mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-30 01:39:05 +00:00
Merge pull request #720 from nsacyber/v3_issue_680-unittest
Migrated 1 unit test from master Utils to main HIRS_AttestationCA
This commit is contained in:
commit
60dfb21c62
@ -20,7 +20,11 @@ import org.bouncycastle.asn1.x509.Extension;
|
|||||||
import org.bouncycastle.asn1.x509.GeneralNames;
|
import org.bouncycastle.asn1.x509.GeneralNames;
|
||||||
import org.bouncycastle.asn1.x509.TBSCertificate;
|
import org.bouncycastle.asn1.x509.TBSCertificate;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.junit.jupiter.api.*;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
import org.junit.jupiter.api.Disabled;
|
||||||
|
import org.junit.jupiter.api.Nested;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.junit.jupiter.api.TestInstance;
|
||||||
import org.springframework.test.util.ReflectionTestUtils;
|
import org.springframework.test.util.ReflectionTestUtils;
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
import javax.crypto.Cipher;
|
||||||
@ -37,7 +41,14 @@ import java.nio.charset.StandardCharsets;
|
|||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
import java.security.*;
|
import java.security.KeyPair;
|
||||||
|
import java.security.KeyPairGenerator;
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.PublicKey;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.security.Security;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.security.interfaces.RSAPublicKey;
|
import java.security.interfaces.RSAPublicKey;
|
||||||
import java.security.spec.MGF1ParameterSpec;
|
import java.security.spec.MGF1ParameterSpec;
|
||||||
@ -46,9 +57,14 @@ import java.util.LinkedList;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||||
import static org.mockito.Mockito.*;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
import static org.mockito.Mockito.mock;
|
||||||
|
import static org.mockito.Mockito.verify;
|
||||||
|
import static org.mockito.Mockito.verifyNoMoreInteractions;
|
||||||
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test suite for {@link AttestationCertificateAuthority}.
|
* Test suite for {@link AttestationCertificateAuthority}.
|
||||||
@ -64,11 +80,28 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
*/
|
*/
|
||||||
@Nested
|
@Nested
|
||||||
public class AccessAbstractProcessor extends AbstractProcessor {
|
public class AccessAbstractProcessor extends AbstractProcessor {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructor.
|
||||||
|
*
|
||||||
|
* @param privateKey the private key of the ACA
|
||||||
|
* @param validDays int for the time in which a certificate is valid.
|
||||||
|
*/
|
||||||
public AccessAbstractProcessor(final PrivateKey privateKey,
|
public AccessAbstractProcessor(final PrivateKey privateKey,
|
||||||
final int validDays) {
|
final int validDays) {
|
||||||
super(privateKey, validDays);
|
super(privateKey, validDays);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Public wrapper for the protected function generateCredential(), to access for testing.
|
||||||
|
*
|
||||||
|
* @param publicKey cannot be null
|
||||||
|
* @param endorsementCredential the endorsement credential
|
||||||
|
* @param platformCredentials the set of platform credentials
|
||||||
|
* @param deviceName The host name used in the subject alternative name
|
||||||
|
* @param acaCertificate the aca certificate
|
||||||
|
* @return the generated X509 certificate
|
||||||
|
*/
|
||||||
public X509Certificate accessGenerateCredential(final PublicKey publicKey,
|
public X509Certificate accessGenerateCredential(final PublicKey publicKey,
|
||||||
final EndorsementCredential endorsementCredential,
|
final EndorsementCredential endorsementCredential,
|
||||||
final List<PlatformCredential> platformCredentials,
|
final List<PlatformCredential> platformCredentials,
|
||||||
@ -90,6 +123,11 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
// test key pair
|
// test key pair
|
||||||
private KeyPair keyPair;
|
private KeyPair keyPair;
|
||||||
|
|
||||||
|
// length of IV used in PKI
|
||||||
|
private static final int ENCRYPTION_IV_LEN = 16;
|
||||||
|
// length of secret key used in PKI
|
||||||
|
private static final int SECRETKEY_LEN = 128;
|
||||||
|
|
||||||
private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub";
|
private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub";
|
||||||
private static final String AK_PUBLIC_PATH = "/tpm2/ak.pub";
|
private static final String AK_PUBLIC_PATH = "/tpm2/ak.pub";
|
||||||
private static final String AK_NAME_PATH = "/tpm2/ak.name";
|
private static final String AK_NAME_PATH = "/tpm2/ak.name";
|
||||||
@ -216,7 +254,8 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
byte[] encrypted = encryptBlob(expected, encryptionScheme.toString());
|
byte[] encrypted = encryptBlob(expected, encryptionScheme.toString());
|
||||||
|
|
||||||
// perform the decryption and assert that the decrypted bytes equal the expected bytes
|
// perform the decryption and assert that the decrypted bytes equal the expected bytes
|
||||||
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(encrypted, encryptionScheme, keyPair.getPrivate()));
|
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(
|
||||||
|
encrypted, encryptionScheme, keyPair.getPrivate()));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -235,10 +274,10 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
|
|
||||||
// create a key generator to generate a "shared" secret
|
// create a key generator to generate a "shared" secret
|
||||||
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
||||||
keyGenerator.init(128);
|
keyGenerator.init(SECRETKEY_LEN);
|
||||||
|
|
||||||
// use some random bytes as the IV to encrypt and subsequently decrypt with
|
// use some random bytes as the IV to encrypt and subsequently decrypt with
|
||||||
byte[] randomBytes = new byte[16];
|
byte[] randomBytes = new byte[ENCRYPTION_IV_LEN];
|
||||||
|
|
||||||
// generate the random bytes
|
// generate the random bytes
|
||||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
||||||
@ -271,6 +310,9 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
|
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void assertTrue(final boolean b) {
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests {@link ProvisionUtils#generateAsymmetricContents(
|
* Tests {@link ProvisionUtils#generateAsymmetricContents(
|
||||||
* byte[], byte[], PublicKey)}.
|
* byte[], byte[], PublicKey)}.
|
||||||
@ -284,7 +326,7 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
byte[] identityProofEncoded = new byte[]{0, 0, 1, 1};
|
byte[] identityProofEncoded = new byte[]{0, 0, 1, 1};
|
||||||
|
|
||||||
// generate a random session key to be used for encryption and decryption
|
// generate a random session key to be used for encryption and decryption
|
||||||
byte[] sessionKey = new byte[16];
|
byte[] sessionKey = new byte[ENCRYPTION_IV_LEN];
|
||||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
||||||
random.nextBytes(sessionKey);
|
random.nextBytes(sessionKey);
|
||||||
|
|
||||||
@ -325,7 +367,7 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
|
|
||||||
// create a key generator to generate a secret key
|
// create a key generator to generate a secret key
|
||||||
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
||||||
keyGenerator.init(128);
|
keyGenerator.init(SECRETKEY_LEN);
|
||||||
|
|
||||||
// obtain the key from the generator
|
// obtain the key from the generator
|
||||||
byte[] secretKey = keyGenerator.generateKey().getEncoded();
|
byte[] secretKey = keyGenerator.generateKey().getEncoded();
|
||||||
@ -356,7 +398,7 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
assertTrue(attestation.getCredential().length == attestation.getCredentialSize());
|
assertTrue(attestation.getCredential().length == attestation.getCredentialSize());
|
||||||
|
|
||||||
// create containers for the 2 parts of the credential
|
// create containers for the 2 parts of the credential
|
||||||
byte[] iv = new byte[16];
|
byte[] iv = new byte[ENCRYPTION_IV_LEN];
|
||||||
byte[] credential = new byte[attestation.getCredential().length - iv.length];
|
byte[] credential = new byte[attestation.getCredential().length - iv.length];
|
||||||
|
|
||||||
// siphon off the first 16 bytes for the IV
|
// siphon off the first 16 bytes for the IV
|
||||||
@ -623,7 +665,7 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
* @return encrypted blob
|
* @return encrypted blob
|
||||||
* @throws Exception during the encryption process
|
* @throws Exception during the encryption process
|
||||||
*/
|
*/
|
||||||
private byte[] encryptBlob(byte[] blob, String transformation) throws Exception {
|
private byte[] encryptBlob(final byte[] blob, final String transformation) throws Exception {
|
||||||
// initialize a cipher using the specified transformation
|
// initialize a cipher using the specified transformation
|
||||||
Cipher cipher = Cipher.getInstance(transformation);
|
Cipher cipher = Cipher.getInstance(transformation);
|
||||||
|
|
||||||
@ -645,8 +687,8 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
* @return encrypted blob
|
* @return encrypted blob
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
private byte[] encryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation)
|
private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
|
||||||
throws Exception {
|
final String transformation) throws Exception {
|
||||||
// initialize a cipher using the specified transformation
|
// initialize a cipher using the specified transformation
|
||||||
Cipher cipher = Cipher.getInstance(transformation);
|
Cipher cipher = Cipher.getInstance(transformation);
|
||||||
|
|
||||||
@ -670,7 +712,7 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
* @return decrypted blob
|
* @return decrypted blob
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
private byte[] decryptBlob(byte[] blob) throws Exception {
|
private byte[] decryptBlob(final byte[] blob) throws Exception {
|
||||||
// initialize a cipher using the specified transformation
|
// initialize a cipher using the specified transformation
|
||||||
Cipher cipher = Cipher.getInstance(EncryptionScheme.OAEP.toString());
|
Cipher cipher = Cipher.getInstance(EncryptionScheme.OAEP.toString());
|
||||||
|
|
||||||
@ -695,12 +737,12 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
* @return decrypted blob
|
* @return decrypted blob
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
private byte[] decryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation)
|
private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
|
||||||
throws Exception {
|
final String transformation) throws Exception {
|
||||||
// initialize a cipher using the specified transformation
|
// initialize a cipher using the specified transformation
|
||||||
Cipher cipher = Cipher.getInstance(transformation);
|
Cipher cipher = Cipher.getInstance(transformation);
|
||||||
|
|
||||||
// generate a secret key specification using the key and AES.
|
// generate a secret key specification using the key and AES
|
||||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||||
|
|
||||||
// create IV parameter for key specification
|
// create IV parameter for key specification
|
||||||
@ -712,5 +754,4 @@ public class AttestationCertificateAuthorityTest {
|
|||||||
// return the cipher text
|
// return the cipher text
|
||||||
return cipher.doFinal(blob);
|
return cipher.doFinal(blob);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
package hirs.attestationca.persist.entity;
|
package hirs.attestationca.persist.entity;
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.io.IOException;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import java.security.cert.CertificateException;
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unit tests for the class <code>Appraiser</code>.
|
* Unit tests for the class <code>Appraiser</code>.
|
||||||
@ -160,5 +162,4 @@ public final class AppraiserTest {
|
|||||||
assertNotEquals(appraiser1.hashCode(), appraiser2.hashCode());
|
assertNotEquals(appraiser1.hashCode(), appraiser2.hashCode());
|
||||||
assertNotEquals(appraiser2.hashCode(), appraiser1.hashCode());
|
assertNotEquals(appraiser2.hashCode(), appraiser1.hashCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity;
|
@ -87,13 +87,16 @@ public class TPM2ProvisionerStateTest {
|
|||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])} works.
|
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
* TPM2ProvisionerStateRepository, byte[])} works.
|
||||||
|
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||||
|
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||||
* @throws IOException this will never happen
|
* @throws IOException this will never happen
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public final void testGetTPM2ProvisionerStateNominal() throws IOException {
|
public final void testGetTPM2ProvisionerStateNominal() throws IOException {
|
||||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
|
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
|
||||||
|
mock(TPM2ProvisionerStateRepository.class);
|
||||||
byte[] nonce = new byte[32];
|
byte[] nonce = new byte[32];
|
||||||
byte[] identityClaim = new byte[360];
|
byte[] identityClaim = new byte[360];
|
||||||
random.nextBytes(nonce);
|
random.nextBytes(nonce);
|
||||||
@ -112,12 +115,14 @@ public class TPM2ProvisionerStateTest {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that if a null is passed as a nonce to
|
* Test that if a null is passed as a nonce to
|
||||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||||
|
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||||
* @throws IOException this will never happen
|
* @throws IOException this will never happen
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public final void testGetTPM2ProvisionerStateNullNonce() throws IOException {
|
public final void testGetTPM2ProvisionerStateNullNonce() throws IOException {
|
||||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
|
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
|
||||||
|
mock(TPM2ProvisionerStateRepository.class);
|
||||||
byte[] nonce = new byte[32];
|
byte[] nonce = new byte[32];
|
||||||
byte[] identityClaim = new byte[360];
|
byte[] identityClaim = new byte[360];
|
||||||
random.nextBytes(nonce);
|
random.nextBytes(nonce);
|
||||||
@ -133,12 +138,14 @@ public class TPM2ProvisionerStateTest {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that if a nonce that is less than 8 bytes is passed to
|
* Test that if a nonce that is less than 8 bytes is passed to
|
||||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||||
|
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||||
* @throws IOException this will never happen
|
* @throws IOException this will never happen
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public final void testGetTPM2ProvisionerStateNonceTooSmall() throws IOException {
|
public final void testGetTPM2ProvisionerStateNonceTooSmall() throws IOException {
|
||||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
|
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
|
||||||
|
mock(TPM2ProvisionerStateRepository.class);
|
||||||
byte[] nonce = new byte[32];
|
byte[] nonce = new byte[32];
|
||||||
byte[] identityClaim = new byte[360];
|
byte[] identityClaim = new byte[360];
|
||||||
random.nextBytes(nonce);
|
random.nextBytes(nonce);
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.tpm;
|
@ -0,0 +1,313 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined;
|
||||||
|
|
||||||
|
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
|
||||||
|
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||||
|
import org.apache.logging.log4j.LogManager;
|
||||||
|
import org.apache.logging.log4j.Logger;
|
||||||
|
|
||||||
|
import java.io.FileNotFoundException;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
import java.net.UnknownHostException;
|
||||||
|
import java.nio.file.Path;
|
||||||
|
import java.nio.file.Paths;
|
||||||
|
import java.security.cert.CertificateFactory;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Objects;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class with definitions and functions common to multiple Userdefined Entity object tests.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class AbstractUserdefinedEntityTest {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of a test (fake) SGI intermediate CA certificate.
|
||||||
|
*/
|
||||||
|
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of a test (fake) Intel intermediate CA certificate.
|
||||||
|
*/
|
||||||
|
public static final String FAKE_INTEL_INT_CA_FILE =
|
||||||
|
"/certificates/fakeIntelIntermediateCA.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of a test (fake) root CA certificate.
|
||||||
|
*/
|
||||||
|
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
||||||
|
*/
|
||||||
|
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
|
||||||
|
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of a test identity certificate.
|
||||||
|
*/
|
||||||
|
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of a test platform attribute cert.
|
||||||
|
*/
|
||||||
|
public static final String TEST_PLATFORM_CERT_1 =
|
||||||
|
"/validation/platform_credentials/Intel_pc1.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of another, slightly different platform attribute cert.
|
||||||
|
*/
|
||||||
|
public static final String TEST_PLATFORM_CERT_2 =
|
||||||
|
"/validation/platform_credentials/Intel_pc2.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of another, slightly different platform attribute cert.
|
||||||
|
*/
|
||||||
|
public static final String TEST_PLATFORM_CERT_3 =
|
||||||
|
"/validation/platform_credentials/Intel_pc3.cer";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Platform cert with comma separated baseboard and chassis serial number.
|
||||||
|
*/
|
||||||
|
public static final String TEST_PLATFORM_CERT_4 =
|
||||||
|
"/validation/platform_credentials/Intel_pc4.pem";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Another platform cert with comma separated baseboard and chassis serial number.
|
||||||
|
*/
|
||||||
|
public static final String TEST_PLATFORM_CERT_5 =
|
||||||
|
"/validation/platform_credentials/Intel_pc5.pem";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Location of another, slightly different platform attribute cert.
|
||||||
|
*/
|
||||||
|
public static final String TEST_PLATFORM_CERT_6 =
|
||||||
|
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
|
||||||
|
|
||||||
|
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Dummy message for supply chain validation test.
|
||||||
|
*/
|
||||||
|
public static final String VALIDATION_MESSAGE = "Some message.";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Construct a test certificate from the given parameters.
|
||||||
|
*
|
||||||
|
* @param <T> the type of Certificate that will be created
|
||||||
|
* @param certificateClass the class of certificate to generate
|
||||||
|
* @param filename the location of the certificate to be used
|
||||||
|
* @return the newly-constructed Certificate
|
||||||
|
* @throws IOException if there is a problem constructing the test certificate
|
||||||
|
*/
|
||||||
|
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||||
|
final Class<T> certificateClass, final String filename)
|
||||||
|
throws IOException {
|
||||||
|
return getTestCertificate(certificateClass, filename, null, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Construct a test certificate from the given parameters.
|
||||||
|
*
|
||||||
|
* @param <T> the type of Certificate that will be created
|
||||||
|
* @param certificateClass the class of certificate to generate
|
||||||
|
* @param filename the location of the certificate to be used
|
||||||
|
* @param endorsementCredential the endorsement credentials (can be null)
|
||||||
|
* @param platformCredentials the platform credentials (can be null)
|
||||||
|
* @return the newly-constructed Certificate
|
||||||
|
* @throws IOException if there is a problem constructing the test certificate
|
||||||
|
*/
|
||||||
|
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||||
|
final Class<T> certificateClass, final String filename,
|
||||||
|
final EndorsementCredential endorsementCredential,
|
||||||
|
final List<PlatformCredential> platformCredentials)
|
||||||
|
throws IOException {
|
||||||
|
|
||||||
|
Path certPath;
|
||||||
|
try {
|
||||||
|
certPath = Paths.get(Objects.requireNonNull(
|
||||||
|
AbstractUserdefinedEntityTest.class.getResource(filename)).toURI());
|
||||||
|
// certPath = Paths.get(Objects.requireNonNull(
|
||||||
|
// CertificateTest.class.getResource(filename)).toURI());
|
||||||
|
} catch (URISyntaxException e) {
|
||||||
|
throw new IOException("Could not resolve path URI", e);
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (certificateClass.getSimpleName()) {
|
||||||
|
case "CertificateAuthorityCredential":
|
||||||
|
return new CertificateAuthorityCredential(certPath);
|
||||||
|
case "ConformanceCredential":
|
||||||
|
return new ConformanceCredential(certPath);
|
||||||
|
case "EndorsementCredential":
|
||||||
|
return new EndorsementCredential(certPath);
|
||||||
|
case "PlatformCredential":
|
||||||
|
return new PlatformCredential(certPath);
|
||||||
|
case "IssuedAttestationCertificate":
|
||||||
|
return new IssuedAttestationCertificate(certPath,
|
||||||
|
endorsementCredential, platformCredentials);
|
||||||
|
default:
|
||||||
|
throw new IllegalArgumentException(
|
||||||
|
String.format("Unknown certificate class %s", certificateClass.getName())
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a list of all test certificates.
|
||||||
|
*
|
||||||
|
* @return a list of all test certificates
|
||||||
|
* @throws IOException if there is a problem deserializing certificates
|
||||||
|
*/
|
||||||
|
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
|
||||||
|
return Arrays.asList(
|
||||||
|
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
|
||||||
|
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
|
||||||
|
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a DeviceInfoReport instance usable for testing.
|
||||||
|
*
|
||||||
|
* @return a test DeviceInfoReport
|
||||||
|
*/
|
||||||
|
public static DeviceInfoReport getTestDeviceInfoReport() {
|
||||||
|
return new DeviceInfoReport(
|
||||||
|
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
|
||||||
|
createTestHardwareInfo(), createTPMInfo()
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a test instance of NetworkInfo.
|
||||||
|
*
|
||||||
|
* @return network information for a fake device
|
||||||
|
*/
|
||||||
|
public static NetworkInfo createTestNetworkInfo() {
|
||||||
|
try {
|
||||||
|
final String hostname = "test.hostname";
|
||||||
|
final InetAddress ipAddress =
|
||||||
|
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
|
||||||
|
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
||||||
|
return new NetworkInfo(hostname, ipAddress, macAddress);
|
||||||
|
|
||||||
|
} catch (UnknownHostException e) {
|
||||||
|
LOGGER.error("error occurred while creating InetAddress");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a test instance of OSInfo.
|
||||||
|
*
|
||||||
|
* @return OS information for a fake device
|
||||||
|
*/
|
||||||
|
public static OSInfo createTestOSInfo() {
|
||||||
|
return new OSInfo("test os name", "test os version", "test os arch",
|
||||||
|
"test distribution", "test distribution release");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a test instance of FirmwareInfo.
|
||||||
|
*
|
||||||
|
* @return Firmware information for a fake device
|
||||||
|
*/
|
||||||
|
public static FirmwareInfo createTestFirmwareInfo() {
|
||||||
|
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a test instance of HardwareInfo.
|
||||||
|
*
|
||||||
|
* @return Hardware information for a fake device
|
||||||
|
*/
|
||||||
|
public static HardwareInfo createTestHardwareInfo() {
|
||||||
|
return new HardwareInfo("test manufacturer", "test product name", "test version",
|
||||||
|
"test really long serial number with many characters", "test really long chassis "
|
||||||
|
+ "serial number with many characters",
|
||||||
|
"test really long baseboard serial number with many characters");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a test instance of TPMInfo.
|
||||||
|
*
|
||||||
|
* @return TPM information for a fake device
|
||||||
|
*/
|
||||||
|
public static final TPMInfo createTPMInfo() {
|
||||||
|
final short num1 = 1;
|
||||||
|
final short num2 = 2;
|
||||||
|
final short num3 = 3;
|
||||||
|
final short num4 = 4;
|
||||||
|
return new TPMInfo("test os make", num1, num2, num3, num4,
|
||||||
|
getTestIdentityCertificate());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a test identity certificate.
|
||||||
|
*
|
||||||
|
* @return the test X509 certificate
|
||||||
|
*/
|
||||||
|
public static X509Certificate getTestIdentityCertificate() {
|
||||||
|
X509Certificate certificateValue = null;
|
||||||
|
InputStream istream = null;
|
||||||
|
istream = AbstractUserdefinedEntityTest.class.getResourceAsStream(
|
||||||
|
TEST_IDENTITY_CERT
|
||||||
|
);
|
||||||
|
try {
|
||||||
|
if (istream == null) {
|
||||||
|
throw new FileNotFoundException(TEST_IDENTITY_CERT);
|
||||||
|
}
|
||||||
|
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||||
|
certificateValue = (X509Certificate) cf.generateCertificate(
|
||||||
|
istream);
|
||||||
|
|
||||||
|
} catch (Exception e) {
|
||||||
|
return null;
|
||||||
|
} finally {
|
||||||
|
if (istream != null) {
|
||||||
|
try {
|
||||||
|
istream.close();
|
||||||
|
} catch (IOException e) {
|
||||||
|
LOGGER.error("test certificate file could not be closed");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return certificateValue;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
|
||||||
|
*
|
||||||
|
* @param type the type of validation
|
||||||
|
* @param result the appraisal result
|
||||||
|
* @param certificates the certificates related to this validation
|
||||||
|
* @return the resulting SupplyChainValidation object
|
||||||
|
*/
|
||||||
|
public static SupplyChainValidation getTestSupplyChainValidation(
|
||||||
|
final SupplyChainValidation.ValidationType type,
|
||||||
|
final AppraisalStatus.Status result,
|
||||||
|
final List<ArchivableEntity> certificates) {
|
||||||
|
return new SupplyChainValidation(
|
||||||
|
type,
|
||||||
|
result,
|
||||||
|
certificates,
|
||||||
|
VALIDATION_MESSAGE
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
@ -1,6 +1,11 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined;
|
package hirs.attestationca.persist.entity.userdefined;
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||||
|
import org.bouncycastle.cert.X509AttributeCertificateHolder;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@ -14,12 +19,8 @@ import java.security.cert.CertificateException;
|
|||||||
import java.security.cert.CertificateFactory;
|
import java.security.cert.CertificateFactory;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.*;
|
|
||||||
import org.bouncycastle.cert.X509AttributeCertificateHolder;
|
|
||||||
import org.junit.jupiter.api.Test;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
@ -29,17 +30,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
|
|||||||
/**
|
/**
|
||||||
* This class tests functionality of the {@link Certificate} class.
|
* This class tests functionality of the {@link Certificate} class.
|
||||||
*/
|
*/
|
||||||
public class CertificateTest {
|
public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||||
/**
|
|
||||||
* Location of a test (fake) root CA certificate.
|
|
||||||
*/
|
|
||||||
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Location of a test (fake) Intel intermediate CA certificate.
|
|
||||||
*/
|
|
||||||
public static final String FAKE_INTEL_INT_CA_FILE =
|
|
||||||
"/certificates/fakeIntelIntermediateCA.cer";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Location of a test (fake) Intel intermediate CA certificate.
|
* Location of a test (fake) Intel intermediate CA certificate.
|
||||||
@ -47,11 +38,6 @@ public class CertificateTest {
|
|||||||
public static final String INTEL_INT_CA_FILE =
|
public static final String INTEL_INT_CA_FILE =
|
||||||
"/validation/platform_credentials/intel_chain/root/intermediate2.cer";
|
"/validation/platform_credentials/intel_chain/root/intermediate2.cer";
|
||||||
|
|
||||||
/**
|
|
||||||
* Location of a test (fake) SGI intermediate CA certificate.
|
|
||||||
*/
|
|
||||||
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Location of another test self-signed certificate.
|
* Location of another test self-signed certificate.
|
||||||
*/
|
*/
|
||||||
@ -78,12 +64,6 @@ public class CertificateTest {
|
|||||||
*/
|
*/
|
||||||
public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
|
public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
|
||||||
|
|
||||||
/**
|
|
||||||
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
|
||||||
*/
|
|
||||||
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
|
|
||||||
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Location of a test STM endorsement credential.
|
* Location of a test STM endorsement credential.
|
||||||
*/
|
*/
|
||||||
@ -119,7 +99,8 @@ public class CertificateTest {
|
|||||||
public void testConstructCertFromByteArray() throws IOException, URISyntaxException {
|
public void testConstructCertFromByteArray() throws IOException, URISyntaxException {
|
||||||
Certificate certificate = new CertificateAuthorityCredential(
|
Certificate certificate = new CertificateAuthorityCredential(
|
||||||
Files.readAllBytes(
|
Files.readAllBytes(
|
||||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
|
FAKE_ROOT_CA_FILE)).toURI())
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
@ -163,7 +144,8 @@ public class CertificateTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testConstructCertFromPath() throws URISyntaxException, IOException {
|
public void testConstructCertFromPath() throws URISyntaxException, IOException {
|
||||||
Certificate certificate = new CertificateAuthorityCredential(
|
Certificate certificate = new CertificateAuthorityCredential(
|
||||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
|
FAKE_ROOT_CA_FILE)).toURI())
|
||||||
);
|
);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
"CN=Fake Root CA",
|
"CN=Fake Root CA",
|
||||||
@ -202,12 +184,12 @@ public class CertificateTest {
|
|||||||
Certificate.CertificateType.X509_CERTIFICATE,
|
Certificate.CertificateType.X509_CERTIFICATE,
|
||||||
getTestCertificate(
|
getTestCertificate(
|
||||||
PlatformCredential.class,
|
PlatformCredential.class,
|
||||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType());
|
TEST_PLATFORM_CERT_3).getCertificateType());
|
||||||
assertEquals(
|
assertEquals(
|
||||||
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
|
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
|
||||||
getTestCertificate(
|
getTestCertificate(
|
||||||
PlatformCredential.class,
|
PlatformCredential.class,
|
||||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType());
|
TEST_PLATFORM_CERT_3).getCertificateType());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -220,7 +202,7 @@ public class CertificateTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testImportPem() throws IOException {
|
public void testImportPem() throws IOException {
|
||||||
Certificate platformCredential = getTestCertificate(
|
Certificate platformCredential = getTestCertificate(
|
||||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_4
|
PlatformCredential.class, TEST_PLATFORM_CERT_4
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(
|
assertEquals(
|
||||||
@ -232,7 +214,7 @@ public class CertificateTest {
|
|||||||
);
|
);
|
||||||
|
|
||||||
platformCredential = getTestCertificate(
|
platformCredential = getTestCertificate(
|
||||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_5
|
PlatformCredential.class, TEST_PLATFORM_CERT_5
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(
|
assertEquals(
|
||||||
@ -295,13 +277,12 @@ public class CertificateTest {
|
|||||||
public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException {
|
public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException {
|
||||||
Certificate platformCert = getTestCertificate(
|
Certificate platformCert = getTestCertificate(
|
||||||
PlatformCredential.class,
|
PlatformCredential.class,
|
||||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3
|
TEST_PLATFORM_CERT_3
|
||||||
);
|
);
|
||||||
|
|
||||||
X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder(
|
X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
Files.readAllBytes(Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3
|
TEST_PLATFORM_CERT_3)).toURI()))
|
||||||
)).toURI()))
|
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(
|
assertEquals(
|
||||||
@ -330,7 +311,7 @@ public class CertificateTest {
|
|||||||
public void testX509AttributeCertificateParsingExtended()
|
public void testX509AttributeCertificateParsingExtended()
|
||||||
throws IOException, URISyntaxException {
|
throws IOException, URISyntaxException {
|
||||||
Certificate platformCert = getTestCertificate(
|
Certificate platformCert = getTestCertificate(
|
||||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6);
|
PlatformCredential.class, TEST_PLATFORM_CERT_6);
|
||||||
|
|
||||||
assertEquals("https://trustedservices.intel.com/"
|
assertEquals("https://trustedservices.intel.com/"
|
||||||
+ "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n",
|
+ "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n",
|
||||||
@ -428,11 +409,13 @@ public class CertificateTest {
|
|||||||
|
|
||||||
assertEquals(
|
assertEquals(
|
||||||
new CertificateAuthorityCredential(
|
new CertificateAuthorityCredential(
|
||||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
|
FAKE_ROOT_CA_FILE)).toURI())
|
||||||
),
|
),
|
||||||
new CertificateAuthorityCredential(
|
new CertificateAuthorityCredential(
|
||||||
Files.readAllBytes(
|
Files.readAllBytes(
|
||||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
|
FAKE_ROOT_CA_FILE)).toURI())
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
@ -489,11 +472,13 @@ public class CertificateTest {
|
|||||||
|
|
||||||
assertEquals(
|
assertEquals(
|
||||||
new CertificateAuthorityCredential(
|
new CertificateAuthorityCredential(
|
||||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
|
FAKE_ROOT_CA_FILE)).toURI())
|
||||||
).hashCode(),
|
).hashCode(),
|
||||||
new CertificateAuthorityCredential(
|
new CertificateAuthorityCredential(
|
||||||
Files.readAllBytes(
|
Files.readAllBytes(
|
||||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||||
|
FAKE_ROOT_CA_FILE)).toURI())
|
||||||
)
|
)
|
||||||
).hashCode()
|
).hashCode()
|
||||||
);
|
);
|
||||||
@ -520,79 +505,6 @@ public class CertificateTest {
|
|||||||
return getTestCertificate(CertificateAuthorityCredential.class, filename);
|
return getTestCertificate(CertificateAuthorityCredential.class, filename);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Construct a test certificate from the given parameters.
|
|
||||||
*
|
|
||||||
* @param <T> the type of Certificate that will be created
|
|
||||||
* @param certificateClass the class of certificate to generate
|
|
||||||
* @param filename the location of the certificate to be used
|
|
||||||
* @return the newly-constructed Certificate
|
|
||||||
* @throws IOException if there is a problem constructing the test certificate
|
|
||||||
*/
|
|
||||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
|
||||||
final Class<T> certificateClass, final String filename)
|
|
||||||
throws IOException {
|
|
||||||
return getTestCertificate(certificateClass, filename, null, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Construct a test certificate from the given parameters.
|
|
||||||
*
|
|
||||||
* @param <T> the type of Certificate that will be created
|
|
||||||
* @param certificateClass the class of certificate to generate
|
|
||||||
* @param filename the location of the certificate to be used
|
|
||||||
* @param endorsementCredential the endorsement credentials (can be null)
|
|
||||||
* @param platformCredentials the platform credentials (can be null)
|
|
||||||
* @return the newly-constructed Certificate
|
|
||||||
* @throws IOException if there is a problem constructing the test certificate
|
|
||||||
*/
|
|
||||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
|
||||||
final Class<T> certificateClass, final String filename,
|
|
||||||
final EndorsementCredential endorsementCredential,
|
|
||||||
final List<PlatformCredential> platformCredentials)
|
|
||||||
throws IOException {
|
|
||||||
|
|
||||||
Path certPath;
|
|
||||||
try {
|
|
||||||
certPath = Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(filename)).toURI());
|
|
||||||
} catch (URISyntaxException e) {
|
|
||||||
throw new IOException("Could not resolve path URI", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
switch (certificateClass.getSimpleName()) {
|
|
||||||
case "CertificateAuthorityCredential":
|
|
||||||
return new CertificateAuthorityCredential(certPath);
|
|
||||||
case "ConformanceCredential":
|
|
||||||
return new ConformanceCredential(certPath);
|
|
||||||
case "EndorsementCredential":
|
|
||||||
return new EndorsementCredential(certPath);
|
|
||||||
case "PlatformCredential":
|
|
||||||
return new PlatformCredential(certPath);
|
|
||||||
case "IssuedAttestationCertificate":
|
|
||||||
return new IssuedAttestationCertificate(certPath,
|
|
||||||
endorsementCredential, platformCredentials);
|
|
||||||
default:
|
|
||||||
throw new IllegalArgumentException(
|
|
||||||
String.format("Unknown certificate class %s", certificateClass.getName())
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return a list of all test certificates.
|
|
||||||
*
|
|
||||||
* @return a list of all test certificates
|
|
||||||
* @throws IOException if there is a problem deserializing certificates
|
|
||||||
*/
|
|
||||||
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
|
|
||||||
return Arrays.asList(
|
|
||||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
|
|
||||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
|
|
||||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static X509Certificate readX509Certificate(final String resourceName)
|
private static X509Certificate readX509Certificate(final String resourceName)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
|
||||||
@ -603,8 +515,9 @@ public class CertificateTest {
|
|||||||
throw new IOException("Cannot get X509 CertificateFactory instance", e);
|
throw new IOException("Cannot get X509 CertificateFactory instance", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
try (FileInputStream certInputStream = new FileInputStream(
|
try (FileInputStream certInputStream = new FileInputStream(Paths.get(
|
||||||
Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(resourceName)).toURI()).toFile()
|
Objects.requireNonNull(CertificateTest.class.getResource(
|
||||||
|
resourceName)).toURI()).toFile()
|
||||||
)) {
|
)) {
|
||||||
return (X509Certificate) cf.generateCertificate(certInputStream);
|
return (X509Certificate) cf.generateCertificate(certInputStream);
|
||||||
} catch (CertificateException | URISyntaxException e) {
|
} catch (CertificateException | URISyntaxException e) {
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined;
|
package hirs.attestationca.persist.entity.userdefined;
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
|
|
||||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||||
import hirs.attestationca.persist.enums.HealthStatus;
|
import hirs.attestationca.persist.enums.HealthStatus;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@ -14,19 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertNull;
|
|||||||
* This is the test class for the <code>Device</code> class.
|
* This is the test class for the <code>Device</code> class.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public final class DeviceTest {
|
public final class DeviceTest extends AbstractUserdefinedEntityTest {
|
||||||
/**
|
|
||||||
* Utility method for getting a <code>Device</code> that can be used for
|
|
||||||
* testing.
|
|
||||||
*
|
|
||||||
* @param name name for the <code>Device</code>
|
|
||||||
*
|
|
||||||
* @return device
|
|
||||||
*/
|
|
||||||
public static Device getTestDevice(final String name) {
|
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
|
||||||
return new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests that the device constructor can take a name.
|
* Tests that the device constructor can take a name.
|
||||||
@ -34,7 +21,9 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testDevice() {
|
public void testDevice() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null , null);
|
final Device device = new Device(name, null, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertNotNull(device);
|
assertNotNull(device);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -45,8 +34,10 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testDeviceNameAndInfo() {
|
public void testDeviceNameAndInfo() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -56,7 +47,9 @@ public final class DeviceTest {
|
|||||||
public void testDeviceNameAndNullInfo() {
|
public void testDeviceNameAndNullInfo() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final DeviceInfoReport deviceInfo = null;
|
final DeviceInfoReport deviceInfo = null;
|
||||||
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -65,8 +58,10 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testGetDeviceInfo() {
|
public void testGetDeviceInfo() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertEquals(deviceInfo, device.getDeviceInfo());
|
assertEquals(deviceInfo, device.getDeviceInfo());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -76,9 +71,11 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testSetDeviceInfo() {
|
public void testSetDeviceInfo() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, null, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertNull(device.getDeviceInfo());
|
assertNull(device.getDeviceInfo());
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
device.setDeviceInfo(deviceInfo);
|
device.setDeviceInfo(deviceInfo);
|
||||||
assertEquals(deviceInfo, device.getDeviceInfo());
|
assertEquals(deviceInfo, device.getDeviceInfo());
|
||||||
}
|
}
|
||||||
@ -89,8 +86,10 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testSetNullDeviceInfo() {
|
public void testSetNullDeviceInfo() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertEquals(deviceInfo, device.getDeviceInfo());
|
assertEquals(deviceInfo, device.getDeviceInfo());
|
||||||
device.setDeviceInfo(null);
|
device.setDeviceInfo(null);
|
||||||
assertNull(device.getDeviceInfo());
|
assertNull(device.getDeviceInfo());
|
||||||
@ -102,8 +101,10 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testNotNullLastReportTimeStamp() {
|
public void testNotNullLastReportTimeStamp() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertNotNull(device.getLastReportTimestamp());
|
assertNotNull(device.getLastReportTimestamp());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -112,7 +113,9 @@ public final class DeviceTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testSetHealthStatus() {
|
public void testSetHealthStatus() {
|
||||||
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
device.setHealthStatus(HealthStatus.TRUSTED);
|
device.setHealthStatus(HealthStatus.TRUSTED);
|
||||||
assertEquals(HealthStatus.TRUSTED, device.getHealthStatus());
|
assertEquals(HealthStatus.TRUSTED, device.getHealthStatus());
|
||||||
}
|
}
|
||||||
@ -124,9 +127,13 @@ public final class DeviceTest {
|
|||||||
public void testDeviceEquals() {
|
public void testDeviceEquals() {
|
||||||
final String name = "my-laptop";
|
final String name = "my-laptop";
|
||||||
final String otherName = "my-laptop";
|
final String otherName = "my-laptop";
|
||||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
|
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertEquals(device, other);
|
assertEquals(device, other);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -136,8 +143,10 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testGetDefaultSupplyChainStatus() {
|
public void testGetDefaultSupplyChainStatus() {
|
||||||
String name = "my-laptop";
|
String name = "my-laptop";
|
||||||
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
assertEquals(AppraisalStatus.Status.UNKNOWN, device.getSupplyChainValidationStatus());
|
assertEquals(AppraisalStatus.Status.UNKNOWN, device.getSupplyChainValidationStatus());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -147,8 +156,10 @@ public final class DeviceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testSetAndGetSupplyChainStatus() {
|
public void testSetAndGetSupplyChainStatus() {
|
||||||
String name = "my-laptop";
|
String name = "my-laptop";
|
||||||
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||||
|
null, null);
|
||||||
device.setSupplyChainValidationStatus(AppraisalStatus.Status.PASS);
|
device.setSupplyChainValidationStatus(AppraisalStatus.Status.PASS);
|
||||||
assertEquals(AppraisalStatus.Status.PASS, device.getSupplyChainValidationStatus());
|
assertEquals(AppraisalStatus.Status.PASS, device.getSupplyChainValidationStatus());
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,221 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined;
|
||||||
|
|
||||||
|
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||||
|
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||||
|
import hirs.attestationca.persist.enums.HealthStatus;
|
||||||
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.junit.jupiter.api.TestInstance;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests the functionality in SupplyChainValidationSummary.
|
||||||
|
*/
|
||||||
|
|
||||||
|
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
|
||||||
|
public class SupplyChainValidationSummaryTest extends AbstractUserdefinedEntityTest {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test device.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
private Device device;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* List of test certificates.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
private List<ArchivableEntity> certificates;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a set of certificates and a device for use by these tests.
|
||||||
|
*
|
||||||
|
* @throws Exception if there is a problem deserializing certificates or creating test device
|
||||||
|
*/
|
||||||
|
@BeforeAll
|
||||||
|
public void setup() throws Exception {
|
||||||
|
|
||||||
|
certificates = getAllTestCertificates();
|
||||||
|
device = getTestDevice("TestDevice");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests that an empty summary behaves as expected.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testEmptySummary() throws InterruptedException {
|
||||||
|
SupplyChainValidationSummary emptySummary = getTestSummary(
|
||||||
|
0,
|
||||||
|
0
|
||||||
|
);
|
||||||
|
|
||||||
|
//assertEquals(device, emptySummary.getDevice());
|
||||||
|
assertEquals(device.getDeviceInfo(), emptySummary.getDevice().getDeviceInfo());
|
||||||
|
assertEquals(Collections.EMPTY_SET, emptySummary.getValidations());
|
||||||
|
assertEquals(AppraisalStatus.Status.PASS, emptySummary.getOverallValidationResult());
|
||||||
|
assertNotNull(emptySummary.getCreateTime());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a summary can't be created with a null validationIdentifier.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullValidationIdentifier() {
|
||||||
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
|
new SupplyChainValidationSummary(null, Collections.emptyList()));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a summary can't be created with a null validations list.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullValidationList() {
|
||||||
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
|
new SupplyChainValidationSummary(device, null));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that summaries with one and two component validations, which both represent successful
|
||||||
|
* validations, have getters that return the expected information.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSuccessfulSummary() throws InterruptedException {
|
||||||
|
SupplyChainValidationSummary oneValidation = getTestSummary(
|
||||||
|
1,
|
||||||
|
0
|
||||||
|
);
|
||||||
|
|
||||||
|
//assertEquals(device, oneValidation.getDevice());
|
||||||
|
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
|
||||||
|
assertEquals(1, oneValidation.getValidations().size());
|
||||||
|
assertEquals(AppraisalStatus.Status.PASS, oneValidation.getOverallValidationResult());
|
||||||
|
assertNotNull(oneValidation.getCreateTime());
|
||||||
|
|
||||||
|
SupplyChainValidationSummary twoValidations = getTestSummary(
|
||||||
|
2,
|
||||||
|
0
|
||||||
|
);
|
||||||
|
|
||||||
|
//assertEquals(device, twoValidations.getDevice());
|
||||||
|
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
|
||||||
|
assertEquals(2, twoValidations.getValidations().size());
|
||||||
|
assertEquals(twoValidations.getOverallValidationResult(), AppraisalStatus.Status.PASS);
|
||||||
|
assertNotNull(twoValidations.getCreateTime());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that summaries with one and two component validations, of which one represents an
|
||||||
|
* unsuccessful validations, have getters that return the expected information.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testUnsuccessfulSummary() throws InterruptedException {
|
||||||
|
SupplyChainValidationSummary oneValidation = getTestSummary(
|
||||||
|
1,
|
||||||
|
1
|
||||||
|
);
|
||||||
|
|
||||||
|
//assertEquals(device, oneValidation.getDevice());
|
||||||
|
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
|
||||||
|
assertEquals(1, oneValidation.getValidations().size());
|
||||||
|
assertEquals(AppraisalStatus.Status.FAIL, oneValidation.getOverallValidationResult());
|
||||||
|
assertNotNull(oneValidation.getCreateTime());
|
||||||
|
|
||||||
|
SupplyChainValidationSummary twoValidations = getTestSummary(
|
||||||
|
2,
|
||||||
|
1
|
||||||
|
);
|
||||||
|
|
||||||
|
//assertEquals(device, twoValidations.getDevice());
|
||||||
|
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
|
||||||
|
assertEquals(2, twoValidations.getValidations().size());
|
||||||
|
assertEquals(AppraisalStatus.Status.FAIL, twoValidations.getOverallValidationResult());
|
||||||
|
assertNotNull(twoValidations.getCreateTime());
|
||||||
|
|
||||||
|
SupplyChainValidationSummary twoBadValidations = getTestSummary(
|
||||||
|
2,
|
||||||
|
2
|
||||||
|
);
|
||||||
|
|
||||||
|
//assertEquals(device, twoBadValidations.getDevice());
|
||||||
|
assertEquals(device.getDeviceInfo(), twoBadValidations.getDevice().getDeviceInfo());
|
||||||
|
assertEquals(2, twoBadValidations.getValidations().size());
|
||||||
|
assertEquals(AppraisalStatus.Status.FAIL, twoBadValidations.getOverallValidationResult());
|
||||||
|
assertNotNull(twoBadValidations.getCreateTime());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Utility method for getting a <code>Device</code> that can be used for
|
||||||
|
* testing.
|
||||||
|
*
|
||||||
|
* @param name name for the <code>Device</code>
|
||||||
|
*
|
||||||
|
* @return device
|
||||||
|
*/
|
||||||
|
public static Device getTestDevice(final String name) {
|
||||||
|
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||||
|
return new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||||
|
AppraisalStatus.Status.UNKNOWN, null,
|
||||||
|
false, null, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Utility method for getting a <code>SupplyChainValidationSummary</code> that can be used for
|
||||||
|
* testing.
|
||||||
|
*
|
||||||
|
* @param numberOfValidations number of validations for the <code>SupplyChainValidationSummary</code>
|
||||||
|
* @param numFail number of failed validations
|
||||||
|
*
|
||||||
|
* @return device
|
||||||
|
*/
|
||||||
|
private SupplyChainValidationSummary getTestSummary(
|
||||||
|
final int numberOfValidations,
|
||||||
|
final int numFail
|
||||||
|
) throws InterruptedException {
|
||||||
|
SupplyChainValidation.ValidationType[] validationTypes =
|
||||||
|
SupplyChainValidation.ValidationType.values();
|
||||||
|
|
||||||
|
if (numberOfValidations > validationTypes.length) {
|
||||||
|
throw new IllegalArgumentException(String.format(
|
||||||
|
"Cannot have more than %d validation types",
|
||||||
|
validationTypes.length
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (numFail > numberOfValidations) {
|
||||||
|
throw new IllegalArgumentException(String.format(
|
||||||
|
"Cannot have more than %d failed validations",
|
||||||
|
validationTypes.length
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
Collection<SupplyChainValidation> validations = new HashSet<>();
|
||||||
|
for (int i = 0; i < numberOfValidations; i++) {
|
||||||
|
boolean successful = true;
|
||||||
|
if (i >= (numberOfValidations - numFail)) {
|
||||||
|
successful = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
AppraisalStatus.Status result = AppraisalStatus.Status.FAIL;
|
||||||
|
if (successful) {
|
||||||
|
result = AppraisalStatus.Status.PASS;
|
||||||
|
}
|
||||||
|
|
||||||
|
validations.add(SupplyChainValidationTest.getTestSupplyChainValidation(
|
||||||
|
validationTypes[i],
|
||||||
|
result,
|
||||||
|
certificates
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
return new SupplyChainValidationSummary(device, validations);
|
||||||
|
}
|
||||||
|
}
|
@ -1,21 +1,18 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined;
|
package hirs.attestationca.persist.entity.userdefined;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
|
||||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.List;
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Simple tests for the {@link SupplyChainValidation} class. Tests for the persistence of this
|
* Simple tests for the {@link SupplyChainValidation} class. Tests for the persistence of this
|
||||||
* class are located in { SupplyChainValidationSummaryTest}.
|
* class are located in { SupplyChainValidationSummaryTest}.
|
||||||
*/
|
*/
|
||||||
class SupplyChainValidationTest {
|
class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
|
||||||
private static final String MESSAGE = "Some message.";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that this class' getter methods work properly.
|
* Test that this class' getter methods work properly.
|
||||||
@ -31,9 +28,9 @@ class SupplyChainValidationTest {
|
|||||||
);
|
);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
validation.getCertificatesUsed(),
|
validation.getCertificatesUsed(),
|
||||||
CertificateTest.getAllTestCertificates()
|
getAllTestCertificates()
|
||||||
);
|
);
|
||||||
assertEquals(validation.getMessage(), MESSAGE);
|
assertEquals(validation.getMessage(), VALIDATION_MESSAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -47,8 +44,8 @@ class SupplyChainValidationTest {
|
|||||||
new SupplyChainValidation(
|
new SupplyChainValidation(
|
||||||
null,
|
null,
|
||||||
AppraisalStatus.Status.PASS,
|
AppraisalStatus.Status.PASS,
|
||||||
CertificateTest.getAllTestCertificates(),
|
getAllTestCertificates(),
|
||||||
MESSAGE
|
VALIDATION_MESSAGE
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -64,7 +61,7 @@ class SupplyChainValidationTest {
|
|||||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||||
AppraisalStatus.Status.PASS,
|
AppraisalStatus.Status.PASS,
|
||||||
null,
|
null,
|
||||||
MESSAGE
|
VALIDATION_MESSAGE
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,8 +75,8 @@ class SupplyChainValidationTest {
|
|||||||
new SupplyChainValidation(
|
new SupplyChainValidation(
|
||||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||||
AppraisalStatus.Status.PASS,
|
AppraisalStatus.Status.PASS,
|
||||||
CertificateTest.getAllTestCertificates(),
|
getAllTestCertificates(),
|
||||||
MESSAGE
|
VALIDATION_MESSAGE
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -95,27 +92,7 @@ class SupplyChainValidationTest {
|
|||||||
return getTestSupplyChainValidation(
|
return getTestSupplyChainValidation(
|
||||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||||
AppraisalStatus.Status.PASS,
|
AppraisalStatus.Status.PASS,
|
||||||
CertificateTest.getAllTestCertificates()
|
getAllTestCertificates()
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
|
|
||||||
*
|
|
||||||
* @param type the type of validation
|
|
||||||
* @param result the appraisal result
|
|
||||||
* @param certificates the certificates related to this validation
|
|
||||||
* @return the resulting SupplyChainValidation object
|
|
||||||
*/
|
|
||||||
public static SupplyChainValidation getTestSupplyChainValidation(
|
|
||||||
final SupplyChainValidation.ValidationType type,
|
|
||||||
final AppraisalStatus.Status result,
|
|
||||||
final List<ArchivableEntity> certificates) {
|
|
||||||
return new SupplyChainValidation(
|
|
||||||
type,
|
|
||||||
result,
|
|
||||||
certificates,
|
|
||||||
MESSAGE
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,8 +1,7 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
|
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||||
import org.apache.commons.codec.binary.Hex;
|
import org.apache.commons.codec.binary.Hex;
|
||||||
import static org.mockito.Mockito.mock;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@ -12,13 +11,11 @@ import java.net.URISyntaxException;
|
|||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests that CertificateAuthorityCredential properly parses its fields.
|
* Tests that CertificateAuthorityCredential properly parses its fields.
|
||||||
*/
|
*/
|
||||||
public class CertificateAuthorityCredentialTest {
|
public class CertificateAuthorityCredentialTest extends AbstractUserdefinedEntityTest {
|
||||||
private static final CertificateRepository CERT_MAN = mock(CertificateRepository.class);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and
|
* Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and
|
||||||
@ -33,7 +30,7 @@ public class CertificateAuthorityCredentialTest {
|
|||||||
public void testGetSubjectKeyIdentifier()
|
public void testGetSubjectKeyIdentifier()
|
||||||
throws CertificateException, IOException, URISyntaxException {
|
throws CertificateException, IOException, URISyntaxException {
|
||||||
Path testCertPath = Paths.get(
|
Path testCertPath = Paths.get(
|
||||||
this.getClass().getResource(CertificateTest.FAKE_ROOT_CA_FILE).toURI()
|
this.getClass().getResource(FAKE_ROOT_CA_FILE).toURI()
|
||||||
);
|
);
|
||||||
CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath);
|
CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath);
|
||||||
|
|
||||||
@ -42,7 +39,7 @@ public class CertificateAuthorityCredentialTest {
|
|||||||
assertNotNull(subjectKeyIdentifier);
|
assertNotNull(subjectKeyIdentifier);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
Hex.encodeHexString(subjectKeyIdentifier),
|
Hex.encodeHexString(subjectKeyIdentifier),
|
||||||
CertificateTest.FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
|
FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
|||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
|
||||||
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@ -29,13 +28,15 @@ public class EndorsementCredentialTest {
|
|||||||
private static final String EK_CERT_WITH_SECURITY_ASSERTIONS =
|
private static final String EK_CERT_WITH_SECURITY_ASSERTIONS =
|
||||||
"/certificates/ek_cert_with_security_assertions.cer";
|
"/certificates/ek_cert_with_security_assertions.cer";
|
||||||
|
|
||||||
|
private static final int TPM_SPEC_REVISION_NUM = 116;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests the successful parsing of an EC using a test cert from STM.
|
* Tests the successful parsing of an EC using a test cert from STM.
|
||||||
* @throws IOException test failed due to invalid certificate parsing
|
* @throws IOException test failed due to invalid certificate parsing
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testParse() throws IOException {
|
public void testParse() throws IOException {
|
||||||
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).
|
String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).
|
||||||
getPath();
|
getPath();
|
||||||
Path fPath = Paths.get(path);
|
Path fPath = Paths.get(path);
|
||||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||||
@ -49,7 +50,7 @@ public class EndorsementCredentialTest {
|
|||||||
TPMSpecification spec = ec.getTpmSpecification();
|
TPMSpecification spec = ec.getTpmSpecification();
|
||||||
assertEquals(spec.getFamily(), "1.2");
|
assertEquals(spec.getFamily(), "1.2");
|
||||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||||
|
|
||||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||||
@ -68,7 +69,7 @@ public class EndorsementCredentialTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testParseNuc1() throws IOException {
|
public void testParseNuc1() throws IOException {
|
||||||
String path = CertificateTest.class.getResource(
|
String path = this.getClass().getResource(
|
||||||
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||||
Path fPath = Paths.get(path);
|
Path fPath = Paths.get(path);
|
||||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||||
@ -82,7 +83,7 @@ public class EndorsementCredentialTest {
|
|||||||
TPMSpecification spec = ec.getTpmSpecification();
|
TPMSpecification spec = ec.getTpmSpecification();
|
||||||
assertEquals(spec.getFamily(), "1.2");
|
assertEquals(spec.getFamily(), "1.2");
|
||||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||||
|
|
||||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||||
@ -102,7 +103,7 @@ public class EndorsementCredentialTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testParseNuc1BuilderMethod() throws IOException {
|
public void testParseNuc1BuilderMethod() throws IOException {
|
||||||
String path = CertificateTest.class.getResource(
|
String path = this.getClass().getResource(
|
||||||
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||||
Path fPath = Paths.get(path);
|
Path fPath = Paths.get(path);
|
||||||
byte[] ecBytes = Files.readAllBytes(fPath);
|
byte[] ecBytes = Files.readAllBytes(fPath);
|
||||||
@ -118,7 +119,7 @@ public class EndorsementCredentialTest {
|
|||||||
TPMSpecification spec = ec.getTpmSpecification();
|
TPMSpecification spec = ec.getTpmSpecification();
|
||||||
assertEquals(spec.getFamily(), "1.2");
|
assertEquals(spec.getFamily(), "1.2");
|
||||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||||
|
|
||||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||||
@ -137,7 +138,7 @@ public class EndorsementCredentialTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testParseNuc2() throws IOException {
|
public void testParseNuc2() throws IOException {
|
||||||
String path = CertificateTest.class.getResource(
|
String path = this.getClass().getResource(
|
||||||
TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
||||||
Path fPath = Paths.get(path);
|
Path fPath = Paths.get(path);
|
||||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||||
@ -151,7 +152,7 @@ public class EndorsementCredentialTest {
|
|||||||
TPMSpecification spec = ec.getTpmSpecification();
|
TPMSpecification spec = ec.getTpmSpecification();
|
||||||
assertEquals(spec.getFamily(), "1.2");
|
assertEquals(spec.getFamily(), "1.2");
|
||||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||||
|
|
||||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||||
@ -170,17 +171,17 @@ public class EndorsementCredentialTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testCertsNotEqual() throws IOException {
|
public void testCertsNotEqual() throws IOException {
|
||||||
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
|
String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
|
||||||
Path fPath = Paths.get(path);
|
Path fPath = Paths.get(path);
|
||||||
EndorsementCredential ec1 = new EndorsementCredential(fPath);
|
EndorsementCredential ec1 = new EndorsementCredential(fPath);
|
||||||
assertNotNull(ec1);
|
assertNotNull(ec1);
|
||||||
|
|
||||||
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||||
fPath = Paths.get(path);
|
fPath = Paths.get(path);
|
||||||
EndorsementCredential ec2 = new EndorsementCredential(fPath);
|
EndorsementCredential ec2 = new EndorsementCredential(fPath);
|
||||||
assertNotNull(ec2);
|
assertNotNull(ec2);
|
||||||
|
|
||||||
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
||||||
fPath = Paths.get(path);
|
fPath = Paths.get(path);
|
||||||
EndorsementCredential ec3 = new EndorsementCredential(fPath);
|
EndorsementCredential ec3 = new EndorsementCredential(fPath);
|
||||||
assertNotNull(ec3);
|
assertNotNull(ec3);
|
||||||
@ -197,7 +198,7 @@ public class EndorsementCredentialTest {
|
|||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testTpmSecurityAssertionsParsing() throws IOException {
|
public void testTpmSecurityAssertionsParsing() throws IOException {
|
||||||
Path fPath = Paths.get(CertificateTest.class
|
Path fPath = Paths.get(this.getClass()
|
||||||
.getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath());
|
.getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath());
|
||||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||||
|
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||||
|
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
|
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
|
||||||
@ -25,42 +26,7 @@ import java.util.TimeZone;
|
|||||||
/**
|
/**
|
||||||
* Tests that a PlatformCredential parses its fields correctly.
|
* Tests that a PlatformCredential parses its fields correctly.
|
||||||
*/
|
*/
|
||||||
public class PlatformCredentialTest {
|
public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
|
||||||
/**
|
|
||||||
* Location of a test platform attribute cert.
|
|
||||||
*/
|
|
||||||
public static final String TEST_PLATFORM_CERT_1 =
|
|
||||||
"/validation/platform_credentials/Intel_pc1.cer";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Location of another, slightly different platform attribute cert.
|
|
||||||
*/
|
|
||||||
public static final String TEST_PLATFORM_CERT_2 =
|
|
||||||
"/validation/platform_credentials/Intel_pc2.cer";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Location of another, slightly different platform attribute cert.
|
|
||||||
*/
|
|
||||||
public static final String TEST_PLATFORM_CERT_3 =
|
|
||||||
"/validation/platform_credentials/Intel_pc3.cer";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Platform cert with comma separated baseboard and chassis serial number.
|
|
||||||
*/
|
|
||||||
public static final String TEST_PLATFORM_CERT_4 =
|
|
||||||
"/validation/platform_credentials/Intel_pc4.pem";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Another platform cert with comma separated baseboard and chassis serial number.
|
|
||||||
*/
|
|
||||||
public static final String TEST_PLATFORM_CERT_5 =
|
|
||||||
"/validation/platform_credentials/Intel_pc5.pem";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Location of another, slightly different platform attribute cert.
|
|
||||||
*/
|
|
||||||
public static final String TEST_PLATFORM_CERT_6 =
|
|
||||||
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Platform Certificate 2.0 with all the expected data.
|
* Platform Certificate 2.0 with all the expected data.
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined.certificate;
|
@ -1,12 +1,8 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined.info;
|
package hirs.attestationca.persist.entity.userdefined.info;
|
||||||
|
|
||||||
import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED;
|
import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED;
|
||||||
import java.io.FileNotFoundException;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.security.cert.CertificateFactory;
|
|
||||||
import java.security.cert.X509Certificate;
|
|
||||||
|
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.logging.log4j.LogManager;
|
import org.apache.logging.log4j.LogManager;
|
||||||
import org.apache.logging.log4j.Logger;
|
import org.apache.logging.log4j.Logger;
|
||||||
@ -18,12 +14,11 @@ import org.junit.jupiter.api.Test;
|
|||||||
/**
|
/**
|
||||||
* TPMInfoTest is a unit test class for TPMInfo.
|
* TPMInfoTest is a unit test class for TPMInfo.
|
||||||
*/
|
*/
|
||||||
public class TPMInfoTest {
|
public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||||
|
|
||||||
private static final String TPM_MAKE = "test tpmMake";
|
private static final String TPM_MAKE = "test tpmMake";
|
||||||
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
|
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
|
||||||
private static final String TEST_IDENTITY_CERT =
|
|
||||||
"/tpm/sample_identity_cert.cer";
|
|
||||||
private static final short VERSION_MAJOR = 1;
|
private static final short VERSION_MAJOR = 1;
|
||||||
private static final short VERSION_MINOR = 2;
|
private static final short VERSION_MINOR = 2;
|
||||||
private static final short VERSION_REV_MAJOR = 3;
|
private static final short VERSION_REV_MAJOR = 3;
|
||||||
@ -327,30 +322,4 @@ public class TPMInfoTest {
|
|||||||
getTestIdentityCertificate());
|
getTestIdentityCertificate());
|
||||||
assertNotEquals(ti1, ti2);
|
assertNotEquals(ti1, ti2);
|
||||||
}
|
}
|
||||||
|
|
||||||
private X509Certificate getTestIdentityCertificate() {
|
|
||||||
X509Certificate certificateValue = null;
|
|
||||||
InputStream istream = null;
|
|
||||||
istream = getClass().getResourceAsStream(TEST_IDENTITY_CERT);
|
|
||||||
try {
|
|
||||||
if (istream == null) {
|
|
||||||
throw new FileNotFoundException(TEST_IDENTITY_CERT);
|
|
||||||
}
|
|
||||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
||||||
certificateValue = (X509Certificate) cf.generateCertificate(
|
|
||||||
istream);
|
|
||||||
|
|
||||||
} catch (Exception e) {
|
|
||||||
return null;
|
|
||||||
} finally {
|
|
||||||
if (istream != null) {
|
|
||||||
try {
|
|
||||||
istream.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
LOGGER.error("test certificate file could not be closed");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return certificateValue;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined.info;
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined;
|
@ -26,7 +26,8 @@ public class TPMMeasurementRecordTest {
|
|||||||
private static final int DEFAULT_PCR_ID = 3;
|
private static final int DEFAULT_PCR_ID = 3;
|
||||||
private static final String DEFAULT_HASH =
|
private static final String DEFAULT_HASH =
|
||||||
"3d5f3c2f7f3003d2e4baddc46ed4763a4954f648";
|
"3d5f3c2f7f3003d2e4baddc46ed4763a4954f648";
|
||||||
private static final ExaminableRecord.ExamineState DEFAULT_STATE = ExaminableRecord.ExamineState.UNEXAMINED;
|
private static final ExaminableRecord.ExamineState DEFAULT_STATE =
|
||||||
|
ExaminableRecord.ExamineState.UNEXAMINED;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests instantiation of new <code>PCRMeasurementRecord</code>.
|
* Tests instantiation of new <code>PCRMeasurementRecord</code>.
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined.record;
|
@ -1,37 +1,25 @@
|
|||||||
package hirs.attestationca.persist.entity.userdefined.report;
|
package hirs.attestationca.persist.entity.userdefined.report;
|
||||||
|
|
||||||
|
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||||
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
|
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
|
||||||
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
|
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
|
||||||
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
||||||
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||||
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||||
|
|
||||||
import org.apache.logging.log4j.LogManager;
|
|
||||||
import org.apache.logging.log4j.Logger;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
import java.io.FileNotFoundException;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.UnknownHostException;
|
|
||||||
import java.security.cert.CertificateFactory;
|
|
||||||
import java.security.cert.X509Certificate;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* DeviceInfoReportTest is a unit test class for DeviceInfoReports.
|
* Unit test class for DeviceInfoReports.
|
||||||
*/
|
*/
|
||||||
public class DeviceInfoReportTest {
|
public class DeviceInfoReportTest extends AbstractUserdefinedEntityTest {
|
||||||
private final NetworkInfo networkInfo = createTestNetworkInfo();
|
private final NetworkInfo networkInfo = createTestNetworkInfo();
|
||||||
private final OSInfo osInfo = createTestOSInfo();
|
private final OSInfo osInfo = createTestOSInfo();
|
||||||
private final FirmwareInfo firmwareInfo = createTestFirmwareInfo();
|
private final FirmwareInfo firmwareInfo = createTestFirmwareInfo();
|
||||||
private final HardwareInfo hardwareInfo = createTestHardwareInfo();
|
private final HardwareInfo hardwareInfo = createTestHardwareInfo();
|
||||||
private final TPMInfo tpmInfo = createTPMInfo();
|
private final TPMInfo tpmInfo = createTPMInfo();
|
||||||
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
|
|
||||||
|
|
||||||
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
|
|
||||||
|
|
||||||
private static final String EXPECTED_CLIENT_VERSION = "Test.Version";
|
private static final String EXPECTED_CLIENT_VERSION = "Test.Version";
|
||||||
|
|
||||||
@ -101,109 +89,4 @@ public class DeviceInfoReportTest {
|
|||||||
assertEquals(tpmInfo, deviceInfoReport.getTpmInfo());
|
assertEquals(tpmInfo, deviceInfoReport.getTpmInfo());
|
||||||
assertEquals(EXPECTED_CLIENT_VERSION, deviceInfoReport.getClientApplicationVersion());
|
assertEquals(EXPECTED_CLIENT_VERSION, deviceInfoReport.getClientApplicationVersion());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a DeviceInfoReport instance usable for testing.
|
|
||||||
*
|
|
||||||
* @return a test DeviceInfoReport
|
|
||||||
*/
|
|
||||||
public static DeviceInfoReport getTestReport() {
|
|
||||||
return new DeviceInfoReport(
|
|
||||||
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
|
|
||||||
createTestHardwareInfo(), createTPMInfo()
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a test instance of NetworkInfo.
|
|
||||||
*
|
|
||||||
* @return network information for a fake device
|
|
||||||
*/
|
|
||||||
public static NetworkInfo createTestNetworkInfo() {
|
|
||||||
try {
|
|
||||||
final String hostname = "test.hostname";
|
|
||||||
final InetAddress ipAddress =
|
|
||||||
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
|
|
||||||
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
|
||||||
return new NetworkInfo(hostname, ipAddress, macAddress);
|
|
||||||
|
|
||||||
} catch (UnknownHostException e) {
|
|
||||||
LOGGER.error("error occurred while creating InetAddress");
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a test instance of OSInfo.
|
|
||||||
*
|
|
||||||
* @return OS information for a fake device
|
|
||||||
*/
|
|
||||||
public static OSInfo createTestOSInfo() {
|
|
||||||
return new OSInfo("test os name", "test os version", "test os arch",
|
|
||||||
"test distribution", "test distribution release");
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a test instance of FirmwareInfo.
|
|
||||||
*
|
|
||||||
* @return Firmware information for a fake device
|
|
||||||
*/
|
|
||||||
public static FirmwareInfo createTestFirmwareInfo() {
|
|
||||||
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a test instance of HardwareInfo.
|
|
||||||
*
|
|
||||||
* @return Hardware information for a fake device
|
|
||||||
*/
|
|
||||||
public static HardwareInfo createTestHardwareInfo() {
|
|
||||||
return new HardwareInfo("test manufacturer", "test product name", "test version",
|
|
||||||
"test really long serial number with many characters", "test really long chassis "
|
|
||||||
+ "serial number with many characters",
|
|
||||||
"test really long baseboard serial number with many characters");
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a test instance of TPMInfo.
|
|
||||||
*
|
|
||||||
* @return TPM information for a fake device
|
|
||||||
*/
|
|
||||||
public static final TPMInfo createTPMInfo() {
|
|
||||||
final short num1 = 1;
|
|
||||||
final short num2 = 2;
|
|
||||||
final short num3 = 3;
|
|
||||||
final short num4 = 4;
|
|
||||||
return new TPMInfo("test os make", num1, num2, num3, num4,
|
|
||||||
getTestIdentityCertificate());
|
|
||||||
}
|
|
||||||
|
|
||||||
private static X509Certificate getTestIdentityCertificate() {
|
|
||||||
X509Certificate certificateValue = null;
|
|
||||||
InputStream istream = null;
|
|
||||||
istream = DeviceInfoReportTest.class.getResourceAsStream(
|
|
||||||
TEST_IDENTITY_CERT
|
|
||||||
);
|
|
||||||
try {
|
|
||||||
if (istream == null) {
|
|
||||||
throw new FileNotFoundException(TEST_IDENTITY_CERT);
|
|
||||||
}
|
|
||||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
||||||
certificateValue = (X509Certificate) cf.generateCertificate(
|
|
||||||
istream);
|
|
||||||
|
|
||||||
} catch (Exception e) {
|
|
||||||
return null;
|
|
||||||
} finally {
|
|
||||||
if (istream != null) {
|
|
||||||
try {
|
|
||||||
istream.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
LOGGER.error("test certificate file could not be closed");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return certificateValue;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.entity.userdefined.report;
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist;
|
@ -65,7 +65,8 @@ public class CredentialManagementHelperTest {
|
|||||||
@Test
|
@Test
|
||||||
public void processEmptyEndorsementCredential() {
|
public void processEmptyEndorsementCredential() {
|
||||||
assertThrows(IllegalArgumentException.class, () ->
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, new byte[0], "testName"));
|
CredentialManagementHelper.storeEndorsementCredential(
|
||||||
|
certificateRepository, new byte[0], "testName"));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -75,7 +76,8 @@ public class CredentialManagementHelperTest {
|
|||||||
public void processInvalidEndorsementCredentialCase1() {
|
public void processInvalidEndorsementCredentialCase1() {
|
||||||
byte[] ekBytes = new byte[] {1};
|
byte[] ekBytes = new byte[] {1};
|
||||||
assertThrows(IllegalArgumentException.class, () ->
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, ekBytes, "testName"));
|
CredentialManagementHelper.storeEndorsementCredential(
|
||||||
|
certificateRepository, ekBytes, "testName"));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -186,7 +186,7 @@ public class IssuedCertificateAttributeHelperTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private Map<String, String> getSubjectAlternativeNameAttributes(
|
private Map<String, String> getSubjectAlternativeNameAttributes(
|
||||||
Extension subjectAlternativeName) {
|
final Extension subjectAlternativeName) {
|
||||||
Map<String, String> subjectAlternativeNameAttrMap = new HashMap<>();
|
Map<String, String> subjectAlternativeNameAttrMap = new HashMap<>();
|
||||||
|
|
||||||
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();
|
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.provision.helper;
|
@ -6,7 +6,6 @@ import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
|
|||||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||||
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
|
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
|
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus;
|
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus;
|
||||||
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
|
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
|
||||||
@ -232,7 +231,6 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
if (!f.delete()) {
|
if (!f.delete()) {
|
||||||
fail("file was not cleaned up");
|
fail("file was not cleaned up");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -246,18 +244,17 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
@Test
|
@Test
|
||||||
public final void testValidateEndorsementCredential()
|
public final void testValidateEndorsementCredential()
|
||||||
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
||||||
Certificate rootcacert, intermediateca02cert;
|
|
||||||
|
|
||||||
EndorsementCredential ekcert = new EndorsementCredential(
|
EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
|
Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
intermediateca02cert = new CertificateAuthorityCredential(
|
Certificate intermediateca02cert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
rootcacert = new CertificateAuthorityCredential(
|
Certificate rootcacert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
|
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -287,14 +284,15 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
@Test
|
@Test
|
||||||
public final void validateIntelPlatformCredentials()
|
public final void validateIntelPlatformCredentials()
|
||||||
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
||||||
Certificate rootcacert, intermediatecacert;
|
|
||||||
|
|
||||||
intermediatecacert = new CertificateAuthorityCredential(
|
Certificate intermediatecacert =
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
rootcacert = new CertificateAuthorityCredential(
|
Certificate rootcacert =
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
|
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -302,8 +300,9 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
keyStore.setCertificateEntry("Intel Intermediate Cert",
|
keyStore.setCertificateEntry("Intel Intermediate Cert",
|
||||||
intermediatecacert.getX509Certificate());
|
intermediatecacert.getX509Certificate());
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(INTEL_PLATFORM_CERT)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
|
INTEL_PLATFORM_CERT)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
@ -328,8 +327,9 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
public final void validateIntelPlatformCredentialAttributes()
|
public final void validateIntelPlatformCredentialAttributes()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
|
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
@ -338,8 +338,8 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
PLATFORM_VERSION, TEST_BOARD_SERIAL_NUMBER,
|
PLATFORM_VERSION, TEST_BOARD_SERIAL_NUMBER,
|
||||||
TEST_CHASSIS_SERIAL_NUMBER, TEST_BOARD_SERIAL_NUMBER));
|
TEST_CHASSIS_SERIAL_NUMBER, TEST_BOARD_SERIAL_NUMBER));
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -363,13 +363,14 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER));
|
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
|
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -392,13 +393,14 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||||
TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
|
TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
|
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -423,13 +425,14 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER,
|
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER,
|
||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
|
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -452,13 +455,15 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||||
TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
|
TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -481,13 +486,14 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER));
|
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -510,13 +516,14 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER,
|
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER,
|
||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus result =
|
AppraisalStatus result =
|
||||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||||
@ -540,13 +547,15 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
PLATFORM_VERSION, DeviceInfoEnums.NOT_SPECIFIED,
|
PLATFORM_VERSION, DeviceInfoEnums.NOT_SPECIFIED,
|
||||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
String expectedMessage = "Platform serial did not match device info";
|
String expectedMessage = "Platform serial did not match device info";
|
||||||
|
|
||||||
@ -570,13 +579,15 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
new HardwareInfo(DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
new HardwareInfo(DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||||
DeviceInfoEnums.NOT_SPECIFIED, "zzz", "aaa", "bbb"));
|
DeviceInfoEnums.NOT_SPECIFIED, "zzz", "aaa", "bbb"));
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
String expectedMessage = "Platform serial did not match device info";
|
String expectedMessage = "Platform serial did not match device info";
|
||||||
|
|
||||||
@ -884,7 +895,8 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
@Test
|
@Test
|
||||||
public final void verifyPlatformCredentialWithBadKeyStore()
|
public final void verifyPlatformCredentialWithBadKeyStore()
|
||||||
throws URISyntaxException, IOException {
|
throws URISyntaxException, IOException {
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
INTEL_PLATFORM_CERT)).toURI()));
|
INTEL_PLATFORM_CERT)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
@ -923,7 +935,8 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
@Test
|
@Test
|
||||||
public final void verifyPlatformCredentialNullKeyStore()
|
public final void verifyPlatformCredentialNullKeyStore()
|
||||||
throws URISyntaxException, IOException {
|
throws URISyntaxException, IOException {
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
INTEL_PLATFORM_CERT)).toURI()));
|
INTEL_PLATFORM_CERT)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
@ -947,13 +960,14 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
@Test
|
@Test
|
||||||
public final void verifyPlatformCredentialNullDeviceInfoReport()
|
public final void verifyPlatformCredentialNullDeviceInfoReport()
|
||||||
throws URISyntaxException, IOException {
|
throws URISyntaxException, IOException {
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||||
INTEL_PLATFORM_CERT_2)).toURI()));
|
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(
|
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||||
|
|
||||||
String expectedMessage = "Can't validate platform credential attributes without a "
|
String expectedMessage = "Can't validate platform credential attributes without a "
|
||||||
+ "device info report";
|
+ "device info report";
|
||||||
@ -977,12 +991,13 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
public final void testPlatformDnEquals() throws URISyntaxException, IOException,
|
public final void testPlatformDnEquals() throws URISyntaxException, IOException,
|
||||||
KeyStoreException, SupplyChainValidatorException {
|
KeyStoreException, SupplyChainValidatorException {
|
||||||
Certificate signingCert;
|
Certificate signingCert;
|
||||||
signingCert = new CertificateAuthorityCredential(
|
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
|
Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(NEW_NUC1)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
|
||||||
|
NEW_NUC1)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
|
|
||||||
@ -1006,11 +1021,12 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
|
public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
|
||||||
KeyStoreException, SupplyChainValidatorException {
|
KeyStoreException, SupplyChainValidatorException {
|
||||||
Certificate signingCert;
|
Certificate signingCert;
|
||||||
signingCert = new CertificateAuthorityCredential(
|
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidator.class.
|
||||||
getResource(NEW_NUC1)).toURI()));
|
getResource(NEW_NUC1)).toURI()));
|
||||||
|
|
||||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||||
@ -1034,12 +1050,13 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
|
public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
|
||||||
KeyStoreException, SupplyChainValidatorException {
|
KeyStoreException, SupplyChainValidatorException {
|
||||||
Certificate signingCert;
|
Certificate signingCert;
|
||||||
signingCert = new CertificateAuthorityCredential(
|
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
getResource(TEST_EK_CERT)).toURI()));
|
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
|
||||||
|
TEST_EK_CERT)).toURI()));
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(certBytes);
|
EndorsementCredential ec = new EndorsementCredential(certBytes);
|
||||||
|
|
||||||
@ -1063,11 +1080,12 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
|
public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
|
||||||
KeyStoreException, SupplyChainValidatorException {
|
KeyStoreException, SupplyChainValidatorException {
|
||||||
Certificate signingCert;
|
Certificate signingCert;
|
||||||
signingCert = new CertificateAuthorityCredential(
|
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||||
);
|
);
|
||||||
|
|
||||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||||
|
Objects.requireNonNull(SupplyChainCredentialValidator.class.
|
||||||
getResource(TEST_EK_CERT)).toURI()));
|
getResource(TEST_EK_CERT)).toURI()));
|
||||||
|
|
||||||
EndorsementCredential ec = new EndorsementCredential(certBytes);
|
EndorsementCredential ec = new EndorsementCredential(certBytes);
|
||||||
@ -1268,8 +1286,9 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
throws IOException, URISyntaxException {
|
throws IOException, URISyntaxException {
|
||||||
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithNotSpecifiedComponents();
|
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithNotSpecifiedComponents();
|
||||||
PlatformCredential platformCredential = new PlatformCredential(
|
PlatformCredential platformCredential = new PlatformCredential(
|
||||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
Files.readAllBytes(Paths.get(
|
||||||
getResource((SAMPLE_TEST_PACCOR_CERT))).toURI())));
|
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
|
||||||
|
SAMPLE_TEST_PACCOR_CERT)).toURI())));
|
||||||
|
|
||||||
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
|
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
|
||||||
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport);
|
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport);
|
||||||
@ -1937,9 +1956,9 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
.validateDeltaPlatformCredentialAttributes(delta1,
|
.validateDeltaPlatformCredentialAttributes(delta1,
|
||||||
deviceInfoReport, base, chainCredentials);
|
deviceInfoReport, base, chainCredentials);
|
||||||
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
|
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
|
||||||
assertEquals("There are unmatched components:\n" +
|
assertEquals("There are unmatched components:\n"
|
||||||
"Manufacturer=Intel Corporation, Model=82580 Gigabit Network " +
|
+ "Manufacturer=Intel Corporation, Model=82580 Gigabit Network "
|
||||||
"Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
|
+ "Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
|
||||||
result.getMessage());
|
result.getMessage());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2073,7 +2092,7 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
return cert;
|
return cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
private DeviceInfoReport buildReport(final HardwareInfo hardwareInfo) {
|
private DeviceInfoReport buildReport(final HardwareInfo givenHardwareInfo) {
|
||||||
final InetAddress ipAddress = getTestIpAddress();
|
final InetAddress ipAddress = getTestIpAddress();
|
||||||
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
||||||
|
|
||||||
@ -2083,7 +2102,7 @@ public class SupplyChainCredentialValidatorTest {
|
|||||||
TPMInfo tpmInfo = new TPMInfo();
|
TPMInfo tpmInfo = new TPMInfo();
|
||||||
|
|
||||||
return new DeviceInfoReport(networkInfo, osInfo,
|
return new DeviceInfoReport(networkInfo, osInfo,
|
||||||
firmwareInfo, hardwareInfo, tpmInfo);
|
firmwareInfo, givenHardwareInfo, tpmInfo);
|
||||||
}
|
}
|
||||||
private static InetAddress getTestIpAddress() {
|
private static InetAddress getTestIpAddress() {
|
||||||
try {
|
try {
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
package hirs.attestationca.persist.validation;
|
Loading…
Reference in New Issue
Block a user