mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-20 21:43:18 +00:00
Merge pull request #720 from nsacyber/v3_issue_680-unittest
Migrated 1 unit test from master Utils to main HIRS_AttestationCA
This commit is contained in:
commit
60dfb21c62
@ -20,7 +20,11 @@ import org.bouncycastle.asn1.x509.Extension;
|
||||
import org.bouncycastle.asn1.x509.GeneralNames;
|
||||
import org.bouncycastle.asn1.x509.TBSCertificate;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.junit.jupiter.api.*;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.TestInstance;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
@ -37,7 +41,14 @@ import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.*;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.Security;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.MGF1ParameterSpec;
|
||||
@ -46,9 +57,14 @@ import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoMoreInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* Test suite for {@link AttestationCertificateAuthority}.
|
||||
@ -64,11 +80,28 @@ public class AttestationCertificateAuthorityTest {
|
||||
*/
|
||||
@Nested
|
||||
public class AccessAbstractProcessor extends AbstractProcessor {
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param privateKey the private key of the ACA
|
||||
* @param validDays int for the time in which a certificate is valid.
|
||||
*/
|
||||
public AccessAbstractProcessor(final PrivateKey privateKey,
|
||||
final int validDays) {
|
||||
super(privateKey, validDays);
|
||||
}
|
||||
|
||||
/**
|
||||
* Public wrapper for the protected function generateCredential(), to access for testing.
|
||||
*
|
||||
* @param publicKey cannot be null
|
||||
* @param endorsementCredential the endorsement credential
|
||||
* @param platformCredentials the set of platform credentials
|
||||
* @param deviceName The host name used in the subject alternative name
|
||||
* @param acaCertificate the aca certificate
|
||||
* @return the generated X509 certificate
|
||||
*/
|
||||
public X509Certificate accessGenerateCredential(final PublicKey publicKey,
|
||||
final EndorsementCredential endorsementCredential,
|
||||
final List<PlatformCredential> platformCredentials,
|
||||
@ -90,6 +123,11 @@ public class AttestationCertificateAuthorityTest {
|
||||
// test key pair
|
||||
private KeyPair keyPair;
|
||||
|
||||
// length of IV used in PKI
|
||||
private static final int ENCRYPTION_IV_LEN = 16;
|
||||
// length of secret key used in PKI
|
||||
private static final int SECRETKEY_LEN = 128;
|
||||
|
||||
private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub";
|
||||
private static final String AK_PUBLIC_PATH = "/tpm2/ak.pub";
|
||||
private static final String AK_NAME_PATH = "/tpm2/ak.name";
|
||||
@ -149,7 +187,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
null, null, null, null, null, null, 1,
|
||||
null, null, null, null) {
|
||||
};
|
||||
abstractProcessor = new AccessAbstractProcessor(keyPair.getPrivate(),1);
|
||||
abstractProcessor = new AccessAbstractProcessor(keyPair.getPrivate(), 1);
|
||||
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
}
|
||||
@ -216,7 +254,8 @@ public class AttestationCertificateAuthorityTest {
|
||||
byte[] encrypted = encryptBlob(expected, encryptionScheme.toString());
|
||||
|
||||
// perform the decryption and assert that the decrypted bytes equal the expected bytes
|
||||
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(encrypted, encryptionScheme, keyPair.getPrivate()));
|
||||
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(
|
||||
encrypted, encryptionScheme, keyPair.getPrivate()));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -235,10 +274,10 @@ public class AttestationCertificateAuthorityTest {
|
||||
|
||||
// create a key generator to generate a "shared" secret
|
||||
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
||||
keyGenerator.init(128);
|
||||
keyGenerator.init(SECRETKEY_LEN);
|
||||
|
||||
// use some random bytes as the IV to encrypt and subsequently decrypt with
|
||||
byte[] randomBytes = new byte[16];
|
||||
byte[] randomBytes = new byte[ENCRYPTION_IV_LEN];
|
||||
|
||||
// generate the random bytes
|
||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
||||
@ -271,6 +310,9 @@ public class AttestationCertificateAuthorityTest {
|
||||
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
|
||||
}
|
||||
|
||||
private void assertTrue(final boolean b) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests {@link ProvisionUtils#generateAsymmetricContents(
|
||||
* byte[], byte[], PublicKey)}.
|
||||
@ -284,7 +326,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
byte[] identityProofEncoded = new byte[]{0, 0, 1, 1};
|
||||
|
||||
// generate a random session key to be used for encryption and decryption
|
||||
byte[] sessionKey = new byte[16];
|
||||
byte[] sessionKey = new byte[ENCRYPTION_IV_LEN];
|
||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
||||
random.nextBytes(sessionKey);
|
||||
|
||||
@ -325,7 +367,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
|
||||
// create a key generator to generate a secret key
|
||||
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
||||
keyGenerator.init(128);
|
||||
keyGenerator.init(SECRETKEY_LEN);
|
||||
|
||||
// obtain the key from the generator
|
||||
byte[] secretKey = keyGenerator.generateKey().getEncoded();
|
||||
@ -356,7 +398,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
assertTrue(attestation.getCredential().length == attestation.getCredentialSize());
|
||||
|
||||
// create containers for the 2 parts of the credential
|
||||
byte[] iv = new byte[16];
|
||||
byte[] iv = new byte[ENCRYPTION_IV_LEN];
|
||||
byte[] credential = new byte[attestation.getCredential().length - iv.length];
|
||||
|
||||
// siphon off the first 16 bytes for the IV
|
||||
@ -623,7 +665,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
* @return encrypted blob
|
||||
* @throws Exception during the encryption process
|
||||
*/
|
||||
private byte[] encryptBlob(byte[] blob, String transformation) throws Exception {
|
||||
private byte[] encryptBlob(final byte[] blob, final String transformation) throws Exception {
|
||||
// initialize a cipher using the specified transformation
|
||||
Cipher cipher = Cipher.getInstance(transformation);
|
||||
|
||||
@ -645,8 +687,8 @@ public class AttestationCertificateAuthorityTest {
|
||||
* @return encrypted blob
|
||||
* @throws Exception
|
||||
*/
|
||||
private byte[] encryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation)
|
||||
throws Exception {
|
||||
private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
|
||||
final String transformation) throws Exception {
|
||||
// initialize a cipher using the specified transformation
|
||||
Cipher cipher = Cipher.getInstance(transformation);
|
||||
|
||||
@ -670,7 +712,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
* @return decrypted blob
|
||||
* @throws Exception
|
||||
*/
|
||||
private byte[] decryptBlob(byte[] blob) throws Exception {
|
||||
private byte[] decryptBlob(final byte[] blob) throws Exception {
|
||||
// initialize a cipher using the specified transformation
|
||||
Cipher cipher = Cipher.getInstance(EncryptionScheme.OAEP.toString());
|
||||
|
||||
@ -695,12 +737,12 @@ public class AttestationCertificateAuthorityTest {
|
||||
* @return decrypted blob
|
||||
* @throws Exception
|
||||
*/
|
||||
private byte[] decryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation)
|
||||
throws Exception {
|
||||
private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
|
||||
final String transformation) throws Exception {
|
||||
// initialize a cipher using the specified transformation
|
||||
Cipher cipher = Cipher.getInstance(transformation);
|
||||
|
||||
// generate a secret key specification using the key and AES.
|
||||
// generate a secret key specification using the key and AES
|
||||
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||||
|
||||
// create IV parameter for key specification
|
||||
@ -712,5 +754,4 @@ public class AttestationCertificateAuthorityTest {
|
||||
// return the cipher text
|
||||
return cipher.doFinal(blob);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,12 +1,14 @@
|
||||
package hirs.attestationca.persist.entity;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.cert.CertificateException;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
|
||||
/**
|
||||
* Unit tests for the class <code>Appraiser</code>.
|
||||
@ -160,5 +162,4 @@ public final class AppraiserTest {
|
||||
assertNotEquals(appraiser1.hashCode(), appraiser2.hashCode());
|
||||
assertNotEquals(appraiser2.hashCode(), appraiser1.hashCode());
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity;
|
@ -87,13 +87,16 @@ public class TPM2ProvisionerStateTest {
|
||||
|
||||
|
||||
/**
|
||||
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])} works.
|
||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||
* TPM2ProvisionerStateRepository, byte[])} works.
|
||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||
* @throws IOException this will never happen
|
||||
*/
|
||||
@Test
|
||||
public final void testGetTPM2ProvisionerStateNominal() throws IOException {
|
||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
|
||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
|
||||
mock(TPM2ProvisionerStateRepository.class);
|
||||
byte[] nonce = new byte[32];
|
||||
byte[] identityClaim = new byte[360];
|
||||
random.nextBytes(nonce);
|
||||
@ -112,12 +115,14 @@ public class TPM2ProvisionerStateTest {
|
||||
|
||||
/**
|
||||
* Test that if a null is passed as a nonce to
|
||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||
* @throws IOException this will never happen
|
||||
*/
|
||||
@Test
|
||||
public final void testGetTPM2ProvisionerStateNullNonce() throws IOException {
|
||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
|
||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
|
||||
mock(TPM2ProvisionerStateRepository.class);
|
||||
byte[] nonce = new byte[32];
|
||||
byte[] identityClaim = new byte[360];
|
||||
random.nextBytes(nonce);
|
||||
@ -133,12 +138,14 @@ public class TPM2ProvisionerStateTest {
|
||||
|
||||
/**
|
||||
* Test that if a nonce that is less than 8 bytes is passed to
|
||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
|
||||
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
|
||||
* @throws IOException this will never happen
|
||||
*/
|
||||
@Test
|
||||
public final void testGetTPM2ProvisionerStateNonceTooSmall() throws IOException {
|
||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
|
||||
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
|
||||
mock(TPM2ProvisionerStateRepository.class);
|
||||
byte[] nonce = new byte[32];
|
||||
byte[] identityClaim = new byte[360];
|
||||
random.nextBytes(nonce);
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.tpm;
|
@ -0,0 +1,313 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.InetAddress;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.UnknownHostException;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* Class with definitions and functions common to multiple Userdefined Entity object tests.
|
||||
*
|
||||
*/
|
||||
public class AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Location of a test (fake) SGI intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) Intel intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_INTEL_INT_CA_FILE =
|
||||
"/certificates/fakeIntelIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) root CA certificate.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
|
||||
|
||||
/**
|
||||
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
|
||||
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
|
||||
|
||||
/**
|
||||
* Location of a test identity certificate.
|
||||
*/
|
||||
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
|
||||
|
||||
/**
|
||||
* Location of a test platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_1 =
|
||||
"/validation/platform_credentials/Intel_pc1.cer";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_2 =
|
||||
"/validation/platform_credentials/Intel_pc2.cer";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_3 =
|
||||
"/validation/platform_credentials/Intel_pc3.cer";
|
||||
|
||||
/**
|
||||
* Platform cert with comma separated baseboard and chassis serial number.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_4 =
|
||||
"/validation/platform_credentials/Intel_pc4.pem";
|
||||
|
||||
/**
|
||||
* Another platform cert with comma separated baseboard and chassis serial number.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_5 =
|
||||
"/validation/platform_credentials/Intel_pc5.pem";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_6 =
|
||||
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
|
||||
|
||||
/**
|
||||
* Dummy message for supply chain validation test.
|
||||
*/
|
||||
public static final String VALIDATION_MESSAGE = "Some message.";
|
||||
|
||||
/**
|
||||
* Construct a test certificate from the given parameters.
|
||||
*
|
||||
* @param <T> the type of Certificate that will be created
|
||||
* @param certificateClass the class of certificate to generate
|
||||
* @param filename the location of the certificate to be used
|
||||
* @return the newly-constructed Certificate
|
||||
* @throws IOException if there is a problem constructing the test certificate
|
||||
*/
|
||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||
final Class<T> certificateClass, final String filename)
|
||||
throws IOException {
|
||||
return getTestCertificate(certificateClass, filename, null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a test certificate from the given parameters.
|
||||
*
|
||||
* @param <T> the type of Certificate that will be created
|
||||
* @param certificateClass the class of certificate to generate
|
||||
* @param filename the location of the certificate to be used
|
||||
* @param endorsementCredential the endorsement credentials (can be null)
|
||||
* @param platformCredentials the platform credentials (can be null)
|
||||
* @return the newly-constructed Certificate
|
||||
* @throws IOException if there is a problem constructing the test certificate
|
||||
*/
|
||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||
final Class<T> certificateClass, final String filename,
|
||||
final EndorsementCredential endorsementCredential,
|
||||
final List<PlatformCredential> platformCredentials)
|
||||
throws IOException {
|
||||
|
||||
Path certPath;
|
||||
try {
|
||||
certPath = Paths.get(Objects.requireNonNull(
|
||||
AbstractUserdefinedEntityTest.class.getResource(filename)).toURI());
|
||||
// certPath = Paths.get(Objects.requireNonNull(
|
||||
// CertificateTest.class.getResource(filename)).toURI());
|
||||
} catch (URISyntaxException e) {
|
||||
throw new IOException("Could not resolve path URI", e);
|
||||
}
|
||||
|
||||
switch (certificateClass.getSimpleName()) {
|
||||
case "CertificateAuthorityCredential":
|
||||
return new CertificateAuthorityCredential(certPath);
|
||||
case "ConformanceCredential":
|
||||
return new ConformanceCredential(certPath);
|
||||
case "EndorsementCredential":
|
||||
return new EndorsementCredential(certPath);
|
||||
case "PlatformCredential":
|
||||
return new PlatformCredential(certPath);
|
||||
case "IssuedAttestationCertificate":
|
||||
return new IssuedAttestationCertificate(certPath,
|
||||
endorsementCredential, platformCredentials);
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Unknown certificate class %s", certificateClass.getName())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a list of all test certificates.
|
||||
*
|
||||
* @return a list of all test certificates
|
||||
* @throws IOException if there is a problem deserializing certificates
|
||||
*/
|
||||
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
|
||||
return Arrays.asList(
|
||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
|
||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
|
||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a DeviceInfoReport instance usable for testing.
|
||||
*
|
||||
* @return a test DeviceInfoReport
|
||||
*/
|
||||
public static DeviceInfoReport getTestDeviceInfoReport() {
|
||||
return new DeviceInfoReport(
|
||||
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
|
||||
createTestHardwareInfo(), createTPMInfo()
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of NetworkInfo.
|
||||
*
|
||||
* @return network information for a fake device
|
||||
*/
|
||||
public static NetworkInfo createTestNetworkInfo() {
|
||||
try {
|
||||
final String hostname = "test.hostname";
|
||||
final InetAddress ipAddress =
|
||||
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
|
||||
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
||||
return new NetworkInfo(hostname, ipAddress, macAddress);
|
||||
|
||||
} catch (UnknownHostException e) {
|
||||
LOGGER.error("error occurred while creating InetAddress");
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of OSInfo.
|
||||
*
|
||||
* @return OS information for a fake device
|
||||
*/
|
||||
public static OSInfo createTestOSInfo() {
|
||||
return new OSInfo("test os name", "test os version", "test os arch",
|
||||
"test distribution", "test distribution release");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of FirmwareInfo.
|
||||
*
|
||||
* @return Firmware information for a fake device
|
||||
*/
|
||||
public static FirmwareInfo createTestFirmwareInfo() {
|
||||
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of HardwareInfo.
|
||||
*
|
||||
* @return Hardware information for a fake device
|
||||
*/
|
||||
public static HardwareInfo createTestHardwareInfo() {
|
||||
return new HardwareInfo("test manufacturer", "test product name", "test version",
|
||||
"test really long serial number with many characters", "test really long chassis "
|
||||
+ "serial number with many characters",
|
||||
"test really long baseboard serial number with many characters");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of TPMInfo.
|
||||
*
|
||||
* @return TPM information for a fake device
|
||||
*/
|
||||
public static final TPMInfo createTPMInfo() {
|
||||
final short num1 = 1;
|
||||
final short num2 = 2;
|
||||
final short num3 = 3;
|
||||
final short num4 = 4;
|
||||
return new TPMInfo("test os make", num1, num2, num3, num4,
|
||||
getTestIdentityCertificate());
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test identity certificate.
|
||||
*
|
||||
* @return the test X509 certificate
|
||||
*/
|
||||
public static X509Certificate getTestIdentityCertificate() {
|
||||
X509Certificate certificateValue = null;
|
||||
InputStream istream = null;
|
||||
istream = AbstractUserdefinedEntityTest.class.getResourceAsStream(
|
||||
TEST_IDENTITY_CERT
|
||||
);
|
||||
try {
|
||||
if (istream == null) {
|
||||
throw new FileNotFoundException(TEST_IDENTITY_CERT);
|
||||
}
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
certificateValue = (X509Certificate) cf.generateCertificate(
|
||||
istream);
|
||||
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
} finally {
|
||||
if (istream != null) {
|
||||
try {
|
||||
istream.close();
|
||||
} catch (IOException e) {
|
||||
LOGGER.error("test certificate file could not be closed");
|
||||
}
|
||||
}
|
||||
}
|
||||
return certificateValue;
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
|
||||
*
|
||||
* @param type the type of validation
|
||||
* @param result the appraisal result
|
||||
* @param certificates the certificates related to this validation
|
||||
* @return the resulting SupplyChainValidation object
|
||||
*/
|
||||
public static SupplyChainValidation getTestSupplyChainValidation(
|
||||
final SupplyChainValidation.ValidationType type,
|
||||
final AppraisalStatus.Status result,
|
||||
final List<ArchivableEntity> certificates) {
|
||||
return new SupplyChainValidation(
|
||||
type,
|
||||
result,
|
||||
certificates,
|
||||
VALIDATION_MESSAGE
|
||||
);
|
||||
}
|
||||
}
|
@ -1,6 +1,11 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
import org.bouncycastle.cert.X509AttributeCertificateHolder;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
@ -14,12 +19,8 @@ import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.*;
|
||||
import org.bouncycastle.cert.X509AttributeCertificateHolder;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
@ -29,17 +30,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
/**
|
||||
* This class tests functionality of the {@link Certificate} class.
|
||||
*/
|
||||
public class CertificateTest {
|
||||
/**
|
||||
* Location of a test (fake) root CA certificate.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) Intel intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_INTEL_INT_CA_FILE =
|
||||
"/certificates/fakeIntelIntermediateCA.cer";
|
||||
public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Location of a test (fake) Intel intermediate CA certificate.
|
||||
@ -47,11 +38,6 @@ public class CertificateTest {
|
||||
public static final String INTEL_INT_CA_FILE =
|
||||
"/validation/platform_credentials/intel_chain/root/intermediate2.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) SGI intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of another test self-signed certificate.
|
||||
*/
|
||||
@ -78,12 +64,6 @@ public class CertificateTest {
|
||||
*/
|
||||
public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
|
||||
|
||||
/**
|
||||
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
|
||||
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
|
||||
|
||||
/**
|
||||
* Location of a test STM endorsement credential.
|
||||
*/
|
||||
@ -119,7 +99,8 @@ public class CertificateTest {
|
||||
public void testConstructCertFromByteArray() throws IOException, URISyntaxException {
|
||||
Certificate certificate = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
)
|
||||
);
|
||||
assertEquals(
|
||||
@ -163,7 +144,8 @@ public class CertificateTest {
|
||||
@Test
|
||||
public void testConstructCertFromPath() throws URISyntaxException, IOException {
|
||||
Certificate certificate = new CertificateAuthorityCredential(
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
);
|
||||
assertEquals(
|
||||
"CN=Fake Root CA",
|
||||
@ -202,12 +184,12 @@ public class CertificateTest {
|
||||
Certificate.CertificateType.X509_CERTIFICATE,
|
||||
getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType());
|
||||
TEST_PLATFORM_CERT_3).getCertificateType());
|
||||
assertEquals(
|
||||
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
|
||||
getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType());
|
||||
TEST_PLATFORM_CERT_3).getCertificateType());
|
||||
|
||||
}
|
||||
|
||||
@ -220,7 +202,7 @@ public class CertificateTest {
|
||||
@Test
|
||||
public void testImportPem() throws IOException {
|
||||
Certificate platformCredential = getTestCertificate(
|
||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_4
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_4
|
||||
);
|
||||
|
||||
assertEquals(
|
||||
@ -232,7 +214,7 @@ public class CertificateTest {
|
||||
);
|
||||
|
||||
platformCredential = getTestCertificate(
|
||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_5
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_5
|
||||
);
|
||||
|
||||
assertEquals(
|
||||
@ -295,13 +277,12 @@ public class CertificateTest {
|
||||
public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException {
|
||||
Certificate platformCert = getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3
|
||||
TEST_PLATFORM_CERT_3
|
||||
);
|
||||
|
||||
X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3
|
||||
)).toURI()))
|
||||
TEST_PLATFORM_CERT_3)).toURI()))
|
||||
);
|
||||
|
||||
assertEquals(
|
||||
@ -330,7 +311,7 @@ public class CertificateTest {
|
||||
public void testX509AttributeCertificateParsingExtended()
|
||||
throws IOException, URISyntaxException {
|
||||
Certificate platformCert = getTestCertificate(
|
||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6);
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_6);
|
||||
|
||||
assertEquals("https://trustedservices.intel.com/"
|
||||
+ "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n",
|
||||
@ -428,11 +409,13 @@ public class CertificateTest {
|
||||
|
||||
assertEquals(
|
||||
new CertificateAuthorityCredential(
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
),
|
||||
new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
)
|
||||
)
|
||||
);
|
||||
@ -489,11 +472,13 @@ public class CertificateTest {
|
||||
|
||||
assertEquals(
|
||||
new CertificateAuthorityCredential(
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
).hashCode(),
|
||||
new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
)
|
||||
).hashCode()
|
||||
);
|
||||
@ -520,79 +505,6 @@ public class CertificateTest {
|
||||
return getTestCertificate(CertificateAuthorityCredential.class, filename);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Construct a test certificate from the given parameters.
|
||||
*
|
||||
* @param <T> the type of Certificate that will be created
|
||||
* @param certificateClass the class of certificate to generate
|
||||
* @param filename the location of the certificate to be used
|
||||
* @return the newly-constructed Certificate
|
||||
* @throws IOException if there is a problem constructing the test certificate
|
||||
*/
|
||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||
final Class<T> certificateClass, final String filename)
|
||||
throws IOException {
|
||||
return getTestCertificate(certificateClass, filename, null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a test certificate from the given parameters.
|
||||
*
|
||||
* @param <T> the type of Certificate that will be created
|
||||
* @param certificateClass the class of certificate to generate
|
||||
* @param filename the location of the certificate to be used
|
||||
* @param endorsementCredential the endorsement credentials (can be null)
|
||||
* @param platformCredentials the platform credentials (can be null)
|
||||
* @return the newly-constructed Certificate
|
||||
* @throws IOException if there is a problem constructing the test certificate
|
||||
*/
|
||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||
final Class<T> certificateClass, final String filename,
|
||||
final EndorsementCredential endorsementCredential,
|
||||
final List<PlatformCredential> platformCredentials)
|
||||
throws IOException {
|
||||
|
||||
Path certPath;
|
||||
try {
|
||||
certPath = Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(filename)).toURI());
|
||||
} catch (URISyntaxException e) {
|
||||
throw new IOException("Could not resolve path URI", e);
|
||||
}
|
||||
|
||||
switch (certificateClass.getSimpleName()) {
|
||||
case "CertificateAuthorityCredential":
|
||||
return new CertificateAuthorityCredential(certPath);
|
||||
case "ConformanceCredential":
|
||||
return new ConformanceCredential(certPath);
|
||||
case "EndorsementCredential":
|
||||
return new EndorsementCredential(certPath);
|
||||
case "PlatformCredential":
|
||||
return new PlatformCredential(certPath);
|
||||
case "IssuedAttestationCertificate":
|
||||
return new IssuedAttestationCertificate(certPath,
|
||||
endorsementCredential, platformCredentials);
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Unknown certificate class %s", certificateClass.getName())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a list of all test certificates.
|
||||
*
|
||||
* @return a list of all test certificates
|
||||
* @throws IOException if there is a problem deserializing certificates
|
||||
*/
|
||||
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
|
||||
return Arrays.asList(
|
||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
|
||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
|
||||
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
|
||||
);
|
||||
}
|
||||
|
||||
private static X509Certificate readX509Certificate(final String resourceName)
|
||||
throws IOException {
|
||||
|
||||
@ -603,8 +515,9 @@ public class CertificateTest {
|
||||
throw new IOException("Cannot get X509 CertificateFactory instance", e);
|
||||
}
|
||||
|
||||
try (FileInputStream certInputStream = new FileInputStream(
|
||||
Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(resourceName)).toURI()).toFile()
|
||||
try (FileInputStream certInputStream = new FileInputStream(Paths.get(
|
||||
Objects.requireNonNull(CertificateTest.class.getResource(
|
||||
resourceName)).toURI()).toFile()
|
||||
)) {
|
||||
return (X509Certificate) cf.generateCertificate(certInputStream);
|
||||
} catch (CertificateException | URISyntaxException e) {
|
||||
|
@ -1,7 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.enums.HealthStatus;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@ -14,19 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
* This is the test class for the <code>Device</code> class.
|
||||
*
|
||||
*/
|
||||
public final class DeviceTest {
|
||||
/**
|
||||
* Utility method for getting a <code>Device</code> that can be used for
|
||||
* testing.
|
||||
*
|
||||
* @param name name for the <code>Device</code>
|
||||
*
|
||||
* @return device
|
||||
*/
|
||||
public static Device getTestDevice(final String name) {
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
return new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
}
|
||||
public final class DeviceTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Tests that the device constructor can take a name.
|
||||
@ -34,7 +21,9 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testDevice() {
|
||||
final String name = "my-laptop";
|
||||
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null , null);
|
||||
final Device device = new Device(name, null, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertNotNull(device);
|
||||
}
|
||||
|
||||
@ -45,8 +34,10 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testDeviceNameAndInfo() {
|
||||
final String name = "my-laptop";
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -56,7 +47,9 @@ public final class DeviceTest {
|
||||
public void testDeviceNameAndNullInfo() {
|
||||
final String name = "my-laptop";
|
||||
final DeviceInfoReport deviceInfo = null;
|
||||
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -65,8 +58,10 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testGetDeviceInfo() {
|
||||
final String name = "my-laptop";
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertEquals(deviceInfo, device.getDeviceInfo());
|
||||
}
|
||||
|
||||
@ -76,9 +71,11 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testSetDeviceInfo() {
|
||||
final String name = "my-laptop";
|
||||
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final Device device = new Device(name, null, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertNull(device.getDeviceInfo());
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
device.setDeviceInfo(deviceInfo);
|
||||
assertEquals(deviceInfo, device.getDeviceInfo());
|
||||
}
|
||||
@ -89,8 +86,10 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testSetNullDeviceInfo() {
|
||||
final String name = "my-laptop";
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertEquals(deviceInfo, device.getDeviceInfo());
|
||||
device.setDeviceInfo(null);
|
||||
assertNull(device.getDeviceInfo());
|
||||
@ -102,8 +101,10 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testNotNullLastReportTimeStamp() {
|
||||
final String name = "my-laptop";
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertNotNull(device.getLastReportTimestamp());
|
||||
}
|
||||
|
||||
@ -112,7 +113,9 @@ public final class DeviceTest {
|
||||
*/
|
||||
@Test
|
||||
public void testSetHealthStatus() {
|
||||
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
device.setHealthStatus(HealthStatus.TRUSTED);
|
||||
assertEquals(HealthStatus.TRUSTED, device.getHealthStatus());
|
||||
}
|
||||
@ -124,9 +127,13 @@ public final class DeviceTest {
|
||||
public void testDeviceEquals() {
|
||||
final String name = "my-laptop";
|
||||
final String otherName = "my-laptop";
|
||||
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertEquals(device, other);
|
||||
}
|
||||
|
||||
@ -136,8 +143,10 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testGetDefaultSupplyChainStatus() {
|
||||
String name = "my-laptop";
|
||||
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
assertEquals(AppraisalStatus.Status.UNKNOWN, device.getSupplyChainValidationStatus());
|
||||
}
|
||||
|
||||
@ -147,8 +156,10 @@ public final class DeviceTest {
|
||||
@Test
|
||||
public void testSetAndGetSupplyChainStatus() {
|
||||
String name = "my-laptop";
|
||||
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null, false,
|
||||
null, null);
|
||||
device.setSupplyChainValidationStatus(AppraisalStatus.Status.PASS);
|
||||
assertEquals(AppraisalStatus.Status.PASS, device.getSupplyChainValidationStatus());
|
||||
}
|
||||
|
@ -0,0 +1,221 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.enums.HealthStatus;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.TestInstance;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
/**
|
||||
* Tests the functionality in SupplyChainValidationSummary.
|
||||
*/
|
||||
|
||||
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
|
||||
public class SupplyChainValidationSummaryTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Test device.
|
||||
*
|
||||
*/
|
||||
private Device device;
|
||||
|
||||
/**
|
||||
* List of test certificates.
|
||||
*
|
||||
*/
|
||||
private List<ArchivableEntity> certificates;
|
||||
|
||||
/**
|
||||
* Create a set of certificates and a device for use by these tests.
|
||||
*
|
||||
* @throws Exception if there is a problem deserializing certificates or creating test device
|
||||
*/
|
||||
@BeforeAll
|
||||
public void setup() throws Exception {
|
||||
|
||||
certificates = getAllTestCertificates();
|
||||
device = getTestDevice("TestDevice");
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that an empty summary behaves as expected.
|
||||
*/
|
||||
@Test
|
||||
public void testEmptySummary() throws InterruptedException {
|
||||
SupplyChainValidationSummary emptySummary = getTestSummary(
|
||||
0,
|
||||
0
|
||||
);
|
||||
|
||||
//assertEquals(device, emptySummary.getDevice());
|
||||
assertEquals(device.getDeviceInfo(), emptySummary.getDevice().getDeviceInfo());
|
||||
assertEquals(Collections.EMPTY_SET, emptySummary.getValidations());
|
||||
assertEquals(AppraisalStatus.Status.PASS, emptySummary.getOverallValidationResult());
|
||||
assertNotNull(emptySummary.getCreateTime());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that a summary can't be created with a null validationIdentifier.
|
||||
*/
|
||||
@Test
|
||||
public void testNullValidationIdentifier() {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new SupplyChainValidationSummary(null, Collections.emptyList()));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that a summary can't be created with a null validations list.
|
||||
*/
|
||||
@Test
|
||||
public void testNullValidationList() {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new SupplyChainValidationSummary(device, null));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that summaries with one and two component validations, which both represent successful
|
||||
* validations, have getters that return the expected information.
|
||||
*/
|
||||
@Test
|
||||
public void testSuccessfulSummary() throws InterruptedException {
|
||||
SupplyChainValidationSummary oneValidation = getTestSummary(
|
||||
1,
|
||||
0
|
||||
);
|
||||
|
||||
//assertEquals(device, oneValidation.getDevice());
|
||||
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
|
||||
assertEquals(1, oneValidation.getValidations().size());
|
||||
assertEquals(AppraisalStatus.Status.PASS, oneValidation.getOverallValidationResult());
|
||||
assertNotNull(oneValidation.getCreateTime());
|
||||
|
||||
SupplyChainValidationSummary twoValidations = getTestSummary(
|
||||
2,
|
||||
0
|
||||
);
|
||||
|
||||
//assertEquals(device, twoValidations.getDevice());
|
||||
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
|
||||
assertEquals(2, twoValidations.getValidations().size());
|
||||
assertEquals(twoValidations.getOverallValidationResult(), AppraisalStatus.Status.PASS);
|
||||
assertNotNull(twoValidations.getCreateTime());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that summaries with one and two component validations, of which one represents an
|
||||
* unsuccessful validations, have getters that return the expected information.
|
||||
*/
|
||||
@Test
|
||||
public void testUnsuccessfulSummary() throws InterruptedException {
|
||||
SupplyChainValidationSummary oneValidation = getTestSummary(
|
||||
1,
|
||||
1
|
||||
);
|
||||
|
||||
//assertEquals(device, oneValidation.getDevice());
|
||||
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
|
||||
assertEquals(1, oneValidation.getValidations().size());
|
||||
assertEquals(AppraisalStatus.Status.FAIL, oneValidation.getOverallValidationResult());
|
||||
assertNotNull(oneValidation.getCreateTime());
|
||||
|
||||
SupplyChainValidationSummary twoValidations = getTestSummary(
|
||||
2,
|
||||
1
|
||||
);
|
||||
|
||||
//assertEquals(device, twoValidations.getDevice());
|
||||
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
|
||||
assertEquals(2, twoValidations.getValidations().size());
|
||||
assertEquals(AppraisalStatus.Status.FAIL, twoValidations.getOverallValidationResult());
|
||||
assertNotNull(twoValidations.getCreateTime());
|
||||
|
||||
SupplyChainValidationSummary twoBadValidations = getTestSummary(
|
||||
2,
|
||||
2
|
||||
);
|
||||
|
||||
//assertEquals(device, twoBadValidations.getDevice());
|
||||
assertEquals(device.getDeviceInfo(), twoBadValidations.getDevice().getDeviceInfo());
|
||||
assertEquals(2, twoBadValidations.getValidations().size());
|
||||
assertEquals(AppraisalStatus.Status.FAIL, twoBadValidations.getOverallValidationResult());
|
||||
assertNotNull(twoBadValidations.getCreateTime());
|
||||
}
|
||||
|
||||
/**
|
||||
* Utility method for getting a <code>Device</code> that can be used for
|
||||
* testing.
|
||||
*
|
||||
* @param name name for the <code>Device</code>
|
||||
*
|
||||
* @return device
|
||||
*/
|
||||
public static Device getTestDevice(final String name) {
|
||||
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
|
||||
return new Device(name, deviceInfo, HealthStatus.UNKNOWN,
|
||||
AppraisalStatus.Status.UNKNOWN, null,
|
||||
false, null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Utility method for getting a <code>SupplyChainValidationSummary</code> that can be used for
|
||||
* testing.
|
||||
*
|
||||
* @param numberOfValidations number of validations for the <code>SupplyChainValidationSummary</code>
|
||||
* @param numFail number of failed validations
|
||||
*
|
||||
* @return device
|
||||
*/
|
||||
private SupplyChainValidationSummary getTestSummary(
|
||||
final int numberOfValidations,
|
||||
final int numFail
|
||||
) throws InterruptedException {
|
||||
SupplyChainValidation.ValidationType[] validationTypes =
|
||||
SupplyChainValidation.ValidationType.values();
|
||||
|
||||
if (numberOfValidations > validationTypes.length) {
|
||||
throw new IllegalArgumentException(String.format(
|
||||
"Cannot have more than %d validation types",
|
||||
validationTypes.length
|
||||
));
|
||||
}
|
||||
|
||||
if (numFail > numberOfValidations) {
|
||||
throw new IllegalArgumentException(String.format(
|
||||
"Cannot have more than %d failed validations",
|
||||
validationTypes.length
|
||||
));
|
||||
}
|
||||
|
||||
Collection<SupplyChainValidation> validations = new HashSet<>();
|
||||
for (int i = 0; i < numberOfValidations; i++) {
|
||||
boolean successful = true;
|
||||
if (i >= (numberOfValidations - numFail)) {
|
||||
successful = false;
|
||||
}
|
||||
|
||||
AppraisalStatus.Status result = AppraisalStatus.Status.FAIL;
|
||||
if (successful) {
|
||||
result = AppraisalStatus.Status.PASS;
|
||||
}
|
||||
|
||||
validations.add(SupplyChainValidationTest.getTestSupplyChainValidation(
|
||||
validationTypes[i],
|
||||
result,
|
||||
certificates
|
||||
));
|
||||
}
|
||||
|
||||
return new SupplyChainValidationSummary(device, validations);
|
||||
}
|
||||
}
|
@ -1,21 +1,18 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
/**
|
||||
* Simple tests for the {@link SupplyChainValidation} class. Tests for the persistence of this
|
||||
* class are located in { SupplyChainValidationSummaryTest}.
|
||||
*/
|
||||
class SupplyChainValidationTest {
|
||||
private static final String MESSAGE = "Some message.";
|
||||
class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Test that this class' getter methods work properly.
|
||||
@ -31,9 +28,9 @@ class SupplyChainValidationTest {
|
||||
);
|
||||
assertEquals(
|
||||
validation.getCertificatesUsed(),
|
||||
CertificateTest.getAllTestCertificates()
|
||||
getAllTestCertificates()
|
||||
);
|
||||
assertEquals(validation.getMessage(), MESSAGE);
|
||||
assertEquals(validation.getMessage(), VALIDATION_MESSAGE);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -47,8 +44,8 @@ class SupplyChainValidationTest {
|
||||
new SupplyChainValidation(
|
||||
null,
|
||||
AppraisalStatus.Status.PASS,
|
||||
CertificateTest.getAllTestCertificates(),
|
||||
MESSAGE
|
||||
getAllTestCertificates(),
|
||||
VALIDATION_MESSAGE
|
||||
));
|
||||
}
|
||||
|
||||
@ -64,7 +61,7 @@ class SupplyChainValidationTest {
|
||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||
AppraisalStatus.Status.PASS,
|
||||
null,
|
||||
MESSAGE
|
||||
VALIDATION_MESSAGE
|
||||
));
|
||||
}
|
||||
|
||||
@ -78,8 +75,8 @@ class SupplyChainValidationTest {
|
||||
new SupplyChainValidation(
|
||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||
AppraisalStatus.Status.PASS,
|
||||
CertificateTest.getAllTestCertificates(),
|
||||
MESSAGE
|
||||
getAllTestCertificates(),
|
||||
VALIDATION_MESSAGE
|
||||
);
|
||||
}
|
||||
|
||||
@ -95,27 +92,7 @@ class SupplyChainValidationTest {
|
||||
return getTestSupplyChainValidation(
|
||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||
AppraisalStatus.Status.PASS,
|
||||
CertificateTest.getAllTestCertificates()
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
|
||||
*
|
||||
* @param type the type of validation
|
||||
* @param result the appraisal result
|
||||
* @param certificates the certificates related to this validation
|
||||
* @return the resulting SupplyChainValidation object
|
||||
*/
|
||||
public static SupplyChainValidation getTestSupplyChainValidation(
|
||||
final SupplyChainValidation.ValidationType type,
|
||||
final AppraisalStatus.Status result,
|
||||
final List<ArchivableEntity> certificates) {
|
||||
return new SupplyChainValidation(
|
||||
type,
|
||||
result,
|
||||
certificates,
|
||||
MESSAGE
|
||||
getAllTestCertificates()
|
||||
);
|
||||
}
|
||||
}
|
@ -1,8 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
|
||||
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@ -12,13 +11,11 @@ import java.net.URISyntaxException;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.cert.CertificateException;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
|
||||
/**
|
||||
* Tests that CertificateAuthorityCredential properly parses its fields.
|
||||
*/
|
||||
public class CertificateAuthorityCredentialTest {
|
||||
private static final CertificateRepository CERT_MAN = mock(CertificateRepository.class);
|
||||
public class CertificateAuthorityCredentialTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and
|
||||
@ -33,7 +30,7 @@ public class CertificateAuthorityCredentialTest {
|
||||
public void testGetSubjectKeyIdentifier()
|
||||
throws CertificateException, IOException, URISyntaxException {
|
||||
Path testCertPath = Paths.get(
|
||||
this.getClass().getResource(CertificateTest.FAKE_ROOT_CA_FILE).toURI()
|
||||
this.getClass().getResource(FAKE_ROOT_CA_FILE).toURI()
|
||||
);
|
||||
CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath);
|
||||
|
||||
@ -42,7 +39,7 @@ public class CertificateAuthorityCredentialTest {
|
||||
assertNotNull(subjectKeyIdentifier);
|
||||
assertEquals(
|
||||
Hex.encodeHexString(subjectKeyIdentifier),
|
||||
CertificateTest.FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
|
||||
FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -5,7 +5,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
@ -29,13 +28,15 @@ public class EndorsementCredentialTest {
|
||||
private static final String EK_CERT_WITH_SECURITY_ASSERTIONS =
|
||||
"/certificates/ek_cert_with_security_assertions.cer";
|
||||
|
||||
private static final int TPM_SPEC_REVISION_NUM = 116;
|
||||
|
||||
/**
|
||||
* Tests the successful parsing of an EC using a test cert from STM.
|
||||
* @throws IOException test failed due to invalid certificate parsing
|
||||
*/
|
||||
@Test
|
||||
public void testParse() throws IOException {
|
||||
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).
|
||||
String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).
|
||||
getPath();
|
||||
Path fPath = Paths.get(path);
|
||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||
@ -49,7 +50,7 @@ public class EndorsementCredentialTest {
|
||||
TPMSpecification spec = ec.getTpmSpecification();
|
||||
assertEquals(spec.getFamily(), "1.2");
|
||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||
|
||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||
@ -68,7 +69,7 @@ public class EndorsementCredentialTest {
|
||||
*/
|
||||
@Test
|
||||
public void testParseNuc1() throws IOException {
|
||||
String path = CertificateTest.class.getResource(
|
||||
String path = this.getClass().getResource(
|
||||
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||
Path fPath = Paths.get(path);
|
||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||
@ -82,7 +83,7 @@ public class EndorsementCredentialTest {
|
||||
TPMSpecification spec = ec.getTpmSpecification();
|
||||
assertEquals(spec.getFamily(), "1.2");
|
||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||
|
||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||
@ -102,7 +103,7 @@ public class EndorsementCredentialTest {
|
||||
*/
|
||||
@Test
|
||||
public void testParseNuc1BuilderMethod() throws IOException {
|
||||
String path = CertificateTest.class.getResource(
|
||||
String path = this.getClass().getResource(
|
||||
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||
Path fPath = Paths.get(path);
|
||||
byte[] ecBytes = Files.readAllBytes(fPath);
|
||||
@ -118,7 +119,7 @@ public class EndorsementCredentialTest {
|
||||
TPMSpecification spec = ec.getTpmSpecification();
|
||||
assertEquals(spec.getFamily(), "1.2");
|
||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||
|
||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||
@ -137,7 +138,7 @@ public class EndorsementCredentialTest {
|
||||
*/
|
||||
@Test
|
||||
public void testParseNuc2() throws IOException {
|
||||
String path = CertificateTest.class.getResource(
|
||||
String path = this.getClass().getResource(
|
||||
TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
||||
Path fPath = Paths.get(path);
|
||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||
@ -151,7 +152,7 @@ public class EndorsementCredentialTest {
|
||||
TPMSpecification spec = ec.getTpmSpecification();
|
||||
assertEquals(spec.getFamily(), "1.2");
|
||||
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
|
||||
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
|
||||
|
||||
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
|
||||
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
|
||||
@ -170,17 +171,17 @@ public class EndorsementCredentialTest {
|
||||
*/
|
||||
@Test
|
||||
public void testCertsNotEqual() throws IOException {
|
||||
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
|
||||
String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
|
||||
Path fPath = Paths.get(path);
|
||||
EndorsementCredential ec1 = new EndorsementCredential(fPath);
|
||||
assertNotNull(ec1);
|
||||
|
||||
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||
path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
|
||||
fPath = Paths.get(path);
|
||||
EndorsementCredential ec2 = new EndorsementCredential(fPath);
|
||||
assertNotNull(ec2);
|
||||
|
||||
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
||||
path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
|
||||
fPath = Paths.get(path);
|
||||
EndorsementCredential ec3 = new EndorsementCredential(fPath);
|
||||
assertNotNull(ec3);
|
||||
@ -197,7 +198,7 @@ public class EndorsementCredentialTest {
|
||||
*/
|
||||
@Test
|
||||
public void testTpmSecurityAssertionsParsing() throws IOException {
|
||||
Path fPath = Paths.get(CertificateTest.class
|
||||
Path fPath = Paths.get(this.getClass()
|
||||
.getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath());
|
||||
EndorsementCredential ec = new EndorsementCredential(fPath);
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
|
||||
@ -25,42 +26,7 @@ import java.util.TimeZone;
|
||||
/**
|
||||
* Tests that a PlatformCredential parses its fields correctly.
|
||||
*/
|
||||
public class PlatformCredentialTest {
|
||||
/**
|
||||
* Location of a test platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_1 =
|
||||
"/validation/platform_credentials/Intel_pc1.cer";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_2 =
|
||||
"/validation/platform_credentials/Intel_pc2.cer";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_3 =
|
||||
"/validation/platform_credentials/Intel_pc3.cer";
|
||||
|
||||
/**
|
||||
* Platform cert with comma separated baseboard and chassis serial number.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_4 =
|
||||
"/validation/platform_credentials/Intel_pc4.pem";
|
||||
|
||||
/**
|
||||
* Another platform cert with comma separated baseboard and chassis serial number.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_5 =
|
||||
"/validation/platform_credentials/Intel_pc5.pem";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_6 =
|
||||
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
|
||||
public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Platform Certificate 2.0 with all the expected data.
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
@ -1,12 +1,8 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.info;
|
||||
|
||||
import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
@ -18,12 +14,11 @@ import org.junit.jupiter.api.Test;
|
||||
/**
|
||||
* TPMInfoTest is a unit test class for TPMInfo.
|
||||
*/
|
||||
public class TPMInfoTest {
|
||||
public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
private static final String TPM_MAKE = "test tpmMake";
|
||||
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
|
||||
private static final String TEST_IDENTITY_CERT =
|
||||
"/tpm/sample_identity_cert.cer";
|
||||
|
||||
private static final short VERSION_MAJOR = 1;
|
||||
private static final short VERSION_MINOR = 2;
|
||||
private static final short VERSION_REV_MAJOR = 3;
|
||||
@ -327,30 +322,4 @@ public class TPMInfoTest {
|
||||
getTestIdentityCertificate());
|
||||
assertNotEquals(ti1, ti2);
|
||||
}
|
||||
|
||||
private X509Certificate getTestIdentityCertificate() {
|
||||
X509Certificate certificateValue = null;
|
||||
InputStream istream = null;
|
||||
istream = getClass().getResourceAsStream(TEST_IDENTITY_CERT);
|
||||
try {
|
||||
if (istream == null) {
|
||||
throw new FileNotFoundException(TEST_IDENTITY_CERT);
|
||||
}
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
certificateValue = (X509Certificate) cf.generateCertificate(
|
||||
istream);
|
||||
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
} finally {
|
||||
if (istream != null) {
|
||||
try {
|
||||
istream.close();
|
||||
} catch (IOException e) {
|
||||
LOGGER.error("test certificate file could not be closed");
|
||||
}
|
||||
}
|
||||
}
|
||||
return certificateValue;
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.info;
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
@ -26,7 +26,8 @@ public class TPMMeasurementRecordTest {
|
||||
private static final int DEFAULT_PCR_ID = 3;
|
||||
private static final String DEFAULT_HASH =
|
||||
"3d5f3c2f7f3003d2e4baddc46ed4763a4954f648";
|
||||
private static final ExaminableRecord.ExamineState DEFAULT_STATE = ExaminableRecord.ExamineState.UNEXAMINED;
|
||||
private static final ExaminableRecord.ExamineState DEFAULT_STATE =
|
||||
ExaminableRecord.ExamineState.UNEXAMINED;
|
||||
|
||||
/**
|
||||
* Tests instantiation of new <code>PCRMeasurementRecord</code>.
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.record;
|
@ -1,37 +1,25 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.report;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.InetAddress;
|
||||
import java.net.UnknownHostException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
/**
|
||||
* DeviceInfoReportTest is a unit test class for DeviceInfoReports.
|
||||
* Unit test class for DeviceInfoReports.
|
||||
*/
|
||||
public class DeviceInfoReportTest {
|
||||
public class DeviceInfoReportTest extends AbstractUserdefinedEntityTest {
|
||||
private final NetworkInfo networkInfo = createTestNetworkInfo();
|
||||
private final OSInfo osInfo = createTestOSInfo();
|
||||
private final FirmwareInfo firmwareInfo = createTestFirmwareInfo();
|
||||
private final HardwareInfo hardwareInfo = createTestHardwareInfo();
|
||||
private final TPMInfo tpmInfo = createTPMInfo();
|
||||
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
|
||||
|
||||
private static final String EXPECTED_CLIENT_VERSION = "Test.Version";
|
||||
|
||||
@ -101,109 +89,4 @@ public class DeviceInfoReportTest {
|
||||
assertEquals(tpmInfo, deviceInfoReport.getTpmInfo());
|
||||
assertEquals(EXPECTED_CLIENT_VERSION, deviceInfoReport.getClientApplicationVersion());
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a DeviceInfoReport instance usable for testing.
|
||||
*
|
||||
* @return a test DeviceInfoReport
|
||||
*/
|
||||
public static DeviceInfoReport getTestReport() {
|
||||
return new DeviceInfoReport(
|
||||
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
|
||||
createTestHardwareInfo(), createTPMInfo()
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of NetworkInfo.
|
||||
*
|
||||
* @return network information for a fake device
|
||||
*/
|
||||
public static NetworkInfo createTestNetworkInfo() {
|
||||
try {
|
||||
final String hostname = "test.hostname";
|
||||
final InetAddress ipAddress =
|
||||
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
|
||||
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
||||
return new NetworkInfo(hostname, ipAddress, macAddress);
|
||||
|
||||
} catch (UnknownHostException e) {
|
||||
LOGGER.error("error occurred while creating InetAddress");
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of OSInfo.
|
||||
*
|
||||
* @return OS information for a fake device
|
||||
*/
|
||||
public static OSInfo createTestOSInfo() {
|
||||
return new OSInfo("test os name", "test os version", "test os arch",
|
||||
"test distribution", "test distribution release");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of FirmwareInfo.
|
||||
*
|
||||
* @return Firmware information for a fake device
|
||||
*/
|
||||
public static FirmwareInfo createTestFirmwareInfo() {
|
||||
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of HardwareInfo.
|
||||
*
|
||||
* @return Hardware information for a fake device
|
||||
*/
|
||||
public static HardwareInfo createTestHardwareInfo() {
|
||||
return new HardwareInfo("test manufacturer", "test product name", "test version",
|
||||
"test really long serial number with many characters", "test really long chassis "
|
||||
+ "serial number with many characters",
|
||||
"test really long baseboard serial number with many characters");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a test instance of TPMInfo.
|
||||
*
|
||||
* @return TPM information for a fake device
|
||||
*/
|
||||
public static final TPMInfo createTPMInfo() {
|
||||
final short num1 = 1;
|
||||
final short num2 = 2;
|
||||
final short num3 = 3;
|
||||
final short num4 = 4;
|
||||
return new TPMInfo("test os make", num1, num2, num3, num4,
|
||||
getTestIdentityCertificate());
|
||||
}
|
||||
|
||||
private static X509Certificate getTestIdentityCertificate() {
|
||||
X509Certificate certificateValue = null;
|
||||
InputStream istream = null;
|
||||
istream = DeviceInfoReportTest.class.getResourceAsStream(
|
||||
TEST_IDENTITY_CERT
|
||||
);
|
||||
try {
|
||||
if (istream == null) {
|
||||
throw new FileNotFoundException(TEST_IDENTITY_CERT);
|
||||
}
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
certificateValue = (X509Certificate) cf.generateCertificate(
|
||||
istream);
|
||||
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
} finally {
|
||||
if (istream != null) {
|
||||
try {
|
||||
istream.close();
|
||||
} catch (IOException e) {
|
||||
LOGGER.error("test certificate file could not be closed");
|
||||
}
|
||||
}
|
||||
}
|
||||
return certificateValue;
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.report;
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist;
|
@ -65,7 +65,8 @@ public class CredentialManagementHelperTest {
|
||||
@Test
|
||||
public void processEmptyEndorsementCredential() {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, new byte[0], "testName"));
|
||||
CredentialManagementHelper.storeEndorsementCredential(
|
||||
certificateRepository, new byte[0], "testName"));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -75,7 +76,8 @@ public class CredentialManagementHelperTest {
|
||||
public void processInvalidEndorsementCredentialCase1() {
|
||||
byte[] ekBytes = new byte[] {1};
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, ekBytes, "testName"));
|
||||
CredentialManagementHelper.storeEndorsementCredential(
|
||||
certificateRepository, ekBytes, "testName"));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -186,7 +186,7 @@ public class IssuedCertificateAttributeHelperTest {
|
||||
}
|
||||
|
||||
private Map<String, String> getSubjectAlternativeNameAttributes(
|
||||
Extension subjectAlternativeName) {
|
||||
final Extension subjectAlternativeName) {
|
||||
Map<String, String> subjectAlternativeNameAttrMap = new HashMap<>();
|
||||
|
||||
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.provision.helper;
|
@ -6,7 +6,6 @@ import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
|
||||
@ -232,7 +231,6 @@ public class SupplyChainCredentialValidatorTest {
|
||||
if (!f.delete()) {
|
||||
fail("file was not cleaned up");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -246,18 +244,17 @@ public class SupplyChainCredentialValidatorTest {
|
||||
@Test
|
||||
public final void testValidateEndorsementCredential()
|
||||
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
||||
Certificate rootcacert, intermediateca02cert;
|
||||
|
||||
EndorsementCredential ekcert = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
|
||||
EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
|
||||
Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
|
||||
);
|
||||
|
||||
intermediateca02cert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||
Certificate intermediateca02cert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||
);
|
||||
|
||||
rootcacert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
|
||||
Certificate rootcacert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
|
||||
);
|
||||
|
||||
try {
|
||||
@ -287,14 +284,15 @@ public class SupplyChainCredentialValidatorTest {
|
||||
@Test
|
||||
public final void validateIntelPlatformCredentials()
|
||||
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
||||
Certificate rootcacert, intermediatecacert;
|
||||
|
||||
intermediatecacert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
Certificate intermediatecacert =
|
||||
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
);
|
||||
|
||||
rootcacert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
|
||||
Certificate rootcacert =
|
||||
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
|
||||
);
|
||||
|
||||
try {
|
||||
@ -302,8 +300,9 @@ public class SupplyChainCredentialValidatorTest {
|
||||
keyStore.setCertificateEntry("Intel Intermediate Cert",
|
||||
intermediatecacert.getX509Certificate());
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
@ -328,8 +327,9 @@ public class SupplyChainCredentialValidatorTest {
|
||||
public final void validateIntelPlatformCredentialAttributes()
|
||||
throws Exception {
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
@ -338,8 +338,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
PLATFORM_VERSION, TEST_BOARD_SERIAL_NUMBER,
|
||||
TEST_CHASSIS_SERIAL_NUMBER, TEST_BOARD_SERIAL_NUMBER));
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -363,13 +363,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -392,13 +393,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||
TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -423,13 +425,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER,
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -452,13 +455,15 @@ public class SupplyChainCredentialValidatorTest {
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||
TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -481,13 +486,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -510,13 +516,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER,
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus result =
|
||||
CredentialValidator.validatePlatformCredentialAttributes(pc,
|
||||
@ -540,13 +547,15 @@ public class SupplyChainCredentialValidatorTest {
|
||||
PLATFORM_VERSION, DeviceInfoEnums.NOT_SPECIFIED,
|
||||
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
String expectedMessage = "Platform serial did not match device info";
|
||||
|
||||
@ -570,13 +579,15 @@ public class SupplyChainCredentialValidatorTest {
|
||||
new HardwareInfo(DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
|
||||
DeviceInfoEnums.NOT_SPECIFIED, "zzz", "aaa", "bbb"));
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
|
||||
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
String expectedMessage = "Platform serial did not match device info";
|
||||
|
||||
@ -884,7 +895,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
@Test
|
||||
public final void verifyPlatformCredentialWithBadKeyStore()
|
||||
throws URISyntaxException, IOException {
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
@ -923,7 +935,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
@Test
|
||||
public final void verifyPlatformCredentialNullKeyStore()
|
||||
throws URISyntaxException, IOException {
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
@ -947,13 +960,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
@Test
|
||||
public final void verifyPlatformCredentialNullDeviceInfoReport()
|
||||
throws URISyntaxException, IOException {
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
|
||||
INTEL_PLATFORM_CERT_2)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
|
||||
|
||||
String expectedMessage = "Can't validate platform credential attributes without a "
|
||||
+ "device info report";
|
||||
@ -977,12 +991,13 @@ public class SupplyChainCredentialValidatorTest {
|
||||
public final void testPlatformDnEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
|
||||
);
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(NEW_NUC1)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
|
||||
NEW_NUC1)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
|
||||
@ -1006,11 +1021,12 @@ public class SupplyChainCredentialValidatorTest {
|
||||
public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
);
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidator.class.
|
||||
getResource(NEW_NUC1)).toURI()));
|
||||
|
||||
PlatformCredential pc = new PlatformCredential(certBytes);
|
||||
@ -1034,12 +1050,13 @@ public class SupplyChainCredentialValidatorTest {
|
||||
public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||
);
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource(TEST_EK_CERT)).toURI()));
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
|
||||
TEST_EK_CERT)).toURI()));
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(certBytes);
|
||||
|
||||
@ -1063,11 +1080,12 @@ public class SupplyChainCredentialValidatorTest {
|
||||
public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
);
|
||||
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
byte[] certBytes = Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidator.class.
|
||||
getResource(TEST_EK_CERT)).toURI()));
|
||||
|
||||
EndorsementCredential ec = new EndorsementCredential(certBytes);
|
||||
@ -1268,8 +1286,9 @@ public class SupplyChainCredentialValidatorTest {
|
||||
throws IOException, URISyntaxException {
|
||||
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithNotSpecifiedComponents();
|
||||
PlatformCredential platformCredential = new PlatformCredential(
|
||||
Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
|
||||
getResource((SAMPLE_TEST_PACCOR_CERT))).toURI())));
|
||||
Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
|
||||
SAMPLE_TEST_PACCOR_CERT)).toURI())));
|
||||
|
||||
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
|
||||
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport);
|
||||
@ -1937,9 +1956,9 @@ public class SupplyChainCredentialValidatorTest {
|
||||
.validateDeltaPlatformCredentialAttributes(delta1,
|
||||
deviceInfoReport, base, chainCredentials);
|
||||
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
|
||||
assertEquals("There are unmatched components:\n" +
|
||||
"Manufacturer=Intel Corporation, Model=82580 Gigabit Network " +
|
||||
"Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
|
||||
assertEquals("There are unmatched components:\n"
|
||||
+ "Manufacturer=Intel Corporation, Model=82580 Gigabit Network "
|
||||
+ "Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
|
||||
result.getMessage());
|
||||
}
|
||||
|
||||
@ -2073,7 +2092,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
return cert;
|
||||
}
|
||||
|
||||
private DeviceInfoReport buildReport(final HardwareInfo hardwareInfo) {
|
||||
private DeviceInfoReport buildReport(final HardwareInfo givenHardwareInfo) {
|
||||
final InetAddress ipAddress = getTestIpAddress();
|
||||
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
||||
|
||||
@ -2083,7 +2102,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
TPMInfo tpmInfo = new TPMInfo();
|
||||
|
||||
return new DeviceInfoReport(networkInfo, osInfo,
|
||||
firmwareInfo, hardwareInfo, tpmInfo);
|
||||
firmwareInfo, givenHardwareInfo, tpmInfo);
|
||||
}
|
||||
private static InetAddress getTestIpAddress() {
|
||||
try {
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.persist.validation;
|
Loading…
Reference in New Issue
Block a user