ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

adding unit/integration test

Browse Source
This commit is contained in:
iadgovuser58 2024-02-28 13:02:27 -05:00
parent 60dfb21c62
commit 5f799b73a5
1 changed files with 859 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

859
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/service/SupplyChainValidationServiceTest.java Normal file
View File

@ -0,0 +1,859 @@
package hirs.attestationca.persist.service;
import hirs.attestationca.persist.entity.manager.*;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.Device;
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidationSummary;
import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.validation.CredentialValidator;
//import hirs.data.persist.AppraisalStatus;
//import hirs.data.persist.DeviceInfoReport;
//import hirs.data.persist.SupplyChainValidation;
//import hirs.data.persist.certificate.CertificateAuthorityCredential;
//import hirs.data.persist.certificate.DeviceAssociatedCertificate;
//import hirs.validation.CredentialValidator;
//import hirs.validation.SupplyChainCredentialValidator;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.*;
import org.springframework.data.repository.CrudRepository;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.*;
//import static hirs.data.persist.AppraisalStatus.Status.FAIL;
//import static hirs.data.persist.AppraisalStatus.Status.PASS;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.ArgumentMatchers.any;
//import static org.mockito.Matchers.anyMapOf;
//import static org.mockito.Matchers.eq;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.atLeast;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
/**
* Tests for the {@see SupplyChainValidationService}.
*/
//@ExtendWith(MockitoExtension.class)
public class SupplyChainValidationServiceTest {
private static final String NUC1_EC = "/certificates/nuc-1/tpmcert.pem";
private static final String STM_ROOT_CA = "/certificates/stMicroCaCerts/stmtpmekroot.crt";
private static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
private static final String INTEL_CA = "/certificates/IntelSigningKey_20April2017.pem";
private static final String NUC_PC = "/certificates/platform_certs_2/Intel_pc.pem";
private static final String STM_TPM_EK_INTERMEDIATE_CA_02 =
"/certificates/STM TPM EK Intermediate CA.CER";
private static final String NUC_EC = "/certificates/nuc_ec.pem";
@Mock
private PolicyRepository policyRepository;
// @Mock
// private AppraiserManager appraiserManager;
// @Mock
// private CertificateRepository certificateRepository;
@Mock
private EndorsementCredentialRepository endorsementCredentialRepository;
@Mock
private PlatformCertificateRepository platformCertificateRepository;
@Mock
private CACredentialRepository caCredentialRepository;
@Mock
private ComponentResultRepository componentResultRepository;
//jamo
@Mock
private CredentialValidator supplyChainCredentialValidator;
@Mock
// private CrudManager<SupplyChainValidationSummary> supplyChainValidationSummaryDBManager;
private CrudRepository<SupplyChainValidationSummary, UUID>
supplyChainValidationSummaryCrudManager;
@Mock
// private ReferenceDigestManager referenceDigestManager;
private ReferenceDigestValueRepository referenceDigestValueRepository;
// @Mock
// private ReferenceEventManager referenceEventManager;
@InjectMocks
// private SupplyChainValidationServiceImpl service;
private SupplyChainValidationService service;
// mocked
// private SupplyChainPolicy policy;
private PolicySettings policy;
private PlatformCredential pc;
private PlatformCredential delta;
private EndorsementCredential ec;
// private HashSet<PlatformCredential> pcs;
private List<PlatformCredential> pcs;
private Device device;
/**
* Sets up the mocks.
*
@throws IOException won't actually throw, the method is being mocked instead of actually
* called
*/
@BeforeEach
public void beforeClass() throws IOException {
MockitoAnnotations.initMocks(this);
device = mock(Device.class);
// supplyChainCredentialValidator = mock(CredentialValidator.class);
// MockedStatic<CredentialValidator> supplyChainCredentialValidator = Mockito.mockStatic(CredentialValidator.class);
// SupplyChainAppraiser appraiser = mock(SupplyChainAppraiser.class);
// policy = mock(SupplyChainPolicy.class);
policy = mock(PolicySettings.class);
// when(appraiserManager.getAppraiser(SupplyChainAppraiser.NAME)).thenReturn(appraiser);
// when(policyManager.getDefaultPolicy(appraiser)).thenReturn(policy);
when(policyRepository.findByName("Default")).thenReturn(policy);
// mock endorsement credential
ec = mock(EndorsementCredential.class);
when(ec.getEncodedPublicKey()).thenReturn(new byte[] {0x0});
when(ec.getIssuerSorted()).thenReturn("STMicroelectronics NV");
List<EndorsementCredential> resultEcs = new LinkedList<>();
resultEcs.add(ec);
// mock platform credential
X509Certificate cert = mock(X509Certificate.class);
pc = mock(PlatformCredential.class);
when(pc.getId()).thenReturn(UUID.randomUUID());
when(pc.getX509Certificate()).thenReturn(cert);
when(pc.getSerialNumber()).thenReturn(BigInteger.ONE);
when(pc.getPlatformSerial()).thenReturn(String.valueOf(Integer.MIN_VALUE));
when(pc.getIssuerSorted()).thenReturn("STMicroelectronics NV");
// when(pc.isBase()).thenReturn(true);
when(pc.getBeginValidity()).thenReturn(new Date(System.currentTimeMillis()));
when(pc.getSubjectSorted()).thenReturn("STMicroelectronics NV");
// pcs = new HashSet<>();
pcs = new LinkedList<>();
pcs.add(pc);
//Mock delta platform credential
X509Certificate deltaCert = mock(X509Certificate.class);
delta = mock(PlatformCredential.class);
when(delta.getId()).thenReturn(UUID.randomUUID());
when(delta.getX509Certificate()).thenReturn(deltaCert);
when(delta.getSerialNumber()).thenReturn(BigInteger.valueOf(2));
when(delta.getPlatformSerial()).thenReturn(String.valueOf(Integer.MIN_VALUE));
when(delta.getIssuerSorted()).thenReturn("STMicroelectronics NV");
// when(delta.isBase()).thenReturn(false);
when(delta.getBeginValidity()).thenReturn(new Date(System.currentTimeMillis() + 1));
when(delta.getSubjectSorted()).thenReturn("STMicroelectronics NV Delta");
pcs.add(delta);
List<PlatformCredential> resultPcs = new LinkedList<>();
resultPcs.add(pc);
resultPcs.add(delta);
// mock credential retrieval
// when(certificateManager.get(any(EndorsementCredential.Selector.class)))
// .thenReturn(resultEcs);
// when(certificateManager.get(any(PlatformCredential.Selector.class)))
// .thenReturn(resultPcs);
// when(certificateManager.get(any(CertificateAuthorityCredential.Selector.class)))
// .thenReturn(Collections.emptySet());
when(endorsementCredentialRepository.findAll())
.thenReturn(resultEcs);
when(platformCertificateRepository.findAll())
.thenReturn(resultPcs);
when(caCredentialRepository.findAll())
.thenReturn(Collections.emptyList());
// .thenReturn((List<CertificateAuthorityCredential>) Collections.emptySet());
}
/**
* Remove test certificates and close the session factory.
*/
@AfterEach
public void teardown() {
// DBCertificateManager certMan = new DBCertificateManager(sessionFactory);
// DBDeviceManager deviceMan = new DBDeviceManager(sessionFactory);
// DBDeviceGroupManager groupMan = new DBDeviceGroupManager(sessionFactory);
//
// certMan.deleteAll();
// deviceMan.deleteAll();
// groupMan.deleteAll();
endorsementCredentialRepository.deleteAll();
platformCertificateRepository.deleteAll();
caCredentialRepository.deleteAll();
}
/**
* All validations enabled, all pass.
*/
@Test
public final void testFullSuccessfulValidation() {
when(policy.isEcValidationEnabled()).thenReturn(true);
when(policy.isPcValidationEnabled()).thenReturn(true);
when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//jamo
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// 0 any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
//
assertEquals(PASS, service.validateSupplyChain(ec, pcs,
device).getOverallValidationResult());
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
verify(endorsementCredentialRepository).save(any(EndorsementCredential.class));
// // verify the certs were updated with the test device object and saved in the cert man
// ArgumentCaptor<DeviceAssociatedCertificate> certificatesCaptor
// = ArgumentCaptor.forClass(DeviceAssociatedCertificate.class);
// verify(certificateManager, times(3)).update(certificatesCaptor.capture());
//
// List<DeviceAssociatedCertificate> certificateArgs = certificatesCaptor.getAllValues();
// for (DeviceAssociatedCertificate certArg : certificateArgs) {
// verify(certArg, atLeast(1)).setDevice(device);
// }
}
//
// /**
// * All validations enabled, fail EC.
// */
// @Test
// public final void testFailEcValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// when(policy.isPcValidationEnabled()).thenReturn(true);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
// when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), any(Boolean.class));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
//
// Assert.assertEquals(service.validateSupplyChain(ec, pcs,
// device).getOverallValidationResult(), FAIL);
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
// }
//
// /**
// * All validations enabled, fail Pc Cert.
// */
// @Test
// public final void testFailPcValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// when(policy.isPcValidationEnabled()).thenReturn(true);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
// when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), any(Boolean.class));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
// Assert.assertEquals(service.validateSupplyChain(ec, pcs,
// device).getOverallValidationResult(), FAIL);
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
// }
//
// /**
// * All validations enabled, Pc Attrib. fails.
// */
// @Test
// public final void testFailPcAttributeValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// when(policy.isPcValidationEnabled()).thenReturn(true);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
// when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
//
// Assert.assertEquals(service.validateSupplyChain(ec, pcs,
// device).getOverallValidationResult(), FAIL);
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
// }
//
// /**
// * Ec not enabled, all others pass.
// */
// @Test
// public final void testNoEcValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(false);
// when(policy.isPcValidationEnabled()).thenReturn(true);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
// when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
//
// Assert.assertEquals(service.validateSupplyChain(ec, pcs,
// device).getOverallValidationResult(), PASS);
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
// }
//
// /**
// * Pc cert not enabled, all others pass.
// */
// @Test
// public final void testNoPcValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// when(policy.isPcValidationEnabled()).thenReturn(false);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
// when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
//
// Assert.assertEquals(service.validateSupplyChain(ec, pcs,
// device).getOverallValidationResult(), FAIL);
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
// }
//
// /**
// * Pc attrib not enabled, all others pass.
// */
// @Test
// public final void testNoPcAttributeValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// when(policy.isPcValidationEnabled()).thenReturn(true);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(false);
// when(policy.isExpiredCertificateValidationEnabled()).thenReturn(true);
//
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator).
// validateEndorsementCredential(eq(ec), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(pc), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(PASS, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredential(eq(delta), any(KeyStore.class), eq(true));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validatePlatformCredentialAttributes(eq(pc), any(DeviceInfoReport.class),
// any(EndorsementCredential.class));
// doReturn(new AppraisalStatus(FAIL, "")).when(supplyChainCredentialValidator)
// .validateDeltaPlatformCredentialAttributes(eq(delta), any(DeviceInfoReport.class),
// eq(pc), anyMapOf(PlatformCredential.class, SupplyChainValidation.class));
//
// Assert.assertEquals(service.validateSupplyChain(ec, pcs,
// device).getOverallValidationResult(), PASS);
// verify(supplyChainValidationSummaryDBManager).save(any(SupplyChainValidationSummary.class));
// }
//
//
//
// /**
// * All enabled, EC is null.
// */
// @Test
// public final void testNullEcValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// Assert.assertEquals(service.validateSupplyChain(null, pcs,
// device).getOverallValidationResult(), FAIL);
// }
//
// /**
// * All enabled, PC is null. Then PC set is empty.
// */
// @Test
// public final void testNullPcValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(false);
// when(policy.isPcValidationEnabled()).thenReturn(true);
// Assert.assertEquals(service.validateSupplyChain(ec, null,
// device).getOverallValidationResult(), FAIL);
// final HashSet<PlatformCredential> emptySet = new HashSet<>();
// Assert.assertEquals(service.validateSupplyChain(ec, emptySet,
// device).getOverallValidationResult(), FAIL);
// }
//
// /**
// * All enabled, PC is null. Then PC set is empty.
// */
// @Test
// public final void testNullPcAttributeValidation() {
// when(policy.isEcValidationEnabled()).thenReturn(false);
// when(policy.isPcValidationEnabled()).thenReturn(false);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(true);
// Assert.assertEquals(service.validateSupplyChain(ec, null,
// device).getOverallValidationResult(), FAIL);
// final HashSet<PlatformCredential> emptySet = new HashSet<>();
// Assert.assertEquals(service.validateSupplyChain(ec, emptySet,
// device).getOverallValidationResult(), FAIL);
// }
//
// /**
// * Puts an EC, STM CA, and GS CA in the DB, attempts to retrieve the CAs from the EC.
// * @throws URISyntaxException failed to parse certificate file location.
// * @throws IOException couldn't create certificates from file.
// * @throws KeyStoreException was unable to retrieve keystore.
// */
// @Test
// public final void testGetCaChain() throws URISyntaxException, IOException, KeyStoreException {
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
//
// // the main service in this class only uses mocked managers, we need a real DB certificate
// // manager for this test, so we make a second service.
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// supplyChainCredentialValidator,
// referenceDigestManager,
// referenceEventManager
// );
//
// CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// GS_ROOT_CA).toURI())));
//
// CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// STM_ROOT_CA).toURI()))
// );
//
// EndorsementCredential endorsementCredential = new EndorsementCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// NUC1_EC).toURI())));
//
// realCertMan.save(endorsementCredential);
// realCertMan.save(rootCa);
// realCertMan.save(globalSignCaCert);
//
// KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
//
// String stmCaAlias = rootCa.getId().toString();
// String gsCaAlias = globalSignCaCert.getId().toString();
//
// // cyrus-dev note: these were changed to fail so the unit test
// // passes. #308 changes how the CAs are looked up and these
// // tests certificates don't match up with SKI or AKI
// // and the issuer O= matches but the #308 changes make it
// // so that the entire string matches because O= is not
// // a required field.
// Assert.assertEquals(ks.size(), 0);
// Assert.assertNull(ks.getCertificate(stmCaAlias));
// Assert.assertNull(ks.getCertificate(gsCaAlias));
//
// realCertMan.delete(endorsementCredential);
// realCertMan.delete(rootCa);
// realCertMan.delete(globalSignCaCert);
// }
//
// /**
// * Puts an EC, and STM CA in the DB, attempts to retrieve the CAs from the EC. The STM CA
// * points to a GS CA that is not present.
// * @throws URISyntaxException failed to parse certificate file location.
// * @throws IOException couldn't create certificates from file.
// * @throws KeyStoreException was unable to retrieve keystore.
// */
// @Test
// public final void testGetNotFullCaChain() throws URISyntaxException, IOException,
// KeyStoreException {
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
//
// // the main service in this class only uses mocked managers, we need a real DB certificate
// // manager for this test, so we make a second service.
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// supplyChainCredentialValidator,
// referenceDigestManager,
// referenceEventManager
// );
//
// CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// STM_ROOT_CA).toURI()))
// );
//
// EndorsementCredential endorsementCredential = new EndorsementCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// NUC1_EC).toURI())));
//
// realCertMan.save(endorsementCredential);
// realCertMan.save(rootCa);
//
// KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
//
// String stmCaAlias = rootCa.getId().toString();
//
// // see cyrus-dev note above
// Assert.assertNull(ks.getCertificate(stmCaAlias));
// Assert.assertEquals(ks.size(), 0);
//
// realCertMan.delete(endorsementCredential);
// realCertMan.delete(rootCa);
// }
//
// /**
// * Puts an EC in the DB, attempts to retrieve the CA from the EC.
// * @throws URISyntaxException failed to parse certificate file location.
// * @throws IOException couldn't create certificates from file.
// * @throws KeyStoreException was unable to retrieve keystore.
// */
// @Test
// public final void testGetEmptyCaChain() throws URISyntaxException, IOException,
// KeyStoreException {
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
//
// // the main service in this class only uses mocked managers, we need a real DB certificate
// // manager for this test, so we make a second service.
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// supplyChainCredentialValidator,
// referenceDigestManager,
// referenceEventManager
// );
//
// EndorsementCredential endorsementCredential = new EndorsementCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// NUC1_EC).toURI())));
//
// realCertMan.save(endorsementCredential);
//
// KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
//
// Assert.assertEquals(ks.size(), 0);
//
// realCertMan.delete(endorsementCredential);
// }
//
// /**
// * Puts an EC, STM CA, GS CA, and an Intel CA in the DB, attempts to retrieve the CAs
// * from the EC.
// * @throws URISyntaxException failed to parse certificate file location.
// * @throws IOException couldn't create certificates from file.
// * @throws KeyStoreException was unable to retrieve keystore.
// */
// @Test
// public final void testGetCaChainWithExtraCerts() throws URISyntaxException, IOException,
// KeyStoreException {
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
//
// // the main service in this class only uses mocked managers, we need a real DB certificate
// // manager for this test, so we make a second service.
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// supplyChainCredentialValidator,
// referenceDigestManager,
// referenceEventManager
// );
//
// CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// GS_ROOT_CA).toURI())));
//
// CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// STM_ROOT_CA).toURI()))
// );
//
// CertificateAuthorityCredential intelCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// INTEL_CA).toURI()))
// );
//
// EndorsementCredential endorsementCredential = new EndorsementCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// NUC1_EC).toURI())));
//
// realCertMan.save(endorsementCredential);
// realCertMan.save(rootCa);
// realCertMan.save(globalSignCaCert);
// realCertMan.save(intelCa);
//
// KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
//
// String stmCaAlias = rootCa.getId().toString();
// String gsCaAlias = globalSignCaCert.getId().toString();
//
// // See cyrus-dev note above
// Assert.assertNull(ks.getCertificate(stmCaAlias));
// Assert.assertNull(ks.getCertificate(gsCaAlias));
// Assert.assertEquals(ks.size(), 0);
//
// realCertMan.delete(endorsementCredential);
// realCertMan.delete(rootCa);
// realCertMan.delete(globalSignCaCert);
// realCertMan.delete(intelCa);
// }
//
// /**
// * Puts an Intel PC and Intel CA in the DB, attempts to retrieve the CA from the PC.
// * @throws URISyntaxException failed to parse certificate file location.
// * @throws IOException couldn't create certificates from file.
// * @throws KeyStoreException was unable to retrieve keystore.
// */
// @Test
// public final void testGetPcCaChain() throws URISyntaxException, IOException, KeyStoreException {
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
//
// // the main service in this class only uses mocked managers, we need a real DB certificate
// // manager for this test, so we make a second service.
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// supplyChainCredentialValidator,
// referenceDigestManager,
// referenceEventManager
// );
//
// CertificateAuthorityCredential intelCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// INTEL_CA).toURI()))
// );
//
// PlatformCredential platformCredential = new PlatformCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// NUC_PC).toURI())));
//
// realCertMan.save(platformCredential);
// realCertMan.save(intelCa);
//
// KeyStore ks = mostlyMockedService.getCaChain(platformCredential);
//
// String intelCaAlias = intelCa.getId().toString();
//
// Assert.assertNotNull(ks.getCertificate(intelCaAlias));
// Assert.assertEquals(ks.size(), 1);
//
// realCertMan.delete(platformCredential);
// realCertMan.delete(intelCa);
// }
//
// /**
// * Puts an Intel PC, STM CA, and GS CA in the DB, attempts to retrieve the CAs from the PC. None
// * should match.
// * @throws URISyntaxException failed to parse certificate file location.
// * @throws IOException couldn't create certificates from file.
// * @throws KeyStoreException was unable to retrieve keystore.
// */
// @Test
// public final void testGetPcCaChainNoMatches() throws URISyntaxException, IOException,
// KeyStoreException {
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
//
// // the main service in this class only uses mocked managers, we need a real DB certificate
// // manager for this test, so we make a second service.
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// supplyChainCredentialValidator,
// referenceDigestManager,
// referenceEventManager
// );
//
// CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// GS_ROOT_CA).toURI())));
//
// CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// STM_ROOT_CA).toURI()))
// );
//
// PlatformCredential platformCredential = new PlatformCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// NUC_PC).toURI())));
//
// realCertMan.save(platformCredential);
// realCertMan.save(rootCa);
// realCertMan.save(globalSignCaCert);
//
// KeyStore ks = mostlyMockedService.getCaChain(platformCredential);
//
// Assert.assertEquals(ks.size(), 0);
//
// realCertMan.delete(platformCredential);
// realCertMan.delete(rootCa);
// realCertMan.delete(globalSignCaCert);
// }
//
// /**
// * Puts an STM intermediate CA, STM 'root' CA, and GlobalSign root CA into the in-memory
// * database, and then runs supply chain validation on a given endorsement credential.
// *
// * @throws URISyntaxException if building the path to a certificate resource fails
// * @throws IOException if there is a problem deserializing a certificate
// */
// @Test
// public void testVerifyEcAgainstCaChain() throws URISyntaxException, IOException {
// when(policy.isEcValidationEnabled()).thenReturn(true);
// when(policy.isPcValidationEnabled()).thenReturn(false);
// when(policy.isPcAttributeValidationEnabled()).thenReturn(false);
//
// CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
// Device storedDevice = getStoredTestDevice();
//
// SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
// policyManager,
// appraiserManager,
// realCertMan,
// componentResultManager,
// null,
// supplyChainValidationSummaryDBManager,
// new SupplyChainCredentialValidator(),
// referenceDigestManager,
// referenceEventManager
// );
//
// CertificateAuthorityCredential stmEkRootCa = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// STM_ROOT_CA).toURI())));
//
// CertificateAuthorityCredential stmTpmEkIntermediateCA = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// STM_TPM_EK_INTERMEDIATE_CA_02).toURI())));
//
// CertificateAuthorityCredential globalSignTpmRoot = new CertificateAuthorityCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(
// GS_ROOT_CA).toURI()))
// );
//
// realCertMan.save(stmTpmEkIntermediateCA);
// realCertMan.save(globalSignTpmRoot);
// realCertMan.save(stmEkRootCa);
//
// EndorsementCredential nucEc = new EndorsementCredential(
// Files.readAllBytes(Paths.get(getClass().getResource(NUC_EC).toURI()))
// );
//
// realCertMan.save(nucEc);
//
// SupplyChainValidationSummary summary = mostlyMockedService.validateSupplyChain(
// nucEc, Collections.emptySet(), storedDevice
// );
//
// Assert.assertEquals(summary.getOverallValidationResult(), PASS);
// for (SupplyChainValidation validation : summary.getValidations()) {
// Assert.assertEquals(
// validation.getValidationType(),
// SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL
// );
// }
//
// // verify the EC was updated with the test device object and saved in the cert man
// EndorsementCredential updatedStoredEc =
// EndorsementCredential.select(realCertMan).bySerialNumber(nucEc.getSerialNumber())
// .getCertificate();
//
// Assert.assertEquals(updatedStoredEc.getDevice().getId(), storedDevice.getId());
//
// realCertMan.delete(stmTpmEkIntermediateCA);
// realCertMan.delete(globalSignTpmRoot);
// realCertMan.delete(stmEkRootCa);
// realCertMan.delete(nucEc);
// }
//
// private Device getStoredTestDevice() {
// DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
// DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
//
// DeviceGroup testGroup = new DeviceGroup("group1");
// Device testDevice = new Device("SCVSI-test");
//
// testDevice.setDeviceGroup(deviceGroupManager.saveDeviceGroup(testGroup));
// return deviceManager.saveDevice(testDevice);
// }
}