 
+XPKI_CLIENT_ERROR_CODE xc_get_cert_validity(get_cert_validity_param_t * params, XPKI_CLIENT_CERT_STATUS * status);
+
 XPKI_CLIENT_ERROR_CODE xc_enable_logs(bool enable);
 
 XPKI_AUTH_TYPE map_to_xpki_auth_type(const char * str);

diff --git a/internal_headers/certifier/certifier.h b/internal_headers/certifier/certifier.h
@@ -124,7 +124,7 @@ extern "C" {
 #define CERTIFIER_ERR_REGISTRATION_STATUS_SIMULATION_1 (1 << 7)
 #define CERTIFIER_ERR_REGISTRATION_STATUS_SIMULATION_2 (1 << 8)
 
-#define CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN (1 << 9)
+#define CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN (1 << 9)
 #define CERTIFIER_ERR_GET_CERT_STATUS_REVOKED (1 << 10)
 #define CERTIFIER_ERR_GET_CERT_STATUS_GOOD (1 << 11)
 

diff --git a/src/certifier_api_easy.c b/src/certifier_api_easy.c
@@ -659,11 +659,11 @@ static int do_get_cert_status(CERTIFIER * easy)
     case CERTIFIER_ERR_GET_CERT_STATUS_1 | CERTIFIER_ERR_GET_CERT_STATUS_REVOKED:
         XFPRINTF(stdout, "Status: Revoked\n");
         break;
-    case CERTIFIER_ERR_GET_CERT_STATUS_1 | CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN |
+    case CERTIFIER_ERR_GET_CERT_STATUS_1 | CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN |
         CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
         XFPRINTF(stdout, "Warning! This certificate is about to expire. Please renew it using the 'renew-cert' command.\n");
         // fall through
-    case CERTIFIER_ERR_GET_CERT_STATUS_1 | CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN:
+    case CERTIFIER_ERR_GET_CERT_STATUS_1 | CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN:
     default:
         XFPRINTF(stdout, "Status: Unknown\n");
         break;

diff --git a/src/certifierclient.c b/src/certifierclient.c
@@ -681,7 +681,7 @@ CertifierError certifierclient_check_certificate_status(CertifierPropMap * props
     }
     else if (strncmp(certificate_status, "UNKNOWN", strlen("UNKNOWN")) == 0)
     {
-        rc.application_error_code = CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN;
+        rc.application_error_code = CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN;
         rc.application_error_msg  = util_format_error_here("Certificate Unknown");
         goto cleanup;
     }
@@ -693,7 +693,7 @@ CertifierError certifierclient_check_certificate_status(CertifierPropMap * props
     }
     else
     {
-        rc.application_error_code = CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN;
+        rc.application_error_code = CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN;
         rc.application_error_msg  = util_format_error_here("Certificate Unknown");
         goto cleanup;
     }

diff --git a/src/xpki_client.c b/src/xpki_client.c
@@ -218,6 +218,23 @@ XPKI_CLIENT_ERROR_CODE xc_get_default_cert_status_param(get_cert_status_param_t
     return XPKI_CLIENT_SUCCESS;
 }
 
+XPKI_CLIENT_ERROR_CODE xc_get_default_cert_validity_param(get_cert_validity_param_t * params)
+{
+    Certifier * certifier = get_certifier_instance();
+
+    memset(params, 0, sizeof(get_cert_validity_param_t));
+
+    void * param = NULL;
+
+    param            = certifier_get_property(certifier, CERTIFIER_OPT_INPUT_P12_PATH);
+    params->p12_path = param ? (const char *) param : NULL;
+
+    param                = certifier_get_property(certifier, CERTIFIER_OPT_INPUT_P12_PASSWORD);
+    params->p12_password = param ? (const char *) param : NULL;
+
+    return XPKI_CLIENT_SUCCESS;
+}
+
 XPKI_CLIENT_ERROR_CODE xc_get_default_renew_cert_param(renew_cert_param_t * params)
 {
     return xc_get_default_cert_status_param(params);
@@ -469,17 +486,86 @@ static XPKI_CLIENT_CERT_STATUS xc_map_cert_status(int value)
     case CERTIFIER_ERR_GET_CERT_STATUS_REVOKED:
         cert_status = XPKI_CLIENT_CERT_REVOKED;
         break;
-    case CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN | CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
+    case CERTIFIER_ERR_REGISTRATION_STATUS_P12_NONEXISTENT:
+	cert_status = XPKI_CLIENT_CERT_INVALID;
+	break;
+    case CERTIFIER_ERR_REGISTRATION_STATUS_X509_NONEXISTENT:
+	cert_status = XPKI_CLIENT_CERT_INVALID;
+	break;
+    case CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN | CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
         cert_status = XPKI_CLIENT_CERT_ABOUT_TO_EXPIRE;
         // fall through
-    case CERTIFIER_ERR_GET_CERT_STATUS_UNKOWN:
+    case CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN:
     default:
         cert_status |= XPKI_CLIENT_CERT_UNKNOWN;
     }
 
     return cert_status;
 }
 
+static XPKI_CLIENT_CERT_STATUS xc_map_cert_validity(int value)
+{
+    XPKI_CLIENT_CERT_STATUS cert_status = XPKI_CLIENT_CERT_UNKNOWN;
+
+    switch (value)
+    {
+    case CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
+        cert_status = XPKI_CLIENT_CERT_ABOUT_TO_EXPIRE;
+        break;
+    case 0:
+        cert_status = XPKI_CLIENT_CERT_VALID;
+        break;
+    case CERTIFIER_ERR_REGISTRATION_STATUS_CERT_EXPIRED_2:
+        cert_status = XPKI_CLIENT_CERT_EXPIRED;
+        break;
+    case CERTIFIER_ERR_REGISTRATION_STATUS_CERT_EXPIRED_1:
+        cert_status = XPKI_CLIENT_CERT_NOT_YET_VALID;
+        break;
+    case CERTIFIER_ERR_REGISTRATION_STATUS_P12_NONEXISTENT:
+        cert_status = XPKI_CLIENT_CERT_INVALID;
+        break;
+    case CERTIFIER_ERR_REGISTRATION_STATUS_X509_NONEXISTENT:
+        cert_status = XPKI_CLIENT_CERT_INVALID;
+        break;
+    case CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN:
+        cert_status = XPKI_CLIENT_CERT_UNKNOWN;
+	break;
+    default:
+        cert_status = XPKI_CLIENT_CERT_UNKNOWN;
+    }
+
+    return cert_status;
+}
+
+static XPKI_CLIENT_ERROR_CODE xc_map_error_code(int value)
+{
+    XPKI_CLIENT_ERROR_CODE xc_error = XPKI_CLIENT_ERROR_INTERNAL;
+    switch (value)
+    {
+    case CERTIFIER_ERR_REGISTRATION_STATUS_P12_NONEXISTENT:
+        xc_error = XPKI_CLIENT_INVALID_ARGUMENT;
+        break;
+    case CERTIFIER_ERR_REGISTRATION_STATUS_X509_NONEXISTENT:
+        xc_error = XPKI_CLIENT_INVALID_ARGUMENT;
+        break;
+    case 0:
+    case CERTIFIER_ERR_REGISTRATION_STATUS_CERT_EXPIRED_1:
+    case CERTIFIER_ERR_REGISTRATION_STATUS_CERT_EXPIRED_2:
+    case CERTIFIER_ERR_REGISTRATION_STATUS_CERT_ABOUT_TO_EXPIRE:
+    case CERTIFIER_ERR_GET_CERT_STATUS_REVOKED:
+	xc_error = XPKI_CLIENT_SUCCESS;
+	break;
+    case CERTIFIER_ERR_GET_CERT_STATUS_UNKNOWN:
+	xc_error = XPKI_CLIENT_ERROR_INTERNAL;
+	break;
+    default:
+        xc_error = XPKI_CLIENT_ERROR_INTERNAL;
+    }
+
+    return xc_error;
+}
+
+
 static XPKI_CLIENT_ERROR_CODE _xc_get_cert_status(XPKI_CLIENT_CERT_STATUS * status)
 {
     Certifier * certifier = get_certifier_instance();
@@ -521,6 +607,31 @@ XPKI_CLIENT_ERROR_CODE xc_get_cert_status(get_cert_status_param_t * params, XPKI
     return _xc_get_cert_status(status);
 }
 
+static XPKI_CLIENT_ERROR_CODE _xc_get_cert_validity(XPKI_CLIENT_CERT_STATUS * status)
+{
+    Certifier * certifier = get_certifier_instance();
+    int return_code       = 0;
+    *status               = XPKI_CLIENT_CERT_INVALID;
+
+    return_code = certifier_get_device_registration_status(certifier);
+    *status     = xc_map_cert_validity(return_code);
+
+    return xc_map_error_code(return_code);
+}
+
+/* Based on current time, get certificate validity status */
+XPKI_CLIENT_ERROR_CODE xc_get_cert_validity(get_cert_validity_param_t * params, XPKI_CLIENT_CERT_STATUS * status)
+{
+    VerifyOrReturnError(params != NULL && params->p12_path != NULL && params->p12_password != NULL, XPKI_CLIENT_INVALID_ARGUMENT);
+
+    Certifier * certifier = get_certifier_instance();
+
+    ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_INPUT_P12_PATH, params->p12_path));
+    ReturnErrorOnFailure(certifier_set_property(certifier, CERTIFIER_OPT_INPUT_P12_PASSWORD, params->p12_password));
+
+    return _xc_get_cert_validity(status);
+}
+
 XPKI_CLIENT_ERROR_CODE xc_enable_logs(bool enable)
 {
     Certifier * certifier = get_certifier_instance();

diff --git a/tests/xc_apis/xc_api_tests.c b/tests/xc_apis/xc_api_tests.c
@@ -174,6 +174,46 @@ static void test_renew_cert_auth_token()
     TEST_ASSERT_EQUAL_INT(XPKI_CLIENT_SUCCESS, error);
 }
 
+static void test_print_cert_validity()
+{
+   XPKI_CLIENT_ERROR_CODE error;
+   get_cert_status_param_t params = { 0 };
+
+   xc_get_default_cert_status_param(&params);
+
+   params.p12_password = "newpass";
+   params.p12_path     = "output-xc-test-renewable.p12";
+
+   error = xc_print_cert_validity(params.p12_path, params.p12_password);
+   TEST_ASSERT_EQUAL_INT(XPKI_CLIENT_SUCCESS, error);
+}
+
+static void test_get_cert_validity()
+{
+    XPKI_CLIENT_ERROR_CODE error;
+    XPKI_CLIENT_CERT_STATUS status;
+    get_cert_validity_param_t params = { 0 };
+
+    xc_get_default_cert_validity_param(&params);
+
+    params.p12_password = "newpass";
+    params.p12_path     = "output-xc-test-not-renewable.p12";
+
+    error = xc_get_cert_validity(&params, &status);
+
+    TEST_ASSERT_EQUAL_INT(XPKI_CLIENT_SUCCESS, error);
+    TEST_ASSERT_EQUAL_INT(XPKI_CLIENT_CERT_VALID , status);
+
+    xc_get_default_cert_validity_param(&params);
+    params.p12_password = "newpass";
+    params.p12_path     = "output-xc-test-renewable.p12";
+
+    error = xc_get_cert_validity(&params, &status);
+
+    TEST_ASSERT_EQUAL_INT(XPKI_CLIENT_SUCCESS, error);
+    TEST_ASSERT_EQUAL_INT(XPKI_CLIENT_CERT_ABOUT_TO_EXPIRE, status);
+}
+
 int main(int argc, char ** argv)
 {
     UNITY_BEGIN();
@@ -187,6 +227,8 @@ int main(int argc, char ** argv)
     }
     RUN_TEST(test_get_cert_status);
     RUN_TEST(test_renew_cert);
+    RUN_TEST(test_print_cert_validity);
+    RUN_TEST(test_get_cert_validity);
 
     return UNITY_END();
 }