HIRS/.ci/system-tests/sys_test_common.sh

123 lines
5.9 KiB
Bash
Raw Normal View History

2021-11-16 16:51:42 -05:00
#!/bin/bash
#########################################################################################
# Common functions used for HIRS system tests
#
#########################################################################################
# Check container status and abort if container is not running
checkContainerStatus() {
container_name=$1
container_id="$(docker ps -aqf "name=$container_name")"
2021-11-16 16:51:42 -05:00
container_status="$(docker inspect $container_id --format='{{.State.Status}}')"
echo "Container id is $container_id and the status is $container_status"
2021-11-16 16:51:42 -05:00
if [ "$container_status" != "running" ]; then
container_exit_code="$(docker inspect $container_id --format='{{.State.ExitCode}}')"
echo "Container Exit Code: $container_exit_code"
docker info
exit 1;
fi
}
# clear all policy settings
2021-11-16 16:51:42 -05:00
setPolicyNone() {
2022-04-14 08:54:32 -04:00
docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update SupplyChainPolicy set enableEcValidation=0, enablePcAttributeValidation=0, enablePcValidation=0,
enableUtcValidation=0, enableFirmwareValidation=0, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=0, enableIgnoretBoot=0;"
2021-11-16 16:51:42 -05:00
}
# Policy Settings for tests ...
2021-11-16 16:51:42 -05:00
setPolicyEkOnly() {
2022-04-14 08:54:32 -04:00
docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update SupplyChainPolicy set enableEcValidation=1, enablePcAttributeValidation=0, enablePcValidation=0,
enableUtcValidation=0, enableFirmwareValidation=0, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=0, enableIgnoretBoot=0;"
2021-11-16 16:51:42 -05:00
}
setPolicyEkPc_noAttCheck() {
2022-04-14 08:54:32 -04:00
docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update SupplyChainPolicy set enableEcValidation=1, enablePcAttributeValidation=0, enablePcValidation=1,
enableUtcValidation=0, enableFirmwareValidation=0, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=0, enableIgnoretBoot=0;"
2021-11-16 16:51:42 -05:00
}
setPolicyEkPc() {
2022-04-14 08:54:32 -04:00
docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update SupplyChainPolicy set enableEcValidation=1, enablePcAttributeValidation=1, enablePcValidation=1,
enableUtcValidation=0, enableFirmwareValidation=0, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=0, enableIgnoretBoot=0;"
2021-11-16 16:51:42 -05:00
}
setPolicyEkPcFw() {
2022-04-14 08:54:32 -04:00
docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update SupplyChainPolicy set enableEcValidation=1, enablePcAttributeValidation=1, enablePcValidation=1,
enableUtcValidation=0, enableFirmwareValidation=1, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=1, enableIgnoretBoot=0;"
2021-11-16 16:51:42 -05:00
}
# Clear all ACA DB items including policy
clearAcaDb() {
2022-04-14 09:09:49 -04:00
docker exec $aca_container mysql -u root -proot -e "use hirs_db; set foreign_key_checks=0; truncate Alert;truncate AlertBaselineIds;truncate
AppraisalResult;truncate Certificate;truncate Certificate_Certificate;truncate CertificatesUsedToValidate;truncate
ComponentInfo;truncate Device;truncate DeviceInfoReport;truncate IMADeviceState;truncate IMAMeasurementRecord;truncate
ImaBlacklistRecord;truncate ImaIgnoreSetRecord;truncate IntegrityReport;truncate IntegrityReports_Reports_Join;truncate
RepoPackage_IMABaselineRecord;truncate Report;truncate ReportMapper;truncate ReportRequestState;truncate ReportSummary;truncate
State;truncate SupplyChainValidation;truncate SupplyChainValidationSummary;truncate ReferenceManifest;truncate
ReferenceDigestRecord; truncate ReferenceDigestValue; truncate
SupplyChainValidationSummary_SupplyChainValidation;truncate TPM2ProvisionerState;truncate TPMBaselineRecords;truncate
TPMDeviceState;truncate TPMReport;truncate TPMReport_pcrValueList; set foreign_key_checks=1;"
}
# Upload Certs to the ACA DB
2021-11-16 16:51:42 -05:00
uploadTrustedCerts() {
2022-01-25 10:54:54 -05:00
pushd ../setup/certs > /dev/null
curl -k -s -F "file=@ca.crt" https://${HIRS_ACA_PORTAL_IP}:8443/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
curl -k -s -F "file=@RIMCaCert.pem" https://${HIRS_ACA_PORTAL_IP}:8443/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
curl -k -s -F "file=@RimSignCert.pem" https://${HIRS_ACA_PORTAL_IP}:8443/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
popd > /dev/null
2021-11-16 16:51:42 -05:00
}
# provision_tpm2 takes one parameter which is the expected result of the provion: "pass" or "fail"
# updates totalTests and failedTests counts
# provision_tpm2 <expected_results>
2022-01-26 12:08:29 -05:00
provisionTpm2() {
2021-11-16 16:51:42 -05:00
expected_result=$1
((totalTests++))
provisionOutput=$(docker exec $tpm2_container tpm_aca_provision);
echo "==========="
echo "$provisionOutput";
echo "===========";
if [[ $provisionOutput == *"failed"* ]]; then
if [[ $expected_result == "pass" ]]; then
((failedTests++))
echo "!!! Provisiong failed, but was expected to pass"
else
echo "Provisiong failed as expected."
fi
else # provisioning succeeded
if [[ $expected_result == "fail" ]]; then
((failedTests++))
echo "!!! Provisiong passed, but was expected to fail"
else
echo "Provisiong passed as expected."
fi
fi
}
# Places platform cert(s) held in the test folder(s) in the provisioners tcg folder
# setPlatCert <profile> <test>
setPlatformCerts() {
docker exec $tpm2_container sh /HIRS/.ci/system-tests/container/pc_setup.sh $1 $2
2022-01-12 10:26:52 -05:00
#docker exec $tpm2_container bash -c "find / -name oem_platform_v1_Base.cer"
}
2022-01-25 10:54:54 -05:00
# Places RIM files held in the test folder in the provisioners tcg folder
# setRims <profile> <test>
setRims() {
docker exec $tpm2_container sh /HIRS/.ci/system-tests/container/rim_setup.sh $1 $2 $3
2022-01-25 10:54:54 -05:00
#docker exec $tpm2_container bash -c "find / -name oem_platform_v1_Base.cer"
}
# Writes to the Action ouput, ACA log, and Provisioner Log
# Used for marking the start of system tests and noting the result
# write_to_logs <log statement>
2022-01-26 13:59:07 -05:00
writeToLogs() {
line=$1
echo $line;
docker exec $aca_container sh -c "echo '$line' >> /var/log/tomcat/HIRS_AttestationCA.log"
2022-01-25 10:54:54 -05:00
# docker exec $tpm2_container sh -c "echo '$line' >> /var/log/hirs/provisioner/HIRS_provisionerTPM2.log"
2022-01-21 11:26:23 -05:00
}