Update relevant testcases

Signed-off-by: AssemblyJohn <[email protected]>
EVerest · Feb 7, 2024 · 153a1d9 · 153a1d9
1 parent cf6ffff
commit 153a1d9
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 5 deletions.
diff --git a/include/evse_security/evse_security.hpp b/include/evse_security/evse_security.hpp
@@ -209,8 +209,9 @@ class EvseSecurity {
 // Define here all tests that require internal function usage
 #ifdef BUILD_TESTING_EVSE_SECURITY
     FRIEND_TEST(EvseSecurityTests, verify_full_filesystem_install_reject);
-    FRIEND_TEST(EvseSecurityTests, verify_expired_csr_deletion);
     FRIEND_TEST(EvseSecurityTests, verify_full_filesystem);
+    FRIEND_TEST(EvseSecurityTests, verify_expired_csr_deletion);
+    FRIEND_TEST(EvseSecurityTests, verify_expired_leaf_deletion);
 #endif
 };
 

diff --git a/lib/evse_security/evse_security.cpp b/lib/evse_security/evse_security.cpp
@@ -421,14 +421,12 @@ InstallCertificateResult EvseSecurity::update_leaf_certificate(const std::string
         // Write certificate to file
         std::string extra_filename = filesystem_utils::get_random_file_name(PEM_EXTENSION.string());
 
-        const auto file_name =
-            std::string("SECC_LEAF_") + extra_filename;
+        const auto file_name = std::string("SECC_LEAF_") + extra_filename;
         const auto file_path = cert_path / file_name;
         std::string str_cert = leaf_certificate.get_export_string();
 
         // Also write chain to file
-        const auto chain_file_name =
-            std::string("CPO_CERT_CHAIN_") + extra_filename;
+        const auto chain_file_name = std::string("CPO_CERT_CHAIN_") + extra_filename;
         const auto chain_file_path = cert_path / chain_file_name;
         std::string str_chain_cert = chain_certificate.to_export_string();
 

diff --git a/tests/tests.cpp b/tests/tests.cpp
@@ -115,6 +115,40 @@ class EvseSecurityTests : public ::testing::Test {
     }
 };
 
+TEST_F(EvseSecurityTests, verify_expired_leaf_deletion) {
+    // Copy many expired certificates
+    std::set<fs::path> existing;
+
+    for (int i = 0; i < 30; i++) {
+        std::string key_filename = std::string("certs/client/cso/SECC_LEAF_EXPIRED_") + std::to_string(i) + ".key";
+        std::string cert_filename = std::string("certs/client/cso/SECC_LEAF_EXPIRED_") + std::to_string(i) + ".pem";
+
+        existing.emplace(key_filename);
+        existing.emplace(cert_filename);
+
+        std::filesystem::copy("expired_leaf/SECC_LEAF_EXPIRED.key", key_filename);
+        std::filesystem::copy("expired_leaf/SECC_LEAF_EXPIRED.pem", cert_filename);
+    }
+
+    // Check that the FS is not full
+    ASSERT_FALSE(evse_security->is_filesystem_full());
+
+    // Fill the disk
+    evse_security->max_fs_certificate_store_entries = 20;
+
+    // Garbage collect
+    evse_security->garbage_collect(true);
+
+    // Assert the files/keys do not exist any more
+    std::size_t existing_count = 0;
+    for (const auto& path : existing) {
+        existing_count += fs::exists(path) ? 1 : 0;
+    }
+
+    // Only 10 should be kept (key + certificate)
+    ASSERT_EQ(existing_count, 20);
+}
+
 TEST_F(EvseSecurityTests, verify_basics) {
     // Check that we have the default provider
     ASSERT_TRUE(check_openssl_providers({PROVIDER_DEFAULT}));