Merge pull request #720 from nsacyber/v3_issue_680-unittest

Migrated 1 unit test from master Utils to main HIRS_AttestationCA
This commit is contained in:
D2B8CA1B27286366A8607B6858C0565962613D18D0546480078B520CD7AD705A 2024-02-28 08:55:36 -05:00 committed by GitHub
commit 60dfb21c62
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
30 changed files with 847 additions and 514 deletions

View File

@ -20,7 +20,11 @@ import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.*; import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.springframework.test.util.ReflectionTestUtils; import org.springframework.test.util.ReflectionTestUtils;
import javax.crypto.Cipher; import javax.crypto.Cipher;
@ -37,7 +41,14 @@ import java.nio.charset.StandardCharsets;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.*; import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.security.spec.MGF1ParameterSpec; import java.security.spec.MGF1ParameterSpec;
@ -46,9 +57,14 @@ import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Objects; import java.util.Objects;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.mockito.Mockito.*; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
/** /**
* Test suite for {@link AttestationCertificateAuthority}. * Test suite for {@link AttestationCertificateAuthority}.
@ -64,11 +80,28 @@ public class AttestationCertificateAuthorityTest {
*/ */
@Nested @Nested
public class AccessAbstractProcessor extends AbstractProcessor { public class AccessAbstractProcessor extends AbstractProcessor {
/**
* Constructor.
*
* @param privateKey the private key of the ACA
* @param validDays int for the time in which a certificate is valid.
*/
public AccessAbstractProcessor(final PrivateKey privateKey, public AccessAbstractProcessor(final PrivateKey privateKey,
final int validDays) { final int validDays) {
super(privateKey, validDays); super(privateKey, validDays);
} }
/**
* Public wrapper for the protected function generateCredential(), to access for testing.
*
* @param publicKey cannot be null
* @param endorsementCredential the endorsement credential
* @param platformCredentials the set of platform credentials
* @param deviceName The host name used in the subject alternative name
* @param acaCertificate the aca certificate
* @return the generated X509 certificate
*/
public X509Certificate accessGenerateCredential(final PublicKey publicKey, public X509Certificate accessGenerateCredential(final PublicKey publicKey,
final EndorsementCredential endorsementCredential, final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials, final List<PlatformCredential> platformCredentials,
@ -90,6 +123,11 @@ public class AttestationCertificateAuthorityTest {
// test key pair // test key pair
private KeyPair keyPair; private KeyPair keyPair;
// length of IV used in PKI
private static final int ENCRYPTION_IV_LEN = 16;
// length of secret key used in PKI
private static final int SECRETKEY_LEN = 128;
private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub"; private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub";
private static final String AK_PUBLIC_PATH = "/tpm2/ak.pub"; private static final String AK_PUBLIC_PATH = "/tpm2/ak.pub";
private static final String AK_NAME_PATH = "/tpm2/ak.name"; private static final String AK_NAME_PATH = "/tpm2/ak.name";
@ -216,7 +254,8 @@ public class AttestationCertificateAuthorityTest {
byte[] encrypted = encryptBlob(expected, encryptionScheme.toString()); byte[] encrypted = encryptBlob(expected, encryptionScheme.toString());
// perform the decryption and assert that the decrypted bytes equal the expected bytes // perform the decryption and assert that the decrypted bytes equal the expected bytes
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(encrypted, encryptionScheme, keyPair.getPrivate())); assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(
encrypted, encryptionScheme, keyPair.getPrivate()));
} }
/** /**
@ -235,10 +274,10 @@ public class AttestationCertificateAuthorityTest {
// create a key generator to generate a "shared" secret // create a key generator to generate a "shared" secret
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128); keyGenerator.init(SECRETKEY_LEN);
// use some random bytes as the IV to encrypt and subsequently decrypt with // use some random bytes as the IV to encrypt and subsequently decrypt with
byte[] randomBytes = new byte[16]; byte[] randomBytes = new byte[ENCRYPTION_IV_LEN];
// generate the random bytes // generate the random bytes
SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
@ -271,6 +310,9 @@ public class AttestationCertificateAuthorityTest {
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length); assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
} }
private void assertTrue(final boolean b) {
}
/** /**
* Tests {@link ProvisionUtils#generateAsymmetricContents( * Tests {@link ProvisionUtils#generateAsymmetricContents(
* byte[], byte[], PublicKey)}. * byte[], byte[], PublicKey)}.
@ -284,7 +326,7 @@ public class AttestationCertificateAuthorityTest {
byte[] identityProofEncoded = new byte[]{0, 0, 1, 1}; byte[] identityProofEncoded = new byte[]{0, 0, 1, 1};
// generate a random session key to be used for encryption and decryption // generate a random session key to be used for encryption and decryption
byte[] sessionKey = new byte[16]; byte[] sessionKey = new byte[ENCRYPTION_IV_LEN];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.nextBytes(sessionKey); random.nextBytes(sessionKey);
@ -325,7 +367,7 @@ public class AttestationCertificateAuthorityTest {
// create a key generator to generate a secret key // create a key generator to generate a secret key
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128); keyGenerator.init(SECRETKEY_LEN);
// obtain the key from the generator // obtain the key from the generator
byte[] secretKey = keyGenerator.generateKey().getEncoded(); byte[] secretKey = keyGenerator.generateKey().getEncoded();
@ -356,7 +398,7 @@ public class AttestationCertificateAuthorityTest {
assertTrue(attestation.getCredential().length == attestation.getCredentialSize()); assertTrue(attestation.getCredential().length == attestation.getCredentialSize());
// create containers for the 2 parts of the credential // create containers for the 2 parts of the credential
byte[] iv = new byte[16]; byte[] iv = new byte[ENCRYPTION_IV_LEN];
byte[] credential = new byte[attestation.getCredential().length - iv.length]; byte[] credential = new byte[attestation.getCredential().length - iv.length];
// siphon off the first 16 bytes for the IV // siphon off the first 16 bytes for the IV
@ -623,7 +665,7 @@ public class AttestationCertificateAuthorityTest {
* @return encrypted blob * @return encrypted blob
* @throws Exception during the encryption process * @throws Exception during the encryption process
*/ */
private byte[] encryptBlob(byte[] blob, String transformation) throws Exception { private byte[] encryptBlob(final byte[] blob, final String transformation) throws Exception {
// initialize a cipher using the specified transformation // initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(transformation); Cipher cipher = Cipher.getInstance(transformation);
@ -645,8 +687,8 @@ public class AttestationCertificateAuthorityTest {
* @return encrypted blob * @return encrypted blob
* @throws Exception * @throws Exception
*/ */
private byte[] encryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation) private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
throws Exception { final String transformation) throws Exception {
// initialize a cipher using the specified transformation // initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(transformation); Cipher cipher = Cipher.getInstance(transformation);
@ -670,7 +712,7 @@ public class AttestationCertificateAuthorityTest {
* @return decrypted blob * @return decrypted blob
* @throws Exception * @throws Exception
*/ */
private byte[] decryptBlob(byte[] blob) throws Exception { private byte[] decryptBlob(final byte[] blob) throws Exception {
// initialize a cipher using the specified transformation // initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(EncryptionScheme.OAEP.toString()); Cipher cipher = Cipher.getInstance(EncryptionScheme.OAEP.toString());
@ -695,12 +737,12 @@ public class AttestationCertificateAuthorityTest {
* @return decrypted blob * @return decrypted blob
* @throws Exception * @throws Exception
*/ */
private byte[] decryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation) private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
throws Exception { final String transformation) throws Exception {
// initialize a cipher using the specified transformation // initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(transformation); Cipher cipher = Cipher.getInstance(transformation);
// generate a secret key specification using the key and AES. // generate a secret key specification using the key and AES
SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
// create IV parameter for key specification // create IV parameter for key specification
@ -712,5 +754,4 @@ public class AttestationCertificateAuthorityTest {
// return the cipher text // return the cipher text
return cipher.doFinal(blob); return cipher.doFinal(blob);
} }
} }

View File

@ -1,12 +1,14 @@
package hirs.attestationca.persist.entity; package hirs.attestationca.persist.entity;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.io.IOException; import static org.junit.jupiter.api.Assertions.assertEquals;
import java.security.cert.CertificateException; import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.*;
/** /**
* Unit tests for the class <code>Appraiser</code>. * Unit tests for the class <code>Appraiser</code>.
@ -160,5 +162,4 @@ public final class AppraiserTest {
assertNotEquals(appraiser1.hashCode(), appraiser2.hashCode()); assertNotEquals(appraiser1.hashCode(), appraiser2.hashCode());
assertNotEquals(appraiser2.hashCode(), appraiser1.hashCode()); assertNotEquals(appraiser2.hashCode(), appraiser1.hashCode());
} }
} }

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity;

View File

@ -87,13 +87,16 @@ public class TPM2ProvisionerStateTest {
/** /**
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])} works. * Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned. * TPM2ProvisionerStateRepository, byte[])} works.
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
* @throws IOException this will never happen * @throws IOException this will never happen
*/ */
@Test @Test
public final void testGetTPM2ProvisionerStateNominal() throws IOException { public final void testGetTPM2ProvisionerStateNominal() throws IOException {
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class); TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
mock(TPM2ProvisionerStateRepository.class);
byte[] nonce = new byte[32]; byte[] nonce = new byte[32];
byte[] identityClaim = new byte[360]; byte[] identityClaim = new byte[360];
random.nextBytes(nonce); random.nextBytes(nonce);
@ -112,12 +115,14 @@ public class TPM2ProvisionerStateTest {
/** /**
* Test that if a null is passed as a nonce to * Test that if a null is passed as a nonce to
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned. * {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
* @throws IOException this will never happen * @throws IOException this will never happen
*/ */
@Test @Test
public final void testGetTPM2ProvisionerStateNullNonce() throws IOException { public final void testGetTPM2ProvisionerStateNullNonce() throws IOException {
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class); TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
mock(TPM2ProvisionerStateRepository.class);
byte[] nonce = new byte[32]; byte[] nonce = new byte[32];
byte[] identityClaim = new byte[360]; byte[] identityClaim = new byte[360];
random.nextBytes(nonce); random.nextBytes(nonce);
@ -133,12 +138,14 @@ public class TPM2ProvisionerStateTest {
/** /**
* Test that if a nonce that is less than 8 bytes is passed to * Test that if a nonce that is less than 8 bytes is passed to
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned. * {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
* @throws IOException this will never happen * @throws IOException this will never happen
*/ */
@Test @Test
public final void testGetTPM2ProvisionerStateNonceTooSmall() throws IOException { public final void testGetTPM2ProvisionerStateNonceTooSmall() throws IOException {
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class); TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
mock(TPM2ProvisionerStateRepository.class);
byte[] nonce = new byte[32]; byte[] nonce = new byte[32];
byte[] identityClaim = new byte[360]; byte[] identityClaim = new byte[360];
random.nextBytes(nonce); random.nextBytes(nonce);

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.tpm;

View File

@ -0,0 +1,313 @@
package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
import hirs.attestationca.persist.enums.AppraisalStatus;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
/**
* Class with definitions and functions common to multiple Userdefined Entity object tests.
*
*/
public class AbstractUserdefinedEntityTest {
/**
* Location of a test (fake) SGI intermediate CA certificate.
*/
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
/**
* Location of a test (fake) Intel intermediate CA certificate.
*/
public static final String FAKE_INTEL_INT_CA_FILE =
"/certificates/fakeIntelIntermediateCA.cer";
/**
* Location of a test (fake) root CA certificate.
*/
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
/**
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
*/
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
/**
* Location of a test identity certificate.
*/
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
/**
* Location of a test platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_1 =
"/validation/platform_credentials/Intel_pc1.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_2 =
"/validation/platform_credentials/Intel_pc2.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_3 =
"/validation/platform_credentials/Intel_pc3.cer";
/**
* Platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_4 =
"/validation/platform_credentials/Intel_pc4.pem";
/**
* Another platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_5 =
"/validation/platform_credentials/Intel_pc5.pem";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_6 =
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
/**
* Dummy message for supply chain validation test.
*/
public static final String VALIDATION_MESSAGE = "Some message.";
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename)
throws IOException {
return getTestCertificate(certificateClass, filename, null, null);
}
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @param endorsementCredential the endorsement credentials (can be null)
* @param platformCredentials the platform credentials (can be null)
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials)
throws IOException {
Path certPath;
try {
certPath = Paths.get(Objects.requireNonNull(
AbstractUserdefinedEntityTest.class.getResource(filename)).toURI());
// certPath = Paths.get(Objects.requireNonNull(
// CertificateTest.class.getResource(filename)).toURI());
} catch (URISyntaxException e) {
throw new IOException("Could not resolve path URI", e);
}
switch (certificateClass.getSimpleName()) {
case "CertificateAuthorityCredential":
return new CertificateAuthorityCredential(certPath);
case "ConformanceCredential":
return new ConformanceCredential(certPath);
case "EndorsementCredential":
return new EndorsementCredential(certPath);
case "PlatformCredential":
return new PlatformCredential(certPath);
case "IssuedAttestationCertificate":
return new IssuedAttestationCertificate(certPath,
endorsementCredential, platformCredentials);
default:
throw new IllegalArgumentException(
String.format("Unknown certificate class %s", certificateClass.getName())
);
}
}
/**
* Return a list of all test certificates.
*
* @return a list of all test certificates
* @throws IOException if there is a problem deserializing certificates
*/
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
return Arrays.asList(
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
);
}
/**
* Creates a DeviceInfoReport instance usable for testing.
*
* @return a test DeviceInfoReport
*/
public static DeviceInfoReport getTestDeviceInfoReport() {
return new DeviceInfoReport(
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
createTestHardwareInfo(), createTPMInfo()
);
}
/**
* Creates a test instance of NetworkInfo.
*
* @return network information for a fake device
*/
public static NetworkInfo createTestNetworkInfo() {
try {
final String hostname = "test.hostname";
final InetAddress ipAddress =
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
return new NetworkInfo(hostname, ipAddress, macAddress);
} catch (UnknownHostException e) {
LOGGER.error("error occurred while creating InetAddress");
return null;
}
}
/**
* Creates a test instance of OSInfo.
*
* @return OS information for a fake device
*/
public static OSInfo createTestOSInfo() {
return new OSInfo("test os name", "test os version", "test os arch",
"test distribution", "test distribution release");
}
/**
* Creates a test instance of FirmwareInfo.
*
* @return Firmware information for a fake device
*/
public static FirmwareInfo createTestFirmwareInfo() {
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
}
/**
* Creates a test instance of HardwareInfo.
*
* @return Hardware information for a fake device
*/
public static HardwareInfo createTestHardwareInfo() {
return new HardwareInfo("test manufacturer", "test product name", "test version",
"test really long serial number with many characters", "test really long chassis "
+ "serial number with many characters",
"test really long baseboard serial number with many characters");
}
/**
* Creates a test instance of TPMInfo.
*
* @return TPM information for a fake device
*/
public static final TPMInfo createTPMInfo() {
final short num1 = 1;
final short num2 = 2;
final short num3 = 3;
final short num4 = 4;
return new TPMInfo("test os make", num1, num2, num3, num4,
getTestIdentityCertificate());
}
/**
* Creates a test identity certificate.
*
* @return the test X509 certificate
*/
public static X509Certificate getTestIdentityCertificate() {
X509Certificate certificateValue = null;
InputStream istream = null;
istream = AbstractUserdefinedEntityTest.class.getResourceAsStream(
TEST_IDENTITY_CERT
);
try {
if (istream == null) {
throw new FileNotFoundException(TEST_IDENTITY_CERT);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
certificateValue = (X509Certificate) cf.generateCertificate(
istream);
} catch (Exception e) {
return null;
} finally {
if (istream != null) {
try {
istream.close();
} catch (IOException e) {
LOGGER.error("test certificate file could not be closed");
}
}
}
return certificateValue;
}
/**
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
*
* @param type the type of validation
* @param result the appraisal result
* @param certificates the certificates related to this validation
* @return the resulting SupplyChainValidation object
*/
public static SupplyChainValidation getTestSupplyChainValidation(
final SupplyChainValidation.ValidationType type,
final AppraisalStatus.Status result,
final List<ArchivableEntity> certificates) {
return new SupplyChainValidation(
type,
result,
certificates,
VALIDATION_MESSAGE
);
}
}

View File

@ -1,6 +1,11 @@
package hirs.attestationca.persist.entity.userdefined; package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.junit.jupiter.api.Test;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
@ -14,12 +19,8 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Arrays; import java.util.Arrays;
import java.util.List;
import java.util.Objects; import java.util.Objects;
import hirs.attestationca.persist.entity.userdefined.certificate.*;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertTrue;
@ -29,17 +30,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
/** /**
* This class tests functionality of the {@link Certificate} class. * This class tests functionality of the {@link Certificate} class.
*/ */
public class CertificateTest { public class CertificateTest extends AbstractUserdefinedEntityTest {
/**
* Location of a test (fake) root CA certificate.
*/
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
/**
* Location of a test (fake) Intel intermediate CA certificate.
*/
public static final String FAKE_INTEL_INT_CA_FILE =
"/certificates/fakeIntelIntermediateCA.cer";
/** /**
* Location of a test (fake) Intel intermediate CA certificate. * Location of a test (fake) Intel intermediate CA certificate.
@ -47,11 +38,6 @@ public class CertificateTest {
public static final String INTEL_INT_CA_FILE = public static final String INTEL_INT_CA_FILE =
"/validation/platform_credentials/intel_chain/root/intermediate2.cer"; "/validation/platform_credentials/intel_chain/root/intermediate2.cer";
/**
* Location of a test (fake) SGI intermediate CA certificate.
*/
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
/** /**
* Location of another test self-signed certificate. * Location of another test self-signed certificate.
*/ */
@ -78,12 +64,6 @@ public class CertificateTest {
*/ */
public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt"; public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
/**
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
*/
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
/** /**
* Location of a test STM endorsement credential. * Location of a test STM endorsement credential.
*/ */
@ -119,7 +99,8 @@ public class CertificateTest {
public void testConstructCertFromByteArray() throws IOException, URISyntaxException { public void testConstructCertFromByteArray() throws IOException, URISyntaxException {
Certificate certificate = new CertificateAuthorityCredential( Certificate certificate = new CertificateAuthorityCredential(
Files.readAllBytes( Files.readAllBytes(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI()) Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
) )
); );
assertEquals( assertEquals(
@ -163,7 +144,8 @@ public class CertificateTest {
@Test @Test
public void testConstructCertFromPath() throws URISyntaxException, IOException { public void testConstructCertFromPath() throws URISyntaxException, IOException {
Certificate certificate = new CertificateAuthorityCredential( Certificate certificate = new CertificateAuthorityCredential(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI()) Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
); );
assertEquals( assertEquals(
"CN=Fake Root CA", "CN=Fake Root CA",
@ -202,12 +184,12 @@ public class CertificateTest {
Certificate.CertificateType.X509_CERTIFICATE, Certificate.CertificateType.X509_CERTIFICATE,
getTestCertificate( getTestCertificate(
PlatformCredential.class, PlatformCredential.class,
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType()); TEST_PLATFORM_CERT_3).getCertificateType());
assertEquals( assertEquals(
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE, Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
getTestCertificate( getTestCertificate(
PlatformCredential.class, PlatformCredential.class,
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType()); TEST_PLATFORM_CERT_3).getCertificateType());
} }
@ -220,7 +202,7 @@ public class CertificateTest {
@Test @Test
public void testImportPem() throws IOException { public void testImportPem() throws IOException {
Certificate platformCredential = getTestCertificate( Certificate platformCredential = getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_4 PlatformCredential.class, TEST_PLATFORM_CERT_4
); );
assertEquals( assertEquals(
@ -232,7 +214,7 @@ public class CertificateTest {
); );
platformCredential = getTestCertificate( platformCredential = getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_5 PlatformCredential.class, TEST_PLATFORM_CERT_5
); );
assertEquals( assertEquals(
@ -295,13 +277,12 @@ public class CertificateTest {
public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException { public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException {
Certificate platformCert = getTestCertificate( Certificate platformCert = getTestCertificate(
PlatformCredential.class, PlatformCredential.class,
PlatformCredentialTest.TEST_PLATFORM_CERT_3 TEST_PLATFORM_CERT_3
); );
X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder( X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder(
Files.readAllBytes(Paths.get(Objects.requireNonNull(this.getClass().getResource( Files.readAllBytes(Paths.get(Objects.requireNonNull(this.getClass().getResource(
PlatformCredentialTest.TEST_PLATFORM_CERT_3 TEST_PLATFORM_CERT_3)).toURI()))
)).toURI()))
); );
assertEquals( assertEquals(
@ -330,7 +311,7 @@ public class CertificateTest {
public void testX509AttributeCertificateParsingExtended() public void testX509AttributeCertificateParsingExtended()
throws IOException, URISyntaxException { throws IOException, URISyntaxException {
Certificate platformCert = getTestCertificate( Certificate platformCert = getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6); PlatformCredential.class, TEST_PLATFORM_CERT_6);
assertEquals("https://trustedservices.intel.com/" assertEquals("https://trustedservices.intel.com/"
+ "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n", + "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n",
@ -428,11 +409,13 @@ public class CertificateTest {
assertEquals( assertEquals(
new CertificateAuthorityCredential( new CertificateAuthorityCredential(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI()) Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
), ),
new CertificateAuthorityCredential( new CertificateAuthorityCredential(
Files.readAllBytes( Files.readAllBytes(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI()) Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
) )
) )
); );
@ -489,11 +472,13 @@ public class CertificateTest {
assertEquals( assertEquals(
new CertificateAuthorityCredential( new CertificateAuthorityCredential(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI()) Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
).hashCode(), ).hashCode(),
new CertificateAuthorityCredential( new CertificateAuthorityCredential(
Files.readAllBytes( Files.readAllBytes(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI()) Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
) )
).hashCode() ).hashCode()
); );
@ -520,79 +505,6 @@ public class CertificateTest {
return getTestCertificate(CertificateAuthorityCredential.class, filename); return getTestCertificate(CertificateAuthorityCredential.class, filename);
} }
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename)
throws IOException {
return getTestCertificate(certificateClass, filename, null, null);
}
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @param endorsementCredential the endorsement credentials (can be null)
* @param platformCredentials the platform credentials (can be null)
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials)
throws IOException {
Path certPath;
try {
certPath = Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(filename)).toURI());
} catch (URISyntaxException e) {
throw new IOException("Could not resolve path URI", e);
}
switch (certificateClass.getSimpleName()) {
case "CertificateAuthorityCredential":
return new CertificateAuthorityCredential(certPath);
case "ConformanceCredential":
return new ConformanceCredential(certPath);
case "EndorsementCredential":
return new EndorsementCredential(certPath);
case "PlatformCredential":
return new PlatformCredential(certPath);
case "IssuedAttestationCertificate":
return new IssuedAttestationCertificate(certPath,
endorsementCredential, platformCredentials);
default:
throw new IllegalArgumentException(
String.format("Unknown certificate class %s", certificateClass.getName())
);
}
}
/**
* Return a list of all test certificates.
*
* @return a list of all test certificates
* @throws IOException if there is a problem deserializing certificates
*/
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
return Arrays.asList(
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
);
}
private static X509Certificate readX509Certificate(final String resourceName) private static X509Certificate readX509Certificate(final String resourceName)
throws IOException { throws IOException {
@ -603,8 +515,9 @@ public class CertificateTest {
throw new IOException("Cannot get X509 CertificateFactory instance", e); throw new IOException("Cannot get X509 CertificateFactory instance", e);
} }
try (FileInputStream certInputStream = new FileInputStream( try (FileInputStream certInputStream = new FileInputStream(Paths.get(
Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(resourceName)).toURI()).toFile() Objects.requireNonNull(CertificateTest.class.getResource(
resourceName)).toURI()).toFile()
)) { )) {
return (X509Certificate) cf.generateCertificate(certInputStream); return (X509Certificate) cf.generateCertificate(certInputStream);
} catch (CertificateException | URISyntaxException e) { } catch (CertificateException | URISyntaxException e) {

View File

@ -1,7 +1,6 @@
package hirs.attestationca.persist.entity.userdefined; package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport; import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.enums.HealthStatus; import hirs.attestationca.persist.enums.HealthStatus;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -14,19 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertNull;
* This is the test class for the <code>Device</code> class. * This is the test class for the <code>Device</code> class.
* *
*/ */
public final class DeviceTest { public final class DeviceTest extends AbstractUserdefinedEntityTest {
/**
* Utility method for getting a <code>Device</code> that can be used for
* testing.
*
* @param name name for the <code>Device</code>
*
* @return device
*/
public static Device getTestDevice(final String name) {
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
return new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
}
/** /**
* Tests that the device constructor can take a name. * Tests that the device constructor can take a name.
@ -34,7 +21,9 @@ public final class DeviceTest {
@Test @Test
public void testDevice() { public void testDevice() {
final String name = "my-laptop"; final String name = "my-laptop";
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null , null); final Device device = new Device(name, null, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertNotNull(device); assertNotNull(device);
} }
@ -45,8 +34,10 @@ public final class DeviceTest {
@Test @Test
public void testDeviceNameAndInfo() { public void testDeviceNameAndInfo() {
final String name = "my-laptop"; final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
} }
/** /**
@ -56,7 +47,9 @@ public final class DeviceTest {
public void testDeviceNameAndNullInfo() { public void testDeviceNameAndNullInfo() {
final String name = "my-laptop"; final String name = "my-laptop";
final DeviceInfoReport deviceInfo = null; final DeviceInfoReport deviceInfo = null;
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
} }
/** /**
@ -65,8 +58,10 @@ public final class DeviceTest {
@Test @Test
public void testGetDeviceInfo() { public void testGetDeviceInfo() {
final String name = "my-laptop"; final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(deviceInfo, device.getDeviceInfo()); assertEquals(deviceInfo, device.getDeviceInfo());
} }
@ -76,9 +71,11 @@ public final class DeviceTest {
@Test @Test
public void testSetDeviceInfo() { public void testSetDeviceInfo() {
final String name = "my-laptop"; final String name = "my-laptop";
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, null, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertNull(device.getDeviceInfo()); assertNull(device.getDeviceInfo());
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
device.setDeviceInfo(deviceInfo); device.setDeviceInfo(deviceInfo);
assertEquals(deviceInfo, device.getDeviceInfo()); assertEquals(deviceInfo, device.getDeviceInfo());
} }
@ -89,8 +86,10 @@ public final class DeviceTest {
@Test @Test
public void testSetNullDeviceInfo() { public void testSetNullDeviceInfo() {
final String name = "my-laptop"; final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(deviceInfo, device.getDeviceInfo()); assertEquals(deviceInfo, device.getDeviceInfo());
device.setDeviceInfo(null); device.setDeviceInfo(null);
assertNull(device.getDeviceInfo()); assertNull(device.getDeviceInfo());
@ -102,8 +101,10 @@ public final class DeviceTest {
@Test @Test
public void testNotNullLastReportTimeStamp() { public void testNotNullLastReportTimeStamp() {
final String name = "my-laptop"; final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertNotNull(device.getLastReportTimestamp()); assertNotNull(device.getLastReportTimestamp());
} }
@ -112,7 +113,9 @@ public final class DeviceTest {
*/ */
@Test @Test
public void testSetHealthStatus() { public void testSetHealthStatus() {
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device("test-device", null, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
device.setHealthStatus(HealthStatus.TRUSTED); device.setHealthStatus(HealthStatus.TRUSTED);
assertEquals(HealthStatus.TRUSTED, device.getHealthStatus()); assertEquals(HealthStatus.TRUSTED, device.getHealthStatus());
} }
@ -124,9 +127,13 @@ public final class DeviceTest {
public void testDeviceEquals() { public void testDeviceEquals() {
final String name = "my-laptop"; final String name = "my-laptop";
final String otherName = "my-laptop"; final String otherName = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(device, other); assertEquals(device, other);
} }
@ -136,8 +143,10 @@ public final class DeviceTest {
@Test @Test
public void testGetDefaultSupplyChainStatus() { public void testGetDefaultSupplyChainStatus() {
String name = "my-laptop"; String name = "my-laptop";
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(AppraisalStatus.Status.UNKNOWN, device.getSupplyChainValidationStatus()); assertEquals(AppraisalStatus.Status.UNKNOWN, device.getSupplyChainValidationStatus());
} }
@ -147,8 +156,10 @@ public final class DeviceTest {
@Test @Test
public void testSetAndGetSupplyChainStatus() { public void testSetAndGetSupplyChainStatus() {
String name = "my-laptop"; String name = "my-laptop";
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport(); final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null); final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
device.setSupplyChainValidationStatus(AppraisalStatus.Status.PASS); device.setSupplyChainValidationStatus(AppraisalStatus.Status.PASS);
assertEquals(AppraisalStatus.Status.PASS, device.getSupplyChainValidationStatus()); assertEquals(AppraisalStatus.Status.PASS, device.getSupplyChainValidationStatus());
} }

View File

@ -0,0 +1,221 @@
package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.enums.HealthStatus;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
/**
* Tests the functionality in SupplyChainValidationSummary.
*/
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
public class SupplyChainValidationSummaryTest extends AbstractUserdefinedEntityTest {
/**
* Test device.
*
*/
private Device device;
/**
* List of test certificates.
*
*/
private List<ArchivableEntity> certificates;
/**
* Create a set of certificates and a device for use by these tests.
*
* @throws Exception if there is a problem deserializing certificates or creating test device
*/
@BeforeAll
public void setup() throws Exception {
certificates = getAllTestCertificates();
device = getTestDevice("TestDevice");
}
/**
* Tests that an empty summary behaves as expected.
*/
@Test
public void testEmptySummary() throws InterruptedException {
SupplyChainValidationSummary emptySummary = getTestSummary(
0,
0
);
//assertEquals(device, emptySummary.getDevice());
assertEquals(device.getDeviceInfo(), emptySummary.getDevice().getDeviceInfo());
assertEquals(Collections.EMPTY_SET, emptySummary.getValidations());
assertEquals(AppraisalStatus.Status.PASS, emptySummary.getOverallValidationResult());
assertNotNull(emptySummary.getCreateTime());
}
/**
* Test that a summary can't be created with a null validationIdentifier.
*/
@Test
public void testNullValidationIdentifier() {
assertThrows(IllegalArgumentException.class, () ->
new SupplyChainValidationSummary(null, Collections.emptyList()));
}
/**
* Test that a summary can't be created with a null validations list.
*/
@Test
public void testNullValidationList() {
assertThrows(IllegalArgumentException.class, () ->
new SupplyChainValidationSummary(device, null));
}
/**
* Test that summaries with one and two component validations, which both represent successful
* validations, have getters that return the expected information.
*/
@Test
public void testSuccessfulSummary() throws InterruptedException {
SupplyChainValidationSummary oneValidation = getTestSummary(
1,
0
);
//assertEquals(device, oneValidation.getDevice());
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
assertEquals(1, oneValidation.getValidations().size());
assertEquals(AppraisalStatus.Status.PASS, oneValidation.getOverallValidationResult());
assertNotNull(oneValidation.getCreateTime());
SupplyChainValidationSummary twoValidations = getTestSummary(
2,
0
);
//assertEquals(device, twoValidations.getDevice());
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
assertEquals(2, twoValidations.getValidations().size());
assertEquals(twoValidations.getOverallValidationResult(), AppraisalStatus.Status.PASS);
assertNotNull(twoValidations.getCreateTime());
}
/**
* Test that summaries with one and two component validations, of which one represents an
* unsuccessful validations, have getters that return the expected information.
*/
@Test
public void testUnsuccessfulSummary() throws InterruptedException {
SupplyChainValidationSummary oneValidation = getTestSummary(
1,
1
);
//assertEquals(device, oneValidation.getDevice());
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
assertEquals(1, oneValidation.getValidations().size());
assertEquals(AppraisalStatus.Status.FAIL, oneValidation.getOverallValidationResult());
assertNotNull(oneValidation.getCreateTime());
SupplyChainValidationSummary twoValidations = getTestSummary(
2,
1
);
//assertEquals(device, twoValidations.getDevice());
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
assertEquals(2, twoValidations.getValidations().size());
assertEquals(AppraisalStatus.Status.FAIL, twoValidations.getOverallValidationResult());
assertNotNull(twoValidations.getCreateTime());
SupplyChainValidationSummary twoBadValidations = getTestSummary(
2,
2
);
//assertEquals(device, twoBadValidations.getDevice());
assertEquals(device.getDeviceInfo(), twoBadValidations.getDevice().getDeviceInfo());
assertEquals(2, twoBadValidations.getValidations().size());
assertEquals(AppraisalStatus.Status.FAIL, twoBadValidations.getOverallValidationResult());
assertNotNull(twoBadValidations.getCreateTime());
}
/**
* Utility method for getting a <code>Device</code> that can be used for
* testing.
*
* @param name name for the <code>Device</code>
*
* @return device
*/
public static Device getTestDevice(final String name) {
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
return new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null,
false, null, null);
}
/**
* Utility method for getting a <code>SupplyChainValidationSummary</code> that can be used for
* testing.
*
* @param numberOfValidations number of validations for the <code>SupplyChainValidationSummary</code>
* @param numFail number of failed validations
*
* @return device
*/
private SupplyChainValidationSummary getTestSummary(
final int numberOfValidations,
final int numFail
) throws InterruptedException {
SupplyChainValidation.ValidationType[] validationTypes =
SupplyChainValidation.ValidationType.values();
if (numberOfValidations > validationTypes.length) {
throw new IllegalArgumentException(String.format(
"Cannot have more than %d validation types",
validationTypes.length
));
}
if (numFail > numberOfValidations) {
throw new IllegalArgumentException(String.format(
"Cannot have more than %d failed validations",
validationTypes.length
));
}
Collection<SupplyChainValidation> validations = new HashSet<>();
for (int i = 0; i < numberOfValidations; i++) {
boolean successful = true;
if (i >= (numberOfValidations - numFail)) {
successful = false;
}
AppraisalStatus.Status result = AppraisalStatus.Status.FAIL;
if (successful) {
result = AppraisalStatus.Status.PASS;
}
validations.add(SupplyChainValidationTest.getTestSupplyChainValidation(
validationTypes[i],
result,
certificates
));
}
return new SupplyChainValidationSummary(device, validations);
}
}

View File

@ -1,21 +1,18 @@
package hirs.attestationca.persist.entity.userdefined; package hirs.attestationca.persist.entity.userdefined;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.enums.AppraisalStatus;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
/** /**
* Simple tests for the {@link SupplyChainValidation} class. Tests for the persistence of this * Simple tests for the {@link SupplyChainValidation} class. Tests for the persistence of this
* class are located in { SupplyChainValidationSummaryTest}. * class are located in { SupplyChainValidationSummaryTest}.
*/ */
class SupplyChainValidationTest { class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
private static final String MESSAGE = "Some message.";
/** /**
* Test that this class' getter methods work properly. * Test that this class' getter methods work properly.
@ -31,9 +28,9 @@ class SupplyChainValidationTest {
); );
assertEquals( assertEquals(
validation.getCertificatesUsed(), validation.getCertificatesUsed(),
CertificateTest.getAllTestCertificates() getAllTestCertificates()
); );
assertEquals(validation.getMessage(), MESSAGE); assertEquals(validation.getMessage(), VALIDATION_MESSAGE);
} }
/** /**
@ -47,8 +44,8 @@ class SupplyChainValidationTest {
new SupplyChainValidation( new SupplyChainValidation(
null, null,
AppraisalStatus.Status.PASS, AppraisalStatus.Status.PASS,
CertificateTest.getAllTestCertificates(), getAllTestCertificates(),
MESSAGE VALIDATION_MESSAGE
)); ));
} }
@ -64,7 +61,7 @@ class SupplyChainValidationTest {
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL, SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
AppraisalStatus.Status.PASS, AppraisalStatus.Status.PASS,
null, null,
MESSAGE VALIDATION_MESSAGE
)); ));
} }
@ -78,8 +75,8 @@ class SupplyChainValidationTest {
new SupplyChainValidation( new SupplyChainValidation(
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL, SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
AppraisalStatus.Status.PASS, AppraisalStatus.Status.PASS,
CertificateTest.getAllTestCertificates(), getAllTestCertificates(),
MESSAGE VALIDATION_MESSAGE
); );
} }
@ -95,27 +92,7 @@ class SupplyChainValidationTest {
return getTestSupplyChainValidation( return getTestSupplyChainValidation(
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL, SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
AppraisalStatus.Status.PASS, AppraisalStatus.Status.PASS,
CertificateTest.getAllTestCertificates() getAllTestCertificates()
);
}
/**
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
*
* @param type the type of validation
* @param result the appraisal result
* @param certificates the certificates related to this validation
* @return the resulting SupplyChainValidation object
*/
public static SupplyChainValidation getTestSupplyChainValidation(
final SupplyChainValidation.ValidationType type,
final AppraisalStatus.Status result,
final List<ArchivableEntity> certificates) {
return new SupplyChainValidation(
type,
result,
certificates,
MESSAGE
); );
} }
} }

View File

@ -1,8 +1,7 @@
package hirs.attestationca.persist.entity.userdefined.certificate; package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.userdefined.CertificateTest; import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import org.apache.commons.codec.binary.Hex; import org.apache.commons.codec.binary.Hex;
import static org.mockito.Mockito.mock;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -12,13 +11,11 @@ import java.net.URISyntaxException;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
/** /**
* Tests that CertificateAuthorityCredential properly parses its fields. * Tests that CertificateAuthorityCredential properly parses its fields.
*/ */
public class CertificateAuthorityCredentialTest { public class CertificateAuthorityCredentialTest extends AbstractUserdefinedEntityTest {
private static final CertificateRepository CERT_MAN = mock(CertificateRepository.class);
/** /**
* Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and * Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and
@ -33,7 +30,7 @@ public class CertificateAuthorityCredentialTest {
public void testGetSubjectKeyIdentifier() public void testGetSubjectKeyIdentifier()
throws CertificateException, IOException, URISyntaxException { throws CertificateException, IOException, URISyntaxException {
Path testCertPath = Paths.get( Path testCertPath = Paths.get(
this.getClass().getResource(CertificateTest.FAKE_ROOT_CA_FILE).toURI() this.getClass().getResource(FAKE_ROOT_CA_FILE).toURI()
); );
CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath); CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath);
@ -42,7 +39,7 @@ public class CertificateAuthorityCredentialTest {
assertNotNull(subjectKeyIdentifier); assertNotNull(subjectKeyIdentifier);
assertEquals( assertEquals(
Hex.encodeHexString(subjectKeyIdentifier), Hex.encodeHexString(subjectKeyIdentifier),
CertificateTest.FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
); );
} }
} }

View File

@ -5,7 +5,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.io.IOException; import java.io.IOException;
@ -29,13 +28,15 @@ public class EndorsementCredentialTest {
private static final String EK_CERT_WITH_SECURITY_ASSERTIONS = private static final String EK_CERT_WITH_SECURITY_ASSERTIONS =
"/certificates/ek_cert_with_security_assertions.cer"; "/certificates/ek_cert_with_security_assertions.cer";
private static final int TPM_SPEC_REVISION_NUM = 116;
/** /**
* Tests the successful parsing of an EC using a test cert from STM. * Tests the successful parsing of an EC using a test cert from STM.
* @throws IOException test failed due to invalid certificate parsing * @throws IOException test failed due to invalid certificate parsing
*/ */
@Test @Test
public void testParse() throws IOException { public void testParse() throws IOException {
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL). String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).
getPath(); getPath();
Path fPath = Paths.get(path); Path fPath = Paths.get(path);
EndorsementCredential ec = new EndorsementCredential(fPath); EndorsementCredential ec = new EndorsementCredential(fPath);
@ -49,7 +50,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification(); TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2"); assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2)); assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116)); assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -68,7 +69,7 @@ public class EndorsementCredentialTest {
*/ */
@Test @Test
public void testParseNuc1() throws IOException { public void testParseNuc1() throws IOException {
String path = CertificateTest.class.getResource( String path = this.getClass().getResource(
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath(); TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
Path fPath = Paths.get(path); Path fPath = Paths.get(path);
EndorsementCredential ec = new EndorsementCredential(fPath); EndorsementCredential ec = new EndorsementCredential(fPath);
@ -82,7 +83,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification(); TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2"); assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2)); assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116)); assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -102,7 +103,7 @@ public class EndorsementCredentialTest {
*/ */
@Test @Test
public void testParseNuc1BuilderMethod() throws IOException { public void testParseNuc1BuilderMethod() throws IOException {
String path = CertificateTest.class.getResource( String path = this.getClass().getResource(
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath(); TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
Path fPath = Paths.get(path); Path fPath = Paths.get(path);
byte[] ecBytes = Files.readAllBytes(fPath); byte[] ecBytes = Files.readAllBytes(fPath);
@ -118,7 +119,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification(); TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2"); assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2)); assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116)); assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -137,7 +138,7 @@ public class EndorsementCredentialTest {
*/ */
@Test @Test
public void testParseNuc2() throws IOException { public void testParseNuc2() throws IOException {
String path = CertificateTest.class.getResource( String path = this.getClass().getResource(
TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath(); TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
Path fPath = Paths.get(path); Path fPath = Paths.get(path);
EndorsementCredential ec = new EndorsementCredential(fPath); EndorsementCredential ec = new EndorsementCredential(fPath);
@ -151,7 +152,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification(); TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2"); assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2)); assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116)); assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -170,17 +171,17 @@ public class EndorsementCredentialTest {
*/ */
@Test @Test
public void testCertsNotEqual() throws IOException { public void testCertsNotEqual() throws IOException {
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath(); String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
Path fPath = Paths.get(path); Path fPath = Paths.get(path);
EndorsementCredential ec1 = new EndorsementCredential(fPath); EndorsementCredential ec1 = new EndorsementCredential(fPath);
assertNotNull(ec1); assertNotNull(ec1);
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath(); path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
fPath = Paths.get(path); fPath = Paths.get(path);
EndorsementCredential ec2 = new EndorsementCredential(fPath); EndorsementCredential ec2 = new EndorsementCredential(fPath);
assertNotNull(ec2); assertNotNull(ec2);
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath(); path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
fPath = Paths.get(path); fPath = Paths.get(path);
EndorsementCredential ec3 = new EndorsementCredential(fPath); EndorsementCredential ec3 = new EndorsementCredential(fPath);
assertNotNull(ec3); assertNotNull(ec3);
@ -197,7 +198,7 @@ public class EndorsementCredentialTest {
*/ */
@Test @Test
public void testTpmSecurityAssertionsParsing() throws IOException { public void testTpmSecurityAssertionsParsing() throws IOException {
Path fPath = Paths.get(CertificateTest.class Path fPath = Paths.get(this.getClass()
.getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath()); .getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath());
EndorsementCredential ec = new EndorsementCredential(fPath); EndorsementCredential ec = new EndorsementCredential(fPath);

View File

@ -1,5 +1,6 @@
package hirs.attestationca.persist.entity.userdefined.certificate; package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
@ -25,42 +26,7 @@ import java.util.TimeZone;
/** /**
* Tests that a PlatformCredential parses its fields correctly. * Tests that a PlatformCredential parses its fields correctly.
*/ */
public class PlatformCredentialTest { public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
/**
* Location of a test platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_1 =
"/validation/platform_credentials/Intel_pc1.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_2 =
"/validation/platform_credentials/Intel_pc2.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_3 =
"/validation/platform_credentials/Intel_pc3.cer";
/**
* Platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_4 =
"/validation/platform_credentials/Intel_pc4.pem";
/**
* Another platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_5 =
"/validation/platform_credentials/Intel_pc5.pem";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_6 =
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
/** /**
* Platform Certificate 2.0 with all the expected data. * Platform Certificate 2.0 with all the expected data.

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.certificate.attributes;

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.certificate;

View File

@ -1,12 +1,8 @@
package hirs.attestationca.persist.entity.userdefined.info; package hirs.attestationca.persist.entity.userdefined.info;
import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED; import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
@ -18,12 +14,11 @@ import org.junit.jupiter.api.Test;
/** /**
* TPMInfoTest is a unit test class for TPMInfo. * TPMInfoTest is a unit test class for TPMInfo.
*/ */
public class TPMInfoTest { public class TPMInfoTest extends AbstractUserdefinedEntityTest {
private static final String TPM_MAKE = "test tpmMake"; private static final String TPM_MAKE = "test tpmMake";
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65); private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
private static final String TEST_IDENTITY_CERT =
"/tpm/sample_identity_cert.cer";
private static final short VERSION_MAJOR = 1; private static final short VERSION_MAJOR = 1;
private static final short VERSION_MINOR = 2; private static final short VERSION_MINOR = 2;
private static final short VERSION_REV_MAJOR = 3; private static final short VERSION_REV_MAJOR = 3;
@ -327,30 +322,4 @@ public class TPMInfoTest {
getTestIdentityCertificate()); getTestIdentityCertificate());
assertNotEquals(ti1, ti2); assertNotEquals(ti1, ti2);
} }
private X509Certificate getTestIdentityCertificate() {
X509Certificate certificateValue = null;
InputStream istream = null;
istream = getClass().getResourceAsStream(TEST_IDENTITY_CERT);
try {
if (istream == null) {
throw new FileNotFoundException(TEST_IDENTITY_CERT);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
certificateValue = (X509Certificate) cf.generateCertificate(
istream);
} catch (Exception e) {
return null;
} finally {
if (istream != null) {
try {
istream.close();
} catch (IOException e) {
LOGGER.error("test certificate file could not be closed");
}
}
}
return certificateValue;
}
} }

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.info;

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined;

View File

@ -26,7 +26,8 @@ public class TPMMeasurementRecordTest {
private static final int DEFAULT_PCR_ID = 3; private static final int DEFAULT_PCR_ID = 3;
private static final String DEFAULT_HASH = private static final String DEFAULT_HASH =
"3d5f3c2f7f3003d2e4baddc46ed4763a4954f648"; "3d5f3c2f7f3003d2e4baddc46ed4763a4954f648";
private static final ExaminableRecord.ExamineState DEFAULT_STATE = ExaminableRecord.ExamineState.UNEXAMINED; private static final ExaminableRecord.ExamineState DEFAULT_STATE =
ExaminableRecord.ExamineState.UNEXAMINED;
/** /**
* Tests instantiation of new <code>PCRMeasurementRecord</code>. * Tests instantiation of new <code>PCRMeasurementRecord</code>.

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.record;

View File

@ -1,37 +1,25 @@
package hirs.attestationca.persist.entity.userdefined.report; package hirs.attestationca.persist.entity.userdefined.report;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import hirs.attestationca.persist.entity.userdefined.info.OSInfo; import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo; import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo; import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo; import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo; import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/** /**
* DeviceInfoReportTest is a unit test class for DeviceInfoReports. * Unit test class for DeviceInfoReports.
*/ */
public class DeviceInfoReportTest { public class DeviceInfoReportTest extends AbstractUserdefinedEntityTest {
private final NetworkInfo networkInfo = createTestNetworkInfo(); private final NetworkInfo networkInfo = createTestNetworkInfo();
private final OSInfo osInfo = createTestOSInfo(); private final OSInfo osInfo = createTestOSInfo();
private final FirmwareInfo firmwareInfo = createTestFirmwareInfo(); private final FirmwareInfo firmwareInfo = createTestFirmwareInfo();
private final HardwareInfo hardwareInfo = createTestHardwareInfo(); private final HardwareInfo hardwareInfo = createTestHardwareInfo();
private final TPMInfo tpmInfo = createTPMInfo(); private final TPMInfo tpmInfo = createTPMInfo();
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
private static final String EXPECTED_CLIENT_VERSION = "Test.Version"; private static final String EXPECTED_CLIENT_VERSION = "Test.Version";
@ -101,109 +89,4 @@ public class DeviceInfoReportTest {
assertEquals(tpmInfo, deviceInfoReport.getTpmInfo()); assertEquals(tpmInfo, deviceInfoReport.getTpmInfo());
assertEquals(EXPECTED_CLIENT_VERSION, deviceInfoReport.getClientApplicationVersion()); assertEquals(EXPECTED_CLIENT_VERSION, deviceInfoReport.getClientApplicationVersion());
} }
/**
* Creates a DeviceInfoReport instance usable for testing.
*
* @return a test DeviceInfoReport
*/
public static DeviceInfoReport getTestReport() {
return new DeviceInfoReport(
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
createTestHardwareInfo(), createTPMInfo()
);
}
/**
* Creates a test instance of NetworkInfo.
*
* @return network information for a fake device
*/
public static NetworkInfo createTestNetworkInfo() {
try {
final String hostname = "test.hostname";
final InetAddress ipAddress =
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
return new NetworkInfo(hostname, ipAddress, macAddress);
} catch (UnknownHostException e) {
LOGGER.error("error occurred while creating InetAddress");
return null;
}
}
/**
* Creates a test instance of OSInfo.
*
* @return OS information for a fake device
*/
public static OSInfo createTestOSInfo() {
return new OSInfo("test os name", "test os version", "test os arch",
"test distribution", "test distribution release");
}
/**
* Creates a test instance of FirmwareInfo.
*
* @return Firmware information for a fake device
*/
public static FirmwareInfo createTestFirmwareInfo() {
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
}
/**
* Creates a test instance of HardwareInfo.
*
* @return Hardware information for a fake device
*/
public static HardwareInfo createTestHardwareInfo() {
return new HardwareInfo("test manufacturer", "test product name", "test version",
"test really long serial number with many characters", "test really long chassis "
+ "serial number with many characters",
"test really long baseboard serial number with many characters");
}
/**
* Creates a test instance of TPMInfo.
*
* @return TPM information for a fake device
*/
public static final TPMInfo createTPMInfo() {
final short num1 = 1;
final short num2 = 2;
final short num3 = 3;
final short num4 = 4;
return new TPMInfo("test os make", num1, num2, num3, num4,
getTestIdentityCertificate());
}
private static X509Certificate getTestIdentityCertificate() {
X509Certificate certificateValue = null;
InputStream istream = null;
istream = DeviceInfoReportTest.class.getResourceAsStream(
TEST_IDENTITY_CERT
);
try {
if (istream == null) {
throw new FileNotFoundException(TEST_IDENTITY_CERT);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
certificateValue = (X509Certificate) cf.generateCertificate(
istream);
} catch (Exception e) {
return null;
} finally {
if (istream != null) {
try {
istream.close();
} catch (IOException e) {
LOGGER.error("test certificate file could not be closed");
}
}
}
return certificateValue;
}
} }

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.report;

View File

@ -0,0 +1 @@
package hirs.attestationca.persist;

View File

@ -65,7 +65,8 @@ public class CredentialManagementHelperTest {
@Test @Test
public void processEmptyEndorsementCredential() { public void processEmptyEndorsementCredential() {
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, new byte[0], "testName")); CredentialManagementHelper.storeEndorsementCredential(
certificateRepository, new byte[0], "testName"));
} }
/** /**
@ -75,7 +76,8 @@ public class CredentialManagementHelperTest {
public void processInvalidEndorsementCredentialCase1() { public void processInvalidEndorsementCredentialCase1() {
byte[] ekBytes = new byte[] {1}; byte[] ekBytes = new byte[] {1};
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, ekBytes, "testName")); CredentialManagementHelper.storeEndorsementCredential(
certificateRepository, ekBytes, "testName"));
} }
/** /**

View File

@ -186,7 +186,7 @@ public class IssuedCertificateAttributeHelperTest {
} }
private Map<String, String> getSubjectAlternativeNameAttributes( private Map<String, String> getSubjectAlternativeNameAttributes(
Extension subjectAlternativeName) { final Extension subjectAlternativeName) {
Map<String, String> subjectAlternativeNameAttrMap = new HashMap<>(); Map<String, String> subjectAlternativeNameAttrMap = new HashMap<>();
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue(); DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.provision.helper;

View File

@ -6,7 +6,6 @@ import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus;
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo; import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
@ -232,7 +231,6 @@ public class SupplyChainCredentialValidatorTest {
if (!f.delete()) { if (!f.delete()) {
fail("file was not cleaned up"); fail("file was not cleaned up");
} }
} }
/** /**
@ -246,18 +244,17 @@ public class SupplyChainCredentialValidatorTest {
@Test @Test
public final void testValidateEndorsementCredential() public final void testValidateEndorsementCredential()
throws URISyntaxException, IOException, CertificateException, KeyStoreException { throws URISyntaxException, IOException, CertificateException, KeyStoreException {
Certificate rootcacert, intermediateca02cert;
EndorsementCredential ekcert = new EndorsementCredential( EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())) Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
); );
intermediateca02cert = new CertificateAuthorityCredential( Certificate intermediateca02cert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI())) Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
); );
rootcacert = new CertificateAuthorityCredential( Certificate rootcacert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI())) Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
); );
try { try {
@ -287,14 +284,15 @@ public class SupplyChainCredentialValidatorTest {
@Test @Test
public final void validateIntelPlatformCredentials() public final void validateIntelPlatformCredentials()
throws URISyntaxException, IOException, CertificateException, KeyStoreException { throws URISyntaxException, IOException, CertificateException, KeyStoreException {
Certificate rootcacert, intermediatecacert;
intermediatecacert = new CertificateAuthorityCredential( Certificate intermediatecacert =
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI())) new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
); );
rootcacert = new CertificateAuthorityCredential( Certificate rootcacert =
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI())) new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
); );
try { try {
@ -302,8 +300,9 @@ public class SupplyChainCredentialValidatorTest {
keyStore.setCertificateEntry("Intel Intermediate Cert", keyStore.setCertificateEntry("Intel Intermediate Cert",
intermediatecacert.getX509Certificate()); intermediatecacert.getX509Certificate());
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(INTEL_PLATFORM_CERT)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
@ -328,8 +327,9 @@ public class SupplyChainCredentialValidatorTest {
public final void validateIntelPlatformCredentialAttributes() public final void validateIntelPlatformCredentialAttributes()
throws Exception { throws Exception {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(INTEL_PLATFORM_CERT_2)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
@ -338,8 +338,8 @@ public class SupplyChainCredentialValidatorTest {
PLATFORM_VERSION, TEST_BOARD_SERIAL_NUMBER, PLATFORM_VERSION, TEST_BOARD_SERIAL_NUMBER,
TEST_CHASSIS_SERIAL_NUMBER, TEST_BOARD_SERIAL_NUMBER)); TEST_CHASSIS_SERIAL_NUMBER, TEST_BOARD_SERIAL_NUMBER));
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -363,13 +363,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER)); DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(INTEL_PLATFORM_CERT_2)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -392,13 +393,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED)); TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(INTEL_PLATFORM_CERT_2)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -423,13 +425,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER,
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED)); DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(INTEL_PLATFORM_CERT_2)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -452,13 +455,15 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED)); TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI())); getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -481,13 +486,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER)); DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI())); getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -510,13 +516,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER,
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED)); DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI())); getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -540,13 +547,15 @@ public class SupplyChainCredentialValidatorTest {
PLATFORM_VERSION, DeviceInfoEnums.NOT_SPECIFIED, PLATFORM_VERSION, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED)); DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI())); getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
String expectedMessage = "Platform serial did not match device info"; String expectedMessage = "Platform serial did not match device info";
@ -570,13 +579,15 @@ public class SupplyChainCredentialValidatorTest {
new HardwareInfo(DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED, new HardwareInfo(DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, "zzz", "aaa", "bbb")); DeviceInfoEnums.NOT_SPECIFIED, "zzz", "aaa", "bbb"));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI())); getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
String expectedMessage = "Platform serial did not match device info"; String expectedMessage = "Platform serial did not match device info";
@ -884,7 +895,8 @@ public class SupplyChainCredentialValidatorTest {
@Test @Test
public final void verifyPlatformCredentialWithBadKeyStore() public final void verifyPlatformCredentialWithBadKeyStore()
throws URISyntaxException, IOException { throws URISyntaxException, IOException {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource( byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT)).toURI())); INTEL_PLATFORM_CERT)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
@ -923,7 +935,8 @@ public class SupplyChainCredentialValidatorTest {
@Test @Test
public final void verifyPlatformCredentialNullKeyStore() public final void verifyPlatformCredentialNullKeyStore()
throws URISyntaxException, IOException { throws URISyntaxException, IOException {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource( byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT)).toURI())); INTEL_PLATFORM_CERT)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
@ -947,13 +960,14 @@ public class SupplyChainCredentialValidatorTest {
@Test @Test
public final void verifyPlatformCredentialNullDeviceInfoReport() public final void verifyPlatformCredentialNullDeviceInfoReport()
throws URISyntaxException, IOException { throws URISyntaxException, IOException {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource( byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI())); INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential( EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))); Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
String expectedMessage = "Can't validate platform credential attributes without a " String expectedMessage = "Can't validate platform credential attributes without a "
+ "device info report"; + "device info report";
@ -977,12 +991,13 @@ public class SupplyChainCredentialValidatorTest {
public final void testPlatformDnEquals() throws URISyntaxException, IOException, public final void testPlatformDnEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException { KeyStoreException, SupplyChainValidatorException {
Certificate signingCert; Certificate signingCert;
signingCert = new CertificateAuthorityCredential( signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI())) Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
); );
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(NEW_NUC1)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
NEW_NUC1)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
@ -1006,11 +1021,12 @@ public class SupplyChainCredentialValidatorTest {
public final void testPlatformDnNotEquals() throws URISyntaxException, IOException, public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException { KeyStoreException, SupplyChainValidatorException {
Certificate signingCert; Certificate signingCert;
signingCert = new CertificateAuthorityCredential( signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI())) Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
); );
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.
getResource(NEW_NUC1)).toURI())); getResource(NEW_NUC1)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes); PlatformCredential pc = new PlatformCredential(certBytes);
@ -1034,12 +1050,13 @@ public class SupplyChainCredentialValidatorTest {
public final void testEndorsementDnEquals() throws URISyntaxException, IOException, public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException { KeyStoreException, SupplyChainValidatorException {
Certificate signingCert; Certificate signingCert;
signingCert = new CertificateAuthorityCredential( signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI())) Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
); );
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
getResource(TEST_EK_CERT)).toURI())); Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
TEST_EK_CERT)).toURI()));
EndorsementCredential ec = new EndorsementCredential(certBytes); EndorsementCredential ec = new EndorsementCredential(certBytes);
@ -1063,11 +1080,12 @@ public class SupplyChainCredentialValidatorTest {
public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException, public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException { KeyStoreException, SupplyChainValidatorException {
Certificate signingCert; Certificate signingCert;
signingCert = new CertificateAuthorityCredential( signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI())) Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
); );
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.
getResource(TEST_EK_CERT)).toURI())); getResource(TEST_EK_CERT)).toURI()));
EndorsementCredential ec = new EndorsementCredential(certBytes); EndorsementCredential ec = new EndorsementCredential(certBytes);
@ -1268,8 +1286,9 @@ public class SupplyChainCredentialValidatorTest {
throws IOException, URISyntaxException { throws IOException, URISyntaxException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithNotSpecifiedComponents(); DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithNotSpecifiedComponents();
PlatformCredential platformCredential = new PlatformCredential( PlatformCredential platformCredential = new PlatformCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class. Files.readAllBytes(Paths.get(
getResource((SAMPLE_TEST_PACCOR_CERT))).toURI()))); Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
SAMPLE_TEST_PACCOR_CERT)).toURI())));
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport); .validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport);
@ -1937,9 +1956,9 @@ public class SupplyChainCredentialValidatorTest {
.validateDeltaPlatformCredentialAttributes(delta1, .validateDeltaPlatformCredentialAttributes(delta1,
deviceInfoReport, base, chainCredentials); deviceInfoReport, base, chainCredentials);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("There are unmatched components:\n" + assertEquals("There are unmatched components:\n"
"Manufacturer=Intel Corporation, Model=82580 Gigabit Network " + + "Manufacturer=Intel Corporation, Model=82580 Gigabit Network "
"Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n", + "Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
result.getMessage()); result.getMessage());
} }
@ -2073,7 +2092,7 @@ public class SupplyChainCredentialValidatorTest {
return cert; return cert;
} }
private DeviceInfoReport buildReport(final HardwareInfo hardwareInfo) { private DeviceInfoReport buildReport(final HardwareInfo givenHardwareInfo) {
final InetAddress ipAddress = getTestIpAddress(); final InetAddress ipAddress = getTestIpAddress();
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66}; final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
@ -2083,7 +2102,7 @@ public class SupplyChainCredentialValidatorTest {
TPMInfo tpmInfo = new TPMInfo(); TPMInfo tpmInfo = new TPMInfo();
return new DeviceInfoReport(networkInfo, osInfo, return new DeviceInfoReport(networkInfo, osInfo,
firmwareInfo, hardwareInfo, tpmInfo); firmwareInfo, givenHardwareInfo, tpmInfo);
} }
private static InetAddress getTestIpAddress() { private static InetAddress getTestIpAddress() {
try { try {

View File

@ -0,0 +1 @@
package hirs.attestationca.persist.validation;